summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorXin LI <delphij@FreeBSD.org>2016-09-28 03:45:43 +0000
committerXin LI <delphij@FreeBSD.org>2016-09-28 03:45:43 +0000
commitc2a8859aa5c96190c179c911d3841c4de17b9c34 (patch)
treed692d2581f8989d075abe40c9f3f55f2fa650949
parent5ef882476736cbe802bb4e6437c520162c4f44ce (diff)
downloadsrc-test2-c2a8859aa5c96190c179c911d3841c4de17b9c34.tar.gz
src-test2-c2a8859aa5c96190c179c911d3841c4de17b9c34.zip
vendor/bind9/9.9.9-P3
Notes
Diffstat
-rw-r--r--CHANGES319
-rw-r--r--FAQ8
-rw-r--r--FAQ.xml158
-rw-r--r--FREEBSD-Xlist2
-rw-r--r--Makefile.in7
-rw-r--r--README38
-rw-r--r--acconfig.h5
-rw-r--r--bin/check/Makefile.in4
-rw-r--r--bin/check/named-checkconf.892
-rw-r--r--bin/check/named-checkconf.c41
-rw-r--r--bin/check/named-checkconf.docbook72
-rw-r--r--bin/check/named-checkconf.html48
-rw-r--r--bin/check/named-checkzone.8174
-rw-r--r--bin/check/named-checkzone.c2
-rw-r--r--bin/check/named-checkzone.docbook157
-rw-r--r--bin/check/named-checkzone.html162
-rw-r--r--bin/confgen/Makefile.in8
-rw-r--r--bin/confgen/ddns-confgen.8104
-rw-r--r--bin/confgen/ddns-confgen.docbook67
-rw-r--r--bin/confgen/ddns-confgen.html56
-rw-r--r--bin/confgen/rndc-confgen.8122
-rw-r--r--bin/confgen/rndc-confgen.docbook73
-rw-r--r--bin/confgen/rndc-confgen.html90
-rw-r--r--bin/dig/Makefile.in4
-rw-r--r--bin/dig/dig.1347
-rw-r--r--bin/dig/dig.c41
-rw-r--r--bin/dig/dig.docbook120
-rw-r--r--bin/dig/dig.html123
-rw-r--r--bin/dig/dighost.c4
-rw-r--r--bin/dig/host.1132
-rw-r--r--bin/dig/host.docbook80
-rw-r--r--bin/dig/host.html71
-rw-r--r--bin/dig/nslookup.1129
-rw-r--r--bin/dig/nslookup.docbook77
-rw-r--r--bin/dig/nslookup.html62
-rw-r--r--bin/dnssec/Makefile.in6
-rw-r--r--bin/dnssec/dnssec-dsfromkey.8110
-rw-r--r--bin/dnssec/dnssec-dsfromkey.docbook114
-rw-r--r--bin/dnssec/dnssec-dsfromkey.html42
-rw-r--r--bin/dnssec/dnssec-importkey.890
-rw-r--r--bin/dnssec/dnssec-importkey.docbook99
-rw-r--r--bin/dnssec/dnssec-importkey.html45
-rw-r--r--bin/dnssec/dnssec-keyfromlabel.8196
-rw-r--r--bin/dnssec/dnssec-keyfromlabel.docbook111
-rw-r--r--bin/dnssec/dnssec-keyfromlabel.html58
-rw-r--r--bin/dnssec/dnssec-keygen.8242
-rw-r--r--bin/dnssec/dnssec-keygen.docbook126
-rw-r--r--bin/dnssec/dnssec-keygen.html62
-rw-r--r--bin/dnssec/dnssec-revoke.863
-rw-r--r--bin/dnssec/dnssec-revoke.c3
-rw-r--r--bin/dnssec/dnssec-revoke.docbook65
-rw-r--r--bin/dnssec/dnssec-revoke.html30
-rw-r--r--bin/dnssec/dnssec-settime.8102
-rw-r--r--bin/dnssec/dnssec-settime.c3
-rw-r--r--bin/dnssec/dnssec-settime.docbook92
-rw-r--r--bin/dnssec/dnssec-settime.html52
-rw-r--r--bin/dnssec/dnssec-signzone.8282
-rw-r--r--bin/dnssec/dnssec-signzone.c16
-rw-r--r--bin/dnssec/dnssec-signzone.docbook135
-rw-r--r--bin/dnssec/dnssec-signzone.html102
-rw-r--r--bin/dnssec/dnssec-verify.876
-rw-r--r--bin/dnssec/dnssec-verify.docbook65
-rw-r--r--bin/dnssec/dnssec-verify.html36
-rw-r--r--bin/named/Makefile.in4
-rw-r--r--bin/named/client.c12
-rw-r--r--bin/named/config.c6
-rw-r--r--bin/named/control.c107
-rw-r--r--bin/named/controlconf.c6
-rw-r--r--bin/named/include/named/log.h4
-rw-r--r--bin/named/include/named/query.h3
-rw-r--r--bin/named/include/named/server.h43
-rw-r--r--bin/named/lwdgrbn.c20
-rw-r--r--bin/named/lwresd.8150
-rw-r--r--bin/named/lwresd.docbook89
-rw-r--r--bin/named/lwresd.html52
-rw-r--r--bin/named/main.c30
-rw-r--r--bin/named/named.8227
-rw-r--r--bin/named/named.conf.5245
-rw-r--r--bin/named/named.conf.docbook143
-rw-r--r--bin/named/named.conf.html89
-rw-r--r--bin/named/named.docbook107
-rw-r--r--bin/named/named.html75
-rw-r--r--bin/named/query.c166
-rw-r--r--bin/named/server.c346
-rw-r--r--bin/named/statschannel.c8
-rw-r--r--bin/named/unix/include/named/os.h7
-rw-r--r--bin/named/unix/os.c37
-rw-r--r--bin/named/xfrout.c14
-rw-r--r--bin/nsupdate/Makefile.in4
-rw-r--r--bin/nsupdate/nsupdate.1274
-rw-r--r--bin/nsupdate/nsupdate.c34
-rw-r--r--bin/nsupdate/nsupdate.docbook152
-rw-r--r--bin/nsupdate/nsupdate.html125
-rw-r--r--bin/rndc/Makefile.in4
-rw-r--r--bin/rndc/rndc.8247
-rw-r--r--bin/rndc/rndc.conf.5131
-rw-r--r--bin/rndc/rndc.conf.docbook53
-rw-r--r--bin/rndc/rndc.conf.html50
-rw-r--r--bin/rndc/rndc.docbook80
-rw-r--r--bin/rndc/rndc.html156
-rw-r--r--bin/tools/Makefile.in6
-rw-r--r--bin/tools/arpaname.140
-rw-r--r--bin/tools/arpaname.docbook42
-rw-r--r--bin/tools/arpaname.html22
-rw-r--r--bin/tools/genrandom.844
-rw-r--r--bin/tools/genrandom.docbook53
-rw-r--r--bin/tools/genrandom.html28
-rw-r--r--bin/tools/isc-hmac-fixup.852
-rw-r--r--bin/tools/isc-hmac-fixup.docbook51
-rw-r--r--bin/tools/isc-hmac-fixup.html30
-rw-r--r--bin/tools/named-journalprint.854
-rw-r--r--bin/tools/named-journalprint.docbook47
-rw-r--r--bin/tools/named-journalprint.html30
-rw-r--r--bin/tools/nsec3hash.848
-rw-r--r--bin/tools/nsec3hash.docbook55
-rw-r--r--bin/tools/nsec3hash.html28
-rw-r--r--config.h.in8
-rw-r--r--configure.in129
-rw-r--r--doc/Makefile.in6
-rw-r--r--doc/arm/Bv9ARM-book.xml3766
-rw-r--r--doc/arm/Bv9ARM.ch01.html111
-rw-r--r--doc/arm/Bv9ARM.ch02.html51
-rw-r--r--doc/arm/Bv9ARM.ch03.html222
-rw-r--r--doc/arm/Bv9ARM.ch04.html1221
-rw-r--r--doc/arm/Bv9ARM.ch05.html39
-rw-r--r--doc/arm/Bv9ARM.ch06.html4573
-rw-r--r--doc/arm/Bv9ARM.ch07.html85
-rw-r--r--doc/arm/Bv9ARM.ch08.html43
-rw-r--r--doc/arm/Bv9ARM.ch09.html151
-rw-r--r--doc/arm/Bv9ARM.ch10.html192
-rw-r--r--doc/arm/Bv9ARM.ch11.html279
-rw-r--r--doc/arm/Bv9ARM.ch12.html231
-rw-r--r--doc/arm/Bv9ARM.ch13.html20
-rw-r--r--doc/arm/Bv9ARM.conf3
-rw-r--r--doc/arm/Bv9ARM.html316
-rw-r--r--doc/arm/Bv9ARM.pdfbin1361042 -> 1135210 bytes
-rw-r--r--doc/arm/Makefile.in68
-rw-r--r--doc/arm/README-SGML342
-rw-r--r--doc/arm/dnssec.xml146
-rwxr-xr-xdoc/arm/html-fixup.pl20
-rw-r--r--doc/arm/libdns.xml193
-rw-r--r--doc/arm/logging-categories.xml378
-rw-r--r--doc/arm/man.arpaname.html24
-rw-r--r--doc/arm/man.ddns-confgen.html58
-rw-r--r--doc/arm/man.dig.html127
-rw-r--r--doc/arm/man.dnssec-checkds.html38
-rw-r--r--doc/arm/man.dnssec-coverage.html36
-rw-r--r--doc/arm/man.dnssec-dsfromkey.html54
-rw-r--r--doc/arm/man.dnssec-importkey.html182
-rw-r--r--doc/arm/man.dnssec-keyfromlabel.html68
-rw-r--r--doc/arm/man.dnssec-keygen.html66
-rw-r--r--doc/arm/man.dnssec-revoke.html32
-rw-r--r--doc/arm/man.dnssec-settime.html56
-rw-r--r--doc/arm/man.dnssec-signzone.html104
-rw-r--r--doc/arm/man.dnssec-verify.html38
-rw-r--r--doc/arm/man.genrandom.html30
-rw-r--r--doc/arm/man.host.html73
-rw-r--r--doc/arm/man.isc-hmac-fixup.html32
-rw-r--r--doc/arm/man.lwresd.html258
-rw-r--r--doc/arm/man.named-checkconf.html50
-rw-r--r--doc/arm/man.named-checkzone.html164
-rw-r--r--doc/arm/man.named-journalprint.html40
-rw-r--r--doc/arm/man.named.conf.html677
-rw-r--r--doc/arm/man.named.html87
-rw-r--r--doc/arm/man.nsec3hash.html30
-rw-r--r--doc/arm/man.nsupdate.html129
-rw-r--r--doc/arm/man.rndc-confgen.html92
-rw-r--r--doc/arm/man.rndc.conf.html52
-rw-r--r--doc/arm/man.rndc.html160
-rw-r--r--doc/arm/managed-keys.xml46
-rw-r--r--doc/arm/notes-wrapper.xml18
-rw-r--r--doc/arm/notes.conf3
-rw-r--r--doc/arm/notes.html119
-rw-r--r--doc/arm/notes.pdfbin65687 -> 43434 bytes
-rw-r--r--doc/arm/notes.xml148
-rw-r--r--doc/arm/noteversion.xml.in17
-rw-r--r--doc/arm/pkcs11.xml152
-rw-r--r--doc/arm/pkgversion.xml.in17
-rw-r--r--doc/arm/releaseinfo.xml.in17
-rw-r--r--doc/misc/options70
-rw-r--r--doc/misc/rfc-compliance2
-rw-r--r--isc-config.sh.in2
-rw-r--r--lib/bind9/Makefile.in4
-rw-r--r--lib/bind9/api2
-rw-r--r--lib/bind9/check.c34
-rw-r--r--lib/bind9/include/bind9/Makefile.in4
-rw-r--r--lib/dns/Makefile.in8
-rw-r--r--lib/dns/acache.c12
-rw-r--r--lib/dns/api6
-rw-r--r--lib/dns/cache.c16
-rw-r--r--lib/dns/client.c8
-rw-r--r--lib/dns/dst_api.c15
-rw-r--r--lib/dns/dst_openssl.h2
-rw-r--r--lib/dns/forward.c5
-rw-r--r--lib/dns/gen.c8
-rw-r--r--lib/dns/include/dns/Makefile.in4
-rw-r--r--lib/dns/include/dns/dbiterator.h6
-rw-r--r--lib/dns/include/dns/forward.h5
-rw-r--r--lib/dns/include/dns/message.h11
-rw-r--r--lib/dns/include/dns/name.h14
-rw-r--r--lib/dns/include/dns/rbt.h60
-rw-r--r--lib/dns/include/dns/view.h8
-rw-r--r--lib/dns/include/dst/Makefile.in4
-rw-r--r--lib/dns/journal.c9
-rw-r--r--lib/dns/master.c58
-rw-r--r--lib/dns/message.c127
-rw-r--r--lib/dns/name.c229
-rw-r--r--lib/dns/nsec3.c6
-rw-r--r--lib/dns/openssl_link.c23
-rw-r--r--lib/dns/openssldh_link.c6
-rw-r--r--lib/dns/openssldsa_link.c6
-rw-r--r--lib/dns/opensslrsa_link.c5
-rw-r--r--lib/dns/rbt.c428
-rw-r--r--lib/dns/rbtdb.c162
-rw-r--r--lib/dns/rcode.c12
-rw-r--r--lib/dns/rdata.c235
-rw-r--r--lib/dns/rdata/any_255/tsig_250.c3
-rw-r--r--lib/dns/rdata/ch_3/a_1.c3
-rw-r--r--lib/dns/rdata/generic/afsdb_18.c3
-rw-r--r--lib/dns/rdata/generic/avc_258.c168
-rw-r--r--lib/dns/rdata/generic/avc_258.h35
-rw-r--r--lib/dns/rdata/generic/caa_257.c4
-rw-r--r--lib/dns/rdata/generic/cdnskey_60.c229
-rw-r--r--lib/dns/rdata/generic/cdnskey_60.h13
-rw-r--r--lib/dns/rdata/generic/cds_59.c202
-rw-r--r--lib/dns/rdata/generic/cds_59.h12
-rw-r--r--lib/dns/rdata/generic/cname_5.c3
-rw-r--r--lib/dns/rdata/generic/csync_62.c268
-rw-r--r--lib/dns/rdata/generic/csync_62.h33
-rw-r--r--lib/dns/rdata/generic/dlv_32769.c194
-rw-r--r--lib/dns/rdata/generic/dlv_32769.h12
-rw-r--r--lib/dns/rdata/generic/dname_39.c3
-rw-r--r--lib/dns/rdata/generic/dnskey_48.c231
-rw-r--r--lib/dns/rdata/generic/dnskey_48.h18
-rw-r--r--lib/dns/rdata/generic/ds_43.c79
-rw-r--r--lib/dns/rdata/generic/hip_55.c4
-rw-r--r--lib/dns/rdata/generic/ipseckey_45.c3
-rw-r--r--lib/dns/rdata/generic/key_25.c138
-rw-r--r--lib/dns/rdata/generic/key_25.h18
-rw-r--r--lib/dns/rdata/generic/lp_107.c3
-rw-r--r--lib/dns/rdata/generic/mb_7.c3
-rw-r--r--lib/dns/rdata/generic/md_3.c3
-rw-r--r--lib/dns/rdata/generic/mf_4.c3
-rw-r--r--lib/dns/rdata/generic/mg_8.c3
-rw-r--r--lib/dns/rdata/generic/minfo_14.c4
-rw-r--r--lib/dns/rdata/generic/mr_9.c3
-rw-r--r--lib/dns/rdata/generic/mx_15.c3
-rw-r--r--lib/dns/rdata/generic/naptr_35.c3
-rw-r--r--lib/dns/rdata/generic/ninfo_56.c196
-rw-r--r--lib/dns/rdata/generic/ninfo_56.h39
-rw-r--r--lib/dns/rdata/generic/ns_2.c3
-rw-r--r--lib/dns/rdata/generic/nsec3_50.c136
-rw-r--r--lib/dns/rdata/generic/nsec_47.c128
-rw-r--r--lib/dns/rdata/generic/nxt_30.c3
-rw-r--r--lib/dns/rdata/generic/ptr_12.c3
-rw-r--r--lib/dns/rdata/generic/rkey_57.c173
-rw-r--r--lib/dns/rdata/generic/rkey_57.h22
-rw-r--r--lib/dns/rdata/generic/rp_17.c3
-rw-r--r--lib/dns/rdata/generic/rrsig_46.c3
-rw-r--r--lib/dns/rdata/generic/rt_21.c3
-rw-r--r--lib/dns/rdata/generic/sig_24.c3
-rw-r--r--lib/dns/rdata/generic/sink_40.c283
-rw-r--r--lib/dns/rdata/generic/sink_40.h30
-rw-r--r--lib/dns/rdata/generic/smimea_53.c161
-rw-r--r--lib/dns/rdata/generic/smimea_53.h22
-rw-r--r--lib/dns/rdata/generic/soa_6.c3
-rw-r--r--lib/dns/rdata/generic/spf_99.c95
-rw-r--r--lib/dns/rdata/generic/ta_32768.c170
-rw-r--r--lib/dns/rdata/generic/ta_32768.h25
-rw-r--r--lib/dns/rdata/generic/talink_58.c269
-rw-r--r--lib/dns/rdata/generic/talink_58.h29
-rw-r--r--lib/dns/rdata/generic/tkey_249.c3
-rw-r--r--lib/dns/rdata/generic/tlsa_52.c80
-rw-r--r--lib/dns/rdata/generic/txt_16.c139
-rw-r--r--lib/dns/rdata/in_1/a6_38.c3
-rw-r--r--lib/dns/rdata/in_1/kx_36.c3
-rw-r--r--lib/dns/rdata/in_1/nsap-ptr_23.c3
-rw-r--r--lib/dns/rdata/in_1/px_26.c5
-rw-r--r--lib/dns/rdata/in_1/srv_33.c3
-rw-r--r--lib/dns/resolver.c103
-rw-r--r--lib/dns/rootns.c4
-rw-r--r--lib/dns/sdlz.c12
-rw-r--r--lib/dns/tkey.c9
-rw-r--r--lib/dns/update.c9
-rw-r--r--lib/dns/view.c19
-rw-r--r--lib/dns/xfrin.c19
-rw-r--r--lib/dns/zone.c73
-rw-r--r--lib/export/dns/Makefile.in9
-rw-r--r--lib/export/dns/include/dns/Makefile.in4
-rw-r--r--lib/export/dns/include/dst/Makefile.in4
-rw-r--r--lib/export/irs/Makefile.in4
-rw-r--r--lib/export/irs/include/irs/Makefile.in4
-rw-r--r--lib/export/isc/Makefile.in4
-rw-r--r--lib/export/isc/include/isc/Makefile.in4
-rw-r--r--lib/export/isc/nothreads/include/isc/Makefile.in4
-rw-r--r--lib/export/isc/pthreads/include/isc/Makefile.in4
-rw-r--r--lib/export/isc/unix/include/isc/Makefile.in2
-rw-r--r--lib/export/isccfg/Makefile.in4
-rw-r--r--lib/export/isccfg/include/isccfg/Makefile.in4
-rw-r--r--lib/export/samples/Makefile.in4
-rw-r--r--lib/irs/Makefile.in4
-rw-r--r--lib/irs/resconf.c5
-rw-r--r--lib/isc/Makefile.in4
-rw-r--r--lib/isc/alpha/include/isc/Makefile.in4
-rw-r--r--lib/isc/api6
-rw-r--r--lib/isc/base32.c4
-rw-r--r--lib/isc/base64.c4
-rw-r--r--lib/isc/buffer.c4
-rw-r--r--lib/isc/commandline.c2
-rw-r--r--lib/isc/hash.c151
-rw-r--r--lib/isc/hex.c4
-rw-r--r--lib/isc/httpd.c98
-rw-r--r--lib/isc/ia64/include/isc/Makefile.in4
-rw-r--r--lib/isc/include/isc/Makefile.in4
-rw-r--r--lib/isc/include/isc/assertions.h10
-rw-r--r--lib/isc/include/isc/error.h4
-rw-r--r--lib/isc/include/isc/file.h6
-rw-r--r--lib/isc/include/isc/hash.h41
-rw-r--r--lib/isc/include/isc/magic.h8
-rw-r--r--lib/isc/include/isc/netaddr.h8
-rw-r--r--lib/isc/include/isc/platform.h.in10
-rw-r--r--lib/isc/include/isc/result.h5
-rw-r--r--lib/isc/include/isc/sockaddr.h8
-rw-r--r--lib/isc/include/isc/socket.h6
-rw-r--r--lib/isc/include/isc/util.h13
-rw-r--r--lib/isc/md5.c4
-rw-r--r--lib/isc/mem.c58
-rw-r--r--lib/isc/mips/include/isc/Makefile.in4
-rw-r--r--lib/isc/netaddr.c18
-rw-r--r--lib/isc/noatomic/include/isc/Makefile.in4
-rw-r--r--lib/isc/nothreads/include/isc/Makefile.in4
-rw-r--r--lib/isc/powerpc/include/isc/Makefile.in4
-rw-r--r--lib/isc/pthreads/include/isc/Makefile.in4
-rw-r--r--lib/isc/result.c1
-rw-r--r--lib/isc/sockaddr.c25
-rw-r--r--lib/isc/sparc64/include/isc/Makefile.in4
-rw-r--r--lib/isc/stats.c78
-rw-r--r--lib/isc/string.c6
-rw-r--r--lib/isc/task.c4
-rw-r--r--lib/isc/unix/file.c15
-rw-r--r--lib/isc/unix/include/isc/Makefile.in4
-rw-r--r--lib/isc/unix/net.c4
-rw-r--r--lib/isc/unix/socket.c94
-rw-r--r--lib/isc/x86_32/include/isc/Makefile.in4
-rw-r--r--lib/isc/x86_32/include/isc/atomic.h26
-rw-r--r--lib/isc/x86_64/include/isc/Makefile.in4
-rw-r--r--lib/isc/x86_64/include/isc/atomic.h33
-rw-r--r--lib/isccc/Makefile.in2
-rw-r--r--lib/isccc/cc.c41
-rw-r--r--lib/isccc/include/isccc/Makefile.in4
-rw-r--r--lib/isccc/sexpr.c56
-rw-r--r--lib/isccfg/Makefile.in4
-rw-r--r--lib/isccfg/aclconf.c9
-rw-r--r--lib/isccfg/api2
-rw-r--r--lib/isccfg/include/isccfg/Makefile.in4
-rw-r--r--lib/isccfg/namedconf.c119
-rw-r--r--lib/isccfg/parser.c9
-rw-r--r--lib/lwres/Makefile.in4
-rw-r--r--lib/lwres/man/Makefile.in4
-rw-r--r--lib/lwres/man/lwres.3126
-rw-r--r--lib/lwres/man/lwres.docbook68
-rw-r--r--lib/lwres/man/lwres.html47
-rw-r--r--lib/lwres/man/lwres_buffer.3174
-rw-r--r--lib/lwres/man/lwres_buffer.docbook37
-rw-r--r--lib/lwres/man/lwres_buffer.html187
-rw-r--r--lib/lwres/man/lwres_config.373
-rw-r--r--lib/lwres/man/lwres_config.docbook46
-rw-r--r--lib/lwres/man/lwres_config.html68
-rw-r--r--lib/lwres/man/lwres_context.3110
-rw-r--r--lib/lwres/man/lwres_context.docbook42
-rw-r--r--lib/lwres/man/lwres_context.html118
-rw-r--r--lib/lwres/man/lwres_gabn.3115
-rw-r--r--lib/lwres/man/lwres_gabn.docbook44
-rw-r--r--lib/lwres/man/lwres_gabn.html121
-rw-r--r--lib/lwres/man/lwres_gai_strerror.352
-rw-r--r--lib/lwres/man/lwres_gai_strerror.docbook34
-rw-r--r--lib/lwres/man/lwres_gai_strerror.html26
-rw-r--r--lib/lwres/man/lwres_getaddrinfo.3111
-rw-r--r--lib/lwres/man/lwres_getaddrinfo.docbook42
-rw-r--r--lib/lwres/man/lwres_getaddrinfo.html49
-rw-r--r--lib/lwres/man/lwres_gethostent.3153
-rw-r--r--lib/lwres/man/lwres_gethostent.docbook48
-rw-r--r--lib/lwres/man/lwres_gethostent.html170
-rw-r--r--lib/lwres/man/lwres_getipnode.3101
-rw-r--r--lib/lwres/man/lwres_getipnode.docbook40
-rw-r--r--lib/lwres/man/lwres_getipnode.html72
-rw-r--r--lib/lwres/man/lwres_getnameinfo.377
-rw-r--r--lib/lwres/man/lwres_getnameinfo.docbook46
-rw-r--r--lib/lwres/man/lwres_getnameinfo.html58
-rw-r--r--lib/lwres/man/lwres_getrrsetbyname.375
-rw-r--r--lib/lwres/man/lwres_getrrsetbyname.docbook44
-rw-r--r--lib/lwres/man/lwres_getrrsetbyname.html53
-rw-r--r--lib/lwres/man/lwres_gnba.3112
-rw-r--r--lib/lwres/man/lwres_gnba.docbook44
-rw-r--r--lib/lwres/man/lwres_gnba.html121
-rw-r--r--lib/lwres/man/lwres_hstrerror.352
-rw-r--r--lib/lwres/man/lwres_hstrerror.docbook40
-rw-r--r--lib/lwres/man/lwres_hstrerror.html37
-rw-r--r--lib/lwres/man/lwres_inetntop.352
-rw-r--r--lib/lwres/man/lwres_inetntop.docbook42
-rw-r--r--lib/lwres/man/lwres_inetntop.html40
-rw-r--r--lib/lwres/man/lwres_noop.3112
-rw-r--r--lib/lwres/man/lwres_noop.docbook42
-rw-r--r--lib/lwres/man/lwres_noop.html121
-rw-r--r--lib/lwres/man/lwres_packet.397
-rw-r--r--lib/lwres/man/lwres_packet.docbook34
-rw-r--r--lib/lwres/man/lwres_packet.html43
-rw-r--r--lib/lwres/man/lwres_resutil.3102
-rw-r--r--lib/lwres/man/lwres_resutil.docbook40
-rw-r--r--lib/lwres/man/lwres_resutil.html89
-rw-r--r--make/rules.in4
-rw-r--r--version4
412 files changed, 19781 insertions, 16054 deletions
diff --git a/CHANGES b/CHANGES
index b2bd38aab91f..5b9e552bb7d3 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,96 @@
- --- 9.9.8-P4 released ---
+ --- 9.9.9-P3 released ---
+
+4467. [security] It was possible to trigger a assertion when rendering
+ a message. (CVE-2016-2776) [RT #43139]
+
+ --- 9.9.9-P2 released ---
+
+4406. [bug] getrrsetbyname with a non absolute name could
+ trigger an infinite recursion bug in lwresd
+ and named with lwres configured if when combined
+ with a search list entry the resulting name is
+ too long. (CVE-2016-2775) [RT #42694]
+
+4405. [bug] Change 4342 introduced a regression where you could
+ not remove a delegation in a NSEC3 signed zone using
+ OPTOUT via nsupdate. [RT #42702]
+
+4387. [bug] Change 4336 was not complete leading to SERVFAIL
+ being return as NS records expired. [RT #42683]
+
+ --- 9.9.9-P1 released ---
+
+4366. [bug] Address race condition when updating rbtnode bit
+ fields. [RT #42379]
+
+4363. [port] win32: Disable explicit triggering UAC when running
+ BINDInstall.
+
+ --- 9.9.9 released ---
+
+ --- 9.9.9rc1 released ---
+
+4347. [port] Corrected a build error on x86_64 Solaris. [RT #42150]
+
+4346. [bug] Fixed a regression introduced in change #4337 which
+ caused signed domains with revoked KSKs to fail
+ validation. [RT #42147]
+
+4345. [contrib] perftcpdns mishandled the return values from
+ clock_nanosleep. [RT #42131]
+
+4344. [port] Address openssl version differences. [RT #42059]
+
+ --- 9.9.9b2 released ---
+
+4342. [bug] 'rndc flushtree' could fail to clean the tree if there
+ wasn't a node at the specified name. [RT #41846]
+
+4338. [bug] Reimplement change 4324 as it wasn't properly doing
+ all the required book keeping. [RT #41941]
+
+4337. [bug] The previous change exposed a latent flaw in
+ key refresh queries for managed-keys when
+ a cached DNSKEY had TTL 0. [RT #41986]
+
+4336. [bug] Don't emit records with zero ttl unless the records
+ were learnt with a zero ttl. [RT #41687]
+
+4335. [bug] zone->view could be detached too early. [RT #41942]
+
+4333. [maint] L.ROOT-SERVERS.NET is now 199.7.83.42 and
+ 2001:500:9f::42.
+
+4331. [func] When loading managed signed zones detect if the
+ RRSIG's inception time is in the future and regenerate
+ the RRSIG immediately. [RT #41808]
+
+4330. [protocol] Identify the PAD option as "PAD" when printing out
+ a message.
+
+ --- 9.9.9b1 released ---
+
+4329. [func] Warn about a common misconfiguration when forwarding
+ RFC 1918 zones. [RT #41441]
+
+4328. [performance] Add dns_name_fromwire() benchmark test. [RT #41694]
+
+4327. [func] Log query and depth counters during fetches when
+ querytrace (./configure --enable-querytrace) is
+ enabled (helps in diagnosing). [RT #41787]
+
+4326. [protocol] Add support for AVC. [RT #41819]
+
+4324. [bug] When deleting records from a zone database, interior
+ nodes could be left empty but not deleted, damaging
+ search performance afterward. [RT #40997]
+
+4323. [bug] Improve HTTP header processing on statschannel.
+ [RT #41674]
+
+4320. [bug] Insufficient memory allocation when handling
+ "none" ACL could cause an assertion failure in
+ named when parsing ACL configuration. [RT #41745]
4319. [security] Fix resolver assertion failure due to improper
DNAME handling when parsing fetch reply messages.
@@ -7,20 +99,122 @@
4318. [security] Malformed control messages can trigger assertions
in named and rndc. (CVE-2016-1285) [RT #41666]
- --- 9.9.8-P3 released ---
+4317. [bug] Age all unused servers on fetch timeout. [RT #41597]
+
+4315. [bug] Check that configured view class isn't a meta class.
+ [RT #41572].
+
+4314. [contrib] Added 'dnsperf-2.1.0.0-1', a set of performance
+ testing tools provided by Nominum, Inc.
+
+4313. [bug] Handle ns_client_replace failures in test mode.
+ [RT #41190]
+
+4312. [bug] dig's unknown DNS and EDNS flags (MBZ value) logging
+ was not consistent. [RT #41600]
+
+4311. [bug] Prevent "rndc delzone" from being used on
+ response-policy zones. [RT #41593]
+
+4310. [performance] Use __builtin_expect() where available to annotate
+ conditions with known behavior. [RT #41411]
+
+4308. [func] Added operating system details to "named -V"
+ output. [RT #41452]
+
+4306. [maint] Added a PKCS#11 openssl patch supporting
+ version 1.0.2f [RT #38312]
+
+4305. [bug] dnssec-signzone was not removing unnecessary rrsigs
+ from the zone's apex. [RT #41483]
+
+4304. [port] xfer system test failed as 'tail -n +value' is not
+ portable. [RT #41315]
+
+4302. [port] win32: fixed a build error in VS 2015. [RT #41426]
+
+4300. [cleanup] Added new querytrace logging. [RT #41155]
+
+4299. [bug] Check that exactly totallen bytes are read when
+ reading a RRset from raw files in both single read
+ and incremental modes. [RT #41402]
+
+4297. [bug] RPZ zones with errors could cause a crash when a
+ pointer was cleaned up twice. [RT #41518]
+
+4295. [bug] An unchecked result in dns_message_pseudosectiontotext()
+ could allow incorrect text formatting of EDNS EXPIRE
+ options. [RT #41437]
+
+4294. [bug] Fixed a regression in which "rndc stop -p" failed
+ to print the PID. [RT #41513]
+
+4293. [bug] Address memory leak on priming query creation failure.
+ [RT #41512]
+
+4292. [bug] Build lib/export/dns/gen with native compiler.
+ [RT #41502]
+
+4291. [cleanup] Added a required include to dns/forward.h. [RT #41474]
+
+4289. [bug] The server could crash due to memory being used
+ after it was freed if a zone transfer timed out.
+ [RT #41297]
4288. [bug] Fixed a regression in resolver.c:possibly_mark()
which caused known-bogus servers to be queried
anyway. [RT #41321]
+4287. [bug] Silence an overly noisy log message when message
+ parsing fails. [RT #41374]
+
4285. [security] Specific APL data could trigger a INSIST.
(CVE-2015-8704) [RT #41396]
- --- 9.9.8-P2 released ---
+4283. [bug] OPENSSL_config is no longer re-callable. [RT #41348]
+
+4281. [bug] Teach dns_message_totext about BADCOOKIE. [RT #41257]
+
+4280. [performance] Use optimal message sizes to improve compression
+ in AXFRs. This reduces network traffic. [RT #40996]
+
+4277. [performance] Improve performance of the RBT, the central zone
+ datastructure: The aux hashtable was improved,
+ hash function was updated to perform more
+ uniform mapping, uppernode was added to
+ dns_rbtnode, and other cleanups and performance
+ improvements were made. [RT #41165]
+
+4276. [protocol] Add support for SMIMEA. [RT #40513]
+
+4274. [performance] Speed up typemap processing from text. [RT #41196]
+
+4272. [bug] dig: the +norrcomments option didn't work with +multi.
+ [RT #41234]
+
+4271. [test] Unit tests could deadlock in isc__taskmgr_pause().
+ [RT #41235]
4270. [security] Update allowed OpenSSL versions as named is
potentially vulnerable to CVE-2015-3193.
+4267. [test] Check sdlz error handling. [RT #41142]
+
+4266. [bug] The sdlz driver failed to pass some errors back to
+ the caller. [RT #41142]
+
+4265. [bug] Address unchecked isc_mem_get calls. [RT #41187]
+
+4264. [bug] Check const of strchr/strrchr assignments match
+ argument's const status. [RT #41150]
+
+4262. [bug] Fixed a bug in epoll socket code that caused
+ sockets to not be registered for ready
+ notification in some cases, causing named to not
+ read from or write to them, resulting in what
+ appear to the user as blocked connections.
+ [RT #41067]
+
4261. [maint] H.ROOT-SERVERS.NET is 198.97.190.53 and 2001:500:1::53.
[RT #40556]
@@ -29,10 +223,123 @@
triggering a REQUIRE failure when those records
were subsequently cached. (CVE-2015-8000) [RT #40987]
+4258. [bug] Limit rndc query message sizes to 32 KiB. This should
+ not break any legitimate rndc commands, but will
+ prevent a rogue rndc query from allocating too
+ much memory. [RT #41073]
+
+4257. [cleanup] Python scripts reported incorrect version. [RT #41080]
+
+4256. [bug] Allow rndc command arguments to be quoted so as
+ to allow spaces. [RT #36665]
+
+4254. [bug] Address missing lock when getting zone's serial.
+ [RT #41072]
+
4253. [security] Address fetch context reference count handling error
- on socket error. (CVE-2015-8461) [RT#40945]
+ on socket error. (CVE-2015-8461) [RT#40945]
+
+4248. [performance] Add an isc_atomic_storeq() function, use it in
+ stats counters to improve performance.
+ [RT #39972] [RT #39979]
+
+4244. [bug] The parser was not reporting that use-ixfr is obsolete.
+ [RT #41010]
+
+4241. [doc] Improved the TSIG, TKEY, and SIG(0) sections in
+ the ARM. [RT #40955]
+
+4240. [port] Fix LibreSSL compatibility. [RT #40977]
+
+4238. [bug] Don't send to servers on net zero (0.0.0.0/8).
+ [RT #40947]
+
+4237. [doc] Upgraded documentation toolchain to use DocBook 5
+ and dblatex. [RT #40766]
+
+4236. [performance] On machines with 2 or more processors (CPU), the
+ default value for the number of UDP listeners
+ has been changed to the number of detected
+ processors minus one. [RT #40761]
+
+4233. [test] Add tests for CDS and CDNSKEY with delegation-only.
+ [RT #40597]
+
+4232. [contrib] Address unchecked memory allocation calls in
+ query-loc and zone2ldap. [RT #40789]
+
+4229. [bug] A variable could be used uninitialized in
+ dns_update_signaturesinc. [RT #40784]
+
+4228. [bug] Address race condition in dns_client_destroyrestrans.
+ [RT #40605]
+
+4227. [bug] Silence static analysis warnings. [RT #40828]
+
+4226. [bug] Address a theoretical shutdown race in
+ zone.c:notify_send_queue(). [RT #38958]
+
+4225. [port] freebsd/openbsd: Use '${CC} -shared' for building
+ shared libraries. [RT #39557]
+
+4221. [bug] Resource leak on DNS_R_NXDOMAIN in fctx_create.
+ [RT #40583]
+
+4220. [doc] Improve documentation for zone-statistics.
+ [RT #36955]
+
+4219. [bug] Set event->result to ISC_R_WOULDBLOCK on EWOULDBLOCK,
+ EGAIN when these soft error are not retried for
+ isc_socket_send*().
+
+4217. [protocol] Add support for CSYNC. [RT #40532]
+
+4216. [cleanup] Silence static analysis warnings. [RT #40649]
+
+4215. [bug] nsupdate: skip to next request on GSSTKEY create
+ failure. [RT #40685]
+
+4214. [protocol] Add support for TALINK. [RT #40544]
+
+4213. [bug] Don't reuse a cache across multiple classes.
+ [RT #40205]
+
+4210. [cleanup] Silence use after free false positive. [RT #40743]
+
+4208. [bug] Address null pointer dereferences on out of memory.
+ [RT #40764]
+
+4207. [bug] Handle class mismatches with raw zone files.
+ [RT #40746]
+
+4205. [bug] 'named-checkconf -p' could include unwanted spaces
+ when printing tuples with unset optional fields.
+ [RT #40731]
+
+4204. [bug] 'dig +trace' failed to lookup the correct type if
+ the initial root NS query was retried. [RT #40296]
+
+4202. [bug] isccc_cc_fromwire() could return an incorrect
+ result. [RT #40614]
+
+4201. [func] The default preferred-glue is now the address record
+ type of the transport the query was received
+ over. [RT #40468]
+
+4200. [cleanup] win32: update BINDinstall to be BIND release
+ independent. [RT #38915]
+
+4199. [protocol] Add support for NINFO, RKEY, SINK, TA.
+ [RT #40545] [RT #40547] [RT #40561] [RT #40563]
+
+4198. [doc] Add fetch-quota-params, fetches-per-server, and
+ fetches-per-zone to doc/misc/options. [RT #40601]
+
+4196. [doc] Improve how "enum + other" types are documented.
+ [RT #40608]
- --- 9.9.8-P1 (withdrawn) ---
+4194. [bug] named-checkconf -p failed to properly print a port
+ range. [RT #40634]
--- 9.9.8 released ---
@@ -47,7 +354,7 @@
4191. [protocol] Accept DNS-SD non LDH PTR records in reverse zones
as per RFC 6763. [RT #37889]
-4190. [protocol] Accept Active Diretory gc._msdcs.<forest> name as
+4190. [protocol] Accept Active Directory gc._msdcs.<forest> name as
valid with check-names. <forest> still needs to be
LDH. [RT #40399]
diff --git a/FAQ b/FAQ
index 2b71a1930af0..6a75e8af81a1 100644
--- a/FAQ
+++ b/FAQ
@@ -1,10 +1,6 @@
-Frequently Asked Questions about BIND 9
-
-Copyright © 2004-2010, 2013, 2014 Internet Systems Consortium, Inc.
+Copyright ? 2000-2010, 2013-2016 Internet Systems Consortium, Inc.
("ISC")
-Copyright © 2000-2003 Internet Software Consortium.
-
-----------------------------------------------------------------------
1. Compilation and Installation Questions
@@ -94,7 +90,7 @@ Q: I'm trying to use TSIG to authenticate dynamic updates or zone
rejecting the TSIG. Why?
A: This may be a clock skew problem. Check that the the clocks on the
- client and server are properly synchronised (e.g., using ntp).
+ client and server are properly synchronized (e.g., using ntp).
Q: I see a log message like the following. Why?
diff --git a/FAQ.xml b/FAQ.xml
index 9c56f8123f7e..3ba9d9129366 100644
--- a/FAQ.xml
+++ b/FAQ.xml
@@ -1,7 +1,5 @@
-<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" []>
<!--
- - Copyright (C) 2004-2010, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2010, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -17,10 +15,9 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: FAQ.xml,v 1.54 2010/01/19 23:48:55 tbox Exp $ -->
+<!-- Converted by db4-upgrade version 1.0 -->
+<article xmlns="http://docbook.org/ns/docbook" version="5.0" class="faq">
-<article class="faq">
- <title>Frequently Asked Questions about BIND 9</title>
<articleinfo>
<copyright>
<year>2004</year>
@@ -32,6 +29,8 @@
<year>2010</year>
<year>2013</year>
<year>2014</year>
+ <year>2015</year>
+ <year>2016</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -42,10 +41,10 @@
<holder>Internet Software Consortium.</holder>
</copyright>
</articleinfo>
- <qandaset defaultlabel='qanda'>
-
- <qandadiv><title>Compilation and Installation Questions</title>
-
+ <qandaset defaultlabel="qanda">
+
+ <qandadiv><title>Compilation and Installation Questions</title>
+
<qandaentry>
<question>
<para>
@@ -61,7 +60,7 @@
</para>
</answer>
</qandaentry>
-
+
<qandaentry>
<question>
<para>
@@ -70,7 +69,7 @@
</question>
<answer>
<para>
- Short Answer: No.
+ Short Answer: No.
</para>
<para>
Long Answer: There really isn't a default configuration which fits
@@ -93,9 +92,9 @@
</para>
</answer>
</qandaentry>
-
+
</qandadiv> <!-- Compilation and Installation Questions -->
-
+
<qandadiv><title>Configuration and Setup Questions</title>
<qandaentry>
@@ -125,7 +124,7 @@ example.com. 86400 IN SOA ns hostmaster ( 1 3600 1800 1814400 3600 )</programlis
</informalexample>
</answer>
</qandaentry>
-
+
<qandaentry>
<!-- configuration -->
<question>
@@ -223,7 +222,7 @@ view "chaos" chaos {
<answer>
<para>
This may be a clock skew problem. Check that the the clocks
- on the client and server are properly synchronised (e.g.,
+ on the client and server are properly synchronized (e.g.,
using ntp).
</para>
</answer>
@@ -251,7 +250,7 @@ view "chaos" chaos {
</para>
</answer>
</qandaentry>
-
+
<qandaentry>
<question>
<para>
@@ -266,7 +265,7 @@ view "chaos" chaos {
</para>
</answer>
</qandaentry>
-
+
<qandaentry>
<question>
<para>
@@ -359,7 +358,7 @@ Slave 10.0.1.2:
</informalexample>
</answer>
</qandaentry>
-
+
<qandaentry>
<question>
<para>
@@ -392,7 +391,7 @@ named-checkzone example.com tmp</programlisting>
</para>
</answer>
</qandaentry>
-
+
<qandaentry>
<question>
<para>
@@ -416,7 +415,7 @@ named-checkzone example.com tmp</programlisting>
</para>
</answer>
</qandaentry>
-
+
<qandaentry>
<question>
<para>
@@ -501,7 +500,7 @@ Master 10.0.1.1:
You are running chrooted (-t) and have not supplied local timezone
information in the chroot area.
</para>
- <simplelist>
+ <simplelist type="vert">
<member>FreeBSD: /etc/localtime</member>
<member>Solaris: /etc/TIMEZONE and /usr/share/lib/zoneinfo</member>
<member>OSF: /etc/zoneinfo/localtime</member>
@@ -511,7 +510,7 @@ Master 10.0.1.1:
</para>
</answer>
</qandaentry>
-
+
<qandaentry>
<question>
<para>
@@ -551,7 +550,7 @@ Master 10.0.1.1:
</para>
</answer>
</qandaentry>
-
+
<qandaentry>
<question>
<para>
@@ -603,7 +602,7 @@ zone "example.net" {
</informalexample>
</answer>
</qandaentry>
-
+
<qandaentry>
<question>
<para>
@@ -694,9 +693,9 @@ server ::/0 { bogus yes; };
</programlisting>
</answer>
</qandaentry>
-
+
</qandadiv> <!-- Configuration and Setup Questions -->
-
+
<qandadiv><title>Operations Questions</title>
<qandaentry>
@@ -768,7 +767,7 @@ server ::/0 { bogus yes; };
</qandadiv> <!-- Operations Questions -->
<qandadiv><title>General Questions</title>
-
+
<qandaentry>
<question>
<para>
@@ -807,14 +806,13 @@ server ::/0 { bogus yes; };
of sending dynamic update requests to DNS servers without
being specifically configured to do so. If the update
requests are coming from a Windows 2000 machine, see
- <ulink
- url="http://support.microsoft.com/support/kb/articles/q246/8/04.asp">
- &lt;http://support.microsoft.com/support/kb/articles/q246/8/04.asp&gt;</ulink>
+ <link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="http://support.microsoft.com/support/kb/articles/q246/8/04.asp">
+ &lt;http://support.microsoft.com/support/kb/articles/q246/8/04.asp&gt;</link>
for information about how to turn them off.
</para>
</answer>
</qandaentry>
-
+
<qandaentry>
<question>
<para>
@@ -849,7 +847,7 @@ server ::/0 { bogus yes; };
</para>
</answer>
</qandaentry>
-
+
<qandaentry>
<question>
<para>
@@ -867,7 +865,7 @@ server ::/0 { bogus yes; };
</para>
</answer>
</qandaentry>
-
+
<qandaentry>
<question>
<para>
@@ -883,7 +881,7 @@ server ::/0 { bogus yes; };
</para>
</answer>
</qandaentry>
-
+
<qandaentry>
<question>
<para>
@@ -910,7 +908,7 @@ serial-query-rate 5; // default 20</programlisting>
</answer>
</qandaentry>
- <qandaentry>
+ <qandaentry>
<question>
<para>
I don't get RRSIG's returned when I use "dig +dnssec".
@@ -922,7 +920,7 @@ serial-query-rate 5; // default 20</programlisting>
</para>
</answer>
</qandaentry>
-
+
<qandaentry>
<question>
<para>
@@ -959,7 +957,7 @@ serial-query-rate 5; // default 20</programlisting>
usage rules and are leaking queries to the Internet. You
should establish your own zones for these addresses to prevent
you querying the Internet's name servers for these addresses.
- Please see <ulink url="http://as112.net/">&lt;http://as112.net/&gt;</ulink>
+ Please see <link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="http://as112.net/">&lt;http://as112.net/&gt;</link>
for details of the problems you are causing and the counter
measures that have had to be deployed.
</para>
@@ -1006,7 +1004,7 @@ empty:
</para>
</answer>
</qandaentry>
-
+
<qandaentry>
<question>
<para>
@@ -1083,9 +1081,9 @@ empty:
</qandaentry>
</qandadiv> <!-- General Questions -->
-
+
<qandadiv><title>Operating-System Specific Questions</title>
-
+
<qandadiv><title>HPUX</title>
<qandaentry>
@@ -1113,9 +1111,9 @@ configure: error: need either working unistd.h or sys/select.h</programlisting>
</qandadiv> <!-- HPUX -->
<qandadiv><title>Linux</title>
-
+
<qandaentry>
- <question>
+ <question>
<para>
Why do I get the following errors:
<programlisting>general: errno2result.c:109: unexpected error:
@@ -1129,7 +1127,7 @@ client: UDP client handler shutting down due to fatal receive error: unexpected
</para>
<para>
See:
- <ulink url="http://marc.theaimsgroup.com/?l=linux-netdev&amp;m=113081708031466&amp;w=2">&lt;http://marc.theaimsgroup.com/?l=linux-netdev&amp;m=113081708031466&amp;w=2&gt;</ulink>
+ <link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="http://marc.theaimsgroup.com/?l=linux-netdev&amp;m=113081708031466&amp;w=2">&lt;http://marc.theaimsgroup.com/?l=linux-netdev&amp;m=113081708031466&amp;w=2&gt;</link>
</para>
</answer>
</qandaentry>
@@ -1146,9 +1144,9 @@ client: UDP client handler shutting down due to fatal receive error: unexpected
non-blocking is ignored. It is reported that setting
xfrm_larval_drop to 1 helps but this may have negative side effects.
See:
-<ulink url="https://bugzilla.redhat.com/show_bug.cgi?id=427629">&lt;https://bugzilla.redhat.com/show_bug.cgi?id=427629&gt;</ulink>
+<link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://bugzilla.redhat.com/show_bug.cgi?id=427629">&lt;https://bugzilla.redhat.com/show_bug.cgi?id=427629&gt;</link>
and
-<ulink url="http://lkml.org/lkml/2007/12/4/260">&lt;http://lkml.org/lkml/2007/12/4/260&gt;</ulink>.
+<link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="http://lkml.org/lkml/2007/12/4/260">&lt;http://lkml.org/lkml/2007/12/4/260&gt;</link>.
</para>
<para>
xfrm_larval_drop can be set to 1 by the following procedure:
@@ -1178,7 +1176,7 @@ echo "1" &gt; proc/sys/net/core/xfrm_larval_drop</programlisting>
</para>
</answer>
</qandaentry>
-
+
<qandaentry>
<question>
<para>
@@ -1197,7 +1195,7 @@ echo "1" &gt; proc/sys/net/core/xfrm_larval_drop</programlisting>
</para>
</answer>
</qandaentry>
-
+
<qandaentry>
<question>
<para>
@@ -1218,7 +1216,7 @@ modprobe capability</programlisting>
</para>
</answer>
</qandaentry>
-
+
<qandaentry>
<question>
<para>
@@ -1244,8 +1242,7 @@ modprobe capability</programlisting>
<para>
Red Hat have adopted the National Security Agency's
- SELinux security policy (see <ulink
- url="http://www.nsa.gov/selinux">&lt;http://www.nsa.gov/selinux&gt;</ulink>)
+ SELinux security policy (see <link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="http://www.nsa.gov/selinux">&lt;http://www.nsa.gov/selinux&gt;</link>)
and recommendations for BIND security , which are more
secure than running named in a chroot and make use of
the bind-chroot environment unnecessary .
@@ -1279,7 +1276,7 @@ $ROOTDIR/var/tmp
able to write or create files except in the directories
above, with SELinux in Enforcing mode.
</para>
-
+
<para>
So, to allow named to update slave or DDNS zone files,
it is best to locate them in $ROOTDIR/var/named/slaves,
@@ -1290,7 +1287,7 @@ zone "slave.zone." IN {
type slave;
file "slaves/slave.zone.db";
...
-};
+};
zone "ddns.zone." IN {
type master;
allow-updates {...};
@@ -1323,13 +1320,13 @@ options {
system-config-securitylevel GUI, using the 'setsebool'
command, or in /etc/selinux/targeted/booleans.
</para>
-
+
<para>
You can disable SELinux protection for named entirely by
setting the 'named_disable_trans=1' SELinux tunable boolean
parameter.
</para>
-
+
<para>
The SELinux named policy defines these SELinux contexts for named:
<informalexample>
@@ -1340,7 +1337,7 @@ named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,d
</programlisting>
</informalexample>
</para>
-
+
<para>
If you want to retain use of the SELinux policy for named,
and put named files in different locations, you can do
@@ -1358,7 +1355,7 @@ named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,d
</programlisting>
</informalexample>
</para>
-
+
<para>
To create a custom modifiable named data location, e.g.
'/var/log/named' for a log file, do:
@@ -1368,7 +1365,7 @@ named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,d
</programlisting>
</informalexample>
</para>
-
+
<para>
To create a custom zone file location, e.g. /root/zones/, do:
<informalexample>
@@ -1377,7 +1374,7 @@ named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,d
</programlisting>
</informalexample>
</para>
-
+
<para>
See these man-pages for more information : selinux(8),
named_selinux(8), chcon(1), setsebool(8)
@@ -1403,8 +1400,8 @@ named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,d
</question>
<answer>
<para>
- Ubuntu uses AppArmor <ulink url="http://en.wikipedia.org/wiki/AppArmor">
- &lt;http://en.wikipedia.org/wiki/AppArmor&gt;</ulink> in
+ Ubuntu uses AppArmor <link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="http://en.wikipedia.org/wiki/AppArmor">
+ &lt;http://en.wikipedia.org/wiki/AppArmor&gt;</link> in
addition to normal file system permissions to protect the system.
</para>
<para>
@@ -1438,11 +1435,11 @@ proc /var/named/proc proc defaults 0 0</programlisting>
</para>
</answer>
</qandaentry>
-
+
</qandadiv> <!-- Linux -->
-
+
<qandadiv><title>Windows</title>
-
+
<qandaentry>
<question>
<para>
@@ -1463,7 +1460,7 @@ proc /var/named/proc proc defaults 0 0</programlisting>
</para>
</answer>
</qandaentry>
-
+
<qandaentry>
<question>
<para>
@@ -1489,11 +1486,11 @@ options {
</informalexample>
</answer>
</qandaentry>
-
+
</qandadiv> <!-- Windows -->
-
+
<qandadiv><title>FreeBSD</title>
-
+
<qandaentry>
<question>
<para>
@@ -1513,16 +1510,16 @@ rand_irqs="3 14 15"</programlisting>
</informalexample>
<para>
See also
- <ulink url="http://people.freebsd.org/~dougb/randomness.html">
- &lt;http://people.freebsd.org/~dougb/randomness.html&gt;</ulink>.
+ <link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="http://people.freebsd.org/~dougb/randomness.html">
+ &lt;http://people.freebsd.org/~dougb/randomness.html&gt;</link>.
</para>
</answer>
</qandaentry>
-
+
</qandadiv> <!-- FreeBSD -->
-
+
<qandadiv><title>Solaris</title>
-
+
<qandaentry>
<question>
<para>
@@ -1534,15 +1531,14 @@ rand_irqs="3 14 15"</programlisting>
Sun has a blog entry describing how to do this.
</para>
<para>
- <ulink
- url="http://blogs.sun.com/roller/page/anay/Weblog?catname=%2FSolaris">
+ <link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="http://blogs.sun.com/roller/page/anay/Weblog?catname=%2FSolaris">
&lt;http://blogs.sun.com/roller/page/anay/Weblog?catname=%2FSolaris&gt;
- </ulink>
+ </link>
</para>
</answer>
</qandaentry>
-
- </qandadiv>
+
+ </qandadiv> <!-- Solaris -->
<qandadiv><title>Apple Mac OS X</title>
@@ -1558,7 +1554,7 @@ rand_irqs="3 14 15"</programlisting>
</para>
<informalexample>
<programlisting>
-% sudo rndc-confgen > /etc/rndc.conf</programlisting>
+% sudo rndc-confgen &gt; /etc/rndc.conf</programlisting>
</informalexample>
<para>
Copy the key statement from /etc/rndc.conf into /etc/rndc.key, e.g.:
@@ -1606,8 +1602,8 @@ key "rndc-key" {
</answer>
</qandaentry>
- </qandadiv>
-
+ </qandadiv> <!-- Apple Mac OS X -->
+
</qandadiv> <!-- Operating-System Specific Questions -->
</qandaset>
diff --git a/FREEBSD-Xlist b/FREEBSD-Xlist
index a7936b6f3f36..7d75f3057884 100644
--- a/FREEBSD-Xlist
+++ b/FREEBSD-Xlist
@@ -2,6 +2,7 @@
# Misc. stuff
.cvsignore
+.gitattributes
bin/named/bindkeys.pl
bin/pkcs11
bin/python
@@ -33,6 +34,7 @@ doc/arm/latex-fixup.pl
doc/draft
doc/doxygen
doc/rfc
+doc/tex
doc/xsl
# Windows directories
diff --git a/Makefile.in b/Makefile.in
index 2c5985f81f47..4f7f5a64b0ee 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004-2009, 2011-2014 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2009, 2011-2015 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2002 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -19,7 +19,7 @@ srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
SUBDIRS = make unit lib bin doc @LIBEXPORT@
TARGETS =
@@ -32,6 +32,9 @@ MANOBJS = ${MANPAGES} ${HTMLPAGES}
@BIND9_MAKE_RULES@
+newrr:
+ cd lib/dns; ${MAKE} newrr
+
distclean::
rm -f config.cache config.h config.log config.status TAGS
rm -f libtool isc-config.sh configure.lineno
diff --git a/README b/README
index d0aab2c0bb6f..d0b35568976e 100644
--- a/README
+++ b/README
@@ -51,27 +51,29 @@ BIND 9
For up-to-date release notes and errata, see
http://www.isc.org/software/bind9/releasenotes
-BIND 9.9.8-P4
+BIND 9.9.9-P3
- BIND 9.9.8-P4 is a security release addressing the flaws
- described in CVE-2016-1285 and CVE-2016-1286.
+ This version contains a fix for CVE-2016-2776.
-BIND 9.9.8-P3
+BIND 9.9.9-P2
- BIND 9.9.8-P3 is a security release addressing the flaw described in
- CVE-2015-8704. It also fixes a serious regression in authoritative
- server selection that was introduced in 9.9.8.
+ This version contains a fix for CVE-2016-2775 and addresses
+ two regressions introduced with BIND 9.9.9.
-BIND 9.9.8-P2
+BIND 9.9.9-P1
- BIND 9.9.8-P2 is a security release addressing the flaws
- described in CVE-2015-3193 (OpenSSL), CVE-2015-8000 and
- CVE-2015-8461.
+ This version contains two urgent fixes to BIND 9.9.9:
+ 1) Windows installation was failing without manual updating
+ of BINDinstall's attributes.
+ 2) A race condition was causing instability in the rbt
+ tree state.
-BIND 9.9.8-P1
+BIND 9.9.9
- BIND 9.9.8-P1 was incomplete and was withdrawn prior to
- publication.
+ BIND 9.9.9 is a maintenance release and addresses bugs found
+ in BIND 9.9.8 and earlier, as well as the security flaws
+ described in CVE-2015-8000, CVE-2015-8461, CVE-2015-8704,
+ CVE-2016-1285, and CVE-2016-1286.
BIND 9.9.8
@@ -313,7 +315,7 @@ Building
a nonstandard prefix, you can tell configure where to
look for it using "--with-openssl=/prefix".
- On some platforms it is necessary to explictly request large
+ On some platforms it is necessary to explicitly request large
file support to handle files bigger than 2GB. This can be
done by "--enable-largefile" on the configure command line.
@@ -425,9 +427,11 @@ Change Log
server addresses and keys
[tuning] Changes to built-in configuration defaults
- and constants to improve performanceo
+ and constants to improve performance
- [protocol] Updates to the DNS protocol such as new
+ [performance] Other changes to improve server performance
+
+ [protocol] Updates to the DNS protocol such as new
RR types
[test] Changes to the automatic tests, not
diff --git a/acconfig.h b/acconfig.h
index 14eca17cf821..762b11ba4473 100644
--- a/acconfig.h
+++ b/acconfig.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2008, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2008, 2012, 2014, 2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -149,3 +149,6 @@ int sigwait(const unsigned int *set, int *sig);
/* Define if threads need PTHREAD_SCOPE_SYSTEM */
#undef NEED_PTHREAD_SCOPE_SYSTEM
+
+/* Define to 1 if you have the uname library function. */
+#undef HAVE_UNAME
diff --git a/bin/check/Makefile.in b/bin/check/Makefile.in
index b88be3cb85bf..fb6c304db5dc 100644
--- a/bin/check/Makefile.in
+++ b/bin/check/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004-2007, 2009, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2007, 2009, 2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2000-2003 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -19,7 +19,7 @@ srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
@BIND9_MAKE_INCLUDES@
diff --git a/bin/check/named-checkconf.8 b/bin/check/named-checkconf.8
index ad6c497f3a31..cab8e22f8a00 100644
--- a/bin/check/named-checkconf.8
+++ b/bin/check/named-checkconf.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2002 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,115 +13,131 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id$
-.\"
.hy 0
.ad l
-.\" Title: named\-checkconf
+'\" t
+.\" Title: named-checkconf
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: January 10, 2014
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 2014-01-10
.\" Manual: BIND9
-.\" Source: BIND9
+.\" Source: ISC
+.\" Language: English
.\"
-.TH "NAMED\-CHECKCONF" "8" "January 10, 2014" "BIND9" "BIND9"
+.TH "NAMED\-CHECKCONF" "8" "2014\-01\-10" "ISC" "BIND9"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
.SH "NAME"
-named\-checkconf \- named configuration file syntax checking tool
+named-checkconf \- named configuration file syntax checking tool
.SH "SYNOPSIS"
-.HP 16
+.HP \w'\fBnamed\-checkconf\fR\ 'u
\fBnamed\-checkconf\fR [\fB\-h\fR] [\fB\-v\fR] [\fB\-j\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] {filename} [\fB\-p\fR] [\fB\-x\fR] [\fB\-z\fR]
.SH "DESCRIPTION"
.PP
\fBnamed\-checkconf\fR
checks the syntax, but not the semantics, of a
\fBnamed\fR
-configuration file. The file is parsed and checked for syntax errors, along with all files included by it. If no file is specified,
-\fI/etc/named.conf\fR
-is read by default.
+configuration file\&. The file is parsed and checked for syntax errors, along with all files included by it\&. If no file is specified,
+/etc/named\&.conf
+is read by default\&.
.PP
Note: files that
\fBnamed\fR
reads in separate parser contexts, such as
-\fIrndc.key\fR
+rndc\&.key
and
-\fIbind.keys\fR, are not automatically read by
-\fBnamed\-checkconf\fR. Configuration errors in these files may cause
+bind\&.keys, are not automatically read by
+\fBnamed\-checkconf\fR\&. Configuration errors in these files may cause
\fBnamed\fR
to fail to run, even if
\fBnamed\-checkconf\fR
-was successful.
+was successful\&.
\fBnamed\-checkconf\fR
-can be run on these files explicitly, however.
+can be run on these files explicitly, however\&.
.SH "OPTIONS"
.PP
\-h
.RS 4
-Print the usage summary and exit.
+Print the usage summary and exit\&.
.RE
.PP
\-t \fIdirectory\fR
.RS 4
Chroot to
-\fIdirectory\fR
-so that include directives in the configuration file are processed as if run by a similarly chrooted named.
+directory
+so that include directives in the configuration file are processed as if run by a similarly chrooted named\&.
.RE
.PP
\-v
.RS 4
Print the version of the
\fBnamed\-checkconf\fR
-program and exit.
+program and exit\&.
.RE
.PP
\-p
.RS 4
Print out the
-\fInamed.conf\fR
-and included files in canonical form if no errors were detected.
+named\&.conf
+and included files in canonical form if no errors were detected\&.
.RE
.PP
\-x
.RS 4
-When printing the configuration files in canonical form, obscure shared secrets by replacing them with strings of question marks ('?'). This allows the contents of
-\fInamed.conf\fR
-and related files to be shared \(em for example, when submitting bug reports \(em without compromising private data. This option cannot be used without
-\fB\-p\fR.
+When printing the configuration files in canonical form, obscure shared secrets by replacing them with strings of question marks (\*(Aq?\*(Aq)\&. This allows the contents of
+named\&.conf
+and related files to be shared \(em for example, when submitting bug reports \(em without compromising private data\&. This option cannot be used without
+\fB\-p\fR\&.
.RE
.PP
\-z
.RS 4
Perform a test load of all master zones found in
-\fInamed.conf\fR.
+named\&.conf\&.
.RE
.PP
\-j
.RS 4
-When loading a zonefile read the journal if it exists.
+When loading a zonefile read the journal if it exists\&.
.RE
.PP
filename
.RS 4
-The name of the configuration file to be checked. If not specified, it defaults to
-\fI/etc/named.conf\fR.
+The name of the configuration file to be checked\&. If not specified, it defaults to
+/etc/named\&.conf\&.
.RE
.SH "RETURN VALUES"
.PP
\fBnamed\-checkconf\fR
-returns an exit status of 1 if errors were detected and 0 otherwise.
+returns an exit status of 1 if errors were detected and 0 otherwise\&.
.SH "SEE ALSO"
.PP
\fBnamed\fR(8),
-\fBnamed\-checkzone\fR(8),
-BIND 9 Administrator Reference Manual.
+\fBnamed-checkzone\fR(8),
+BIND 9 Administrator Reference Manual\&.
.SH "AUTHOR"
.PP
-Internet Systems Consortium
+\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
-Copyright \(co 2000\-2002 Internet Software Consortium.
+Copyright \(co 2004, 2005, 2007, 2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000-2002 Internet Software Consortium.
.br
diff --git a/bin/check/named-checkconf.c b/bin/check/named-checkconf.c
index a2a0856de475..be05a35e7b01 100644
--- a/bin/check/named-checkconf.c
+++ b/bin/check/named-checkconf.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007, 2009-2015 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2009-2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -421,15 +421,27 @@ configure_view(const char *vclass, const char *view, const cfg_obj_t *config,
return (result);
}
+static isc_result_t
+config_getclass(const cfg_obj_t *classobj, dns_rdataclass_t defclass,
+ dns_rdataclass_t *classp)
+{
+ isc_textregion_t r;
+
+ if (!cfg_obj_isstring(classobj)) {
+ *classp = defclass;
+ return (ISC_R_SUCCESS);
+ }
+ DE_CONST(cfg_obj_asstring(classobj), r.base);
+ r.length = strlen(r.base);
+ return (dns_rdataclass_fromtext(classp, &r));
+}
/*% load zones from the configuration */
static isc_result_t
load_zones_fromconfig(const cfg_obj_t *config, isc_mem_t *mctx) {
const cfg_listelt_t *element;
- const cfg_obj_t *classobj;
const cfg_obj_t *views;
const cfg_obj_t *vconfig;
- const char *vclass;
isc_result_t result = ISC_R_SUCCESS;
isc_result_t tresult;
@@ -440,17 +452,24 @@ load_zones_fromconfig(const cfg_obj_t *config, isc_mem_t *mctx) {
element != NULL;
element = cfg_list_next(element))
{
+ const cfg_obj_t *classobj;
+ dns_rdataclass_t viewclass;
const char *vname;
+ char buf[sizeof("CLASS65535")];
- vclass = "IN";
vconfig = cfg_listelt_value(element);
- if (vconfig != NULL) {
- classobj = cfg_tuple_get(vconfig, "class");
- if (cfg_obj_isstring(classobj))
- vclass = cfg_obj_asstring(classobj);
- }
+ if (vconfig == NULL)
+ continue;
+
+ classobj = cfg_tuple_get(vconfig, "class");
+ CHECK(config_getclass(classobj, dns_rdataclass_in,
+ &viewclass));
+ if (dns_rdataclass_ismeta(viewclass))
+ CHECK(ISC_R_FAILURE);
+
+ dns_rdataclass_format(viewclass, buf, sizeof(buf));
vname = cfg_obj_asstring(cfg_tuple_get(vconfig, "name"));
- tresult = configure_view(vclass, vname, config, vconfig, mctx);
+ tresult = configure_view(buf, vname, config, vconfig, mctx);
if (tresult != ISC_R_SUCCESS)
result = tresult;
}
@@ -460,6 +479,8 @@ load_zones_fromconfig(const cfg_obj_t *config, isc_mem_t *mctx) {
if (tresult != ISC_R_SUCCESS)
result = tresult;
}
+
+cleanup:
return (result);
}
diff --git a/bin/check/named-checkconf.docbook b/bin/check/named-checkconf.docbook
index a5e50334e2ae..87b68f365df9 100644
--- a/bin/check/named-checkconf.docbook
+++ b/bin/check/named-checkconf.docbook
@@ -1,8 +1,7 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
+<!DOCTYPE book [
+<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2002 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,9 +17,14 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<refentry id="man.named-checkconf">
+<!-- Converted by db4-upgrade version 1.0 -->
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.named-checkconf">
+ <info>
+ <date>2014-01-10</date>
+ </info>
<refentryinfo>
- <date>January 10, 2014</date>
+ <corpname>ISC</corpname>
+ <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
</refentryinfo>
<refmeta>
@@ -36,6 +40,7 @@
<year>2007</year>
<year>2009</year>
<year>2014</year>
+ <year>2015</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -52,21 +57,21 @@
</refnamediv>
<refsynopsisdiv>
- <cmdsynopsis>
+ <cmdsynopsis sepchar=" ">
<command>named-checkconf</command>
- <arg><option>-h</option></arg>
- <arg><option>-v</option></arg>
- <arg><option>-j</option></arg>
- <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
- <arg choice="req">filename</arg>
- <arg><option>-p</option></arg>
- <arg><option>-x</option></arg>
- <arg><option>-z</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-h</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-v</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-j</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
+ <arg choice="req" rep="norepeat">filename</arg>
+ <arg choice="opt" rep="norepeat"><option>-p</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-x</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-z</option></arg>
</cmdsynopsis>
</refsynopsisdiv>
- <refsect1>
- <title>DESCRIPTION</title>
+ <refsection><info><title>DESCRIPTION</title></info>
+
<para><command>named-checkconf</command>
checks the syntax, but not the semantics, of a
<command>named</command> configuration file. The file is parsed
@@ -84,10 +89,10 @@
successful. <command>named-checkconf</command> can be run
on these files explicitly, however.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>OPTIONS</title></info>
- <refsect1>
- <title>OPTIONS</title>
<variablelist>
<varlistentry>
@@ -176,18 +181,18 @@
</variablelist>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>RETURN VALUES</title></info>
- <refsect1>
- <title>RETURN VALUES</title>
<para><command>named-checkconf</command>
returns an exit status of 1 if
errors were detected and 0 otherwise.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>SEE ALSO</title></info>
- <refsect1>
- <title>SEE ALSO</title>
<para><citerefentry>
<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
@@ -196,16 +201,5 @@
</citerefentry>,
<citetitle>BIND 9 Administrator Reference Manual</citetitle>.
</para>
- </refsect1>
-
- <refsect1>
- <title>AUTHOR</title>
- <para><corpauthor>Internet Systems Consortium</corpauthor>
- </para>
- </refsect1>
-
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->
+ </refsection>
+</refentry>
diff --git a/bin/check/named-checkconf.html b/bin/check/named-checkconf.html
index 8caabf260e1e..89524ab0db15 100644
--- a/bin/check/named-checkconf.html
+++ b/bin/check/named-checkconf.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2002 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,14 +14,13 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>named-checkconf</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
<a name="man.named-checkconf"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -31,29 +30,29 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [<code class="option">-h</code>] [<code class="option">-v</code>] [<code class="option">-j</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename} [<code class="option">-p</code>] [<code class="option">-x</code>] [<code class="option">-z</code>]</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543411"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">named-checkconf</strong></span>
+<div class="refsection">
+<a name="id-1.7"></a><h2>DESCRIPTION</h2>
+<p><span class="command"><strong>named-checkconf</strong></span>
checks the syntax, but not the semantics, of a
- <span><strong class="command">named</strong></span> configuration file. The file is parsed
+ <span class="command"><strong>named</strong></span> configuration file. The file is parsed
and checked for syntax errors, along with all files included by it.
If no file is specified, <code class="filename">/etc/named.conf</code> is read
by default.
</p>
<p>
- Note: files that <span><strong class="command">named</strong></span> reads in separate
+ Note: files that <span class="command"><strong>named</strong></span> reads in separate
parser contexts, such as <code class="filename">rndc.key</code> and
<code class="filename">bind.keys</code>, are not automatically read
- by <span><strong class="command">named-checkconf</strong></span>. Configuration
- errors in these files may cause <span><strong class="command">named</strong></span> to
- fail to run, even if <span><strong class="command">named-checkconf</strong></span> was
- successful. <span><strong class="command">named-checkconf</strong></span> can be run
+ by <span class="command"><strong>named-checkconf</strong></span>. Configuration
+ errors in these files may cause <span class="command"><strong>named</strong></span> to
+ fail to run, even if <span class="command"><strong>named-checkconf</strong></span> was
+ successful. <span class="command"><strong>named-checkconf</strong></span> can be run
on these files explicitly, however.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543460"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
+<div class="refsection">
+<a name="id-1.8"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-h</span></dt>
<dd><p>
Print the usage summary and exit.
@@ -66,7 +65,7 @@
</p></dd>
<dt><span class="term">-v</span></dt>
<dd><p>
- Print the version of the <span><strong class="command">named-checkconf</strong></span>
+ Print the version of the <span class="command"><strong>named-checkconf</strong></span>
program and exit.
</p></dd>
<dt><span class="term">-p</span></dt>
@@ -100,24 +99,19 @@
</p></dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543604"></a><h2>RETURN VALUES</h2>
-<p><span><strong class="command">named-checkconf</strong></span>
+<div class="refsection">
+<a name="id-1.9"></a><h2>RETURN VALUES</h2>
+<p><span class="command"><strong>named-checkconf</strong></span>
returns an exit status of 1 if
errors were detected and 0 otherwise.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543616"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.10"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543645"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
- </p>
-</div>
</div></body>
</html>
diff --git a/bin/check/named-checkzone.8 b/bin/check/named-checkzone.8
index f9bba0e73de2..3f8ca0550d3a 100644
--- a/bin/check/named-checkzone.8
+++ b/bin/check/named-checkzone.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2007, 2009-2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2007, 2009-2011, 2013-2015 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2002 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,106 +13,121 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id$
-.\"
.hy 0
.ad l
-.\" Title: named\-checkzone
+'\" t
+.\" Title: named-checkzone
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: April 29, 2013
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 2013-04-29
.\" Manual: BIND9
-.\" Source: BIND9
+.\" Source: ISC
+.\" Language: English
.\"
-.TH "NAMED\-CHECKZONE" "8" "April 29, 2013" "BIND9" "BIND9"
+.TH "NAMED\-CHECKZONE" "8" "2013\-04\-29" "ISC" "BIND9"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
.SH "NAME"
-named\-checkzone, named\-compilezone \- zone file validity checking or converting tool
+named-checkzone, named-compilezone \- zone file validity checking or converting tool
.SH "SYNOPSIS"
-.HP 16
+.HP \w'\fBnamed\-checkzone\fR\ 'u
\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-h\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-T\ \fR\fB\fImode\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename}
-.HP 18
+.HP \w'\fBnamed\-compilezone\fR\ 'u
\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-T\ \fR\fB\fImode\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {\fB\-o\ \fR\fB\fIfilename\fR\fR} {zonename} {filename}
.SH "DESCRIPTION"
.PP
\fBnamed\-checkzone\fR
-checks the syntax and integrity of a zone file. It performs the same checks as
+checks the syntax and integrity of a zone file\&. It performs the same checks as
\fBnamed\fR
-does when loading a zone. This makes
+does when loading a zone\&. This makes
\fBnamed\-checkzone\fR
-useful for checking zone files before configuring them into a name server.
+useful for checking zone files before configuring them into a name server\&.
.PP
\fBnamed\-compilezone\fR
is similar to
-\fBnamed\-checkzone\fR, but it always dumps the zone contents to a specified file in a specified format. Additionally, it applies stricter check levels by default, since the dump output will be used as an actual zone file loaded by
-\fBnamed\fR. When manually specified otherwise, the check levels must at least be as strict as those specified in the
+\fBnamed\-checkzone\fR, but it always dumps the zone contents to a specified file in a specified format\&. Additionally, it applies stricter check levels by default, since the dump output will be used as an actual zone file loaded by
+\fBnamed\fR\&. When manually specified otherwise, the check levels must at least be as strict as those specified in the
\fBnamed\fR
-configuration file.
+configuration file\&.
.SH "OPTIONS"
.PP
\-d
.RS 4
-Enable debugging.
+Enable debugging\&.
.RE
.PP
\-h
.RS 4
-Print the usage summary and exit.
+Print the usage summary and exit\&.
.RE
.PP
\-q
.RS 4
-Quiet mode \- exit code only.
+Quiet mode \- exit code only\&.
.RE
.PP
\-v
.RS 4
Print the version of the
\fBnamed\-checkzone\fR
-program and exit.
+program and exit\&.
.RE
.PP
\-j
.RS 4
-When loading the zone file read the journal if it exists.
+When loading the zone file read the journal if it exists\&.
.RE
.PP
\-c \fIclass\fR
.RS 4
-Specify the class of the zone. If not specified, "IN" is assumed.
+Specify the class of the zone\&. If not specified, "IN" is assumed\&.
.RE
.PP
\-i \fImode\fR
.RS 4
-Perform post\-load zone integrity checks. Possible modes are
+Perform post\-load zone integrity checks\&. Possible modes are
\fB"full"\fR
(default),
\fB"full\-sibling"\fR,
\fB"local"\fR,
\fB"local\-sibling"\fR
and
-\fB"none"\fR.
+\fB"none"\fR\&.
.sp
Mode
\fB"full"\fR
-checks that MX records refer to A or AAAA record (both in\-zone and out\-of\-zone hostnames). Mode
+checks that MX records refer to A or AAAA record (both in\-zone and out\-of\-zone hostnames)\&. Mode
\fB"local"\fR
-only checks MX records which refer to in\-zone hostnames.
+only checks MX records which refer to in\-zone hostnames\&.
.sp
Mode
\fB"full"\fR
-checks that SRV records refer to A or AAAA record (both in\-zone and out\-of\-zone hostnames). Mode
+checks that SRV records refer to A or AAAA record (both in\-zone and out\-of\-zone hostnames)\&. Mode
\fB"local"\fR
-only checks SRV records which refer to in\-zone hostnames.
+only checks SRV records which refer to in\-zone hostnames\&.
.sp
Mode
\fB"full"\fR
-checks that delegation NS records refer to A or AAAA record (both in\-zone and out\-of\-zone hostnames). It also checks that glue address records in the zone match those advertised by the child. Mode
+checks that delegation NS records refer to A or AAAA record (both in\-zone and out\-of\-zone hostnames)\&. It also checks that glue address records in the zone match those advertised by the child\&. Mode
\fB"local"\fR
-only checks NS records which refer to in\-zone hostnames or that some required glue exists, that is when the nameserver is in a child zone.
+only checks NS records which refer to in\-zone hostnames or that some required glue exists, that is when the nameserver is in a child zone\&.
.sp
Mode
\fB"full\-sibling"\fR
@@ -122,25 +137,25 @@ disable sibling glue checks but are otherwise the same as
\fB"full"\fR
and
\fB"local"\fR
-respectively.
+respectively\&.
.sp
Mode
\fB"none"\fR
-disables the checks.
+disables the checks\&.
.RE
.PP
\-f \fIformat\fR
.RS 4
-Specify the format of the zone file. Possible formats are
+Specify the format of the zone file\&. Possible formats are
\fB"text"\fR
(default) and
-\fB"raw"\fR.
+\fB"raw"\fR\&.
.RE
.PP
\-F \fIformat\fR
.RS 4
-Specify the format of the output file specified. For
-\fBnamed\-checkzone\fR, this does not cause any effects unless it dumps the zone contents.
+Specify the format of the output file specified\&. For
+\fBnamed\-checkzone\fR, this does not cause any effects unless it dumps the zone contents\&.
.sp
Possible formats are
\fB"text"\fR
@@ -148,161 +163,162 @@ Possible formats are
\fB"raw"\fR
or
\fB"raw=N"\fR, which store the zone in a binary format for rapid loading by
-\fBnamed\fR.
+\fBnamed\fR\&.
\fB"raw=N"\fR
specifies the format version of the raw zone file: if N is 0, the raw file can be read by any version of
-\fBnamed\fR; if N is 1, the file can be read by release 9.9.0 or higher. The default is 1.
+\fBnamed\fR; if N is 1, the file can be read by release 9\&.9\&.0 or higher\&. The default is 1\&.
.RE
.PP
\-k \fImode\fR
.RS 4
Perform
\fB"check\-names"\fR
-checks with the specified failure mode. Possible modes are
+checks with the specified failure mode\&. Possible modes are
\fB"fail"\fR
(default for
\fBnamed\-compilezone\fR),
\fB"warn"\fR
(default for
\fBnamed\-checkzone\fR) and
-\fB"ignore"\fR.
+\fB"ignore"\fR\&.
.RE
.PP
\-L \fIserial\fR
.RS 4
-When compiling a zone to 'raw' format, set the "source serial" value in the header to the specified serial number. (This is expected to be used primarily for testing purposes.)
+When compiling a zone to \*(Aqraw\*(Aq format, set the "source serial" value in the header to the specified serial number\&. (This is expected to be used primarily for testing purposes\&.)
.RE
.PP
\-m \fImode\fR
.RS 4
-Specify whether MX records should be checked to see if they are addresses. Possible modes are
+Specify whether MX records should be checked to see if they are addresses\&. Possible modes are
\fB"fail"\fR,
\fB"warn"\fR
(default) and
-\fB"ignore"\fR.
+\fB"ignore"\fR\&.
.RE
.PP
\-M \fImode\fR
.RS 4
-Check if a MX record refers to a CNAME. Possible modes are
+Check if a MX record refers to a CNAME\&. Possible modes are
\fB"fail"\fR,
\fB"warn"\fR
(default) and
-\fB"ignore"\fR.
+\fB"ignore"\fR\&.
.RE
.PP
\-n \fImode\fR
.RS 4
-Specify whether NS records should be checked to see if they are addresses. Possible modes are
+Specify whether NS records should be checked to see if they are addresses\&. Possible modes are
\fB"fail"\fR
(default for
\fBnamed\-compilezone\fR),
\fB"warn"\fR
(default for
\fBnamed\-checkzone\fR) and
-\fB"ignore"\fR.
+\fB"ignore"\fR\&.
.RE
.PP
\-o \fIfilename\fR
.RS 4
Write zone output to
-\fIfilename\fR. If
-\fIfilename\fR
+filename\&. If
+filename
is
-\fI\-\fR
-then write to standard out. This is mandatory for
-\fBnamed\-compilezone\fR.
+\-
+then write to standard out\&. This is mandatory for
+\fBnamed\-compilezone\fR\&.
.RE
.PP
\-r \fImode\fR
.RS 4
-Check for records that are treated as different by DNSSEC but are semantically equal in plain DNS. Possible modes are
+Check for records that are treated as different by DNSSEC but are semantically equal in plain DNS\&. Possible modes are
\fB"fail"\fR,
\fB"warn"\fR
(default) and
-\fB"ignore"\fR.
+\fB"ignore"\fR\&.
.RE
.PP
\-s \fIstyle\fR
.RS 4
-Specify the style of the dumped zone file. Possible styles are
+Specify the style of the dumped zone file\&. Possible styles are
\fB"full"\fR
(default) and
-\fB"relative"\fR. The full format is most suitable for processing automatically by a separate script. On the other hand, the relative format is more human\-readable and is thus suitable for editing by hand. For
+\fB"relative"\fR\&. The full format is most suitable for processing automatically by a separate script\&. On the other hand, the relative format is more human\-readable and is thus suitable for editing by hand\&. For
\fBnamed\-checkzone\fR
-this does not cause any effects unless it dumps the zone contents. It also does not have any meaning if the output format is not text.
+this does not cause any effects unless it dumps the zone contents\&. It also does not have any meaning if the output format is not text\&.
.RE
.PP
\-S \fImode\fR
.RS 4
-Check if a SRV record refers to a CNAME. Possible modes are
+Check if a SRV record refers to a CNAME\&. Possible modes are
\fB"fail"\fR,
\fB"warn"\fR
(default) and
-\fB"ignore"\fR.
+\fB"ignore"\fR\&.
.RE
.PP
\-t \fIdirectory\fR
.RS 4
Chroot to
-\fIdirectory\fR
-so that include directives in the configuration file are processed as if run by a similarly chrooted named.
+directory
+so that include directives in the configuration file are processed as if run by a similarly chrooted named\&.
.RE
.PP
\-T \fImode\fR
.RS 4
-Check if Sender Policy Framework (SPF) records exist and issues a warning if an SPF\-formatted TXT record is not also present. Possible modes are
+Check if Sender Policy Framework (SPF) records exist and issues a warning if an SPF\-formatted TXT record is not also present\&. Possible modes are
\fB"warn"\fR
(default),
-\fB"ignore"\fR.
+\fB"ignore"\fR\&.
.RE
.PP
\-w \fIdirectory\fR
.RS 4
chdir to
-\fIdirectory\fR
-so that relative filenames in master file $INCLUDE directives work. This is similar to the directory clause in
-\fInamed.conf\fR.
+directory
+so that relative filenames in master file $INCLUDE directives work\&. This is similar to the directory clause in
+named\&.conf\&.
.RE
.PP
\-D
.RS 4
-Dump zone file in canonical format. This is always enabled for
-\fBnamed\-compilezone\fR.
+Dump zone file in canonical format\&. This is always enabled for
+\fBnamed\-compilezone\fR\&.
.RE
.PP
\-W \fImode\fR
.RS 4
-Specify whether to check for non\-terminal wildcards. Non\-terminal wildcards are almost always the result of a failure to understand the wildcard matching algorithm (RFC 1034). Possible modes are
+Specify whether to check for non\-terminal wildcards\&. Non\-terminal wildcards are almost always the result of a failure to understand the wildcard matching algorithm (RFC 1034)\&. Possible modes are
\fB"warn"\fR
(default) and
-\fB"ignore"\fR.
+\fB"ignore"\fR\&.
.RE
.PP
zonename
.RS 4
-The domain name of the zone being checked.
+The domain name of the zone being checked\&.
.RE
.PP
filename
.RS 4
-The name of the zone file.
+The name of the zone file\&.
.RE
.SH "RETURN VALUES"
.PP
\fBnamed\-checkzone\fR
-returns an exit status of 1 if errors were detected and 0 otherwise.
+returns an exit status of 1 if errors were detected and 0 otherwise\&.
.SH "SEE ALSO"
.PP
\fBnamed\fR(8),
-\fBnamed\-checkconf\fR(8),
+\fBnamed-checkconf\fR(8),
RFC 1035,
-BIND 9 Administrator Reference Manual.
+BIND 9 Administrator Reference Manual\&.
.SH "AUTHOR"
.PP
-Internet Systems Consortium
+\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
-Copyright \(co 2004\-2007, 2009\-2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
-Copyright \(co 2000\-2002 Internet Software Consortium.
+Copyright \(co 2004-2007, 2009-2011, 2013-2015 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000-2002 Internet Software Consortium.
.br
diff --git a/bin/check/named-checkzone.c b/bin/check/named-checkzone.c
index b1b871d09bd8..f731a1388a3f 100644
--- a/bin/check/named-checkzone.c
+++ b/bin/check/named-checkzone.c
@@ -58,7 +58,7 @@ dns_zone_t *zone = NULL;
dns_zonetype_t zonetype = dns_zone_master;
static int dumpzone = 0;
static const char *output_filename;
-static char *prog_name = NULL;
+static const char *prog_name = NULL;
static const dns_master_style_t *outputstyle = NULL;
static enum { progmode_check, progmode_compile } progmode;
diff --git a/bin/check/named-checkzone.docbook b/bin/check/named-checkzone.docbook
index f1590b55474a..31cd6a311691 100644
--- a/bin/check/named-checkzone.docbook
+++ b/bin/check/named-checkzone.docbook
@@ -1,8 +1,5 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004-2007, 2009-2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007, 2009-2011, 2013-2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2002 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,9 +15,14 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<refentry id="man.named-checkzone">
+<!-- Converted by db4-upgrade version 1.0 -->
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.named-checkzone">
+ <info>
+ <date>2013-04-29</date>
+ </info>
<refentryinfo>
- <date>April 29, 2013</date>
+ <corpname>ISC</corpname>
+ <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
</refentryinfo>
<refmeta>
@@ -40,6 +42,7 @@
<year>2011</year>
<year>2013</year>
<year>2014</year>
+ <year>2015</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -57,64 +60,64 @@
</refnamediv>
<refsynopsisdiv>
- <cmdsynopsis>
+ <cmdsynopsis sepchar=" ">
<command>named-checkzone</command>
- <arg><option>-d</option></arg>
- <arg><option>-h</option></arg>
- <arg><option>-j</option></arg>
- <arg><option>-q</option></arg>
- <arg><option>-v</option></arg>
- <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
- <arg><option>-f <replaceable class="parameter">format</replaceable></option></arg>
- <arg><option>-F <replaceable class="parameter">format</replaceable></option></arg>
- <arg><option>-i <replaceable class="parameter">mode</replaceable></option></arg>
- <arg><option>-k <replaceable class="parameter">mode</replaceable></option></arg>
- <arg><option>-m <replaceable class="parameter">mode</replaceable></option></arg>
- <arg><option>-M <replaceable class="parameter">mode</replaceable></option></arg>
- <arg><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
- <arg><option>-L <replaceable class="parameter">serial</replaceable></option></arg>
- <arg><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
- <arg><option>-r <replaceable class="parameter">mode</replaceable></option></arg>
- <arg><option>-s <replaceable class="parameter">style</replaceable></option></arg>
- <arg><option>-S <replaceable class="parameter">mode</replaceable></option></arg>
- <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
- <arg><option>-T <replaceable class="parameter">mode</replaceable></option></arg>
- <arg><option>-w <replaceable class="parameter">directory</replaceable></option></arg>
- <arg><option>-D</option></arg>
- <arg><option>-W <replaceable class="parameter">mode</replaceable></option></arg>
- <arg choice="req">zonename</arg>
- <arg choice="req">filename</arg>
+ <arg choice="opt" rep="norepeat"><option>-d</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-h</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-j</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-q</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-v</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">class</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-f <replaceable class="parameter">format</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-F <replaceable class="parameter">format</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-i <replaceable class="parameter">mode</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-k <replaceable class="parameter">mode</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-m <replaceable class="parameter">mode</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-M <replaceable class="parameter">mode</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-L <replaceable class="parameter">serial</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">mode</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-s <replaceable class="parameter">style</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-S <replaceable class="parameter">mode</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-T <replaceable class="parameter">mode</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-w <replaceable class="parameter">directory</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-D</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-W <replaceable class="parameter">mode</replaceable></option></arg>
+ <arg choice="req" rep="norepeat">zonename</arg>
+ <arg choice="req" rep="norepeat">filename</arg>
</cmdsynopsis>
- <cmdsynopsis>
+ <cmdsynopsis sepchar=" ">
<command>named-compilezone</command>
- <arg><option>-d</option></arg>
- <arg><option>-j</option></arg>
- <arg><option>-q</option></arg>
- <arg><option>-v</option></arg>
- <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
- <arg><option>-C <replaceable class="parameter">mode</replaceable></option></arg>
- <arg><option>-f <replaceable class="parameter">format</replaceable></option></arg>
- <arg><option>-F <replaceable class="parameter">format</replaceable></option></arg>
- <arg><option>-i <replaceable class="parameter">mode</replaceable></option></arg>
- <arg><option>-k <replaceable class="parameter">mode</replaceable></option></arg>
- <arg><option>-m <replaceable class="parameter">mode</replaceable></option></arg>
- <arg><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
- <arg><option>-L <replaceable class="parameter">serial</replaceable></option></arg>
- <arg><option>-r <replaceable class="parameter">mode</replaceable></option></arg>
- <arg><option>-s <replaceable class="parameter">style</replaceable></option></arg>
- <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
- <arg><option>-T <replaceable class="parameter">mode</replaceable></option></arg>
- <arg><option>-w <replaceable class="parameter">directory</replaceable></option></arg>
- <arg><option>-D</option></arg>
- <arg><option>-W <replaceable class="parameter">mode</replaceable></option></arg>
- <arg choice="req"><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
- <arg choice="req">zonename</arg>
- <arg choice="req">filename</arg>
+ <arg choice="opt" rep="norepeat"><option>-d</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-j</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-q</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-v</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">class</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-C <replaceable class="parameter">mode</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-f <replaceable class="parameter">format</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-F <replaceable class="parameter">format</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-i <replaceable class="parameter">mode</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-k <replaceable class="parameter">mode</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-m <replaceable class="parameter">mode</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-L <replaceable class="parameter">serial</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">mode</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-s <replaceable class="parameter">style</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-T <replaceable class="parameter">mode</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-w <replaceable class="parameter">directory</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-D</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-W <replaceable class="parameter">mode</replaceable></option></arg>
+ <arg choice="req" rep="norepeat"><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
+ <arg choice="req" rep="norepeat">zonename</arg>
+ <arg choice="req" rep="norepeat">filename</arg>
</cmdsynopsis>
</refsynopsisdiv>
- <refsect1>
- <title>DESCRIPTION</title>
+ <refsection><info><title>DESCRIPTION</title></info>
+
<para><command>named-checkzone</command>
checks the syntax and integrity of a zone file. It performs the
same checks as <command>named</command> does when loading a
@@ -132,10 +135,10 @@
least be as strict as those specified in the
<command>named</command> configuration file.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>OPTIONS</title></info>
- <refsect1>
- <title>OPTIONS</title>
<variablelist>
<varlistentry>
@@ -289,7 +292,7 @@
<term>-L <replaceable class="parameter">serial</replaceable></term>
<listitem>
<para>
- When compiling a zone to 'raw' format, set the "source serial"
+ When compiling a zone to 'raw' format, set the "source serial"
value in the header to the specified serial number. (This is
expected to be used primarily for testing purposes.)
</para>
@@ -352,7 +355,7 @@
<listitem>
<para>
Check for records that are treated as different by DNSSEC but
- are semantically equal in plain DNS.
+ are semantically equal in plain DNS.
Possible modes are <command>"fail"</command>,
<command>"warn"</command> (default) and
<command>"ignore"</command>.
@@ -473,37 +476,27 @@
</variablelist>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>RETURN VALUES</title></info>
- <refsect1>
- <title>RETURN VALUES</title>
<para><command>named-checkzone</command>
returns an exit status of 1 if
errors were detected and 0 otherwise.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>SEE ALSO</title></info>
- <refsect1>
- <title>SEE ALSO</title>
<para><citerefentry>
<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
- <refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum>
+ <refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citetitle>RFC 1035</citetitle>,
<citetitle>BIND 9 Administrator Reference Manual</citetitle>.
</para>
- </refsect1>
+ </refsection>
- <refsect1>
- <title>AUTHOR</title>
- <para><corpauthor>Internet Systems Consortium</corpauthor>
- </para>
- </refsect1>
-
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->
+</refentry>
diff --git a/bin/check/named-checkzone.html b/bin/check/named-checkzone.html
index 7d44053c252d..ec0173d2b608 100644
--- a/bin/check/named-checkzone.html
+++ b/bin/check/named-checkzone.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2007, 2009-2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007, 2009-2011, 2013-2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2002 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,14 +14,13 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>named-checkzone</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
<a name="man.named-checkzone"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -32,29 +31,29 @@
<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [<code class="option">-d</code>] [<code class="option">-h</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
<div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543747"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">named-checkzone</strong></span>
+<div class="refsection">
+<a name="id-1.7"></a><h2>DESCRIPTION</h2>
+<p><span class="command"><strong>named-checkzone</strong></span>
checks the syntax and integrity of a zone file. It performs the
- same checks as <span><strong class="command">named</strong></span> does when loading a
- zone. This makes <span><strong class="command">named-checkzone</strong></span> useful for
+ same checks as <span class="command"><strong>named</strong></span> does when loading a
+ zone. This makes <span class="command"><strong>named-checkzone</strong></span> useful for
checking zone files before configuring them into a name server.
</p>
<p>
- <span><strong class="command">named-compilezone</strong></span> is similar to
- <span><strong class="command">named-checkzone</strong></span>, but it always dumps the
+ <span class="command"><strong>named-compilezone</strong></span> is similar to
+ <span class="command"><strong>named-checkzone</strong></span>, but it always dumps the
zone contents to a specified file in a specified format.
Additionally, it applies stricter check levels by default,
since the dump output will be used as an actual zone file
- loaded by <span><strong class="command">named</strong></span>.
+ loaded by <span class="command"><strong>named</strong></span>.
When manually specified otherwise, the check levels must at
least be as strict as those specified in the
- <span><strong class="command">named</strong></span> configuration file.
+ <span class="command"><strong>named</strong></span> configuration file.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543782"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
+<div class="refsection">
+<a name="id-1.8"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-d</span></dt>
<dd><p>
Enable debugging.
@@ -69,7 +68,7 @@
</p></dd>
<dt><span class="term">-v</span></dt>
<dd><p>
- Print the version of the <span><strong class="command">named-checkzone</strong></span>
+ Print the version of the <span class="command"><strong>named-checkzone</strong></span>
program and exit.
</p></dd>
<dt><span class="term">-j</span></dt>
@@ -84,133 +83,133 @@
<dd>
<p>
Perform post-load zone integrity checks. Possible modes are
- <span><strong class="command">"full"</strong></span> (default),
- <span><strong class="command">"full-sibling"</strong></span>,
- <span><strong class="command">"local"</strong></span>,
- <span><strong class="command">"local-sibling"</strong></span> and
- <span><strong class="command">"none"</strong></span>.
+ <span class="command"><strong>"full"</strong></span> (default),
+ <span class="command"><strong>"full-sibling"</strong></span>,
+ <span class="command"><strong>"local"</strong></span>,
+ <span class="command"><strong>"local-sibling"</strong></span> and
+ <span class="command"><strong>"none"</strong></span>.
</p>
<p>
- Mode <span><strong class="command">"full"</strong></span> checks that MX records
+ Mode <span class="command"><strong>"full"</strong></span> checks that MX records
refer to A or AAAA record (both in-zone and out-of-zone
- hostnames). Mode <span><strong class="command">"local"</strong></span> only
+ hostnames). Mode <span class="command"><strong>"local"</strong></span> only
checks MX records which refer to in-zone hostnames.
</p>
<p>
- Mode <span><strong class="command">"full"</strong></span> checks that SRV records
+ Mode <span class="command"><strong>"full"</strong></span> checks that SRV records
refer to A or AAAA record (both in-zone and out-of-zone
- hostnames). Mode <span><strong class="command">"local"</strong></span> only
+ hostnames). Mode <span class="command"><strong>"local"</strong></span> only
checks SRV records which refer to in-zone hostnames.
</p>
<p>
- Mode <span><strong class="command">"full"</strong></span> checks that delegation NS
+ Mode <span class="command"><strong>"full"</strong></span> checks that delegation NS
records refer to A or AAAA record (both in-zone and out-of-zone
hostnames). It also checks that glue address records
in the zone match those advertised by the child.
- Mode <span><strong class="command">"local"</strong></span> only checks NS records which
+ Mode <span class="command"><strong>"local"</strong></span> only checks NS records which
refer to in-zone hostnames or that some required glue exists,
that is when the nameserver is in a child zone.
</p>
<p>
- Mode <span><strong class="command">"full-sibling"</strong></span> and
- <span><strong class="command">"local-sibling"</strong></span> disable sibling glue
- checks but are otherwise the same as <span><strong class="command">"full"</strong></span>
- and <span><strong class="command">"local"</strong></span> respectively.
+ Mode <span class="command"><strong>"full-sibling"</strong></span> and
+ <span class="command"><strong>"local-sibling"</strong></span> disable sibling glue
+ checks but are otherwise the same as <span class="command"><strong>"full"</strong></span>
+ and <span class="command"><strong>"local"</strong></span> respectively.
</p>
<p>
- Mode <span><strong class="command">"none"</strong></span> disables the checks.
+ Mode <span class="command"><strong>"none"</strong></span> disables the checks.
</p>
</dd>
<dt><span class="term">-f <em class="replaceable"><code>format</code></em></span></dt>
<dd><p>
Specify the format of the zone file.
- Possible formats are <span><strong class="command">"text"</strong></span> (default)
- and <span><strong class="command">"raw"</strong></span>.
+ Possible formats are <span class="command"><strong>"text"</strong></span> (default)
+ and <span class="command"><strong>"raw"</strong></span>.
</p></dd>
<dt><span class="term">-F <em class="replaceable"><code>format</code></em></span></dt>
<dd>
<p>
Specify the format of the output file specified.
- For <span><strong class="command">named-checkzone</strong></span>,
+ For <span class="command"><strong>named-checkzone</strong></span>,
this does not cause any effects unless it dumps the zone
contents.
</p>
<p>
- Possible formats are <span><strong class="command">"text"</strong></span> (default)
- and <span><strong class="command">"raw"</strong></span> or <span><strong class="command">"raw=N"</strong></span>,
+ Possible formats are <span class="command"><strong>"text"</strong></span> (default)
+ and <span class="command"><strong>"raw"</strong></span> or <span class="command"><strong>"raw=N"</strong></span>,
which store the zone in a binary format for rapid loading
- by <span><strong class="command">named</strong></span>. <span><strong class="command">"raw=N"</strong></span>
+ by <span class="command"><strong>named</strong></span>. <span class="command"><strong>"raw=N"</strong></span>
specifies the format version of the raw zone file: if N
is 0, the raw file can be read by any version of
- <span><strong class="command">named</strong></span>; if N is 1, the file can be read
+ <span class="command"><strong>named</strong></span>; if N is 1, the file can be read
by release 9.9.0 or higher. The default is 1.
</p>
</dd>
<dt><span class="term">-k <em class="replaceable"><code>mode</code></em></span></dt>
<dd><p>
- Perform <span><strong class="command">"check-names"</strong></span> checks with the
+ Perform <span class="command"><strong>"check-names"</strong></span> checks with the
specified failure mode.
- Possible modes are <span><strong class="command">"fail"</strong></span>
- (default for <span><strong class="command">named-compilezone</strong></span>),
- <span><strong class="command">"warn"</strong></span>
- (default for <span><strong class="command">named-checkzone</strong></span>) and
- <span><strong class="command">"ignore"</strong></span>.
+ Possible modes are <span class="command"><strong>"fail"</strong></span>
+ (default for <span class="command"><strong>named-compilezone</strong></span>),
+ <span class="command"><strong>"warn"</strong></span>
+ (default for <span class="command"><strong>named-checkzone</strong></span>) and
+ <span class="command"><strong>"ignore"</strong></span>.
</p></dd>
<dt><span class="term">-L <em class="replaceable"><code>serial</code></em></span></dt>
<dd><p>
- When compiling a zone to 'raw' format, set the "source serial"
+ When compiling a zone to 'raw' format, set the "source serial"
value in the header to the specified serial number. (This is
expected to be used primarily for testing purposes.)
</p></dd>
<dt><span class="term">-m <em class="replaceable"><code>mode</code></em></span></dt>
<dd><p>
Specify whether MX records should be checked to see if they
- are addresses. Possible modes are <span><strong class="command">"fail"</strong></span>,
- <span><strong class="command">"warn"</strong></span> (default) and
- <span><strong class="command">"ignore"</strong></span>.
+ are addresses. Possible modes are <span class="command"><strong>"fail"</strong></span>,
+ <span class="command"><strong>"warn"</strong></span> (default) and
+ <span class="command"><strong>"ignore"</strong></span>.
</p></dd>
<dt><span class="term">-M <em class="replaceable"><code>mode</code></em></span></dt>
<dd><p>
Check if a MX record refers to a CNAME.
- Possible modes are <span><strong class="command">"fail"</strong></span>,
- <span><strong class="command">"warn"</strong></span> (default) and
- <span><strong class="command">"ignore"</strong></span>.
+ Possible modes are <span class="command"><strong>"fail"</strong></span>,
+ <span class="command"><strong>"warn"</strong></span> (default) and
+ <span class="command"><strong>"ignore"</strong></span>.
</p></dd>
<dt><span class="term">-n <em class="replaceable"><code>mode</code></em></span></dt>
<dd><p>
Specify whether NS records should be checked to see if they
are addresses.
- Possible modes are <span><strong class="command">"fail"</strong></span>
- (default for <span><strong class="command">named-compilezone</strong></span>),
- <span><strong class="command">"warn"</strong></span>
- (default for <span><strong class="command">named-checkzone</strong></span>) and
- <span><strong class="command">"ignore"</strong></span>.
+ Possible modes are <span class="command"><strong>"fail"</strong></span>
+ (default for <span class="command"><strong>named-compilezone</strong></span>),
+ <span class="command"><strong>"warn"</strong></span>
+ (default for <span class="command"><strong>named-checkzone</strong></span>) and
+ <span class="command"><strong>"ignore"</strong></span>.
</p></dd>
<dt><span class="term">-o <em class="replaceable"><code>filename</code></em></span></dt>
<dd><p>
Write zone output to <code class="filename">filename</code>.
If <code class="filename">filename</code> is <code class="filename">-</code> then
write to standard out.
- This is mandatory for <span><strong class="command">named-compilezone</strong></span>.
+ This is mandatory for <span class="command"><strong>named-compilezone</strong></span>.
</p></dd>
<dt><span class="term">-r <em class="replaceable"><code>mode</code></em></span></dt>
<dd><p>
Check for records that are treated as different by DNSSEC but
- are semantically equal in plain DNS.
- Possible modes are <span><strong class="command">"fail"</strong></span>,
- <span><strong class="command">"warn"</strong></span> (default) and
- <span><strong class="command">"ignore"</strong></span>.
+ are semantically equal in plain DNS.
+ Possible modes are <span class="command"><strong>"fail"</strong></span>,
+ <span class="command"><strong>"warn"</strong></span> (default) and
+ <span class="command"><strong>"ignore"</strong></span>.
</p></dd>
<dt><span class="term">-s <em class="replaceable"><code>style</code></em></span></dt>
<dd><p>
Specify the style of the dumped zone file.
- Possible styles are <span><strong class="command">"full"</strong></span> (default)
- and <span><strong class="command">"relative"</strong></span>.
+ Possible styles are <span class="command"><strong>"full"</strong></span> (default)
+ and <span class="command"><strong>"relative"</strong></span>.
The full format is most suitable for processing
automatically by a separate script.
On the other hand, the relative format is more
human-readable and is thus suitable for editing by hand.
- For <span><strong class="command">named-checkzone</strong></span>
+ For <span class="command"><strong>named-checkzone</strong></span>
this does not cause any effects unless it dumps the zone
contents.
It also does not have any meaning if the output format
@@ -219,9 +218,9 @@
<dt><span class="term">-S <em class="replaceable"><code>mode</code></em></span></dt>
<dd><p>
Check if a SRV record refers to a CNAME.
- Possible modes are <span><strong class="command">"fail"</strong></span>,
- <span><strong class="command">"warn"</strong></span> (default) and
- <span><strong class="command">"ignore"</strong></span>.
+ Possible modes are <span class="command"><strong>"fail"</strong></span>,
+ <span class="command"><strong>"warn"</strong></span> (default) and
+ <span class="command"><strong>"ignore"</strong></span>.
</p></dd>
<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
<dd><p>
@@ -234,8 +233,8 @@
<dd><p>
Check if Sender Policy Framework (SPF) records exist
and issues a warning if an SPF-formatted TXT record is
- not also present. Possible modes are <span><strong class="command">"warn"</strong></span>
- (default), <span><strong class="command">"ignore"</strong></span>.
+ not also present. Possible modes are <span class="command"><strong>"warn"</strong></span>
+ (default), <span class="command"><strong>"ignore"</strong></span>.
</p></dd>
<dt><span class="term">-w <em class="replaceable"><code>directory</code></em></span></dt>
<dd><p>
@@ -248,16 +247,16 @@
<dt><span class="term">-D</span></dt>
<dd><p>
Dump zone file in canonical format.
- This is always enabled for <span><strong class="command">named-compilezone</strong></span>.
+ This is always enabled for <span class="command"><strong>named-compilezone</strong></span>.
</p></dd>
<dt><span class="term">-W <em class="replaceable"><code>mode</code></em></span></dt>
<dd><p>
Specify whether to check for non-terminal wildcards.
Non-terminal wildcards are almost always the result of a
failure to understand the wildcard matching algorithm (RFC 1034).
- Possible modes are <span><strong class="command">"warn"</strong></span> (default)
+ Possible modes are <span class="command"><strong>"warn"</strong></span> (default)
and
- <span><strong class="command">"ignore"</strong></span>.
+ <span class="command"><strong>"ignore"</strong></span>.
</p></dd>
<dt><span class="term">zonename</span></dt>
<dd><p>
@@ -269,25 +268,20 @@
</p></dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2544622"></a><h2>RETURN VALUES</h2>
-<p><span><strong class="command">named-checkzone</strong></span>
+<div class="refsection">
+<a name="id-1.9"></a><h2>RETURN VALUES</h2>
+<p><span class="command"><strong>named-checkzone</strong></span>
returns an exit status of 1 if
errors were detected and 0 otherwise.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2544634"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.10"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
<em class="citetitle">RFC 1035</em>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2544667"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
- </p>
-</div>
</div></body>
</html>
diff --git a/bin/confgen/Makefile.in b/bin/confgen/Makefile.in
index 8b3e5aa1c4de..205069e7e126 100644
--- a/bin/confgen/Makefile.in
+++ b/bin/confgen/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2009, 2012 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2009, 2012, 2015 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@@ -18,7 +18,7 @@ srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
@BIND9_MAKE_INCLUDES@
@@ -74,11 +74,11 @@ rndc-confgen.@O@: rndc-confgen.c
ddns-confgen.@O@: ddns-confgen.c
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -c ${srcdir}/ddns-confgen.c
-rndc-confgen@EXEEXT@: rndc-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS} ${CONFDEPLIBS}
+rndc-confgen@EXEEXT@: rndc-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS} ${CONFDEPLIBS}
export BASEOBJS="rndc-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS}"; \
${FINALBUILDCMD}
-ddns-confgen@EXEEXT@: ddns-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS} ${CONFDEPLIBS}
+ddns-confgen@EXEEXT@: ddns-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS} ${CONFDEPLIBS}
export BASEOBJS="ddns-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS}"; \
${FINALBUILDCMD}
diff --git a/bin/confgen/ddns-confgen.8 b/bin/confgen/ddns-confgen.8
index 5ceb80e96af4..aa40e4edc77b 100644
--- a/bin/confgen/ddns-confgen.8
+++ b/bin/confgen/ddns-confgen.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -12,26 +12,41 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id$
-.\"
.hy 0
.ad l
-.\" Title: ddns\-confgen
+'\" t
+.\" Title: ddns-confgen
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: September 18, 2009
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 2009-09-18
.\" Manual: BIND9
-.\" Source: BIND9
+.\" Source: ISC
+.\" Language: English
.\"
-.TH "DDNS\-CONFGEN" "8" "September 18, 2009" "BIND9" "BIND9"
+.TH "DDNS\-CONFGEN" "8" "2009\-09\-18" "ISC" "BIND9"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
.SH "NAME"
-ddns\-confgen \- ddns key generation tool
+ddns-confgen \- ddns key generation tool
.SH "SYNOPSIS"
-.HP 13
+.HP \w'\fBddns\-confgen\fR\ 'u
\fBddns\-confgen\fR [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-h\fR] [\fB\-k\ \fR\fB\fIkeyname\fR\fR] [\fB\-r\ \fR\fB\fIrandomfile\fR\fR] [\-s\ \fIname\fR | \-z\ \fIzone\fR] [\fB\-q\fR] [name]
.SH "DESCRIPTION"
.PP
@@ -39,46 +54,46 @@ ddns\-confgen \- ddns key generation tool
generates a key for use by
\fBnsupdate\fR
and
-\fBnamed\fR. It simplifies configuration of dynamic zones by generating a key and providing the
+\fBnamed\fR\&. It simplifies configuration of dynamic zones by generating a key and providing the
\fBnsupdate\fR
and
-\fBnamed.conf\fR
+\fBnamed\&.conf\fR
syntax that will be needed to use it, including an example
\fBupdate\-policy\fR
-statement.
+statement\&.
.PP
If a domain name is specified on the command line, it will be used in the name of the generated key and in the sample
-\fBnamed.conf\fR
-syntax. For example,
-\fBddns\-confgen example.com\fR
-would generate a key called "ddns\-key.example.com", and sample
-\fBnamed.conf\fR
-command that could be used in the zone definition for "example.com".
+\fBnamed\&.conf\fR
+syntax\&. For example,
+\fBddns\-confgen example\&.com\fR
+would generate a key called "ddns\-key\&.example\&.com", and sample
+\fBnamed\&.conf\fR
+command that could be used in the zone definition for "example\&.com"\&.
.PP
Note that
\fBnamed\fR
itself can configure a local DDNS key for use with
-\fBnsupdate \-l\fR.
+\fBnsupdate \-l\fR\&.
\fBddns\-confgen\fR
is only needed when a more elaborate configuration is required: for instance, if
\fBnsupdate\fR
-is to be used from a remote system.
+is to be used from a remote system\&.
.SH "OPTIONS"
.PP
\-a \fIalgorithm\fR
.RS 4
-Specifies the algorithm to use for the TSIG key. Available choices are: hmac\-md5, hmac\-sha1, hmac\-sha224, hmac\-sha256, hmac\-sha384 and hmac\-sha512. The default is hmac\-sha256.
+Specifies the algorithm to use for the TSIG key\&. Available choices are: hmac\-md5, hmac\-sha1, hmac\-sha224, hmac\-sha256, hmac\-sha384 and hmac\-sha512\&. The default is hmac\-sha256\&.
.RE
.PP
\-h
.RS 4
Prints a short summary of the options and arguments to
-\fBddns\-confgen\fR.
+\fBddns\-confgen\fR\&.
.RE
.PP
\-k \fIkeyname\fR
.RS 4
-Specifies the key name of the DDNS authentication key. The default is
+Specifies the key name of the DDNS authentication key\&. The default is
\fBddns\-key\fR
when neither the
\fB\-s\fR
@@ -86,58 +101,59 @@ nor
\fB\-z\fR
option is specified; otherwise, the default is
\fBddns\-key\fR
-as a separate label followed by the argument of the option, e.g.,
-\fBddns\-key.example.com.\fR
-The key name must have the format of a valid domain name, consisting of letters, digits, hyphens and periods.
+as a separate label followed by the argument of the option, e\&.g\&.,
+\fBddns\-key\&.example\&.com\&.\fR
+The key name must have the format of a valid domain name, consisting of letters, digits, hyphens and periods\&.
.RE
.PP
\-q
.RS 4
-Quiet mode: Print only the key, with no explanatory text or usage examples.
+Quiet mode: Print only the key, with no explanatory text or usage examples\&.
.RE
.PP
\-r \fIrandomfile\fR
.RS 4
-Specifies a source of random data for generating the authorization. If the operating system does not provide a
-\fI/dev/random\fR
-or equivalent device, the default source of randomness is keyboard input.
-\fIrandomdev\fR
-specifies the name of a character device or file containing random data to be used instead of the default. The special value
-\fIkeyboard\fR
-indicates that keyboard input should be used.
+Specifies a source of random data for generating the authorization\&. If the operating system does not provide a
+/dev/random
+or equivalent device, the default source of randomness is keyboard input\&.
+randomdev
+specifies the name of a character device or file containing random data to be used instead of the default\&. The special value
+keyboard
+indicates that keyboard input should be used\&.
.RE
.PP
\-s \fIname\fR
.RS 4
Single host mode: The example
-\fBnamed.conf\fR
+\fBnamed\&.conf\fR
text shows how to set an update policy for the specified
\fIname\fR
-using the "name" nametype. The default key name is ddns\-key.\fIname\fR. Note that the "self" nametype cannot be used, since the name to be updated may differ from the key name. This option cannot be used with the
+using the "name" nametype\&. The default key name is ddns\-key\&.\fIname\fR\&. Note that the "self" nametype cannot be used, since the name to be updated may differ from the key name\&. This option cannot be used with the
\fB\-z\fR
-option.
+option\&.
.RE
.PP
\-z \fIzone\fR
.RS 4
zone mode: The example
-\fBnamed.conf\fR
+\fBnamed\&.conf\fR
text shows how to set an update policy for the specified
\fIzone\fR
using the "zonesub" nametype, allowing updates to all subdomain names within that
-\fIzone\fR. This option cannot be used with the
+\fIzone\fR\&. This option cannot be used with the
\fB\-s\fR
-option.
+option\&.
.RE
.SH "SEE ALSO"
.PP
\fBnsupdate\fR(1),
\fBnamed.conf\fR(5),
\fBnamed\fR(8),
-BIND 9 Administrator Reference Manual.
+BIND 9 Administrator Reference Manual\&.
.SH "AUTHOR"
.PP
-Internet Systems Consortium
+\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
-Copyright \(co 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.br
diff --git a/bin/confgen/ddns-confgen.docbook b/bin/confgen/ddns-confgen.docbook
index 1627c9ea04f8..44a6409158ff 100644
--- a/bin/confgen/ddns-confgen.docbook
+++ b/bin/confgen/ddns-confgen.docbook
@@ -1,8 +1,5 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -17,9 +14,14 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<refentry id="man.ddns-confgen">
+<!-- Converted by db4-upgrade version 1.0 -->
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.ddns-confgen">
+ <info>
+ <date>2009-09-18</date>
+ </info>
<refentryinfo>
- <date>September 18, 2009</date>
+ <corpname>ISC</corpname>
+ <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
</refentryinfo>
<refmeta>
@@ -37,28 +39,29 @@
<copyright>
<year>2009</year>
<year>2014</year>
+ <year>2015</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
<refsynopsisdiv>
- <cmdsynopsis>
+ <cmdsynopsis sepchar=" ">
<command>ddns-confgen</command>
- <arg><option>-a <replaceable class="parameter">algorithm</replaceable></option></arg>
- <arg><option>-h</option></arg>
- <arg><option>-k <replaceable class="parameter">keyname</replaceable></option></arg>
- <arg><option>-r <replaceable class="parameter">randomfile</replaceable></option></arg>
- <group>
- <arg choice="plain">-s <replaceable class="parameter">name</replaceable></arg>
- <arg choice="plain">-z <replaceable class="parameter">zone</replaceable></arg>
+ <arg choice="opt" rep="norepeat"><option>-a <replaceable class="parameter">algorithm</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-h</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-k <replaceable class="parameter">keyname</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">randomfile</replaceable></option></arg>
+ <group choice="opt" rep="norepeat">
+ <arg choice="plain" rep="norepeat">-s <replaceable class="parameter">name</replaceable></arg>
+ <arg choice="plain" rep="norepeat">-z <replaceable class="parameter">zone</replaceable></arg>
</group>
- <arg><option>-q</option></arg>
- <arg choice="opt">name</arg>
+ <arg choice="opt" rep="norepeat"><option>-q</option></arg>
+ <arg choice="opt" rep="norepeat">name</arg>
</cmdsynopsis>
</refsynopsisdiv>
- <refsect1>
- <title>DESCRIPTION</title>
+ <refsection><info><title>DESCRIPTION</title></info>
+
<para><command>ddns-confgen</command>
generates a key for use by <command>nsupdate</command>
and <command>named</command>. It simplifies configuration
@@ -81,14 +84,14 @@
<para>
Note that <command>named</command> itself can configure a
local DDNS key for use with <command>nsupdate -l</command>.
- <command>ddns-confgen</command> is only needed when a
+ <command>ddns-confgen</command> is only needed when a
more elaborate configuration is required: for instance, if
<command>nsupdate</command> is to be used from a remote system.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>OPTIONS</title></info>
- <refsect1>
- <title>OPTIONS</title>
<variablelist>
<varlistentry>
@@ -188,10 +191,10 @@
</listitem>
</varlistentry>
</variablelist>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>SEE ALSO</title></info>
- <refsect1>
- <title>SEE ALSO</title>
<para><citerefentry>
<refentrytitle>nsupdate</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
@@ -203,16 +206,6 @@
</citerefentry>,
<citetitle>BIND 9 Administrator Reference Manual</citetitle>.
</para>
- </refsect1>
+ </refsection>
- <refsect1>
- <title>AUTHOR</title>
- <para><corpauthor>Internet Systems Consortium</corpauthor>
- </para>
- </refsect1>
-
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->
+</refentry>
diff --git a/bin/confgen/ddns-confgen.html b/bin/confgen/ddns-confgen.html
index bdbd35ea0148..025d6638b584 100644
--- a/bin/confgen/ddns-confgen.html
+++ b/bin/confgen/ddns-confgen.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -13,14 +13,13 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>ddns-confgen</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
<a name="man.ddns-confgen"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -30,36 +29,36 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">ddns-confgen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [ -s <em class="replaceable"><code>name</code></em> | -z <em class="replaceable"><code>zone</code></em> ] [<code class="option">-q</code>] [name]</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543406"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">ddns-confgen</strong></span>
- generates a key for use by <span><strong class="command">nsupdate</strong></span>
- and <span><strong class="command">named</strong></span>. It simplifies configuration
+<div class="refsection">
+<a name="id-1.7"></a><h2>DESCRIPTION</h2>
+<p><span class="command"><strong>ddns-confgen</strong></span>
+ generates a key for use by <span class="command"><strong>nsupdate</strong></span>
+ and <span class="command"><strong>named</strong></span>. It simplifies configuration
of dynamic zones by generating a key and providing the
- <span><strong class="command">nsupdate</strong></span> and <span><strong class="command">named.conf</strong></span>
+ <span class="command"><strong>nsupdate</strong></span> and <span class="command"><strong>named.conf</strong></span>
syntax that will be needed to use it, including an example
- <span><strong class="command">update-policy</strong></span> statement.
+ <span class="command"><strong>update-policy</strong></span> statement.
</p>
<p>
If a domain name is specified on the command line, it will
be used in the name of the generated key and in the sample
- <span><strong class="command">named.conf</strong></span> syntax. For example,
- <span><strong class="command">ddns-confgen example.com</strong></span> would
+ <span class="command"><strong>named.conf</strong></span> syntax. For example,
+ <span class="command"><strong>ddns-confgen example.com</strong></span> would
generate a key called "ddns-key.example.com", and sample
- <span><strong class="command">named.conf</strong></span> command that could be used
+ <span class="command"><strong>named.conf</strong></span> command that could be used
in the zone definition for "example.com".
</p>
<p>
- Note that <span><strong class="command">named</strong></span> itself can configure a
- local DDNS key for use with <span><strong class="command">nsupdate -l</strong></span>.
- <span><strong class="command">ddns-confgen</strong></span> is only needed when a
+ Note that <span class="command"><strong>named</strong></span> itself can configure a
+ local DDNS key for use with <span class="command"><strong>nsupdate -l</strong></span>.
+ <span class="command"><strong>ddns-confgen</strong></span> is only needed when a
more elaborate configuration is required: for instance, if
- <span><strong class="command">nsupdate</strong></span> is to be used from a remote system.
+ <span class="command"><strong>nsupdate</strong></span> is to be used from a remote system.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543466"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
+<div class="refsection">
+<a name="id-1.8"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd><p>
Specifies the algorithm to use for the TSIG key. Available
@@ -69,7 +68,7 @@
<dt><span class="term">-h</span></dt>
<dd><p>
Prints a short summary of the options and arguments to
- <span><strong class="command">ddns-confgen</strong></span>.
+ <span class="command"><strong>ddns-confgen</strong></span>.
</p></dd>
<dt><span class="term">-k <em class="replaceable"><code>keyname</code></em></span></dt>
<dd><p>
@@ -102,7 +101,7 @@
</p></dd>
<dt><span class="term">-s <em class="replaceable"><code>name</code></em></span></dt>
<dd><p>
- Single host mode: The example <span><strong class="command">named.conf</strong></span> text
+ Single host mode: The example <span class="command"><strong>named.conf</strong></span> text
shows how to set an update policy for the specified
<em class="replaceable"><code>name</code></em>
using the "name" nametype.
@@ -114,7 +113,7 @@
</p></dd>
<dt><span class="term">-z <em class="replaceable"><code>zone</code></em></span></dt>
<dd><p>
- zone mode: The example <span><strong class="command">named.conf</strong></span> text
+ zone mode: The example <span class="command"><strong>named.conf</strong></span> text
shows how to set an update policy for the specified
<em class="replaceable"><code>zone</code></em>
using the "zonesub" nametype, allowing updates to all subdomain
@@ -124,18 +123,13 @@
</p></dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543654"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.9"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">nsupdate</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543692"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
- </p>
-</div>
</div></body>
</html>
diff --git a/bin/confgen/rndc-confgen.8 b/bin/confgen/rndc-confgen.8
index 1276344e372e..85d31510049e 100644
--- a/bin/confgen/rndc-confgen.8
+++ b/bin/confgen/rndc-confgen.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2001, 2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,58 +13,73 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id$
-.\"
.hy 0
.ad l
-.\" Title: rndc\-confgen
+'\" t
+.\" Title: rndc-confgen
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: June 15, 2009
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 2009-06-15
.\" Manual: BIND9
-.\" Source: BIND9
+.\" Source: ISC
+.\" Language: English
.\"
-.TH "RNDC\-CONFGEN" "8" "June 15, 2009" "BIND9" "BIND9"
+.TH "RNDC\-CONFGEN" "8" "2009\-06\-15" "ISC" "BIND9"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
.SH "NAME"
-rndc\-confgen \- rndc key generation tool
+rndc-confgen \- rndc key generation tool
.SH "SYNOPSIS"
-.HP 13
+.HP \w'\fBrndc\-confgen\fR\ 'u
\fBrndc\-confgen\fR [\fB\-a\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-c\ \fR\fB\fIkeyfile\fR\fR] [\fB\-h\fR] [\fB\-k\ \fR\fB\fIkeyname\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-r\ \fR\fB\fIrandomfile\fR\fR] [\fB\-s\ \fR\fB\fIaddress\fR\fR] [\fB\-t\ \fR\fB\fIchrootdir\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR]
.SH "DESCRIPTION"
.PP
\fBrndc\-confgen\fR
generates configuration files for
-\fBrndc\fR. It can be used as a convenient alternative to writing the
-\fIrndc.conf\fR
+\fBrndc\fR\&. It can be used as a convenient alternative to writing the
+rndc\&.conf
file and the corresponding
\fBcontrols\fR
and
\fBkey\fR
statements in
-\fInamed.conf\fR
-by hand. Alternatively, it can be run with the
+named\&.conf
+by hand\&. Alternatively, it can be run with the
\fB\-a\fR
option to set up a
-\fIrndc.key\fR
+rndc\&.key
file and avoid the need for a
-\fIrndc.conf\fR
+rndc\&.conf
file and a
\fBcontrols\fR
-statement altogether.
+statement altogether\&.
.SH "OPTIONS"
.PP
\-a
.RS 4
Do automatic
\fBrndc\fR
-configuration. This creates a file
-\fIrndc.key\fR
+configuration\&. This creates a file
+rndc\&.key
in
-\fI/etc\fR
+/etc
(or whatever
\fIsysconfdir\fR
was specified as when
@@ -73,13 +88,13 @@ was built) that is read by both
\fBrndc\fR
and
\fBnamed\fR
-on startup. The
-\fIrndc.key\fR
+on startup\&. The
+rndc\&.key
file defines a default command channel and authentication key allowing
\fBrndc\fR
to communicate with
\fBnamed\fR
-on the local host with no further configuration.
+on the local host with no further configuration\&.
.sp
Running
\fBrndc\-confgen \-a\fR
@@ -87,8 +102,8 @@ allows BIND 9 and
\fBrndc\fR
to be used as drop\-in replacements for BIND 8 and
\fBndc\fR, with no changes to the existing BIND 8
-\fInamed.conf\fR
-file.
+named\&.conf
+file\&.
.sp
If a more elaborate configuration than that generated by
\fBrndc\-confgen \-a\fR
@@ -97,15 +112,15 @@ is required, for example if rndc is to be used remotely, you should run
without the
\fB\-a\fR
option and set up a
-\fIrndc.conf\fR
+rndc\&.conf
and
-\fInamed.conf\fR
-as directed.
+named\&.conf
+as directed\&.
.RE
.PP
\-b \fIkeysize\fR
.RS 4
-Specifies the size of the authentication key in bits. Must be between 1 and 512 bits; the default is 128.
+Specifies the size of the authentication key in bits\&. Must be between 1 and 512 bits; the default is 128\&.
.RE
.PP
\-c \fIkeyfile\fR
@@ -113,19 +128,19 @@ Specifies the size of the authentication key in bits. Must be between 1 and 512
Used with the
\fB\-a\fR
option to specify an alternate location for
-\fIrndc.key\fR.
+rndc\&.key\&.
.RE
.PP
\-h
.RS 4
Prints a short summary of the options and arguments to
-\fBrndc\-confgen\fR.
+\fBrndc\-confgen\fR\&.
.RE
.PP
\-k \fIkeyname\fR
.RS 4
-Specifies the key name of the rndc authentication key. This must be a valid domain name. The default is
-\fBrndc\-key\fR.
+Specifies the key name of the rndc authentication key\&. This must be a valid domain name\&. The default is
+\fBrndc\-key\fR\&.
.RE
.PP
\-p \fIport\fR
@@ -133,18 +148,18 @@ Specifies the key name of the rndc authentication key. This must be a valid doma
Specifies the command channel port where
\fBnamed\fR
listens for connections from
-\fBrndc\fR. The default is 953.
+\fBrndc\fR\&. The default is 953\&.
.RE
.PP
\-r \fIrandomfile\fR
.RS 4
-Specifies a source of random data for generating the authorization. If the operating system does not provide a
-\fI/dev/random\fR
-or equivalent device, the default source of randomness is keyboard input.
-\fIrandomdev\fR
-specifies the name of a character device or file containing random data to be used instead of the default. The special value
-\fIkeyboard\fR
-indicates that keyboard input should be used.
+Specifies a source of random data for generating the authorization\&. If the operating system does not provide a
+/dev/random
+or equivalent device, the default source of randomness is keyboard input\&.
+randomdev
+specifies the name of a character device or file containing random data to be used instead of the default\&. The special value
+keyboard
+indicates that keyboard input should be used\&.
.RE
.PP
\-s \fIaddress\fR
@@ -152,7 +167,7 @@ indicates that keyboard input should be used.
Specifies the IP address where
\fBnamed\fR
listens for command channel connections from
-\fBrndc\fR. The default is the loopback address 127.0.0.1.
+\fBrndc\fR\&. The default is the loopback address 127\&.0\&.0\&.1\&.
.RE
.PP
\-t \fIchrootdir\fR
@@ -161,10 +176,10 @@ Used with the
\fB\-a\fR
option to specify a directory where
\fBnamed\fR
-will run chrooted. An additional copy of the
-\fIrndc.key\fR
+will run chrooted\&. An additional copy of the
+rndc\&.key
will be written relative to this directory so that it will be found by the chrooted
-\fBnamed\fR.
+\fBnamed\fR\&.
.RE
.PP
\-u \fIuser\fR
@@ -172,10 +187,10 @@ will be written relative to this directory so that it will be found by the chroo
Used with the
\fB\-a\fR
option to set the owner of the
-\fIrndc.key\fR
-file generated. If
+rndc\&.key
+file generated\&. If
\fB\-t\fR
-is also specified only the file in the chroot area has its owner changed.
+is also specified only the file in the chroot area has its owner changed\&.
.RE
.SH "EXAMPLES"
.PP
@@ -186,13 +201,13 @@ to be used with no manual configuration, run
\fBrndc\-confgen \-a\fR
.PP
To print a sample
-\fIrndc.conf\fR
+rndc\&.conf
file and corresponding
\fBcontrols\fR
and
\fBkey\fR
statements to be manually inserted into
-\fInamed.conf\fR, run
+named\&.conf, run
.PP
\fBrndc\-confgen\fR
.SH "SEE ALSO"
@@ -200,12 +215,13 @@ statements to be manually inserted into
\fBrndc\fR(8),
\fBrndc.conf\fR(5),
\fBnamed\fR(8),
-BIND 9 Administrator Reference Manual.
+BIND 9 Administrator Reference Manual\&.
.SH "AUTHOR"
.PP
-Internet Systems Consortium
+\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2004, 2005, 2007, 2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2001, 2003 Internet Software Consortium.
.br
diff --git a/bin/confgen/rndc-confgen.docbook b/bin/confgen/rndc-confgen.docbook
index b3220754ad66..0887da2b5710 100644
--- a/bin/confgen/rndc-confgen.docbook
+++ b/bin/confgen/rndc-confgen.docbook
@@ -1,8 +1,5 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2001, 2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,9 +15,14 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<refentry id="man.rndc-confgen">
+<!-- Converted by db4-upgrade version 1.0 -->
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.rndc-confgen">
+ <info>
+ <date>2009-06-15</date>
+ </info>
<refentryinfo>
- <date>June 15, 2009</date>
+ <corpname>ISC</corpname>
+ <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
</refentryinfo>
<refmeta>
@@ -41,6 +43,7 @@
<year>2007</year>
<year>2009</year>
<year>2014</year>
+ <year>2015</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -51,23 +54,23 @@
</docinfo>
<refsynopsisdiv>
- <cmdsynopsis>
+ <cmdsynopsis sepchar=" ">
<command>rndc-confgen</command>
- <arg><option>-a</option></arg>
- <arg><option>-b <replaceable class="parameter">keysize</replaceable></option></arg>
- <arg><option>-c <replaceable class="parameter">keyfile</replaceable></option></arg>
- <arg><option>-h</option></arg>
- <arg><option>-k <replaceable class="parameter">keyname</replaceable></option></arg>
- <arg><option>-p <replaceable class="parameter">port</replaceable></option></arg>
- <arg><option>-r <replaceable class="parameter">randomfile</replaceable></option></arg>
- <arg><option>-s <replaceable class="parameter">address</replaceable></option></arg>
- <arg><option>-t <replaceable class="parameter">chrootdir</replaceable></option></arg>
- <arg><option>-u <replaceable class="parameter">user</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-a</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-b <replaceable class="parameter">keysize</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">keyfile</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-h</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-k <replaceable class="parameter">keyname</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-p <replaceable class="parameter">port</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">randomfile</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-s <replaceable class="parameter">address</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">chrootdir</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-u <replaceable class="parameter">user</replaceable></option></arg>
</cmdsynopsis>
</refsynopsisdiv>
- <refsect1>
- <title>DESCRIPTION</title>
+ <refsection><info><title>DESCRIPTION</title></info>
+
<para><command>rndc-confgen</command>
generates configuration files
for <command>rndc</command>. It can be used as a
@@ -82,10 +85,10 @@
and a <command>controls</command> statement altogether.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>OPTIONS</title></info>
- <refsect1>
- <title>OPTIONS</title>
<variablelist>
<varlistentry>
@@ -239,10 +242,10 @@
</varlistentry>
</variablelist>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>EXAMPLES</title></info>
- <refsect1>
- <title>EXAMPLES</title>
<para>
To allow <command>rndc</command> to be used with
no manual configuration, run
@@ -257,10 +260,10 @@
</para>
<para><userinput>rndc-confgen</userinput>
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>SEE ALSO</title></info>
- <refsect1>
- <title>SEE ALSO</title>
<para><citerefentry>
<refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
@@ -272,16 +275,6 @@
</citerefentry>,
<citetitle>BIND 9 Administrator Reference Manual</citetitle>.
</para>
- </refsect1>
+ </refsection>
- <refsect1>
- <title>AUTHOR</title>
- <para><corpauthor>Internet Systems Consortium</corpauthor>
- </para>
- </refsect1>
-
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->
+</refentry>
diff --git a/bin/confgen/rndc-confgen.html b/bin/confgen/rndc-confgen.html
index 84eae417d1f4..a5c02451dcee 100644
--- a/bin/confgen/rndc-confgen.html
+++ b/bin/confgen/rndc-confgen.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2001, 2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,14 +14,13 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>rndc-confgen</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
<a name="man.rndc-confgen"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -31,57 +30,57 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">rndc-confgen</code> [<code class="option">-a</code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-c <em class="replaceable"><code>keyfile</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [<code class="option">-s <em class="replaceable"><code>address</code></em></code>] [<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>]</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543444"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">rndc-confgen</strong></span>
+<div class="refsection">
+<a name="id-1.7"></a><h2>DESCRIPTION</h2>
+<p><span class="command"><strong>rndc-confgen</strong></span>
generates configuration files
- for <span><strong class="command">rndc</strong></span>. It can be used as a
+ for <span class="command"><strong>rndc</strong></span>. It can be used as a
convenient alternative to writing the
<code class="filename">rndc.conf</code> file
- and the corresponding <span><strong class="command">controls</strong></span>
- and <span><strong class="command">key</strong></span>
+ and the corresponding <span class="command"><strong>controls</strong></span>
+ and <span class="command"><strong>key</strong></span>
statements in <code class="filename">named.conf</code> by hand.
- Alternatively, it can be run with the <span><strong class="command">-a</strong></span>
+ Alternatively, it can be run with the <span class="command"><strong>-a</strong></span>
option to set up a <code class="filename">rndc.key</code> file and
avoid the need for a <code class="filename">rndc.conf</code> file
- and a <span><strong class="command">controls</strong></span> statement altogether.
+ and a <span class="command"><strong>controls</strong></span> statement altogether.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543489"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
+<div class="refsection">
+<a name="id-1.8"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-a</span></dt>
<dd>
<p>
- Do automatic <span><strong class="command">rndc</strong></span> configuration.
+ Do automatic <span class="command"><strong>rndc</strong></span> configuration.
This creates a file <code class="filename">rndc.key</code>
in <code class="filename">/etc</code> (or whatever
<code class="varname">sysconfdir</code>
was specified as when <acronym class="acronym">BIND</acronym> was
built)
- that is read by both <span><strong class="command">rndc</strong></span>
- and <span><strong class="command">named</strong></span> on startup. The
+ that is read by both <span class="command"><strong>rndc</strong></span>
+ and <span class="command"><strong>named</strong></span> on startup. The
<code class="filename">rndc.key</code> file defines a default
command channel and authentication key allowing
- <span><strong class="command">rndc</strong></span> to communicate with
- <span><strong class="command">named</strong></span> on the local host
+ <span class="command"><strong>rndc</strong></span> to communicate with
+ <span class="command"><strong>named</strong></span> on the local host
with no further configuration.
</p>
<p>
- Running <span><strong class="command">rndc-confgen -a</strong></span> allows
- BIND 9 and <span><strong class="command">rndc</strong></span> to be used as
+ Running <span class="command"><strong>rndc-confgen -a</strong></span> allows
+ BIND 9 and <span class="command"><strong>rndc</strong></span> to be used as
drop-in
- replacements for BIND 8 and <span><strong class="command">ndc</strong></span>,
+ replacements for BIND 8 and <span class="command"><strong>ndc</strong></span>,
with no changes to the existing BIND 8
<code class="filename">named.conf</code> file.
</p>
<p>
If a more elaborate configuration than that
- generated by <span><strong class="command">rndc-confgen -a</strong></span>
+ generated by <span class="command"><strong>rndc-confgen -a</strong></span>
is required, for example if rndc is to be used remotely,
- you should run <span><strong class="command">rndc-confgen</strong></span> without
+ you should run <span class="command"><strong>rndc-confgen</strong></span> without
the
- <span><strong class="command">-a</strong></span> option and set up a
+ <span class="command"><strong>-a</strong></span> option and set up a
<code class="filename">rndc.conf</code> and
<code class="filename">named.conf</code>
as directed.
@@ -94,13 +93,13 @@
</p></dd>
<dt><span class="term">-c <em class="replaceable"><code>keyfile</code></em></span></dt>
<dd><p>
- Used with the <span><strong class="command">-a</strong></span> option to specify
+ Used with the <span class="command"><strong>-a</strong></span> option to specify
an alternate location for <code class="filename">rndc.key</code>.
</p></dd>
<dt><span class="term">-h</span></dt>
<dd><p>
Prints a short summary of the options and arguments to
- <span><strong class="command">rndc-confgen</strong></span>.
+ <span class="command"><strong>rndc-confgen</strong></span>.
</p></dd>
<dt><span class="term">-k <em class="replaceable"><code>keyname</code></em></span></dt>
<dd><p>
@@ -110,8 +109,8 @@
</p></dd>
<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
<dd><p>
- Specifies the command channel port where <span><strong class="command">named</strong></span>
- listens for connections from <span><strong class="command">rndc</strong></span>.
+ Specifies the command channel port where <span class="command"><strong>named</strong></span>
+ listens for connections from <span class="command"><strong>rndc</strong></span>.
The default is 953.
</p></dd>
<dt><span class="term">-r <em class="replaceable"><code>randomfile</code></em></span></dt>
@@ -129,60 +128,55 @@
</p></dd>
<dt><span class="term">-s <em class="replaceable"><code>address</code></em></span></dt>
<dd><p>
- Specifies the IP address where <span><strong class="command">named</strong></span>
+ Specifies the IP address where <span class="command"><strong>named</strong></span>
listens for command channel connections from
- <span><strong class="command">rndc</strong></span>. The default is the loopback
+ <span class="command"><strong>rndc</strong></span>. The default is the loopback
address 127.0.0.1.
</p></dd>
<dt><span class="term">-t <em class="replaceable"><code>chrootdir</code></em></span></dt>
<dd><p>
- Used with the <span><strong class="command">-a</strong></span> option to specify
- a directory where <span><strong class="command">named</strong></span> will run
+ Used with the <span class="command"><strong>-a</strong></span> option to specify
+ a directory where <span class="command"><strong>named</strong></span> will run
chrooted. An additional copy of the <code class="filename">rndc.key</code>
will be written relative to this directory so that
- it will be found by the chrooted <span><strong class="command">named</strong></span>.
+ it will be found by the chrooted <span class="command"><strong>named</strong></span>.
</p></dd>
<dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt>
<dd><p>
- Used with the <span><strong class="command">-a</strong></span> option to set the
+ Used with the <span class="command"><strong>-a</strong></span> option to set the
owner
of the <code class="filename">rndc.key</code> file generated.
If
- <span><strong class="command">-t</strong></span> is also specified only the file
+ <span class="command"><strong>-t</strong></span> is also specified only the file
in
the chroot area has its owner changed.
</p></dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543802"></a><h2>EXAMPLES</h2>
+<div class="refsection">
+<a name="id-1.9"></a><h2>EXAMPLES</h2>
<p>
- To allow <span><strong class="command">rndc</strong></span> to be used with
+ To allow <span class="command"><strong>rndc</strong></span> to be used with
no manual configuration, run
</p>
<p><strong class="userinput"><code>rndc-confgen -a</code></strong>
</p>
<p>
To print a sample <code class="filename">rndc.conf</code> file and
- corresponding <span><strong class="command">controls</strong></span> and <span><strong class="command">key</strong></span>
+ corresponding <span class="command"><strong>controls</strong></span> and <span class="command"><strong>key</strong></span>
statements to be manually inserted into <code class="filename">named.conf</code>,
run
</p>
<p><strong class="userinput"><code>rndc-confgen</code></strong>
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543844"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.10"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543882"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
- </p>
-</div>
</div></body>
</html>
diff --git a/bin/dig/Makefile.in b/bin/dig/Makefile.in
index 5bc4db0a32aa..f705312756a8 100644
--- a/bin/dig/Makefile.in
+++ b/bin/dig/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004, 2005, 2007, 2009, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2005, 2007, 2009, 2012, 2013, 2015 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2000-2002 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -19,7 +19,7 @@ srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
@BIND9_MAKE_INCLUDES@
diff --git a/bin/dig/dig.1 b/bin/dig/dig.1
index f78d556bfbd7..380dba101299 100644
--- a/bin/dig/dig.1
+++ b/bin/dig/dig.1
@@ -13,145 +13,164 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id$
-.\"
.hy 0
.ad l
+'\" t
.\" Title: dig
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: February 12, 2014
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 2014-02-12
.\" Manual: BIND9
-.\" Source: BIND9
+.\" Source: ISC
+.\" Language: English
.\"
-.TH "DIG" "1" "February 12, 2014" "BIND9" "BIND9"
+.TH "DIG" "1" "2014\-02\-12" "ISC" "BIND9"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
.SH "NAME"
dig \- DNS lookup utility
.SH "SYNOPSIS"
-.HP 4
+.HP \w'\fBdig\fR\ 'u
\fBdig\fR [@server] [\fB\-b\ \fR\fB\fIaddress\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIfilename\fR\fR] [\fB\-k\ \fR\fB\fIfilename\fR\fR] [\fB\-m\fR] [\fB\-p\ \fR\fB\fIport#\fR\fR] [\fB\-q\ \fR\fB\fIname\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\fR] [\fB\-x\ \fR\fB\fIaddr\fR\fR] [\fB\-y\ \fR\fB\fI[hmac:]\fR\fIname:key\fR\fR] [\fB\-4\fR] [\fB\-6\fR] [name] [type] [class] [queryopt...]
-.HP 4
+.HP \w'\fBdig\fR\ 'u
\fBdig\fR [\fB\-h\fR]
-.HP 4
+.HP \w'\fBdig\fR\ 'u
\fBdig\fR [global\-queryopt...] [query...]
.SH "DESCRIPTION"
.PP
\fBdig\fR
-(domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried. Most DNS administrators use
+(domain information groper) is a flexible tool for interrogating DNS name servers\&. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried\&. Most DNS administrators use
\fBdig\fR
-to troubleshoot DNS problems because of its flexibility, ease of use and clarity of output. Other lookup tools tend to have less functionality than
-\fBdig\fR.
+to troubleshoot DNS problems because of its flexibility, ease of use and clarity of output\&. Other lookup tools tend to have less functionality than
+\fBdig\fR\&.
.PP
Although
\fBdig\fR
-is normally used with command\-line arguments, it also has a batch mode of operation for reading lookup requests from a file. A brief summary of its command\-line arguments and options is printed when the
+is normally used with command\-line arguments, it also has a batch mode of operation for reading lookup requests from a file\&. A brief summary of its command\-line arguments and options is printed when the
\fB\-h\fR
-option is given. Unlike earlier versions, the BIND 9 implementation of
+option is given\&. Unlike earlier versions, the BIND 9 implementation of
\fBdig\fR
-allows multiple lookups to be issued from the command line.
+allows multiple lookups to be issued from the command line\&.
.PP
Unless it is told to query a specific name server,
\fBdig\fR
will try each of the servers listed in
-\fI/etc/resolv.conf\fR. If no usable server addresses are found,
+/etc/resolv\&.conf\&. If no usable server addresses are found,
\fBdig\fR
-will send the query to the local host.
+will send the query to the local host\&.
.PP
When no command line arguments or options are given,
\fBdig\fR
-will perform an NS query for "." (the root).
+will perform an NS query for "\&." (the root)\&.
.PP
It is possible to set per\-user defaults for
\fBdig\fR
via
-\fI${HOME}/.digrc\fR. This file is read and any options in it are applied before the command line arguments.
+${HOME}/\&.digrc\&. This file is read and any options in it are applied before the command line arguments\&.
.PP
-The IN and CH class names overlap with the IN and CH top level domain names. Either use the
+The IN and CH class names overlap with the IN and CH top level domain names\&. Either use the
\fB\-t\fR
and
\fB\-c\fR
options to specify the type and class, use the
\fB\-q\fR
-the specify the domain name, or use "IN." and "CH." when looking up these top level domains.
+the specify the domain name, or use "IN\&." and "CH\&." when looking up these top level domains\&.
.SH "SIMPLE USAGE"
.PP
A typical invocation of
\fBdig\fR
looks like:
.sp
+.if n \{\
.RS 4
+.\}
.nf
dig @server name type
.fi
+.if n \{\
.RE
+.\}
.sp
where:
.PP
\fBserver\fR
.RS 4
-is the name or IP address of the name server to query. This can be an IPv4 address in dotted\-decimal notation or an IPv6 address in colon\-delimited notation. When the supplied
+is the name or IP address of the name server to query\&. This can be an IPv4 address in dotted\-decimal notation or an IPv6 address in colon\-delimited notation\&. When the supplied
\fIserver\fR
argument is a hostname,
\fBdig\fR
-resolves that name before querying that name server.
+resolves that name before querying that name server\&.
.sp
If no
\fIserver\fR
argument is provided,
\fBdig\fR
consults
-\fI/etc/resolv.conf\fR; if an address is found there, it queries the name server at that address. If either of the
+/etc/resolv\&.conf; if an address is found there, it queries the name server at that address\&. If either of the
\fB\-4\fR
or
\fB\-6\fR
-options are in use, then only addresses for the corresponding transport will be tried. If no usable addresses are found,
+options are in use, then only addresses for the corresponding transport will be tried\&. If no usable addresses are found,
\fBdig\fR
-will send the query to the local host. The reply from the name server that responds is displayed.
+will send the query to the local host\&. The reply from the name server that responds is displayed\&.
.RE
.PP
\fBname\fR
.RS 4
-is the name of the resource record that is to be looked up.
+is the name of the resource record that is to be looked up\&.
.RE
.PP
\fBtype\fR
.RS 4
-indicates what type of query is required \(em ANY, A, MX, SIG, etc.
+indicates what type of query is required \(em ANY, A, MX, SIG, etc\&.
\fItype\fR
-can be any valid query type. If no
+can be any valid query type\&. If no
\fItype\fR
argument is supplied,
\fBdig\fR
-will perform a lookup for an A record.
+will perform a lookup for an A record\&.
.RE
.SH "OPTIONS"
.PP
\-4
.RS 4
-Use IPv4 only.
+Use IPv4 only\&.
.RE
.PP
\-6
.RS 4
-Use IPv6 only.
+Use IPv6 only\&.
.RE
.PP
\-b \fIaddress\fR\fI[#port]\fR
.RS 4
-Set the source IP address of the query. The
+Set the source IP address of the query\&. The
\fIaddress\fR
-must be a valid address on one of the host's network interfaces, or "0.0.0.0" or "::". An optional port may be specified by appending "#<port>"
+must be a valid address on one of the host\*(Aqs network interfaces, or "0\&.0\&.0\&.0" or "::"\&. An optional port may be specified by appending "#<port>"
.RE
.PP
\-c \fIclass\fR
.RS 4
-Set the query class. The default
+Set the query class\&. The default
\fIclass\fR
-is IN; other classes are HS for Hesiod records or CH for Chaosnet records.
+is IN; other classes are HS for Hesiod records or CH for Chaosnet records\&.
.RE
.PP
\-f \fIfile\fR
@@ -159,88 +178,88 @@ is IN; other classes are HS for Hesiod records or CH for Chaosnet records.
Batch mode:
\fBdig\fR
reads a list of lookup requests to process from the given
-\fIfile\fR. Each line in the file should be organized in the same way they would be presented as queries to
+\fIfile\fR\&. Each line in the file should be organized in the same way they would be presented as queries to
\fBdig\fR
-using the command\-line interface.
+using the command\-line interface\&.
.RE
.PP
\-i
.RS 4
-Do reverse IPv6 lookups using the obsolete RFC1886 IP6.INT domain, which is no longer in use. Obsolete bit string label queries (RFC2874) are not attempted.
+Do reverse IPv6 lookups using the obsolete RFC1886 IP6\&.INT domain, which is no longer in use\&. Obsolete bit string label queries (RFC2874) are not attempted\&.
.RE
.PP
\-k \fIkeyfile\fR
.RS 4
-Sign queries using TSIG using a key read from the given file. Key files can be generated using
-\fBtsig\-keygen\fR(8). When using TSIG authentication with
-\fBdig\fR, the name server that is queried needs to know the key and algorithm that is being used. In BIND, this is done by providing appropriate
+Sign queries using TSIG using a key read from the given file\&. Key files can be generated using
+\fBtsig-keygen\fR(8)\&. When using TSIG authentication with
+\fBdig\fR, the name server that is queried needs to know the key and algorithm that is being used\&. In BIND, this is done by providing appropriate
\fBkey\fR
and
\fBserver\fR
statements in
-\fInamed.conf\fR.
+named\&.conf\&.
.RE
.PP
\-m
.RS 4
-Enable memory usage debugging.
+Enable memory usage debugging\&.
.RE
.PP
\-p \fIport\fR
.RS 4
-Send the query to a non\-standard port on the server, instead of the defaut port 53. This option would be used to test a name server that has been configured to listen for queries on a non\-standard port number.
+Send the query to a non\-standard port on the server, instead of the defaut port 53\&. This option would be used to test a name server that has been configured to listen for queries on a non\-standard port number\&.
.RE
.PP
\-q \fIname\fR
.RS 4
-The domain name to query. This is useful to distinguish the
+The domain name to query\&. This is useful to distinguish the
\fIname\fR
-from other arguments.
+from other arguments\&.
.RE
.PP
\-t \fItype\fR
.RS 4
-The resource record type to query. It can be any valid query type which is supported in BIND 9. The default query type is "A", unless the
+The resource record type to query\&. It can be any valid query type which is supported in BIND 9\&. The default query type is "A", unless the
\fB\-x\fR
-option is supplied to indicate a reverse lookup. A zone transfer can be requested by specifying a type of AXFR. When an incremental zone transfer (IXFR) is required, set the
+option is supplied to indicate a reverse lookup\&. A zone transfer can be requested by specifying a type of AXFR\&. When an incremental zone transfer (IXFR) is required, set the
\fItype\fR
to
-ixfr=N. The incremental zone transfer will contain the changes made to the zone since the serial number in the zone's SOA record was
-\fIN\fR.
+ixfr=N\&. The incremental zone transfer will contain the changes made to the zone since the serial number in the zone\*(Aqs SOA record was
+\fIN\fR\&.
.RE
.PP
\-v
.RS 4
-Print the version number and exit.
+Print the version number and exit\&.
.RE
.PP
\-x \fIaddr\fR
.RS 4
-Simplified reverse lookups, for mapping addresses to names. The
+Simplified reverse lookups, for mapping addresses to names\&. The
\fIaddr\fR
-is an IPv4 address in dotted\-decimal notation, or a colon\-delimited IPv6 address. When the
+is an IPv4 address in dotted\-decimal notation, or a colon\-delimited IPv6 address\&. When the
\fB\-x\fR
is used, there is no need to provide the
\fIname\fR,
\fIclass\fR
and
\fItype\fR
-arguments.
+arguments\&.
\fBdig\fR
automatically performs a lookup for a name like
-94.2.0.192.in\-addr.arpa
-and sets the query type and class to PTR and IN respectively. IPv6 addresses are looked up using nibble format under the IP6.ARPA domain (but see also the
+94\&.2\&.0\&.192\&.in\-addr\&.arpa
+and sets the query type and class to PTR and IN respectively\&. IPv6 addresses are looked up using nibble format under the IP6\&.ARPA domain (but see also the
\fB\-i\fR
-option).
+option)\&.
.RE
.PP
\-y \fI[hmac:]\fR\fIkeyname:secret\fR
.RS 4
-Sign queries using TSIG with the given authentication key.
+Sign queries using TSIG with the given authentication key\&.
\fIkeyname\fR
is the name of the key, and
\fIsecret\fR
-is the base64 encoded shared secret.
+is the base64 encoded shared secret\&.
\fIhmac\fR
is the name of the key algorithm; valid choices are
hmac\-md5,
@@ -248,10 +267,10 @@ hmac\-sha1,
hmac\-sha224,
hmac\-sha256,
hmac\-sha384, or
-hmac\-sha512. If
+hmac\-sha512\&. If
\fIhmac\fR
is not specified, the default is
-hmac\-md5.
+hmac\-md5\&.
.sp
NOTE: You should use the
\fB\-k\fR
@@ -259,91 +278,91 @@ option and avoid the
\fB\-y\fR
option, because with
\fB\-y\fR
-the shared secret is supplied as a command line argument in clear text. This may be visible in the output from
+the shared secret is supplied as a command line argument in clear text\&. This may be visible in the output from
\fBps\fR(1)
-or in a history file maintained by the user's shell.
+or in a history file maintained by the user\*(Aqs shell\&.
.RE
.SH "QUERY OPTIONS"
.PP
\fBdig\fR
-provides a number of query options which affect the way in which lookups are made and the results displayed. Some of these set or reset flag bits in the query header, some determine which sections of the answer get printed, and others determine the timeout and retry strategies.
+provides a number of query options which affect the way in which lookups are made and the results displayed\&. Some of these set or reset flag bits in the query header, some determine which sections of the answer get printed, and others determine the timeout and retry strategies\&.
.PP
-Each query option is identified by a keyword preceded by a plus sign (+). Some keywords set or reset an option. These may be preceded by the string
+Each query option is identified by a keyword preceded by a plus sign (+)\&. Some keywords set or reset an option\&. These may be preceded by the string
no
-to negate the meaning of that keyword. Other keywords assign values to options like the timeout interval. They have the form
-\fB+keyword=value\fR. Keywords may be abbreviated, provided the abbreviation is unambiguous; for example,
+to negate the meaning of that keyword\&. Other keywords assign values to options like the timeout interval\&. They have the form
+\fB+keyword=value\fR\&. Keywords may be abbreviated, provided the abbreviation is unambiguous; for example,
+cd
is equivalent to
-+cdflag. The query options are:
++cdflag\&. The query options are:
.PP
\fB+[no]aaflag\fR
.RS 4
A synonym for
-\fI+[no]aaonly\fR.
+\fI+[no]aaonly\fR\&.
.RE
.PP
\fB+[no]aaonly\fR
.RS 4
-Sets the "aa" flag in the query.
+Sets the "aa" flag in the query\&.
.RE
.PP
\fB+[no]additional\fR
.RS 4
-Display [do not display] the additional section of a reply. The default is to display it.
+Display [do not display] the additional section of a reply\&. The default is to display it\&.
.RE
.PP
\fB+[no]adflag\fR
.RS 4
-Set [do not set] the AD (authentic data) bit in the query. This requests the server to return whether all of the answer and authority sections have all been validated as secure according to the security policy of the server. AD=1 indicates that all records have been validated as secure and the answer is not from a OPT\-OUT range. AD=0 indicate that some part of the answer was insecure or not validated. This bit is set by default.
+Set [do not set] the AD (authentic data) bit in the query\&. This requests the server to return whether all of the answer and authority sections have all been validated as secure according to the security policy of the server\&. AD=1 indicates that all records have been validated as secure and the answer is not from a OPT\-OUT range\&. AD=0 indicate that some part of the answer was insecure or not validated\&. This bit is set by default\&.
.RE
.PP
\fB+[no]all\fR
.RS 4
-Set or clear all display flags.
+Set or clear all display flags\&.
.RE
.PP
\fB+[no]answer\fR
.RS 4
-Display [do not display] the answer section of a reply. The default is to display it.
+Display [do not display] the answer section of a reply\&. The default is to display it\&.
.RE
.PP
\fB+[no]authority\fR
.RS 4
-Display [do not display] the authority section of a reply. The default is to display it.
+Display [do not display] the authority section of a reply\&. The default is to display it\&.
.RE
.PP
\fB+[no]besteffort\fR
.RS 4
-Attempt to display the contents of messages which are malformed. The default is to not display malformed answers.
+Attempt to display the contents of messages which are malformed\&. The default is to not display malformed answers\&.
.RE
.PP
\fB+bufsize=B\fR
.RS 4
Set the UDP message buffer size advertised using EDNS0 to
\fIB\fR
-bytes. The maximum and minimum sizes of this buffer are 65535 and 0 respectively. Values outside this range are rounded up or down appropriately. Values other than zero will cause a EDNS query to be sent.
+bytes\&. The maximum and minimum sizes of this buffer are 65535 and 0 respectively\&. Values outside this range are rounded up or down appropriately\&. Values other than zero will cause a EDNS query to be sent\&.
.RE
.PP
\fB+[no]cdflag\fR
.RS 4
-Set [do not set] the CD (checking disabled) bit in the query. This requests the server to not perform DNSSEC validation of responses.
+Set [do not set] the CD (checking disabled) bit in the query\&. This requests the server to not perform DNSSEC validation of responses\&.
.RE
.PP
\fB+[no]class\fR
.RS 4
-Display [do not display] the CLASS when printing the record.
+Display [do not display] the CLASS when printing the record\&.
.RE
.PP
\fB+[no]cmd\fR
.RS 4
Toggles the printing of the initial comment in the output identifying the version of
\fBdig\fR
-and the query options that have been applied. This comment is printed by default.
+and the query options that have been applied\&. This comment is printed by default\&.
.RE
.PP
\fB+[no]comments\fR
.RS 4
-Toggle the display of comment lines in the output. The default is to print comments.
+Toggle the display of comment lines in the output\&. The default is to print comments\&.
.RE
.PP
\fB+[no]defname\fR
@@ -354,7 +373,7 @@ Deprecated, treated as a synonym for
.PP
\fB+[no]dnssec\fR
.RS 4
-Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO) in the OPT record in the additional section of the query.
+Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO) in the OPT record in the additional section of the query\&.
.RE
.PP
\fB+domain=somename\fR
@@ -363,46 +382,46 @@ Set the search list to contain the single domain
\fIsomename\fR, as if specified in a
\fBdomain\fR
directive in
-\fI/etc/resolv.conf\fR, and enable search list processing as if the
+/etc/resolv\&.conf, and enable search list processing as if the
\fI+search\fR
-option were given.
+option were given\&.
.RE
.PP
\fB+[no]edns[=#]\fR
.RS 4
-Specify the EDNS version to query with. Valid values are 0 to 255. Setting the EDNS version will cause a EDNS query to be sent.
+Specify the EDNS version to query with\&. Valid values are 0 to 255\&. Setting the EDNS version will cause a EDNS query to be sent\&.
\fB+noedns\fR
-clears the remembered EDNS version. EDNS is set to 0 by default.
+clears the remembered EDNS version\&. EDNS is set to 0 by default\&.
.RE
.PP
\fB+[no]fail\fR
.RS 4
-Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver behavior.
+Do not try the next server if you receive a SERVFAIL\&. The default is to not try the next server which is the reverse of normal stub resolver behavior\&.
.RE
.PP
\fB+[no]identify\fR
.RS 4
Show [or do not show] the IP address and port number that supplied the answer when the
\fI+short\fR
-option is enabled. If short form answers are requested, the default is not to show the source address and port number of the server that provided the answer.
+option is enabled\&. If short form answers are requested, the default is not to show the source address and port number of the server that provided the answer\&.
.RE
.PP
\fB+[no]ignore\fR
.RS 4
-Ignore truncation in UDP responses instead of retrying with TCP. By default, TCP retries are performed.
+Ignore truncation in UDP responses instead of retrying with TCP\&. By default, TCP retries are performed\&.
.RE
.PP
\fB+[no]keepopen\fR
.RS 4
-Keep the TCP socket open between queries and reuse it rather than creating a new TCP socket for each lookup. The default is
-\fB+nokeepopen\fR.
+Keep the TCP socket open between queries and reuse it rather than creating a new TCP socket for each lookup\&. The default is
+\fB+nokeepopen\fR\&.
.RE
.PP
\fB+[no]multiline\fR
.RS 4
-Print records like the SOA records in a verbose multi\-line format with human\-readable comments. The default is to print each record on a single line, to facilitate machine parsing of the
+Print records like the SOA records in a verbose multi\-line format with human\-readable comments\&. The default is to print each record on a single line, to facilitate machine parsing of the
\fBdig\fR
-output.
+output\&.
.RE
.PP
\fB+ndots=D\fR
@@ -411,101 +430,101 @@ Set the number of dots that have to appear in
\fIname\fR
to
\fID\fR
-for it to be considered absolute. The default value is that defined using the ndots statement in
-\fI/etc/resolv.conf\fR, or 1 if no ndots statement is present. Names with fewer dots are interpreted as relative names and will be searched for in the domains listed in the
+for it to be considered absolute\&. The default value is that defined using the ndots statement in
+/etc/resolv\&.conf, or 1 if no ndots statement is present\&. Names with fewer dots are interpreted as relative names and will be searched for in the domains listed in the
\fBsearch\fR
or
\fBdomain\fR
directive in
-\fI/etc/resolv.conf\fR
+/etc/resolv\&.conf
if
\fB+search\fR
-is set.
+is set\&.
.RE
.PP
\fB+[no]nsid\fR
.RS 4
-Include an EDNS name server ID request when sending a query.
+Include an EDNS name server ID request when sending a query\&.
.RE
.PP
\fB+[no]nssearch\fR
.RS 4
When this option is set,
\fBdig\fR
-attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone.
+attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone\&.
.RE
.PP
\fB+[no]onesoa\fR
.RS 4
-Print only one (starting) SOA record when performing an AXFR. The default is to print both the starting and ending SOA records.
+Print only one (starting) SOA record when performing an AXFR\&. The default is to print both the starting and ending SOA records\&.
.RE
.PP
\fB+[no]qr\fR
.RS 4
-Print [do not print] the query as it is sent. By default, the query is not printed.
+Print [do not print] the query as it is sent\&. By default, the query is not printed\&.
.RE
.PP
\fB+[no]question\fR
.RS 4
-Print [do not print] the question section of a query when an answer is returned. The default is to print the question section as a comment.
+Print [do not print] the question section of a query when an answer is returned\&. The default is to print the question section as a comment\&.
.RE
.PP
\fB+[no]rdflag\fR
.RS 4
A synonym for
-\fI+[no]recurse\fR.
+\fI+[no]recurse\fR\&.
.RE
.PP
\fB+[no]recurse\fR
.RS 4
-Toggle the setting of the RD (recursion desired) bit in the query. This bit is set by default, which means
+Toggle the setting of the RD (recursion desired) bit in the query\&. This bit is set by default, which means
\fBdig\fR
-normally sends recursive queries. Recursion is automatically disabled when the
+normally sends recursive queries\&. Recursion is automatically disabled when the
\fI+nssearch\fR
or
\fI+trace\fR
-query options are used.
+query options are used\&.
.RE
.PP
\fB+retry=T\fR
.RS 4
Sets the number of times to retry UDP queries to server to
\fIT\fR
-instead of the default, 2. Unlike
-\fI+tries\fR, this does not include the initial query.
+instead of the default, 2\&. Unlike
+\fI+tries\fR, this does not include the initial query\&.
.RE
.PP
\fB+[no]rrcomments\fR
.RS 4
-Toggle the display of per\-record comments in the output (for example, human\-readable key information about DNSKEY records). The default is not to print record comments unless multiline mode is active.
+Toggle the display of per\-record comments in the output (for example, human\-readable key information about DNSKEY records)\&. The default is not to print record comments unless multiline mode is active\&.
.RE
.PP
\fB+[no]search\fR
.RS 4
Use [do not use] the search list defined by the searchlist or domain directive in
-\fIresolv.conf\fR
-(if any). The search list is not used by default.
+resolv\&.conf
+(if any)\&. The search list is not used by default\&.
.sp
-\'ndots' from
-\fIresolv.conf\fR
+\*(Aqndots\*(Aq from
+resolv\&.conf
(default 1) which may be overridden by
\fI+ndots\fR
-determines if the name will be treated as relative or not and hence whether a search is eventually performed or not.
+determines if the name will be treated as relative or not and hence whether a search is eventually performed or not\&.
.RE
.PP
\fB+[no]short\fR
.RS 4
-Provide a terse answer. The default is to print the answer in a verbose form.
+Provide a terse answer\&. The default is to print the answer in a verbose form\&.
.RE
.PP
\fB+[no]showsearch\fR
.RS 4
-Perform [do not perform] a search showing intermediate results.
+Perform [do not perform] a search showing intermediate results\&.
.RE
.PP
\fB+[no]sigchase\fR
.RS 4
-Chase DNSSEC signature chains. Requires dig be compiled with \-DDIG_SIGCHASE.
+Chase DNSSEC signature chains\&. Requires dig be compiled with \-DDIG_SIGCHASE\&.
.RE
.PP
\fB+split=W\fR
@@ -514,86 +533,86 @@ Split long hex\- or base64\-formatted fields in resource records into chunks of
\fIW\fR
characters (where
\fIW\fR
-is rounded up to the nearest multiple of 4).
+is rounded up to the nearest multiple of 4)\&.
\fI+nosplit\fR
or
\fI+split=0\fR
-causes fields not to be split at all. The default is 56 characters, or 44 characters when multiline mode is active.
+causes fields not to be split at all\&. The default is 56 characters, or 44 characters when multiline mode is active\&.
.RE
.PP
\fB+[no]stats\fR
.RS 4
-This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behavior is to print the query statistics.
+This query option toggles the printing of statistics: when the query was made, the size of the reply and so on\&. The default behavior is to print the query statistics\&.
.RE
.PP
\fB+[no]tcp\fR
.RS 4
-Use [do not use] TCP when querying name servers. The default behavior is to use UDP unless an
+Use [do not use] TCP when querying name servers\&. The default behavior is to use UDP unless an
ixfr=N
-query is requested, in which case the default is TCP. AXFR queries always use TCP.
+query is requested, in which case the default is TCP\&. AXFR queries always use TCP\&.
.RE
.PP
\fB+time=T\fR
.RS 4
Sets the timeout for a query to
\fIT\fR
-seconds. The default timeout is 5 seconds. An attempt to set
+seconds\&. The default timeout is 5 seconds\&. An attempt to set
\fIT\fR
-to less than 1 will result in a query timeout of 1 second being applied.
+to less than 1 will result in a query timeout of 1 second being applied\&.
.RE
.PP
\fB+[no]topdown\fR
.RS 4
-When chasing DNSSEC signature chains perform a top\-down validation. Requires dig be compiled with \-DDIG_SIGCHASE.
+When chasing DNSSEC signature chains perform a top\-down validation\&. Requires dig be compiled with \-DDIG_SIGCHASE\&.
.RE
.PP
\fB+[no]trace\fR
.RS 4
-Toggle tracing of the delegation path from the root name servers for the name being looked up. Tracing is disabled by default. When tracing is enabled,
+Toggle tracing of the delegation path from the root name servers for the name being looked up\&. Tracing is disabled by default\&. When tracing is enabled,
\fBdig\fR
-makes iterative queries to resolve the name being looked up. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup.
+makes iterative queries to resolve the name being looked up\&. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup\&.
.sp
-If @server is also specified, it affects only the initial query for the root zone name servers.
+If @server is also specified, it affects only the initial query for the root zone name servers\&.
.sp
\fB+dnssec\fR
-is also set when +trace is set to better emulate the default queries from a nameserver.
+is also set when +trace is set to better emulate the default queries from a nameserver\&.
.RE
.PP
\fB+tries=T\fR
.RS 4
Sets the number of times to try UDP queries to server to
\fIT\fR
-instead of the default, 3. If
+instead of the default, 3\&. If
\fIT\fR
-is less than or equal to zero, the number of tries is silently rounded up to 1.
+is less than or equal to zero, the number of tries is silently rounded up to 1\&.
.RE
.PP
\fB+trusted\-key=####\fR
.RS 4
Specifies a file containing trusted keys to be used with
-\fB+sigchase\fR. Each DNSKEY record must be on its own line.
+\fB+sigchase\fR\&. Each DNSKEY record must be on its own line\&.
.sp
If not specified,
\fBdig\fR
will look for
-\fI/etc/trusted\-key.key\fR
+/etc/trusted\-key\&.key
then
-\fItrusted\-key.key\fR
-in the current directory.
+trusted\-key\&.key
+in the current directory\&.
.sp
-Requires dig be compiled with \-DDIG_SIGCHASE.
+Requires dig be compiled with \-DDIG_SIGCHASE\&.
.RE
.PP
\fB+[no]ttlid\fR
.RS 4
-Display [do not display] the TTL when printing the record.
+Display [do not display] the TTL when printing the record\&.
.RE
.PP
\fB+[no]vc\fR
.RS 4
-Use [do not use] TCP when querying name servers. This alternate syntax to
+Use [do not use] TCP when querying name servers\&. This alternate syntax to
\fI+[no]tcp\fR
-is provided for backwards compatibility. The "vc" stands for "virtual circuit".
+is provided for backwards compatibility\&. The "vc" stands for "virtual circuit"\&.
.RE
.SH "MULTIPLE QUERIES"
.PP
@@ -601,63 +620,71 @@ The BIND 9 implementation of
\fBdig \fR
supports specifying multiple queries on the command line (in addition to supporting the
\fB\-f\fR
-batch file option). Each of those queries can be supplied with its own set of flags, options and query options.
+batch file option)\&. Each of those queries can be supplied with its own set of flags, options and query options\&.
.PP
In this case, each
\fIquery\fR
-argument represent an individual query in the command\-line syntax described above. Each consists of any of the standard options and flags, the name to be looked up, an optional query type and class and any query options that should be applied to that query.
+argument represent an individual query in the command\-line syntax described above\&. Each consists of any of the standard options and flags, the name to be looked up, an optional query type and class and any query options that should be applied to that query\&.
.PP
-A global set of query options, which should be applied to all queries, can also be supplied. These global query options must precede the first tuple of name, class, type, options, flags, and query options supplied on the command line. Any global query options (except the
+A global set of query options, which should be applied to all queries, can also be supplied\&. These global query options must precede the first tuple of name, class, type, options, flags, and query options supplied on the command line\&. Any global query options (except the
\fB+[no]cmd\fR
-option) can be overridden by a query\-specific set of query options. For example:
+option) can be overridden by a query\-specific set of query options\&. For example:
.sp
+.if n \{\
.RS 4
+.\}
.nf
-dig +qr www.isc.org any \-x 127.0.0.1 isc.org ns +noqr
+dig +qr www\&.isc\&.org any \-x 127\&.0\&.0\&.1 isc\&.org ns +noqr
.fi
+.if n \{\
.RE
+.\}
.sp
shows how
\fBdig\fR
could be used from the command line to make three lookups: an ANY query for
-www.isc.org, a reverse lookup of 127.0.0.1 and a query for the NS records of
-isc.org. A global query option of
+www\&.isc\&.org, a reverse lookup of 127\&.0\&.0\&.1 and a query for the NS records of
+isc\&.org\&. A global query option of
\fI+qr\fR
is applied, so that
\fBdig\fR
-shows the initial query it made for each lookup. The final query has a local query option of
+shows the initial query it made for each lookup\&. The final query has a local query option of
\fI+noqr\fR
which means that
\fBdig\fR
will not print the initial query when it looks up the NS records for
-isc.org.
+isc\&.org\&.
.SH "IDN SUPPORT"
.PP
If
\fBdig\fR
-has been built with IDN (internationalized domain name) support, it can accept and display non\-ASCII domain names.
+has been built with IDN (internationalized domain name) support, it can accept and display non\-ASCII domain names\&.
\fBdig\fR
-appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server. If you'd like to turn off the IDN support for some reason, defines the
+appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server\&. If you\*(Aqd like to turn off the IDN support for some reason, defines the
\fBIDN_DISABLE\fR
-environment variable. The IDN support is disabled if the variable is set when
+environment variable\&. The IDN support is disabled if the variable is set when
\fBdig\fR
-runs.
+runs\&.
.SH "FILES"
.PP
-\fI/etc/resolv.conf\fR
+/etc/resolv\&.conf
.PP
-\fI${HOME}/.digrc\fR
+${HOME}/\&.digrc
.SH "SEE ALSO"
.PP
\fBhost\fR(1),
\fBnamed\fR(8),
-\fBdnssec\-keygen\fR(8),
-RFC1035.
+\fBdnssec-keygen\fR(8),
+RFC1035\&.
.SH "BUGS"
.PP
-There are probably too many query options.
+There are probably too many query options\&.
+.SH "AUTHOR"
+.PP
+\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
-Copyright \(co 2004\-2011, 2013\-2015 Internet Systems Consortium, Inc. ("ISC")
.br
-Copyright \(co 2000\-2003 Internet Software Consortium.
+Copyright \(co 2004-2011, 2013-2015 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000-2003 Internet Software Consortium.
.br
diff --git a/bin/dig/dig.c b/bin/dig/dig.c
index 145e6107ad33..d5f872dd3864 100644
--- a/bin/dig/dig.c
+++ b/bin/dig/dig.c
@@ -67,9 +67,12 @@ static char domainopt[DNS_NAME_MAXTEXT];
static isc_boolean_t short_form = ISC_FALSE, printcmd = ISC_TRUE,
ip6_int = ISC_FALSE, plusquest = ISC_FALSE, pluscomm = ISC_FALSE,
multiline = ISC_FALSE, nottl = ISC_FALSE, noclass = ISC_FALSE,
- onesoa = ISC_FALSE, rrcomments = ISC_FALSE;
+ onesoa = ISC_FALSE;
static isc_uint32_t splitwidth = 0xffffffff;
+/*% rrcomments are neither explicitly enabled nor disabled by default */
+static int rrcomments = 0;
+
/*% opcode text */
static const char * const opcodetext[] = {
"QUERY",
@@ -319,7 +322,8 @@ say_message(dns_rdata_t *rdata, dig_query_t *query, isc_buffer_t *buf) {
ADD_STRING(buf, " ");
}
- if (rrcomments)
+ /* Turn on rrcomments if explicitly enabled */
+ if (rrcomments > 0)
styleflags |= DNS_STYLEFLAG_RRCOMMENT;
result = dns_rdata_tofmttext(rdata, NULL, styleflags, 0,
splitwidth, " ", buf);
@@ -404,7 +408,8 @@ printrdataset(dns_name_t *owner_name, dns_rdataset_t *rdataset,
styleflags |= DNS_STYLEFLAG_NO_TTL;
if (noclass)
styleflags |= DNS_STYLEFLAG_NO_CLASS;
- if (rrcomments)
+ /* Turn on rrcomments if explicitly enabled */
+ if (rrcomments > 0)
styleflags |= DNS_STYLEFLAG_RRCOMMENT;
if (multiline) {
styleflags |= DNS_STYLEFLAG_OMIT_OWNER;
@@ -414,7 +419,9 @@ printrdataset(dns_name_t *owner_name, dns_rdataset_t *rdataset,
styleflags |= DNS_STYLEFLAG_TTL;
styleflags |= DNS_STYLEFLAG_MULTILINE;
styleflags |= DNS_STYLEFLAG_COMMENT;
- styleflags |= DNS_STYLEFLAG_RRCOMMENT;
+ /* Turn on rrcomments if not explicitly disabled */
+ if (rrcomments >= 0)
+ styleflags |= DNS_STYLEFLAG_RRCOMMENT;
}
if (multiline || (nottl && noclass))
@@ -455,7 +462,8 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
styleflags |= DNS_STYLEFLAG_REL_OWNER;
if (query->lookup->comments)
styleflags |= DNS_STYLEFLAG_COMMENT;
- if (rrcomments)
+ /* Turn on rrcomments if explicitly enabled */
+ if (rrcomments > 0)
styleflags |= DNS_STYLEFLAG_RRCOMMENT;
if (nottl)
styleflags |= DNS_STYLEFLAG_NO_TTL;
@@ -468,7 +476,9 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
styleflags |= DNS_STYLEFLAG_OMIT_TTL;
styleflags |= DNS_STYLEFLAG_TTL;
styleflags |= DNS_STYLEFLAG_MULTILINE;
- styleflags |= DNS_STYLEFLAG_RRCOMMENT;
+ /* Turn on rrcomments unless explicitly disabled */
+ if (rrcomments >= 0)
+ styleflags |= DNS_STYLEFLAG_RRCOMMENT;
}
if (multiline || (nottl && noclass))
result = dns_master_stylecreate2(&style, styleflags,
@@ -720,7 +730,7 @@ printgreeting(int argc, char **argv, dig_lookup_t *lookup) {
*/
static void
-plus_option(char *option, isc_boolean_t is_batchfile,
+plus_option(const char *option, isc_boolean_t is_batchfile,
dig_lookup_t *lookup)
{
isc_result_t result;
@@ -735,7 +745,7 @@ plus_option(char *option, isc_boolean_t is_batchfile,
strncpy(option_store, option, sizeof(option_store));
option_store[sizeof(option_store)-1]=0;
ptr = option_store;
- cmd = next_token(&ptr,"=");
+ cmd = next_token(&ptr, "=");
if (cmd == NULL) {
printf(";; Invalid option %s\n", option_store);
return;
@@ -789,7 +799,6 @@ plus_option(char *option, isc_boolean_t is_batchfile,
lookup->section_answer = state;
lookup->section_additional = state;
lookup->comments = state;
- rrcomments = state;
lookup->stats = state;
printcmd = state;
break;
@@ -955,13 +964,13 @@ plus_option(char *option, isc_boolean_t is_batchfile,
lookup->identify = ISC_TRUE;
lookup->stats = ISC_FALSE;
lookup->comments = ISC_FALSE;
- rrcomments = ISC_FALSE;
lookup->section_additional = ISC_FALSE;
lookup->section_authority = ISC_FALSE;
lookup->section_question = ISC_FALSE;
lookup->rdtype = dns_rdatatype_ns;
lookup->rdtypeset = ISC_TRUE;
short_form = ISC_TRUE;
+ rrcomments = 0;
}
break;
default:
@@ -1022,7 +1031,7 @@ plus_option(char *option, isc_boolean_t is_batchfile,
break;
case 'r': /* rrcomments */
FULLCHECK("rrcomments");
- rrcomments = state;
+ rrcomments = state ? 1 : -1;
break;
default:
goto invalid_option;
@@ -1050,8 +1059,8 @@ plus_option(char *option, isc_boolean_t is_batchfile,
lookup->section_authority = ISC_FALSE;
lookup->section_question = ISC_FALSE;
lookup->comments = ISC_FALSE;
- rrcomments = ISC_FALSE;
lookup->stats = ISC_FALSE;
+ rrcomments = -1;
}
break;
case 'w': /* showsearch */
@@ -1149,7 +1158,7 @@ plus_option(char *option, isc_boolean_t is_batchfile,
lookup->recurse = ISC_FALSE;
lookup->identify = ISC_TRUE;
lookup->comments = ISC_FALSE;
- rrcomments = ISC_FALSE;
+ rrcomments = 0;
lookup->stats = ISC_FALSE;
lookup->section_additional = ISC_FALSE;
lookup->section_authority = ISC_TRUE;
@@ -1207,7 +1216,7 @@ plus_option(char *option, isc_boolean_t is_batchfile,
invalid_option:
need_value:
fprintf(stderr, "Invalid option: +%s\n",
- option);
+ option);
usage();
}
return;
@@ -1434,14 +1443,14 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
value);
return (value_from_next);
case 'y':
- ptr = next_token(&value,":"); /* hmac type or name */
+ ptr = next_token(&value, ":"); /* hmac type or name */
if (ptr == NULL) {
usage();
}
ptr2 = next_token(&value, ":"); /* name or secret */
if (ptr2 == NULL)
usage();
- ptr3 = next_token(&value,":"); /* secret or NULL */
+ ptr3 = next_token(&value, ":"); /* secret or NULL */
if (ptr3 != NULL) {
parse_hmac(ptr);
ptr = ptr2;
diff --git a/bin/dig/dig.docbook b/bin/dig/dig.docbook
index 8a3022dfc893..8b7e3829b448 100644
--- a/bin/dig/dig.docbook
+++ b/bin/dig/dig.docbook
@@ -1,6 +1,3 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2004-2011, 2013-2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
@@ -18,10 +15,15 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<refentry id="man.dig">
+<!-- Converted by db4-upgrade version 1.0 -->
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.dig">
+ <info>
+ <date>2014-02-12</date>
+ </info>
<refentryinfo>
- <date>February 12, 2014</date>
+ <corpname>ISC</corpname>
+ <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
</refentryinfo>
<refmeta>
@@ -60,42 +62,42 @@
</docinfo>
<refsynopsisdiv>
- <cmdsynopsis>
+ <cmdsynopsis sepchar=" ">
<command>dig</command>
- <arg choice="opt">@server</arg>
- <arg><option>-b <replaceable class="parameter">address</replaceable></option></arg>
- <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
- <arg><option>-f <replaceable class="parameter">filename</replaceable></option></arg>
- <arg><option>-k <replaceable class="parameter">filename</replaceable></option></arg>
- <arg><option>-m</option></arg>
- <arg><option>-p <replaceable class="parameter">port#</replaceable></option></arg>
- <arg><option>-q <replaceable class="parameter">name</replaceable></option></arg>
- <arg><option>-t <replaceable class="parameter">type</replaceable></option></arg>
- <arg><option>-v</option></arg>
- <arg><option>-x <replaceable class="parameter">addr</replaceable></option></arg>
- <arg><option>-y <replaceable class="parameter"><optional>hmac:</optional>name:key</replaceable></option></arg>
- <arg><option>-4</option></arg>
- <arg><option>-6</option></arg>
- <arg choice="opt">name</arg>
- <arg choice="opt">type</arg>
- <arg choice="opt">class</arg>
+ <arg choice="opt" rep="norepeat">@server</arg>
+ <arg choice="opt" rep="norepeat"><option>-b <replaceable class="parameter">address</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">class</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-f <replaceable class="parameter">filename</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-k <replaceable class="parameter">filename</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-m</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-p <replaceable class="parameter">port#</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-q <replaceable class="parameter">name</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">type</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-v</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-x <replaceable class="parameter">addr</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-y <replaceable class="parameter"><optional>hmac:</optional>name:key</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-4</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-6</option></arg>
+ <arg choice="opt" rep="norepeat">name</arg>
+ <arg choice="opt" rep="norepeat">type</arg>
+ <arg choice="opt" rep="norepeat">class</arg>
<arg choice="opt" rep="repeat">queryopt</arg>
</cmdsynopsis>
- <cmdsynopsis>
+ <cmdsynopsis sepchar=" ">
<command>dig</command>
- <arg><option>-h</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-h</option></arg>
</cmdsynopsis>
- <cmdsynopsis>
+ <cmdsynopsis sepchar=" ">
<command>dig</command>
<arg choice="opt" rep="repeat">global-queryopt</arg>
<arg choice="opt" rep="repeat">query</arg>
</cmdsynopsis>
</refsynopsisdiv>
- <refsect1>
- <title>DESCRIPTION</title>
+ <refsection><info><title>DESCRIPTION</title></info>
+
<para><command>dig</command>
(domain information groper) is a flexible tool
for interrogating DNS name servers. It performs DNS lookups and
@@ -141,15 +143,15 @@
<para>
The IN and CH class names overlap with the IN and CH top level
domain names. Either use the <option>-t</option> and
- <option>-c</option> options to specify the type and class,
+ <option>-c</option> options to specify the type and class,
use the <option>-q</option> the specify the domain name, or
use "IN." and "CH." when looking up these top level domains.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>SIMPLE USAGE</title></info>
- <refsect1>
- <title>SIMPLE USAGE</title>
<para>
A typical invocation of <command>dig</command> looks like:
@@ -198,7 +200,7 @@
<term><constant>type</constant></term>
<listitem>
<para>
- indicates what type of query is required &mdash;
+ indicates what type of query is required —
ANY, A, MX, SIG, etc.
<parameter>type</parameter> can be any valid query
type. If no
@@ -212,10 +214,10 @@
</variablelist>
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>OPTIONS</title></info>
- <refsect1>
- <title>OPTIONS</title>
<variablelist>
<varlistentry>
@@ -415,10 +417,10 @@
</varlistentry>
</variablelist>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>QUERY OPTIONS</title></info>
- <refsect1>
- <title>QUERY OPTIONS</title>
<para><command>dig</command>
provides a number of query options which affect
@@ -1006,10 +1008,10 @@
</variablelist>
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>MULTIPLE QUERIES</title></info>
- <refsect1>
- <title>MULTIPLE QUERIES</title>
<para>
The BIND 9 implementation of <command>dig </command>
@@ -1055,10 +1057,10 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
<literal>isc.org</literal>.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>IDN SUPPORT</title></info>
- <refsect1>
- <title>IDN SUPPORT</title>
<para>
If <command>dig</command> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
@@ -1067,21 +1069,21 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
reply from the server.
If you'd like to turn off the IDN support for some reason, defines
the <envar>IDN_DISABLE</envar> environment variable.
- The IDN support is disabled if the variable is set when
+ The IDN support is disabled if the variable is set when
<command>dig</command> runs.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>FILES</title></info>
- <refsect1>
- <title>FILES</title>
<para><filename>/etc/resolv.conf</filename>
</para>
<para><filename>${HOME}/.digrc</filename>
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>SEE ALSO</title></info>
- <refsect1>
- <title>SEE ALSO</title>
<para><citerefentry>
<refentrytitle>host</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
@@ -1093,16 +1095,12 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</citerefentry>,
<citetitle>RFC1035</citetitle>.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>BUGS</title></info>
- <refsect1>
- <title>BUGS</title>
<para>
There are probably too many query options.
</para>
- </refsect1>
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->
+ </refsection>
+</refentry>
diff --git a/bin/dig/dig.html b/bin/dig/dig.html
index 6cb32c118946..6f92efcefb9f 100644
--- a/bin/dig/dig.html
+++ b/bin/dig/dig.html
@@ -14,14 +14,13 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>dig</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
<a name="man.dig"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -33,41 +32,41 @@
<div class="cmdsynopsis"><p><code class="command">dig</code> [<code class="option">-h</code>]</p></div>
<div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543547"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">dig</strong></span>
+<div class="refsection">
+<a name="id-1.7"></a><h2>DESCRIPTION</h2>
+<p><span class="command"><strong>dig</strong></span>
(domain information groper) is a flexible tool
for interrogating DNS name servers. It performs DNS lookups and
displays the answers that are returned from the name server(s) that
- were queried. Most DNS administrators use <span><strong class="command">dig</strong></span> to
+ were queried. Most DNS administrators use <span class="command"><strong>dig</strong></span> to
troubleshoot DNS problems because of its flexibility, ease of use and
clarity of output. Other lookup tools tend to have less functionality
- than <span><strong class="command">dig</strong></span>.
+ than <span class="command"><strong>dig</strong></span>.
</p>
<p>
- Although <span><strong class="command">dig</strong></span> is normally used with
+ Although <span class="command"><strong>dig</strong></span> is normally used with
command-line
arguments, it also has a batch mode of operation for reading lookup
requests from a file. A brief summary of its command-line arguments
and options is printed when the <code class="option">-h</code> option is given.
Unlike earlier versions, the BIND 9 implementation of
- <span><strong class="command">dig</strong></span> allows multiple lookups to be issued
+ <span class="command"><strong>dig</strong></span> allows multiple lookups to be issued
from the
command line.
</p>
<p>
Unless it is told to query a specific name server,
- <span><strong class="command">dig</strong></span> will try each of the servers listed in
+ <span class="command"><strong>dig</strong></span> will try each of the servers listed in
<code class="filename">/etc/resolv.conf</code>. If no usable server addresses
- are found, <span><strong class="command">dig</strong></span> will send the query to the local
+ are found, <span class="command"><strong>dig</strong></span> will send the query to the local
host.
</p>
<p>
When no command line arguments or options are given,
- <span><strong class="command">dig</strong></span> will perform an NS query for "." (the root).
+ <span class="command"><strong>dig</strong></span> will perform an NS query for "." (the root).
</p>
<p>
- It is possible to set per-user defaults for <span><strong class="command">dig</strong></span> via
+ It is possible to set per-user defaults for <span class="command"><strong>dig</strong></span> via
<code class="filename">${HOME}/.digrc</code>. This file is read and
any options in it
are applied before the command line arguments.
@@ -75,22 +74,22 @@
<p>
The IN and CH class names overlap with the IN and CH top level
domain names. Either use the <code class="option">-t</code> and
- <code class="option">-c</code> options to specify the type and class,
+ <code class="option">-c</code> options to specify the type and class,
use the <code class="option">-q</code> the specify the domain name, or
use "IN." and "CH." when looking up these top level domains.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543626"></a><h2>SIMPLE USAGE</h2>
+<div class="refsection">
+<a name="id-1.8"></a><h2>SIMPLE USAGE</h2>
<p>
- A typical invocation of <span><strong class="command">dig</strong></span> looks like:
+ A typical invocation of <span class="command"><strong>dig</strong></span> looks like:
</p>
<pre class="programlisting"> dig @server name type </pre>
<p>
where:
</p>
-<div class="variablelist"><dl>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term"><code class="constant">server</code></span></dt>
<dd>
<p>
@@ -98,19 +97,19 @@
can be an IPv4 address in dotted-decimal notation or an IPv6
address in colon-delimited notation. When the supplied
<em class="parameter"><code>server</code></em> argument is a hostname,
- <span><strong class="command">dig</strong></span> resolves that name before querying
+ <span class="command"><strong>dig</strong></span> resolves that name before querying
that name server.
</p>
<p>
If no <em class="parameter"><code>server</code></em> argument is
- provided, <span><strong class="command">dig</strong></span> consults
+ provided, <span class="command"><strong>dig</strong></span> consults
<code class="filename">/etc/resolv.conf</code>; if an
address is found there, it queries the name server at
that address. If either of the <code class="option">-4</code> or
<code class="option">-6</code> options are in use, then
only addresses for the corresponding transport
will be tried. If no usable addresses are found,
- <span><strong class="command">dig</strong></span> will send the query to the
+ <span class="command"><strong>dig</strong></span> will send the query to the
local host. The reply from the name server that
responds is displayed.
</p>
@@ -126,16 +125,16 @@
<em class="parameter"><code>type</code></em> can be any valid query
type. If no
<em class="parameter"><code>type</code></em> argument is supplied,
- <span><strong class="command">dig</strong></span> will perform a lookup for an
+ <span class="command"><strong>dig</strong></span> will perform a lookup for an
A record.
</p></dd>
</dl></div>
<p>
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543730"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
+<div class="refsection">
+<a name="id-1.9"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-4</span></dt>
<dd><p>
Use IPv4 only.
@@ -159,12 +158,12 @@
</p></dd>
<dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt>
<dd><p>
- Batch mode: <span><strong class="command">dig</strong></span> reads a list of lookup
+ Batch mode: <span class="command"><strong>dig</strong></span> reads a list of lookup
requests to process from the
given <em class="parameter"><code>file</code></em>. Each line in the file
should be organized in the same way they would be
presented as queries to
- <span><strong class="command">dig</strong></span> using the command-line interface.
+ <span class="command"><strong>dig</strong></span> using the command-line interface.
</p></dd>
<dt><span class="term">-i</span></dt>
<dd><p>
@@ -177,11 +176,11 @@
Sign queries using TSIG using a key read from the given file.
Key files can be generated using
<span class="citerefentry"><span class="refentrytitle">tsig-keygen</span>(8)</span>.
- When using TSIG authentication with <span><strong class="command">dig</strong></span>,
+ When using TSIG authentication with <span class="command"><strong>dig</strong></span>,
the name server that is queried needs to know the key and
algorithm that is being used. In BIND, this is done by
- providing appropriate <span><strong class="command">key</strong></span>
- and <span><strong class="command">server</strong></span> statements in
+ providing appropriate <span class="command"><strong>key</strong></span>
+ and <span class="command"><strong>server</strong></span> statements in
<code class="filename">named.conf</code>.
</p></dd>
<dt><span class="term">-m</span></dt>
@@ -228,7 +227,7 @@
need to provide
the <em class="parameter"><code>name</code></em>, <em class="parameter"><code>class</code></em>
and <em class="parameter"><code>type</code></em>
- arguments. <span><strong class="command">dig</strong></span> automatically performs a
+ arguments. <span class="command"><strong>dig</strong></span> automatically performs a
lookup for a name like
<code class="literal">94.2.0.192.in-addr.arpa</code> and sets the
query type and class to PTR and IN respectively. IPv6
@@ -261,9 +260,9 @@
</dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2544181"></a><h2>QUERY OPTIONS</h2>
-<p><span><strong class="command">dig</strong></span>
+<div class="refsection">
+<a name="id-1.10"></a><h2>QUERY OPTIONS</h2>
+<p><span class="command"><strong>dig</strong></span>
provides a number of query options which affect
the way in which lookups are made and the results displayed. Some of
these set or reset flag bits in the query header, some determine which
@@ -284,7 +283,7 @@
The query options are:
</p>
-<div class="variablelist"><dl>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term"><code class="option">+[no]aaflag</code></span></dt>
<dd><p>
A synonym for <em class="parameter"><code>+[no]aaonly</code></em>.
@@ -353,7 +352,7 @@
<dt><span class="term"><code class="option">+[no]cmd</code></span></dt>
<dd><p>
Toggles the printing of the initial comment in the
- output identifying the version of <span><strong class="command">dig</strong></span>
+ output identifying the version of <span class="command"><strong>dig</strong></span>
and the query options that have been applied. This
comment is printed by default.
</p></dd>
@@ -377,7 +376,7 @@
<dd><p>
Set the search list to contain the single domain
<em class="parameter"><code>somename</code></em>, as if specified in
- a <span><strong class="command">domain</strong></span> directive in
+ a <span class="command"><strong>domain</strong></span> directive in
<code class="filename">/etc/resolv.conf</code>, and enable
search list processing as if the
<em class="parameter"><code>+search</code></em> option were given.
@@ -421,7 +420,7 @@
Print records like the SOA records in a verbose
multi-line format with human-readable comments. The
default is to print each record on a single line, to
- facilitate machine parsing of the <span><strong class="command">dig</strong></span>
+ facilitate machine parsing of the <span class="command"><strong>dig</strong></span>
output.
</p></dd>
<dt><span class="term"><code class="option">+ndots=D</code></span></dt>
@@ -445,7 +444,7 @@
</p></dd>
<dt><span class="term"><code class="option">+[no]nssearch</code></span></dt>
<dd><p>
- When this option is set, <span><strong class="command">dig</strong></span>
+ When this option is set, <span class="command"><strong>dig</strong></span>
attempts to find the authoritative name servers for
the zone containing the name being looked up and
display the SOA record that each name server has for
@@ -476,7 +475,7 @@
<dd><p>
Toggle the setting of the RD (recursion desired) bit
in the query. This bit is set by default, which means
- <span><strong class="command">dig</strong></span> normally sends recursive
+ <span class="command"><strong>dig</strong></span> normally sends recursive
queries. Recursion is automatically disabled when
the <em class="parameter"><code>+nssearch</code></em> or
<em class="parameter"><code>+trace</code></em> query options are used.
@@ -573,7 +572,7 @@
Toggle tracing of the delegation path from the root
name servers for the name being looked up. Tracing
is disabled by default. When tracing is enabled,
- <span><strong class="command">dig</strong></span> makes iterative queries to
+ <span class="command"><strong>dig</strong></span> makes iterative queries to
resolve the name being looked up. It will follow
referrals from the root servers, showing the answer
from each server that was used to resolve the lookup.
@@ -583,7 +582,7 @@
initial query for the root zone name servers.
</p>
<p>
- <span><strong class="command">+dnssec</strong></span> is also set when +trace
+ <span class="command"><strong>+dnssec</strong></span> is also set when +trace
is set to better emulate the default queries from a
nameserver.
</p>
@@ -604,7 +603,7 @@
must be on its own line.
</p>
<p>
- If not specified, <span><strong class="command">dig</strong></span> will look
+ If not specified, <span class="command"><strong>dig</strong></span> will look
for <code class="filename">/etc/trusted-key.key</code> then
<code class="filename">trusted-key.key</code> in the current
directory.
@@ -630,10 +629,10 @@
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2545576"></a><h2>MULTIPLE QUERIES</h2>
+<div class="refsection">
+<a name="id-1.11"></a><h2>MULTIPLE QUERIES</h2>
<p>
- The BIND 9 implementation of <span><strong class="command">dig </strong></span>
+ The BIND 9 implementation of <span class="command"><strong>dig </strong></span>
supports
specifying multiple queries on the command line (in addition to
supporting the <code class="option">-f</code> batch file option). Each of those
@@ -660,7 +659,7 @@
dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</pre>
<p>
- shows how <span><strong class="command">dig</strong></span> could be used from the
+ shows how <span class="command"><strong>dig</strong></span> could be used from the
command line
to make three lookups: an ANY query for <code class="literal">www.isc.org</code>, a
reverse lookup of 127.0.0.1 and a query for the NS records of
@@ -668,45 +667,45 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
A global query option of <em class="parameter"><code>+qr</code></em> is
applied, so
- that <span><strong class="command">dig</strong></span> shows the initial query it made
+ that <span class="command"><strong>dig</strong></span> shows the initial query it made
for each
lookup. The final query has a local query option of
- <em class="parameter"><code>+noqr</code></em> which means that <span><strong class="command">dig</strong></span>
+ <em class="parameter"><code>+noqr</code></em> which means that <span class="command"><strong>dig</strong></span>
will not print the initial query when it looks up the NS records for
<code class="literal">isc.org</code>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2545638"></a><h2>IDN SUPPORT</h2>
+<div class="refsection">
+<a name="id-1.12"></a><h2>IDN SUPPORT</h2>
<p>
- If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized
+ If <span class="command"><strong>dig</strong></span> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
- <span><strong class="command">dig</strong></span> appropriately converts character encoding of
+ <span class="command"><strong>dig</strong></span> appropriately converts character encoding of
domain name before sending a request to DNS server or displaying a
reply from the server.
If you'd like to turn off the IDN support for some reason, defines
the <code class="envar">IDN_DISABLE</code> environment variable.
- The IDN support is disabled if the variable is set when
- <span><strong class="command">dig</strong></span> runs.
+ The IDN support is disabled if the variable is set when
+ <span class="command"><strong>dig</strong></span> runs.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2545660"></a><h2>FILES</h2>
+<div class="refsection">
+<a name="id-1.13"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
<p><code class="filename">${HOME}/.digrc</code>
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2545677"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.14"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<em class="citetitle">RFC1035</em>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2545715"></a><h2>BUGS</h2>
+<div class="refsection">
+<a name="id-1.15"></a><h2>BUGS</h2>
<p>
There are probably too many query options.
</p>
diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
index 45dac2f5a112..36e7d4405f6f 100644
--- a/bin/dig/dighost.c
+++ b/bin/dig/dighost.c
@@ -456,7 +456,7 @@ append(const char *text, int len, char **p, char *end) {
static isc_result_t
reverse_octets(const char *in, char **p, char *end) {
- char *dot = strchr(in, '.');
+ const char *dot = strchr(in, '.');
int len;
if (dot != NULL) {
isc_result_t result;
@@ -3400,6 +3400,8 @@ recv_done(isc_task_t *task, isc_event_t *event) {
n = requeue_lookup(l, ISC_TRUE);
n->tcp_mode = ISC_TRUE;
n->origin = query->lookup->origin;
+ if (l->trace && l->trace_root)
+ n->rdtype = l->qrdtype;
dns_message_destroy(&msg);
isc_event_free(&event);
clear_query(query);
diff --git a/bin/dig/host.1 b/bin/dig/host.1
index 4ff5a7cc6177..f654d97763e3 100644
--- a/bin/dig/host.1
+++ b/bin/dig/host.1
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007-2009, 2014 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007-2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2002 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,43 +13,58 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id$
-.\"
.hy 0
.ad l
+'\" t
.\" Title: host
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: January 20, 2009
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 2009-01-20
.\" Manual: BIND9
-.\" Source: BIND9
+.\" Source: ISC
+.\" Language: English
.\"
-.TH "HOST" "1" "January 20, 2009" "BIND9" "BIND9"
+.TH "HOST" "1" "2009\-01\-20" "ISC" "BIND9"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
.SH "NAME"
host \- DNS lookup utility
.SH "SYNOPSIS"
-.HP 5
+.HP \w'\fBhost\fR\ 'u
\fBhost\fR [\fB\-aCdlnrsTwv\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-N\ \fR\fB\fIndots\fR\fR] [\fB\-R\ \fR\fB\fInumber\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-W\ \fR\fB\fIwait\fR\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-4\fR] [\fB\-6\fR] [\fB\-v\fR] [\fB\-V\fR] {name} [server]
.SH "DESCRIPTION"
.PP
\fBhost\fR
-is a simple utility for performing DNS lookups. It is normally used to convert names to IP addresses and vice versa. When no arguments or options are given,
+is a simple utility for performing DNS lookups\&. It is normally used to convert names to IP addresses and vice versa\&. When no arguments or options are given,
\fBhost\fR
-prints a short summary of its command line arguments and options.
+prints a short summary of its command line arguments and options\&.
.PP
\fIname\fR
-is the domain name that is to be looked up. It can also be a dotted\-decimal IPv4 address or a colon\-delimited IPv6 address, in which case
+is the domain name that is to be looked up\&. It can also be a dotted\-decimal IPv4 address or a colon\-delimited IPv6 address, in which case
\fBhost\fR
-will by default perform a reverse lookup for that address.
+will by default perform a reverse lookup for that address\&.
\fIserver\fR
is an optional argument which is either the name or IP address of the name server that
\fBhost\fR
should query instead of the server or servers listed in
-\fI/etc/resolv.conf\fR.
+/etc/resolv\&.conf\&.
.PP
The
\fB\-a\fR
@@ -57,7 +72,7 @@ The
\fB\-v\fR
option and asking
\fBhost\fR
-to make a query of type ANY.
+to make a query of type ANY\&.
.PP
When the
\fB\-C\fR
@@ -65,12 +80,12 @@ option is used,
\fBhost\fR
will attempt to display the SOA records for zone
\fIname\fR
-from all the listed authoritative name servers for that zone. The list of name servers is defined by the NS records that are found for the zone.
+from all the listed authoritative name servers for that zone\&. The list of name servers is defined by the NS records that are found for the zone\&.
.PP
The
\fB\-c\fR
option instructs to make a DNS query of class
-\fIclass\fR. This can be used to lookup Hesiod or Chaosnet class resource records. The default class is IN (Internet).
+\fIclass\fR\&. This can be used to lookup Hesiod or Chaosnet class resource records\&. The default class is IN (Internet)\&.
.PP
Verbose output is generated by
\fBhost\fR
@@ -78,114 +93,113 @@ when the
\fB\-d\fR
or
\fB\-v\fR
-option is used. The two options are equivalent. They have been provided for backwards compatibility. In previous versions, the
+option is used\&. The two options are equivalent\&. They have been provided for backwards compatibility\&. In previous versions, the
\fB\-d\fR
option switched on debugging traces and
\fB\-v\fR
-enabled verbose output.
+enabled verbose output\&.
.PP
List mode is selected by the
\fB\-l\fR
-option. This makes
+option\&. This makes
\fBhost\fR
perform a zone transfer for zone
-\fIname\fR. Transfer the zone printing out the NS, PTR and address records (A/AAAA). If combined with
+\fIname\fR\&. Transfer the zone printing out the NS, PTR and address records (A/AAAA)\&. If combined with
\fB\-a\fR
-all records will be printed.
+all records will be printed\&.
.PP
The
\fB\-i\fR
-option specifies that reverse lookups of IPv6 addresses should use the IP6.INT domain as defined in RFC1886. The default is to use IP6.ARPA.
+option specifies that reverse lookups of IPv6 addresses should use the IP6\&.INT domain as defined in RFC1886\&. The default is to use IP6\&.ARPA\&.
.PP
The
\fB\-N\fR
option sets the number of dots that have to be in
\fIname\fR
-for it to be considered absolute. The default value is that defined using the ndots statement in
-\fI/etc/resolv.conf\fR, or 1 if no ndots statement is present. Names with fewer dots are interpreted as relative names and will be searched for in the domains listed in the
+for it to be considered absolute\&. The default value is that defined using the ndots statement in
+/etc/resolv\&.conf, or 1 if no ndots statement is present\&. Names with fewer dots are interpreted as relative names and will be searched for in the domains listed in the
\fBsearch\fR
or
\fBdomain\fR
directive in
-\fI/etc/resolv.conf\fR.
+/etc/resolv\&.conf\&.
.PP
The number of UDP retries for a lookup can be changed with the
\fB\-R\fR
-option.
+option\&.
\fInumber\fR
indicates how many times
\fBhost\fR
-will repeat a query that does not get answered. The default number of retries is 1. If
+will repeat a query that does not get answered\&. The default number of retries is 1\&. If
\fInumber\fR
-is negative or zero, the number of retries will default to 1.
+is negative or zero, the number of retries will default to 1\&.
.PP
Non\-recursive queries can be made via the
\fB\-r\fR
-option. Setting this option clears the
+option\&. Setting this option clears the
\fBRD\fR
\(em recursion desired \(em bit in the query which
\fBhost\fR
-makes. This should mean that the name server receiving the query will not attempt to resolve
-\fIname\fR. The
+makes\&. This should mean that the name server receiving the query will not attempt to resolve
+\fIname\fR\&. The
\fB\-r\fR
option enables
\fBhost\fR
-to mimic the behavior of a name server by making non\-recursive queries and expecting to receive answers to those queries that are usually referrals to other name servers.
+to mimic the behavior of a name server by making non\-recursive queries and expecting to receive answers to those queries that are usually referrals to other name servers\&.
.PP
By default,
\fBhost\fR
-uses UDP when making queries. The
+uses UDP when making queries\&. The
\fB\-T\fR
-option makes it use a TCP connection when querying the name server. TCP will be automatically selected for queries that require it, such as zone transfer (AXFR) requests.
+option makes it use a TCP connection when querying the name server\&. TCP will be automatically selected for queries that require it, such as zone transfer (AXFR) requests\&.
.PP
The
\fB\-4\fR
option forces
\fBhost\fR
-to only use IPv4 query transport. The
+to only use IPv4 query transport\&. The
\fB\-6\fR
option forces
\fBhost\fR
-to only use IPv6 query transport.
+to only use IPv6 query transport\&.
.PP
The
\fB\-t\fR
-option is used to select the query type.
+option is used to select the query type\&.
\fItype\fR
-can be any recognized query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified,
+can be any recognized query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc\&. When no query type is specified,
\fBhost\fR
-automatically selects an appropriate query type. By default, it looks for A, AAAA, and MX records, but if the
+automatically selects an appropriate query type\&. By default, it looks for A, AAAA, and MX records, but if the
\fB\-C\fR
option was given, queries will be made for SOA records, and if
\fIname\fR
is a dotted\-decimal IPv4 address or colon\-delimited IPv6 address,
\fBhost\fR
-will query for PTR records. If a query type of IXFR is chosen the starting serial number can be specified by appending an equal followed by the starting serial number (e.g. \-t IXFR=12345678).
+will query for PTR records\&. If a query type of IXFR is chosen the starting serial number can be specified by appending an equal followed by the starting serial number (e\&.g\&. \-t IXFR=12345678)\&.
.PP
The time to wait for a reply can be controlled through the
\fB\-W\fR
and
\fB\-w\fR
-options. The
+options\&. The
\fB\-W\fR
option makes
\fBhost\fR
wait for
\fIwait\fR
-seconds. If
+seconds\&. If
\fIwait\fR
-is less than one, the wait interval is set to one second. When the
+is less than one, the wait interval is set to one second\&. When the
\fB\-w\fR
option is used,
\fBhost\fR
-will effectively wait forever for a reply. The time to wait for a response will be set to the number of seconds given by the hardware's maximum value for an integer quantity.
+will effectively wait forever for a reply\&. The time to wait for a response will be set to the number of seconds given by the hardware\*(Aqs maximum value for an integer quantity\&.
.PP
The
\fB\-s\fR
option tells
-\fBhost\fR
-\fInot\fR
-to send the query to the next nameserver if any server responds with a SERVFAIL response, which is the reverse of normal stub resolver behavior.
+\fBhost\fR\fInot\fR
+to send the query to the next nameserver if any server responds with a SERVFAIL response, which is the reverse of normal stub resolver behavior\&.
.PP
The
\fB\-m\fR
@@ -193,33 +207,37 @@ can be used to set the memory usage debugging flags
\fIrecord\fR,
\fIusage\fR
and
-\fItrace\fR.
+\fItrace\fR\&.
.PP
The
\fB\-V\fR
option causes
\fBhost\fR
-to print the version number and exit.
+to print the version number and exit\&.
.SH "IDN SUPPORT"
.PP
If
\fBhost\fR
-has been built with IDN (internationalized domain name) support, it can accept and display non\-ASCII domain names.
+has been built with IDN (internationalized domain name) support, it can accept and display non\-ASCII domain names\&.
\fBhost\fR
-appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server. If you'd like to turn off the IDN support for some reason, defines the
+appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server\&. If you\*(Aqd like to turn off the IDN support for some reason, defines the
\fBIDN_DISABLE\fR
-environment variable. The IDN support is disabled if the variable is set when
+environment variable\&. The IDN support is disabled if the variable is set when
\fBhost\fR
-runs.
+runs\&.
.SH "FILES"
.PP
-\fI/etc/resolv.conf\fR
+/etc/resolv\&.conf
.SH "SEE ALSO"
.PP
\fBdig\fR(1),
-\fBnamed\fR(8).
+\fBnamed\fR(8)\&.
+.SH "AUTHOR"
+.PP
+\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007\-2009, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
-Copyright \(co 2000\-2002 Internet Software Consortium.
+Copyright \(co 2004, 2005, 2007-2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000-2002 Internet Software Consortium.
.br
diff --git a/bin/dig/host.docbook b/bin/dig/host.docbook
index 30fc441044ef..b004fb10a868 100644
--- a/bin/dig/host.docbook
+++ b/bin/dig/host.docbook
@@ -1,8 +1,7 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
+<!DOCTYPE book [
+<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005, 2007-2009, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007-2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2002 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,10 +17,14 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<refentry id="man.host">
-
+<!-- Converted by db4-upgrade version 1.0 -->
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.host">
+ <info>
+ <date>2009-01-20</date>
+ </info>
<refentryinfo>
- <date>January 20, 2009</date>
+ <corpname>ISC</corpname>
+ <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
</refentryinfo>
<refmeta>
@@ -43,6 +46,7 @@
<year>2008</year>
<year>2009</year>
<year>2014</year>
+ <year>2015</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -54,26 +58,26 @@
</docinfo>
<refsynopsisdiv>
- <cmdsynopsis>
+ <cmdsynopsis sepchar=" ">
<command>host</command>
- <arg><option>-aCdlnrsTwv</option></arg>
- <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
- <arg><option>-N <replaceable class="parameter">ndots</replaceable></option></arg>
- <arg><option>-R <replaceable class="parameter">number</replaceable></option></arg>
- <arg><option>-t <replaceable class="parameter">type</replaceable></option></arg>
- <arg><option>-W <replaceable class="parameter">wait</replaceable></option></arg>
- <arg><option>-m <replaceable class="parameter">flag</replaceable></option></arg>
- <arg><option>-4</option></arg>
- <arg><option>-6</option></arg>
- <arg><option>-v</option></arg>
- <arg><option>-V</option></arg>
- <arg choice="req">name</arg>
- <arg choice="opt">server</arg>
+ <arg choice="opt" rep="norepeat"><option>-aCdlnrsTwv</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">class</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-N <replaceable class="parameter">ndots</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-R <replaceable class="parameter">number</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">type</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-W <replaceable class="parameter">wait</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-m <replaceable class="parameter">flag</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-4</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-6</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-v</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-V</option></arg>
+ <arg choice="req" rep="norepeat">name</arg>
+ <arg choice="opt" rep="norepeat">server</arg>
</cmdsynopsis>
</refsynopsisdiv>
- <refsect1>
- <title>DESCRIPTION</title>
+ <refsection><info><title>DESCRIPTION</title></info>
+
<para><command>host</command>
is a simple utility for performing DNS lookups.
@@ -228,7 +232,7 @@
</para>
<para>
- The <option>-s</option> option tells <command>host</command>
+ The <option>-s</option> option tells <command>host</command>
<emphasis>not</emphasis> to send the query to the next nameserver
if any server responds with a SERVFAIL response, which is the
reverse of normal stub resolver behavior.
@@ -245,13 +249,13 @@
The <option>-V</option> option causes <command>host</command>
to print the version number and exit.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>IDN SUPPORT</title></info>
- <refsect1>
- <title>IDN SUPPORT</title>
<para>
If <command>host</command> has been built with IDN (internationalized
- domain name) support, it can accept and display non-ASCII domain names.
+ domain name) support, it can accept and display non-ASCII domain names.
<command>host</command> appropriately converts character encoding of
domain name before sending a request to DNS server or displaying a
reply from the server.
@@ -260,16 +264,16 @@
The IDN support is disabled if the variable is set when
<command>host</command> runs.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>FILES</title></info>
- <refsect1>
- <title>FILES</title>
<para><filename>/etc/resolv.conf</filename>
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>SEE ALSO</title></info>
- <refsect1>
- <title>SEE ALSO</title>
<para><citerefentry>
<refentrytitle>dig</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
@@ -277,10 +281,6 @@
<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>.
</para>
+ </refsection>
- </refsect1>
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->
+</refentry>
diff --git a/bin/dig/host.html b/bin/dig/host.html
index a04536afec56..fb8c08f67e4e 100644
--- a/bin/dig/host.html
+++ b/bin/dig/host.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007-2009, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007-2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2002 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,14 +14,13 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>host</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
<a name="man.host"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -31,34 +30,34 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">host</code> [<code class="option">-aCdlnrsTwv</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>] [<code class="option">-R <em class="replaceable"><code>number</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-v</code>] [<code class="option">-V</code>] {name} [server]</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543454"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">host</strong></span>
+<div class="refsection">
+<a name="id-1.7"></a><h2>DESCRIPTION</h2>
+<p><span class="command"><strong>host</strong></span>
is a simple utility for performing DNS lookups.
It is normally used to convert names to IP addresses and vice versa.
When no arguments or options are given,
- <span><strong class="command">host</strong></span>
+ <span class="command"><strong>host</strong></span>
prints a short summary of its command line arguments and options.
</p>
<p><em class="parameter"><code>name</code></em> is the domain name that is to be
looked
up. It can also be a dotted-decimal IPv4 address or a colon-delimited
- IPv6 address, in which case <span><strong class="command">host</strong></span> will by
+ IPv6 address, in which case <span class="command"><strong>host</strong></span> will by
default
perform a reverse lookup for that address.
<em class="parameter"><code>server</code></em> is an optional argument which
is either
- the name or IP address of the name server that <span><strong class="command">host</strong></span>
+ the name or IP address of the name server that <span class="command"><strong>host</strong></span>
should query instead of the server or servers listed in
<code class="filename">/etc/resolv.conf</code>.
</p>
<p>
The <code class="option">-a</code> (all) option is equivalent to setting the
- <code class="option">-v</code> option and asking <span><strong class="command">host</strong></span> to make
+ <code class="option">-v</code> option and asking <span class="command"><strong>host</strong></span> to make
a query of type ANY.
</p>
<p>
- When the <code class="option">-C</code> option is used, <span><strong class="command">host</strong></span>
+ When the <code class="option">-C</code> option is used, <span class="command"><strong>host</strong></span>
will attempt to display the SOA records for zone
<em class="parameter"><code>name</code></em> from all the listed
authoritative name
@@ -72,7 +71,7 @@
Chaosnet class resource records. The default class is IN (Internet).
</p>
<p>
- Verbose output is generated by <span><strong class="command">host</strong></span> when
+ Verbose output is generated by <span class="command"><strong>host</strong></span> when
the
<code class="option">-d</code> or <code class="option">-v</code> option is used. The two
options are equivalent. They have been provided for backwards
@@ -82,7 +81,7 @@
</p>
<p>
List mode is selected by the <code class="option">-l</code> option. This makes
- <span><strong class="command">host</strong></span> perform a zone transfer for zone
+ <span class="command"><strong>host</strong></span> perform a zone transfer for zone
<em class="parameter"><code>name</code></em>. Transfer the zone printing out
the NS, PTR
and address records (A/AAAA). If combined with <code class="option">-a</code>
@@ -110,7 +109,7 @@
The number of UDP retries for a lookup can be changed with the
<code class="option">-R</code> option. <em class="parameter"><code>number</code></em>
indicates
- how many times <span><strong class="command">host</strong></span> will repeat a query
+ how many times <span class="command"><strong>host</strong></span> will repeat a query
that does
not get answered. The default number of retries is 1. If
<em class="parameter"><code>number</code></em> is negative or zero, the
@@ -120,39 +119,39 @@
<p>
Non-recursive queries can be made via the <code class="option">-r</code> option.
Setting this option clears the <span class="type">RD</span> &#8212; recursion
- desired &#8212; bit in the query which <span><strong class="command">host</strong></span> makes.
+ desired &#8212; bit in the query which <span class="command"><strong>host</strong></span> makes.
This should mean that the name server receiving the query will not
attempt to resolve <em class="parameter"><code>name</code></em>. The
- <code class="option">-r</code> option enables <span><strong class="command">host</strong></span>
+ <code class="option">-r</code> option enables <span class="command"><strong>host</strong></span>
to mimic
the behavior of a name server by making non-recursive queries and
expecting to receive answers to those queries that are usually
referrals to other name servers.
</p>
<p>
- By default, <span><strong class="command">host</strong></span> uses UDP when making
+ By default, <span class="command"><strong>host</strong></span> uses UDP when making
queries. The
<code class="option">-T</code> option makes it use a TCP connection when querying
the name server. TCP will be automatically selected for queries that
require it, such as zone transfer (AXFR) requests.
</p>
<p>
- The <code class="option">-4</code> option forces <span><strong class="command">host</strong></span> to only
+ The <code class="option">-4</code> option forces <span class="command"><strong>host</strong></span> to only
use IPv4 query transport. The <code class="option">-6</code> option forces
- <span><strong class="command">host</strong></span> to only use IPv6 query transport.
+ <span class="command"><strong>host</strong></span> to only use IPv6 query transport.
</p>
<p>
The <code class="option">-t</code> option is used to select the query type.
<em class="parameter"><code>type</code></em> can be any recognized query
type: CNAME,
NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified,
- <span><strong class="command">host</strong></span> automatically selects an appropriate
+ <span class="command"><strong>host</strong></span> automatically selects an appropriate
query
type. By default, it looks for A, AAAA, and MX records, but if the
<code class="option">-C</code> option was given, queries will be made for SOA
records, and if <em class="parameter"><code>name</code></em> is a
dotted-decimal IPv4
- address or colon-delimited IPv6 address, <span><strong class="command">host</strong></span> will
+ address or colon-delimited IPv6 address, <span class="command"><strong>host</strong></span> will
query for PTR records. If a query type of IXFR is chosen the starting
serial number can be specified by appending an equal followed by the
starting serial number (e.g. -t IXFR=12345678).
@@ -160,18 +159,18 @@
<p>
The time to wait for a reply can be controlled through the
<code class="option">-W</code> and <code class="option">-w</code> options. The
- <code class="option">-W</code> option makes <span><strong class="command">host</strong></span>
+ <code class="option">-W</code> option makes <span class="command"><strong>host</strong></span>
wait for
<em class="parameter"><code>wait</code></em> seconds. If <em class="parameter"><code>wait</code></em>
is less than one, the wait interval is set to one second. When the
- <code class="option">-w</code> option is used, <span><strong class="command">host</strong></span>
+ <code class="option">-w</code> option is used, <span class="command"><strong>host</strong></span>
will
effectively wait forever for a reply. The time to wait for a response
will be set to the number of seconds given by the hardware's maximum
value for an integer quantity.
</p>
<p>
- The <code class="option">-s</code> option tells <span><strong class="command">host</strong></span>
+ The <code class="option">-s</code> option tells <span class="command"><strong>host</strong></span>
<span class="emphasis"><em>not</em></span> to send the query to the next nameserver
if any server responds with a SERVFAIL response, which is the
reverse of normal stub resolver behavior.
@@ -183,31 +182,31 @@
<em class="parameter"><code>trace</code></em>.
</p>
<p>
- The <code class="option">-V</code> option causes <span><strong class="command">host</strong></span>
+ The <code class="option">-V</code> option causes <span class="command"><strong>host</strong></span>
to print the version number and exit.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543831"></a><h2>IDN SUPPORT</h2>
+<div class="refsection">
+<a name="id-1.8"></a><h2>IDN SUPPORT</h2>
<p>
- If <span><strong class="command">host</strong></span> has been built with IDN (internationalized
- domain name) support, it can accept and display non-ASCII domain names.
- <span><strong class="command">host</strong></span> appropriately converts character encoding of
+ If <span class="command"><strong>host</strong></span> has been built with IDN (internationalized
+ domain name) support, it can accept and display non-ASCII domain names.
+ <span class="command"><strong>host</strong></span> appropriately converts character encoding of
domain name before sending a request to DNS server or displaying a
reply from the server.
If you'd like to turn off the IDN support for some reason, defines
the <code class="envar">IDN_DISABLE</code> environment variable.
The IDN support is disabled if the variable is set when
- <span><strong class="command">host</strong></span> runs.
+ <span class="command"><strong>host</strong></span> runs.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543853"></a><h2>FILES</h2>
+<div class="refsection">
+<a name="id-1.9"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543865"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.10"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
</p>
diff --git a/bin/dig/nslookup.1 b/bin/dig/nslookup.1
index e5ea2396a12d..c9c4c2f1b346 100644
--- a/bin/dig/nslookup.1
+++ b/bin/dig/nslookup.1
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2007, 2010, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2007, 2010, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -12,68 +12,100 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id$
-.\"
.hy 0
.ad l
+'\" t
.\" Title: nslookup
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: January 24, 2014
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 2014-01-24
.\" Manual: BIND9
-.\" Source: BIND9
+.\" Source: ISC
+.\" Language: English
.\"
-.TH "NSLOOKUP" "1" "January 24, 2014" "BIND9" "BIND9"
+.TH "NSLOOKUP" "1" "2014\-01\-24" "ISC" "BIND9"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
.SH "NAME"
nslookup \- query Internet name servers interactively
.SH "SYNOPSIS"
-.HP 9
+.HP \w'\fBnslookup\fR\ 'u
\fBnslookup\fR [\fB\-option\fR] [name\ |\ \-] [server]
.SH "DESCRIPTION"
.PP
\fBNslookup\fR
-is a program to query Internet domain name servers.
+is a program to query Internet domain name servers\&.
\fBNslookup\fR
-has two modes: interactive and non\-interactive. Interactive mode allows the user to query name servers for information about various hosts and domains or to print a list of hosts in a domain. Non\-interactive mode is used to print just the name and requested information for a host or domain.
+has two modes: interactive and non\-interactive\&. Interactive mode allows the user to query name servers for information about various hosts and domains or to print a list of hosts in a domain\&. Non\-interactive mode is used to print just the name and requested information for a host or domain\&.
.SH "ARGUMENTS"
.PP
Interactive mode is entered in the following cases:
-.TP 4
-1.
+.sp
+.RS 4
+.ie n \{\
+\h'-04' 1.\h'+01'\c
+.\}
+.el \{\
+.sp -1
+.IP " 1." 4.2
+.\}
when no arguments are given (the default name server will be used)
-.TP 4
-2.
-when the first argument is a hyphen (\-) and the second argument is the host name or Internet address of a name server.
+.RE
.sp
+.RS 4
+.ie n \{\
+\h'-04' 2.\h'+01'\c
+.\}
+.el \{\
+.sp -1
+.IP " 2." 4.2
+.\}
+when the first argument is a hyphen (\-) and the second argument is the host name or Internet address of a name server\&.
.RE
.PP
-Non\-interactive mode is used when the name or Internet address of the host to be looked up is given as the first argument. The optional second argument specifies the host name or address of a name server.
+Non\-interactive mode is used when the name or Internet address of the host to be looked up is given as the first argument\&. The optional second argument specifies the host name or address of a name server\&.
.PP
-Options can also be specified on the command line if they precede the arguments and are prefixed with a hyphen. For example, to change the default query type to host information, and the initial timeout to 10 seconds, type:
+Options can also be specified on the command line if they precede the arguments and are prefixed with a hyphen\&. For example, to change the default query type to host information, and the initial timeout to 10 seconds, type:
.sp
+.if n \{\
.RS 4
+.\}
.nf
nslookup \-query=hinfo \-timeout=10
.fi
+.if n \{\
.RE
-.sp
+.\}
.PP
The
\fB\-version\fR
option causes
\fBnslookup\fR
-to print the version number and immediately exits.
+to print the version number and immediately exits\&.
.SH "INTERACTIVE COMMANDS"
.PP
\fBhost\fR [server]
.RS 4
-Look up information for host using the current default server or using server, if specified. If host is an Internet address and the query type is A or PTR, the name of the host is returned. If host is a name and does not have a trailing period, the search list is used to qualify the name.
+Look up information for host using the current default server or using server, if specified\&. If host is an Internet address and the query type is A or PTR, the name of the host is returned\&. If host is a name and does not have a trailing period, the search list is used to qualify the name\&.
.sp
-To look up a host not in the current domain, append a period to the name.
+To look up a host not in the current domain, append a period to the name\&.
.RE
.PP
\fBserver\fR \fIdomain\fR
@@ -88,7 +120,7 @@ Change the default server to
uses the initial server to look up information about
\fIdomain\fR, while
\fBserver\fR
-uses the current default server. If an authoritative answer can't be found, the names of servers that might have the answer are returned.
+uses the current default server\&. If an authoritative answer can\*(Aqt be found, the names of servers that might have the answer are returned\&.
.RE
.PP
\fBroot\fR
@@ -123,24 +155,22 @@ not implemented
.PP
\fBexit\fR
.RS 4
-Exits the program.
+Exits the program\&.
.RE
.PP
\fBset\fR \fIkeyword\fR\fI[=value]\fR
.RS 4
-This command is used to change state information that affects the lookups. Valid keywords are:
-.RS 4
+This command is used to change state information that affects the lookups\&. Valid keywords are:
.PP
\fBall\fR
.RS 4
Prints the current values of the frequently used options to
-\fBset\fR. Information about the current default server and host is also printed.
+\fBset\fR\&. Information about the current default server and host is also printed\&.
.RE
.PP
\fBclass=\fR\fIvalue\fR
.RS 4
Change the query class to one of:
-.RS 4
.PP
\fBIN\fR
.RS 4
@@ -161,16 +191,15 @@ the Hesiod class
.RS 4
wildcard
.RE
-.RE
-.IP "" 4
-The class specifies the protocol group of the information.
+.sp
+The class specifies the protocol group of the information\&.
.sp
(Default = IN; abbreviation = cl)
.RE
.PP
\fB \fR\fB\fI[no]\fR\fR\fBdebug\fR
.RS 4
-Turn on or off the display of the full response packet and any intermediate response packets when searching.
+Turn on or off the display of the full response packet and any intermediate response packets when searching\&.
.sp
(Default = nodebug; abbreviation =
[no]deb)
@@ -178,7 +207,7 @@ Turn on or off the display of the full response packet and any intermediate resp
.PP
\fB \fR\fB\fI[no]\fR\fR\fBd2\fR
.RS 4
-Turn debugging mode on or off. This displays more about what nslookup is doing.
+Turn debugging mode on or off\&. This displays more about what nslookup is doing\&.
.sp
(Default = nod2)
.RE
@@ -186,12 +215,12 @@ Turn debugging mode on or off. This displays more about what nslookup is doing.
\fBdomain=\fR\fIname\fR
.RS 4
Sets the search list to
-\fIname\fR.
+\fIname\fR\&.
.RE
.PP
\fB \fR\fB\fI[no]\fR\fR\fBsearch\fR
.RS 4
-If the lookup request contains at least one period but doesn't end with a trailing period, append the domain names in the domain search list to the request until an answer is received.
+If the lookup request contains at least one period but doesn\*(Aqt end with a trailing period, append the domain names in the domain search list to the request until an answer is received\&.
.sp
(Default = search)
.RE
@@ -199,7 +228,7 @@ If the lookup request contains at least one period but doesn't end with a traili
\fBport=\fR\fIvalue\fR
.RS 4
Change the default TCP/UDP name server port to
-\fIvalue\fR.
+\fIvalue\fR\&.
.sp
(Default = 53; abbreviation = po)
.RE
@@ -210,60 +239,64 @@ Change the default TCP/UDP name server port to
.PP
\fBtype=\fR\fIvalue\fR
.RS 4
-Change the type of the information query.
+Change the type of the information query\&.
.sp
(Default = A; abbreviations = q, ty)
.RE
.PP
\fB \fR\fB\fI[no]\fR\fR\fBrecurse\fR
.RS 4
-Tell the name server to query other servers if it does not have the information.
+Tell the name server to query other servers if it does not have the information\&.
.sp
(Default = recurse; abbreviation = [no]rec)
.RE
.PP
\fBndots=\fR\fInumber\fR
.RS 4
-Set the number of dots (label separators) in a domain that will disable searching. Absolute names always stop searching.
+Set the number of dots (label separators) in a domain that will disable searching\&. Absolute names always stop searching\&.
.RE
.PP
\fBretry=\fR\fInumber\fR
.RS 4
-Set the number of retries to number.
+Set the number of retries to number\&.
.RE
.PP
\fBtimeout=\fR\fInumber\fR
.RS 4
-Change the initial timeout interval for waiting for a reply to number seconds.
+Change the initial timeout interval for waiting for a reply to number seconds\&.
.RE
.PP
\fB \fR\fB\fI[no]\fR\fR\fBvc\fR
.RS 4
-Always use a virtual circuit when sending requests to the server.
+Always use a virtual circuit when sending requests to the server\&.
.sp
(Default = novc)
.RE
.PP
\fB \fR\fB\fI[no]\fR\fR\fBfail\fR
.RS 4
-Try the next nameserver if a nameserver responds with SERVFAIL or a referral (nofail) or terminate query (fail) on such a response.
+Try the next nameserver if a nameserver responds with SERVFAIL or a referral (nofail) or terminate query (fail) on such a response\&.
.sp
(Default = nofail)
.RE
+.sp
.RE
-.IP "" 4
-.RE
+.SH "RETURN VALUES"
+.PP
+\fBnslookup\fR
+returns with an exit status of 1 if any query failed, and 0 otherwise\&.
.SH "FILES"
.PP
-\fI/etc/resolv.conf\fR
+/etc/resolv\&.conf
.SH "SEE ALSO"
.PP
\fBdig\fR(1),
\fBhost\fR(1),
-\fBnamed\fR(8).
+\fBnamed\fR(8)\&.
.SH "AUTHOR"
.PP
-Andrew Cherenson
+\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
-Copyright \(co 2004\-2007, 2010, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2004-2007, 2010, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
.br
diff --git a/bin/dig/nslookup.docbook b/bin/dig/nslookup.docbook
index 022de672b80f..bd6d7b1fe092 100644
--- a/bin/dig/nslookup.docbook
+++ b/bin/dig/nslookup.docbook
@@ -1,8 +1,5 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004-2007, 2010, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007, 2010, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -45,10 +42,14 @@
- OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- SUCH DAMAGE.
-->
-<refentry>
-
+<!-- Converted by db4-upgrade version 1.0 -->
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0">
+ <info>
+ <date>2014-01-24</date>
+ </info>
<refentryinfo>
- <date>January 24, 2014</date>
+ <corpname>ISC</corpname>
+ <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
</refentryinfo>
<refmeta>
@@ -71,21 +72,23 @@
<year>2010</year>
<year>2013</year>
<year>2014</year>
+ <year>2015</year>
+ <year>2016</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
<refsynopsisdiv>
- <cmdsynopsis>
+ <cmdsynopsis sepchar=" ">
<command>nslookup</command>
- <arg><option>-option</option></arg>
- <arg choice="opt">name | -</arg>
- <arg choice="opt">server</arg>
+ <arg choice="opt" rep="norepeat"><option>-option</option></arg>
+ <arg choice="opt" rep="norepeat">name | -</arg>
+ <arg choice="opt" rep="norepeat">server</arg>
</cmdsynopsis>
</refsynopsisdiv>
- <refsect1>
- <title>DESCRIPTION</title>
+ <refsection><info><title>DESCRIPTION</title></info>
+
<para><command>Nslookup</command>
is a program to query Internet domain name servers. <command>Nslookup</command>
has two modes: interactive and non-interactive. Interactive mode allows
@@ -95,13 +98,13 @@
used to print just the name and requested information for a host or
domain.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>ARGUMENTS</title></info>
- <refsect1>
- <title>ARGUMENTS</title>
<para>
Interactive mode is entered in the following cases:
- <orderedlist numeration="loweralpha">
+ <orderedlist numeration="loweralpha" inheritnum="ignore" continuation="restarts">
<listitem>
<para>
when no arguments are given (the default name server will be used)
@@ -139,10 +142,10 @@ nslookup -query=hinfo -timeout=10
number and immediately exits.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>INTERACTIVE COMMANDS</title></info>
- <refsect1>
- <title>INTERACTIVE COMMANDS</title>
<variablelist>
<varlistentry>
<term><constant>host</constant> <optional>server</optional></term>
@@ -475,16 +478,23 @@ nslookup -query=hinfo -timeout=10
</listitem>
</varlistentry>
</variablelist>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>RETURN VALUES</title></info>
+ <para>
+ <command>nslookup</command> returns with an exit status of 1
+ if any query failed, and 0 otherwise.
+ </para>
+ </refsection>
+
+ <refsection><info><title>FILES</title></info>
- <refsect1>
- <title>FILES</title>
<para><filename>/etc/resolv.conf</filename>
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>SEE ALSO</title></info>
- <refsect1>
- <title>SEE ALSO</title>
<para><citerefentry>
<refentrytitle>dig</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>,
@@ -495,16 +505,5 @@ nslookup -query=hinfo -timeout=10
<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>.
</para>
- </refsect1>
-
- <refsect1>
- <title>Author</title>
- <para>
- Andrew Cherenson
- </para>
- </refsect1>
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->
+ </refsection>
+</refentry>
diff --git a/bin/dig/nslookup.html b/bin/dig/nslookup.html
index 96777b3106e5..439ae2631672 100644
--- a/bin/dig/nslookup.html
+++ b/bin/dig/nslookup.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2007, 2010, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007, 2010, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -13,15 +13,14 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>nslookup</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476283"></a><div class="titlepage"></div>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
+<a name="id-1"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>nslookup &#8212; query Internet name servers interactively</p>
@@ -30,10 +29,10 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">nslookup</code> [<code class="option">-option</code>] [name | -] [server]</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543442"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">Nslookup</strong></span>
- is a program to query Internet domain name servers. <span><strong class="command">Nslookup</strong></span>
+<div class="refsection">
+<a name="id-1.7"></a><h2>DESCRIPTION</h2>
+<p><span class="command"><strong>Nslookup</strong></span>
+ is a program to query Internet domain name servers. <span class="command"><strong>Nslookup</strong></span>
has two modes: interactive and non-interactive. Interactive mode allows
the user to query name servers for information about various hosts and
domains or to print a list of hosts in a domain. Non-interactive mode
@@ -42,16 +41,16 @@
domain.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543458"></a><h2>ARGUMENTS</h2>
+<div class="refsection">
+<a name="id-1.8"></a><h2>ARGUMENTS</h2>
<p>
Interactive mode is entered in the following cases:
</p>
-<div class="orderedlist"><ol type="a">
-<li><p>
+<div class="orderedlist"><ol class="orderedlist" type="a">
+<li class="listitem"><p>
when no arguments are given (the default name server will be used)
</p></li>
-<li><p>
+<li class="listitem"><p>
when the first argument is a hyphen (-) and the second argument is
the host name or Internet address of a name server.
</p></li>
@@ -78,13 +77,13 @@ nslookup -query=hinfo -timeout=10
</p>
<p>
The <code class="option">-version</code> option causes
- <span><strong class="command">nslookup</strong></span> to print the version
+ <span class="command"><strong>nslookup</strong></span> to print the version
number and immediately exits.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543512"></a><h2>INTERACTIVE COMMANDS</h2>
-<div class="variablelist"><dl>
+<div class="refsection">
+<a name="id-1.9"></a><h2>INTERACTIVE COMMANDS</h2>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term"><code class="constant">host</code> [<span class="optional">server</span>]</span></dt>
<dd>
<p>
@@ -144,11 +143,11 @@ nslookup -query=hinfo -timeout=10
This command is used to change state information that affects
the lookups. Valid keywords are:
</p>
-<div class="variablelist"><dl>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term"><code class="constant">all</code></span></dt>
<dd><p>
Prints the current values of the frequently used
- options to <span><strong class="command">set</strong></span>.
+ options to <span class="command"><strong>set</strong></span>.
Information about the current default
server and host is also printed.
</p></dd>
@@ -157,7 +156,7 @@ nslookup -query=hinfo -timeout=10
<p>
Change the query class to one of:
</p>
-<div class="variablelist"><dl>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term"><code class="constant">IN</code></span></dt>
<dd><p>
the Internet class
@@ -298,23 +297,24 @@ nslookup -query=hinfo -timeout=10
</dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2546326"></a><h2>FILES</h2>
+<div class="refsection">
+<a name="id-1.10"></a><h2>RETURN VALUES</h2>
+<p>
+ <span class="command"><strong>nslookup</strong></span> returns with an exit status of 1
+ if any query failed, and 0 otherwise.
+ </p>
+</div>
+<div class="refsection">
+<a name="id-1.11"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2546338"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.12"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2546372"></a><h2>Author</h2>
-<p>
- Andrew Cherenson
- </p>
-</div>
</div></body>
</html>
diff --git a/bin/dnssec/Makefile.in b/bin/dnssec/Makefile.in
index 81f65938a0c3..107bea9074e4 100644
--- a/bin/dnssec/Makefile.in
+++ b/bin/dnssec/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004, 2005, 2007-2009, 2012-2014 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2005, 2007-2009, 2012-2015 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2000-2002 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -19,7 +19,7 @@ srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
@BIND9_MAKE_INCLUDES@
@@ -51,7 +51,7 @@ OBJS = dnssectool.@O@
SRCS = dnssec-dsfromkey.c dnssec-keyfromlabel.c dnssec-keygen.c \
dnssec-revoke.c dnssec-settime.c dnssec-signzone.c \
- dnssec-verify.c dnssec-importkey.c dnssectool.c
+ dnssec-verify.c dnssec-importkey.c dnssectool.c
MANPAGES = dnssec-dsfromkey.8 dnssec-keyfromlabel.8 dnssec-keygen.8 \
dnssec-revoke.8 dnssec-settime.8 dnssec-signzone.8 \
diff --git a/bin/dnssec/dnssec-dsfromkey.8 b/bin/dnssec/dnssec-dsfromkey.8
index 229433d5fa5a..5f6312177c40 100644
--- a/bin/dnssec/dnssec-dsfromkey.8
+++ b/bin/dnssec/dnssec-dsfromkey.8
@@ -12,163 +12,179 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id$
-.\"
.hy 0
.ad l
-.\" Title: dnssec\-dsfromkey
+'\" t
+.\" Title: dnssec-dsfromkey
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: May 17, 2012
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 2012-05-17
.\" Manual: BIND9
-.\" Source: BIND9
+.\" Source: ISC
+.\" Language: English
.\"
-.TH "DNSSEC\-DSFROMKEY" "8" "May 17, 2012" "BIND9" "BIND9"
+.TH "DNSSEC\-DSFROMKEY" "8" "2012\-05\-17" "ISC" "BIND9"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
.SH "NAME"
-dnssec\-dsfromkey \- DNSSEC DS RR generation tool
+dnssec-dsfromkey \- DNSSEC DS RR generation tool
.SH "SYNOPSIS"
-.HP 17
+.HP \w'\fBdnssec\-dsfromkey\fR\ 'u
\fBdnssec\-dsfromkey\fR [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-1\fR] [\fB\-2\fR] [\fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-C\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-T\ \fR\fB\fITTL\fR\fR] {keyfile}
-.HP 17
+.HP \w'\fBdnssec\-dsfromkey\fR\ 'u
\fBdnssec\-dsfromkey\fR {\-s} [\fB\-1\fR] [\fB\-2\fR] [\fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-s\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-T\ \fR\fB\fITTL\fR\fR] [\fB\-f\ \fR\fB\fIfile\fR\fR] [\fB\-A\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] {dnsname}
-.HP 17
+.HP \w'\fBdnssec\-dsfromkey\fR\ 'u
\fBdnssec\-dsfromkey\fR [\fB\-h\fR] [\fB\-V\fR]
.SH "DESCRIPTION"
.PP
\fBdnssec\-dsfromkey\fR
-outputs the Delegation Signer (DS) resource record (RR), as defined in RFC 3658 and RFC 4509, for the given key(s).
+outputs the Delegation Signer (DS) resource record (RR), as defined in RFC 3658 and RFC 4509, for the given key(s)\&.
.SH "OPTIONS"
.PP
\-1
.RS 4
-Use SHA\-1 as the digest algorithm (the default is to use both SHA\-1 and SHA\-256).
+Use SHA\-1 as the digest algorithm (the default is to use both SHA\-1 and SHA\-256)\&.
.RE
.PP
\-2
.RS 4
-Use SHA\-256 as the digest algorithm.
+Use SHA\-256 as the digest algorithm\&.
.RE
.PP
\-a \fIalgorithm\fR
.RS 4
-Select the digest algorithm. The value of
+Select the digest algorithm\&. The value of
\fBalgorithm\fR
-must be one of SHA\-1 (SHA1), SHA\-256 (SHA256), GOST or SHA\-384 (SHA384). These values are case insensitive.
+must be one of SHA\-1 (SHA1), SHA\-256 (SHA256), GOST or SHA\-384 (SHA384)\&. These values are case insensitive\&.
.RE
.PP
\-C
.RS 4
-Generate CDS records rather than DS records. This is mutually exclusive with generating lookaside records.
+Generate CDS records rather than DS records\&. This is mutually exclusive with generating lookaside records\&.
.RE
.PP
\-T \fITTL\fR
.RS 4
-Specifies the TTL of the DS records.
+Specifies the TTL of the DS records\&.
.RE
.PP
\-K \fIdirectory\fR
.RS 4
Look for key files (or, in keyset mode,
-\fIkeyset\-\fR
+keyset\-
files) in
-\fBdirectory\fR.
+\fBdirectory\fR\&.
.RE
.PP
\-f \fIfile\fR
.RS 4
Zone file mode: in place of the keyfile name, the argument is the DNS domain name of a zone master file, which can be read from
-\fBfile\fR. If the zone name is the same as
-\fBfile\fR, then it may be omitted.
+\fBfile\fR\&. If the zone name is the same as
+\fBfile\fR, then it may be omitted\&.
.sp
If
\fBfile\fR
is set to
-"\-", then the zone data is read from the standard input. This makes it possible to use the output of the
+"\-", then the zone data is read from the standard input\&. This makes it possible to use the output of the
\fBdig\fR
command as input, as in:
.sp
-\fBdig dnskey example.com | dnssec\-dsfromkey \-f \- example.com\fR
+\fBdig dnskey example\&.com | dnssec\-dsfromkey \-f \- example\&.com\fR
.RE
.PP
\-A
.RS 4
-Include ZSK's when generating DS records. Without this option, only keys which have the KSK flag set will be converted to DS records and printed. Useful only in zone file mode.
+Include ZSK\*(Aqs when generating DS records\&. Without this option, only keys which have the KSK flag set will be converted to DS records and printed\&. Useful only in zone file mode\&.
.RE
.PP
\-l \fIdomain\fR
.RS 4
-Generate a DLV set instead of a DS set. The specified
+Generate a DLV set instead of a DS set\&. The specified
\fBdomain\fR
-is appended to the name for each record in the set. The DNSSEC Lookaside Validation (DLV) RR is described in RFC 4431. This is mutually exclusive with generating CDS records.
+is appended to the name for each record in the set\&. The DNSSEC Lookaside Validation (DLV) RR is described in RFC 4431\&. This is mutually exclusive with generating CDS records\&.
.RE
.PP
\-s
.RS 4
-Keyset mode: in place of the keyfile name, the argument is the DNS domain name of a keyset file.
+Keyset mode: in place of the keyfile name, the argument is the DNS domain name of a keyset file\&.
.RE
.PP
\-c \fIclass\fR
.RS 4
-Specifies the DNS class (default is IN). Useful only in keyset or zone file mode.
+Specifies the DNS class (default is IN)\&. Useful only in keyset or zone file mode\&.
.RE
.PP
\-v \fIlevel\fR
.RS 4
-Sets the debugging level.
+Sets the debugging level\&.
.RE
.PP
\-h
.RS 4
-Prints usage information.
+Prints usage information\&.
.RE
.PP
\-V
.RS 4
-Prints version information.
+Prints version information\&.
.RE
.SH "EXAMPLE"
.PP
To build the SHA\-256 DS RR from the
-\fBKexample.com.+003+26160\fR
+\fBKexample\&.com\&.+003+26160\fR
keyfile name, the following command would be issued:
.PP
-\fBdnssec\-dsfromkey \-2 Kexample.com.+003+26160\fR
+\fBdnssec\-dsfromkey \-2 Kexample\&.com\&.+003+26160\fR
.PP
The command would print something like:
.PP
-\fBexample.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94\fR
+\fBexample\&.com\&. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94\fR
.SH "FILES"
.PP
The keyfile can be designed by the key identification
-\fIKnnnn.+aaa+iiiii\fR
+Knnnn\&.+aaa+iiiii
or the full file name
-\fIKnnnn.+aaa+iiiii.key\fR
+Knnnn\&.+aaa+iiiii\&.key
as generated by
-dnssec\-keygen(8).
+dnssec\-keygen(8)\&.
.PP
The keyset file name is built from the
\fBdirectory\fR, the string
-\fIkeyset\-\fR
+keyset\-
and the
-\fBdnsname\fR.
+\fBdnsname\fR\&.
.SH "CAVEAT"
.PP
-A keyfile error can give a "file not found" even if the file exists.
+A keyfile error can give a "file not found" even if the file exists\&.
.SH "SEE ALSO"
.PP
-\fBdnssec\-keygen\fR(8),
-\fBdnssec\-signzone\fR(8),
+\fBdnssec-keygen\fR(8),
+\fBdnssec-signzone\fR(8),
BIND 9 Administrator Reference Manual,
RFC 3658,
-RFC 4431.
-RFC 4509.
+RFC 4431\&.
+RFC 4509\&.
.SH "AUTHOR"
.PP
-Internet Systems Consortium
+\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
-Copyright \(co 2008\-2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2008-2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.br
diff --git a/bin/dnssec/dnssec-dsfromkey.docbook b/bin/dnssec/dnssec-dsfromkey.docbook
index 1127fa04e8b0..6cf7ac3ea85e 100644
--- a/bin/dnssec/dnssec-dsfromkey.docbook
+++ b/bin/dnssec/dnssec-dsfromkey.docbook
@@ -1,6 +1,3 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2008-2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
-
@@ -17,9 +14,14 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<refentry id="man.dnssec-dsfromkey">
+<!-- Converted by db4-upgrade version 1.0 -->
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.dnssec-dsfromkey">
+ <info>
+ <date>2012-05-17</date>
+ </info>
<refentryinfo>
- <date>May 17, 2012</date>
+ <corpname>ISC</corpname>
+ <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
</refentryinfo>
<refmeta>
@@ -47,50 +49,50 @@
</docinfo>
<refsynopsisdiv>
- <cmdsynopsis>
+ <cmdsynopsis sepchar=" ">
<command>dnssec-dsfromkey</command>
- <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
- <arg><option>-1</option></arg>
- <arg><option>-2</option></arg>
- <arg><option>-a <replaceable class="parameter">alg</replaceable></option></arg>
- <arg><option>-C</option></arg>
- <arg><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
- <arg><option>-T <replaceable class="parameter">TTL</replaceable></option></arg>
- <arg choice="req">keyfile</arg>
+ <arg choice="opt" rep="norepeat"><option>-v <replaceable class="parameter">level</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-1</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-2</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-a <replaceable class="parameter">alg</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-C</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-T <replaceable class="parameter">TTL</replaceable></option></arg>
+ <arg choice="req" rep="norepeat">keyfile</arg>
</cmdsynopsis>
- <cmdsynopsis>
+ <cmdsynopsis sepchar=" ">
<command>dnssec-dsfromkey</command>
- <arg choice="req">-s</arg>
- <arg><option>-1</option></arg>
- <arg><option>-2</option></arg>
- <arg><option>-a <replaceable class="parameter">alg</replaceable></option></arg>
- <arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
- <arg><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
- <arg><option>-s</option></arg>
- <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
- <arg><option>-T <replaceable class="parameter">TTL</replaceable></option></arg>
- <arg><option>-f <replaceable class="parameter">file</replaceable></option></arg>
- <arg><option>-A</option></arg>
- <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
- <arg choice="req">dnsname</arg>
+ <arg choice="req" rep="norepeat">-s</arg>
+ <arg choice="opt" rep="norepeat"><option>-1</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-2</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-a <replaceable class="parameter">alg</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-s</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">class</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-T <replaceable class="parameter">TTL</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-f <replaceable class="parameter">file</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-A</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-v <replaceable class="parameter">level</replaceable></option></arg>
+ <arg choice="req" rep="norepeat">dnsname</arg>
</cmdsynopsis>
- <cmdsynopsis>
+ <cmdsynopsis sepchar=" ">
<command>dnssec-dsfromkey</command>
- <arg><option>-h</option></arg>
- <arg><option>-V</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-h</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-V</option></arg>
</cmdsynopsis>
</refsynopsisdiv>
- <refsect1>
- <title>DESCRIPTION</title>
+ <refsection><info><title>DESCRIPTION</title></info>
+
<para><command>dnssec-dsfromkey</command>
outputs the Delegation Signer (DS) resource record (RR), as defined in
RFC 3658 and RFC 4509, for the given key(s).
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>OPTIONS</title></info>
- <refsect1>
- <title>OPTIONS</title>
<variablelist>
<varlistentry>
@@ -181,7 +183,7 @@
<para>
Include ZSK's when generating DS records. Without this option,
only keys which have the KSK flag set will be converted to DS
- records and printed. Useful only in zone file mode.
+ records and printed. Useful only in zone file mode.
</para>
</listitem>
</varlistentry>
@@ -247,10 +249,10 @@
</listitem>
</varlistentry>
</variablelist>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>EXAMPLE</title></info>
- <refsect1>
- <title>EXAMPLE</title>
<para>
To build the SHA-256 DS RR from the
<userinput>Kexample.com.+003+26160</userinput>
@@ -263,10 +265,10 @@
</para>
<para><userinput>example.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94</userinput>
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>FILES</title></info>
- <refsect1>
- <title>FILES</title>
<para>
The keyfile can be designed by the key identification
<filename>Knnnn.+aaa+iiiii</filename> or the full file name
@@ -278,17 +280,17 @@
the string <filename>keyset-</filename> and the
<option>dnsname</option>.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>CAVEAT</title></info>
- <refsect1>
- <title>CAVEAT</title>
<para>
A keyfile error can give a "file not found" even if the file exists.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>SEE ALSO</title></info>
- <refsect1>
- <title>SEE ALSO</title>
<para><citerefentry>
<refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
@@ -300,16 +302,6 @@
<citetitle>RFC 4431</citetitle>.
<citetitle>RFC 4509</citetitle>.
</para>
- </refsect1>
-
- <refsect1>
- <title>AUTHOR</title>
- <para><corpauthor>Internet Systems Consortium</corpauthor>
- </para>
- </refsect1>
+ </refsection>
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->
+</refentry>
diff --git a/bin/dnssec/dnssec-dsfromkey.html b/bin/dnssec/dnssec-dsfromkey.html
index 13e9cc5342a3..d470db327254 100644
--- a/bin/dnssec/dnssec-dsfromkey.html
+++ b/bin/dnssec/dnssec-dsfromkey.html
@@ -13,14 +13,13 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>dnssec-dsfromkey</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
<a name="man.dnssec-dsfromkey"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -32,16 +31,16 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> {-s} [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-s</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-T <em class="replaceable"><code>TTL</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-A</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {dnsname}</p></div>
<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> [<code class="option">-h</code>] [<code class="option">-V</code>]</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543522"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">dnssec-dsfromkey</strong></span>
+<div class="refsection">
+<a name="id-1.7"></a><h2>DESCRIPTION</h2>
+<p><span class="command"><strong>dnssec-dsfromkey</strong></span>
outputs the Delegation Signer (DS) resource record (RR), as defined in
RFC 3658 and RFC 4509, for the given key(s).
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543533"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
+<div class="refsection">
+<a name="id-1.8"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-1</span></dt>
<dd><p>
Use SHA-1 as the digest algorithm (the default is to use
@@ -84,7 +83,7 @@
<p>
If <code class="option">file</code> is set to <code class="literal">"-"</code>, then
the zone data is read from the standard input. This makes it
- possible to use the output of the <span><strong class="command">dig</strong></span>
+ possible to use the output of the <span class="command"><strong>dig</strong></span>
command as input, as in:
</p>
<p>
@@ -95,7 +94,7 @@
<dd><p>
Include ZSK's when generating DS records. Without this option,
only keys which have the KSK flag set will be converted to DS
- records and printed. Useful only in zone file mode.
+ records and printed. Useful only in zone file mode.
</p></dd>
<dt><span class="term">-l <em class="replaceable"><code>domain</code></em></span></dt>
<dd><p>
@@ -130,8 +129,8 @@
</p></dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543800"></a><h2>EXAMPLE</h2>
+<div class="refsection">
+<a name="id-1.9"></a><h2>EXAMPLE</h2>
<p>
To build the SHA-256 DS RR from the
<strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
@@ -145,8 +144,8 @@
<p><strong class="userinput"><code>example.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94</code></strong>
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543830"></a><h2>FILES</h2>
+<div class="refsection">
+<a name="id-1.10"></a><h2>FILES</h2>
<p>
The keyfile can be designed by the key identification
<code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
@@ -159,14 +158,14 @@
<code class="option">dnsname</code>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543865"></a><h2>CAVEAT</h2>
+<div class="refsection">
+<a name="id-1.11"></a><h2>CAVEAT</h2>
<p>
A keyfile error can give a "file not found" even if the file exists.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543875"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.12"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@@ -175,10 +174,5 @@
<em class="citetitle">RFC 4509</em>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543914"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
- </p>
-</div>
</div></body>
</html>
diff --git a/bin/dnssec/dnssec-importkey.8 b/bin/dnssec/dnssec-importkey.8
index 225077da0878..de57caa3d3fb 100644
--- a/bin/dnssec/dnssec-importkey.8
+++ b/bin/dnssec/dnssec-importkey.8
@@ -1,120 +1,136 @@
-.\" Copyright (C) 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
-.\"
+.\" Copyright (C) 2013-2015 Internet Systems Consortium, Inc. ("ISC")
+.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
-.\"
+.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id$
-.\"
.hy 0
.ad l
-.\" Title: dnssec\-importkey
+'\" t
+.\" Title: dnssec-importkey
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: February 07, 2014
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 2014-02-07
.\" Manual: BIND9
-.\" Source: BIND9
+.\" Source: ISC
+.\" Language: English
.\"
-.TH "DNSSEC\-IMPORTKEY" "8" "February 07, 2014" "BIND9" "BIND9"
+.TH "DNSSEC\-IMPORTKEY" "8" "2014\-02\-07" "ISC" "BIND9"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
.SH "NAME"
-dnssec\-importkey \- Import DNSKEY records from external systems so they can be managed.
+dnssec-importkey \- Import DNSKEY records from external systems so they can be managed\&.
.SH "SYNOPSIS"
-.HP 17
+.HP \w'\fBdnssec\-importkey\fR\ 'u
\fBdnssec\-importkey\fR [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-h\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] {\fBkeyfile\fR}
-.HP 17
+.HP \w'\fBdnssec\-importkey\fR\ 'u
\fBdnssec\-importkey\fR {\fB\-f\ \fR\fB\fIfilename\fR\fR} [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-h\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] [\fBdnsname\fR]
.SH "DESCRIPTION"
.PP
\fBdnssec\-importkey\fR
-reads a public DNSKEY record and generates a pair of .key/.private files. The DNSKEY record may be read from an existing .key file, in which case a corresponding .private file will be generated, or it may be read from any other file or from the standard input, in which case both .key and .private files will be generated.
+reads a public DNSKEY record and generates a pair of \&.key/\&.private files\&. The DNSKEY record may be read from an existing \&.key file, in which case a corresponding \&.private file will be generated, or it may be read from any other file or from the standard input, in which case both \&.key and \&.private files will be generated\&.
.PP
-The newly\-created .private file does
+The newly\-created \&.private file does
\fInot\fR
-contain private key data, and cannot be used for signing. However, having a .private file makes it possible to set publication (\fB\-P\fR) and deletion (\fB\-D\fR) times for the key, which means the public key can be added to and removed from the DNSKEY RRset on schedule even if the true private key is stored offline.
+contain private key data, and cannot be used for signing\&. However, having a \&.private file makes it possible to set publication (\fB\-P\fR) and deletion (\fB\-D\fR) times for the key, which means the public key can be added to and removed from the DNSKEY RRset on schedule even if the true private key is stored offline\&.
.SH "OPTIONS"
.PP
\-f \fIfilename\fR
.RS 4
Zone file mode: instead of a public keyfile name, the argument is the DNS domain name of a zone master file, which can be read from
-\fBfile\fR. If the domain name is the same as
-\fBfile\fR, then it may be omitted.
+\fBfile\fR\&. If the domain name is the same as
+\fBfile\fR, then it may be omitted\&.
.sp
If
\fBfile\fR
is set to
-"\-", then the zone data is read from the standard input.
+"\-", then the zone data is read from the standard input\&.
.RE
.PP
\-K \fIdirectory\fR
.RS 4
-Sets the directory in which the key files are to reside.
+Sets the directory in which the key files are to reside\&.
.RE
.PP
\-L \fIttl\fR
.RS 4
-Sets the default TTL to use for this key when it is converted into a DNSKEY RR. If the key is imported into a zone, this is the TTL that will be used for it, unless there was already a DNSKEY RRset in place, in which case the existing TTL would take precedence. Setting the default TTL to
+Sets the default TTL to use for this key when it is converted into a DNSKEY RR\&. If the key is imported into a zone, this is the TTL that will be used for it, unless there was already a DNSKEY RRset in place, in which case the existing TTL would take precedence\&. Setting the default TTL to
0
or
none
-removes it.
+removes it\&.
.RE
.PP
\-h
.RS 4
-Emit usage message and exit.
+Emit usage message and exit\&.
.RE
.PP
\-v \fIlevel\fR
.RS 4
-Sets the debugging level.
+Sets the debugging level\&.
.RE
.PP
\-V
.RS 4
-Prints version information.
+Prints version information\&.
.RE
.SH "TIMING OPTIONS"
.PP
-Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '\-', it is interpreted as an offset from the present time. For convenience, if such an offset is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the offset is computed in years (defined as 365 24\-hour days, ignoring leap years), months (defined as 30 24\-hour days), weeks, days, hours, or minutes, respectively. Without a suffix, the offset is computed in seconds. To explicitly prevent a date from being set, use 'none' or 'never'.
+Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS\&. If the argument begins with a \*(Aq+\*(Aq or \*(Aq\-\*(Aq, it is interpreted as an offset from the present time\&. For convenience, if such an offset is followed by one of the suffixes \*(Aqy\*(Aq, \*(Aqmo\*(Aq, \*(Aqw\*(Aq, \*(Aqd\*(Aq, \*(Aqh\*(Aq, or \*(Aqmi\*(Aq, then the offset is computed in years (defined as 365 24\-hour days, ignoring leap years), months (defined as 30 24\-hour days), weeks, days, hours, or minutes, respectively\&. Without a suffix, the offset is computed in seconds\&. To explicitly prevent a date from being set, use \*(Aqnone\*(Aq or \*(Aqnever\*(Aq\&.
.PP
\-P \fIdate/offset\fR
.RS 4
-Sets the date on which a key is to be published to the zone. After that date, the key will be included in the zone but will not be used to sign it.
+Sets the date on which a key is to be published to the zone\&. After that date, the key will be included in the zone but will not be used to sign it\&.
.RE
.PP
\-D \fIdate/offset\fR
.RS 4
-Sets the date on which the key is to be deleted. After that date, the key will no longer be included in the zone. (It may remain in the key repository, however.)
+Sets the date on which the key is to be deleted\&. After that date, the key will no longer be included in the zone\&. (It may remain in the key repository, however\&.)
.RE
.SH "FILES"
.PP
A keyfile can be designed by the key identification
-\fIKnnnn.+aaa+iiiii\fR
+Knnnn\&.+aaa+iiiii
or the full file name
-\fIKnnnn.+aaa+iiiii.key\fR
+Knnnn\&.+aaa+iiiii\&.key
as generated by
-dnssec\-keygen(8).
+dnssec\-keygen(8)\&.
.SH "SEE ALSO"
.PP
-\fBdnssec\-keygen\fR(8),
-\fBdnssec\-signzone\fR(8),
+\fBdnssec-keygen\fR(8),
+\fBdnssec-signzone\fR(8),
BIND 9 Administrator Reference Manual,
-RFC 5011.
+RFC 5011\&.
.SH "AUTHOR"
.PP
-Internet Systems Consortium
+\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
-Copyright \(co 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2013-2015 Internet Systems Consortium, Inc. ("ISC")
.br
diff --git a/bin/dnssec/dnssec-importkey.docbook b/bin/dnssec/dnssec-importkey.docbook
index 5893abd270a3..0fc469175483 100644
--- a/bin/dnssec/dnssec-importkey.docbook
+++ b/bin/dnssec/dnssec-importkey.docbook
@@ -1,8 +1,5 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2013-2015 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -17,9 +14,14 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<refentry id="man.dnssec-importkey">
+<!-- Converted by db4-upgrade version 1.0 -->
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.dnssec-importkey">
+ <info>
+ <date>2014-02-07</date>
+ </info>
<refentryinfo>
- <date>February 07, 2014</date>
+ <corpname>ISC</corpname>
+ <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
</refentryinfo>
<refmeta>
@@ -37,38 +39,39 @@
<copyright>
<year>2013</year>
<year>2014</year>
+ <year>2015</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
<refsynopsisdiv>
- <cmdsynopsis>
+ <cmdsynopsis sepchar=" ">
<command>dnssec-importkey</command>
- <arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
- <arg><option>-L <replaceable class="parameter">ttl</replaceable></option></arg>
- <arg><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg>
- <arg><option>-D <replaceable class="parameter">date/offset</replaceable></option></arg>
- <arg><option>-h</option></arg>
- <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
- <arg><option>-V</option></arg>
- <arg choice="req"><option>keyfile</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-L <replaceable class="parameter">ttl</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-D <replaceable class="parameter">date/offset</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-h</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-v <replaceable class="parameter">level</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-V</option></arg>
+ <arg choice="req" rep="norepeat"><option>keyfile</option></arg>
</cmdsynopsis>
- <cmdsynopsis>
+ <cmdsynopsis sepchar=" ">
<command>dnssec-importkey</command>
- <arg choice="req"><option>-f <replaceable class="parameter">filename</replaceable></option></arg>
- <arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
- <arg><option>-L <replaceable class="parameter">ttl</replaceable></option></arg>
- <arg><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg>
- <arg><option>-D <replaceable class="parameter">date/offset</replaceable></option></arg>
- <arg><option>-h</option></arg>
- <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
- <arg><option>-V</option></arg>
- <arg><option>dnsname</option></arg>
+ <arg choice="req" rep="norepeat"><option>-f <replaceable class="parameter">filename</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-L <replaceable class="parameter">ttl</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-D <replaceable class="parameter">date/offset</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-h</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-v <replaceable class="parameter">level</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-V</option></arg>
+ <arg choice="opt" rep="norepeat"><option>dnsname</option></arg>
</cmdsynopsis>
</refsynopsisdiv>
- <refsect1>
- <title>DESCRIPTION</title>
+ <refsection><info><title>DESCRIPTION</title></info>
+
<para><command>dnssec-importkey</command>
reads a public DNSKEY record and generates a pair of
.key/.private files. The DNSKEY record may be read from an
@@ -86,10 +89,10 @@
public key can be added to and removed from the DNSKEY RRset
on schedule even if the true private key is stored offline.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>OPTIONS</title></info>
- <refsect1>
- <title>OPTIONS</title>
<variablelist>
<varlistentry>
@@ -107,7 +110,7 @@
</para>
</listitem>
</varlistentry>
-
+
<varlistentry>
<term>-K <replaceable class="parameter">directory</replaceable></term>
<listitem>
@@ -139,7 +142,7 @@
</para>
</listitem>
</varlistentry>
-
+
<varlistentry>
<term>-v <replaceable class="parameter">level</replaceable></term>
<listitem>
@@ -159,10 +162,10 @@
</varlistentry>
</variablelist>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>TIMING OPTIONS</title></info>
- <refsect1>
- <title>TIMING OPTIONS</title>
<para>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@@ -199,20 +202,20 @@
</varlistentry>
</variablelist>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>FILES</title></info>
- <refsect1>
- <title>FILES</title>
<para>
A keyfile can be designed by the key identification
<filename>Knnnn.+aaa+iiiii</filename> or the full file name
<filename>Knnnn.+aaa+iiiii.key</filename> as generated by
<refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>SEE ALSO</title></info>
- <refsect1>
- <title>SEE ALSO</title>
<para><citerefentry>
<refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
@@ -222,16 +225,6 @@
<citetitle>BIND 9 Administrator Reference Manual</citetitle>,
<citetitle>RFC 5011</citetitle>.
</para>
- </refsect1>
+ </refsection>
- <refsect1>
- <title>AUTHOR</title>
- <para><corpauthor>Internet Systems Consortium</corpauthor>
- </para>
- </refsect1>
-
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->
+</refentry>
diff --git a/bin/dnssec/dnssec-importkey.html b/bin/dnssec/dnssec-importkey.html
index 90f13f295b65..c0347d147b8d 100644
--- a/bin/dnssec/dnssec-importkey.html
+++ b/bin/dnssec/dnssec-importkey.html
@@ -1,27 +1,25 @@
<!--
- - Copyright (C) 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
- -
+ - Copyright (C) 2013-2015 Internet Systems Consortium, Inc. ("ISC")
+ -
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
- -
+ -
- THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>dnssec-importkey</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
<a name="man.dnssec-importkey"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -32,9 +30,9 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-importkey</code> [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] {<code class="option">keyfile</code>}</p></div>
<div class="cmdsynopsis"><p><code class="command">dnssec-importkey</code> {<code class="option">-f <em class="replaceable"><code>filename</code></em></code>} [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">dnsname</code>]</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543475"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">dnssec-importkey</strong></span>
+<div class="refsection">
+<a name="id-1.7"></a><h2>DESCRIPTION</h2>
+<p><span class="command"><strong>dnssec-importkey</strong></span>
reads a public DNSKEY record and generates a pair of
.key/.private files. The DNSKEY record may be read from an
existing .key file, in which case a corresponding .private file
@@ -52,9 +50,9 @@
on schedule even if the true private key is stored offline.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543500"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
+<div class="refsection">
+<a name="id-1.8"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-f <em class="replaceable"><code>filename</code></em></span></dt>
<dd>
<p>
@@ -95,8 +93,8 @@
</p></dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543632"></a><h2>TIMING OPTIONS</h2>
+<div class="refsection">
+<a name="id-1.9"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@@ -108,7 +106,7 @@
is computed in seconds. To explicitly prevent a date from being
set, use 'none' or 'never'.
</p>
-<div class="variablelist"><dl>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>
<dd><p>
Sets the date on which a key is to be published to the zone.
@@ -123,8 +121,8 @@
</p></dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543678"></a><h2>FILES</h2>
+<div class="refsection">
+<a name="id-1.10"></a><h2>FILES</h2>
<p>
A keyfile can be designed by the key identification
<code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
@@ -132,18 +130,13 @@
<span class="refentrytitle">dnssec-keygen</span>(8).
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543700"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.11"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 5011</em>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543733"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
- </p>
-</div>
</div></body>
</html>
diff --git a/bin/dnssec/dnssec-keyfromlabel.8 b/bin/dnssec/dnssec-keyfromlabel.8
index 24da7c4d9df7..9e108fcfc03f 100644
--- a/bin/dnssec/dnssec-keyfromlabel.8
+++ b/bin/dnssec/dnssec-keyfromlabel.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2008-2012, 2014 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2008-2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -12,237 +12,277 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id$
-.\"
.hy 0
.ad l
-.\" Title: dnssec\-keyfromlabel
+'\" t
+.\" Title: dnssec-keyfromlabel
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: February 27, 2014
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 2014-02-27
.\" Manual: BIND9
-.\" Source: BIND9
+.\" Source: ISC
+.\" Language: English
.\"
-.TH "DNSSEC\-KEYFROMLABEL" "8" "February 27, 2014" "BIND9" "BIND9"
+.TH "DNSSEC\-KEYFROMLABEL" "8" "2014\-02\-27" "ISC" "BIND9"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
.SH "NAME"
-dnssec\-keyfromlabel \- DNSSEC key generation tool
+dnssec-keyfromlabel \- DNSSEC key generation tool
.SH "SYNOPSIS"
-.HP 20
+.HP \w'\fBdnssec\-keyfromlabel\fR\ 'u
\fBdnssec\-keyfromlabel\fR {\-l\ \fIlabel\fR} [\fB\-3\fR] [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-k\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-S\ \fR\fB\fIkey\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] [\fB\-y\fR] {name}
.SH "DESCRIPTION"
.PP
\fBdnssec\-keyfromlabel\fR
-generates a key pair of files that referencing a key object stored in a cryptographic hardware service module (HSM). The private key file can be used for DNSSEC signing of zone data as if it were a conventional signing key created by
-\fBdnssec\-keygen\fR, but the key material is stored within the HSM, and the actual signing takes place there.
+generates a key pair of files that referencing a key object stored in a cryptographic hardware service module (HSM)\&. The private key file can be used for DNSSEC signing of zone data as if it were a conventional signing key created by
+\fBdnssec\-keygen\fR, but the key material is stored within the HSM, and the actual signing takes place there\&.
.PP
The
\fBname\fR
-of the key is specified on the command line. This must match the name of the zone for which the key is being generated.
+of the key is specified on the command line\&. This must match the name of the zone for which the key is being generated\&.
.SH "OPTIONS"
.PP
\-a \fIalgorithm\fR
.RS 4
-Selects the cryptographic algorithm. The value of
+Selects the cryptographic algorithm\&. The value of
\fBalgorithm\fR
-must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST, ECDSAP256SHA256 or ECDSAP384SHA384. These values are case insensitive.
+must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST, ECDSAP256SHA256 or ECDSAP384SHA384\&. These values are case insensitive\&.
.sp
If no algorithm is specified, then RSASHA1 will be used by default, unless the
\fB\-3\fR
-option is specified, in which case NSEC3RSASHA1 will be used instead. (If
+option is specified, in which case NSEC3RSASHA1 will be used instead\&. (If
\fB\-3\fR
-is used and an algorithm is specified, that algorithm will be checked for compatibility with NSEC3.)
+is used and an algorithm is specified, that algorithm will be checked for compatibility with NSEC3\&.)
.sp
-Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm, and DSA is recommended.
+Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm, and DSA is recommended\&.
.sp
-Note 2: DH automatically sets the \-k flag.
+Note 2: DH automatically sets the \-k flag\&.
.RE
.PP
\-3
.RS 4
-Use an NSEC3\-capable algorithm to generate a DNSSEC key. If this option is used and no algorithm is explicitly set on the command line, NSEC3RSASHA1 will be used by default.
+Use an NSEC3\-capable algorithm to generate a DNSSEC key\&. If this option is used and no algorithm is explicitly set on the command line, NSEC3RSASHA1 will be used by default\&.
.RE
.PP
\-E \fIengine\fR
.RS 4
-Specifies the name of the crypto hardware (OpenSSL engine). When compiled with PKCS#11 support it defaults to "pkcs11".
+Specifies the name of the crypto hardware (OpenSSL engine)\&. When compiled with PKCS#11 support it defaults to "pkcs11"\&.
.RE
.PP
\-l \fIlabel\fR
.RS 4
-Specifies the label of the key pair in the crypto hardware. The label may be preceded by an optional OpenSSL engine name, separated by a colon, as in "pkcs11:keylabel".
+Specifies the label of the key pair in the crypto hardware\&. The label may be preceded by an optional OpenSSL engine name, separated by a colon, as in "pkcs11:keylabel"\&.
.RE
.PP
\-n \fInametype\fR
.RS 4
-Specifies the owner type of the key. The value of
+Specifies the owner type of the key\&. The value of
\fBnametype\fR
-must either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)), USER (for a key associated with a user(KEY)) or OTHER (DNSKEY). These values are case insensitive.
+must either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)), USER (for a key associated with a user(KEY)) or OTHER (DNSKEY)\&. These values are case insensitive\&.
.RE
.PP
\-C
.RS 4
-Compatibility mode: generates an old\-style key, without any metadata. By default,
+Compatibility mode: generates an old\-style key, without any metadata\&. By default,
\fBdnssec\-keyfromlabel\fR
-will include the key's creation date in the metadata stored with the private key, and other dates may be set there as well (publication date, activation date, etc). Keys that include this data may be incompatible with older versions of BIND; the
+will include the key\*(Aqs creation date in the metadata stored with the private key, and other dates may be set there as well (publication date, activation date, etc)\&. Keys that include this data may be incompatible with older versions of BIND; the
\fB\-C\fR
-option suppresses them.
+option suppresses them\&.
.RE
.PP
\-c \fIclass\fR
.RS 4
-Indicates that the DNS record containing the key should have the specified class. If not specified, class IN is used.
+Indicates that the DNS record containing the key should have the specified class\&. If not specified, class IN is used\&.
.RE
.PP
\-f \fIflag\fR
.RS 4
-Set the specified flag in the flag field of the KEY/DNSKEY record. The only recognized flags are KSK (Key Signing Key) and REVOKE.
+Set the specified flag in the flag field of the KEY/DNSKEY record\&. The only recognized flags are KSK (Key Signing Key) and REVOKE\&.
.RE
.PP
\-G
.RS 4
-Generate a key, but do not publish it or sign with it. This option is incompatible with \-P and \-A.
+Generate a key, but do not publish it or sign with it\&. This option is incompatible with \-P and \-A\&.
.RE
.PP
\-h
.RS 4
Prints a short summary of the options and arguments to
-\fBdnssec\-keyfromlabel\fR.
+\fBdnssec\-keyfromlabel\fR\&.
.RE
.PP
\-K \fIdirectory\fR
.RS 4
-Sets the directory in which the key files are to be written.
+Sets the directory in which the key files are to be written\&.
.RE
.PP
\-k
.RS 4
-Generate KEY records rather than DNSKEY records.
+Generate KEY records rather than DNSKEY records\&.
.RE
.PP
\-L \fIttl\fR
.RS 4
-Sets the default TTL to use for this key when it is converted into a DNSKEY RR. If the key is imported into a zone, this is the TTL that will be used for it, unless there was already a DNSKEY RRset in place, in which case the existing TTL would take precedence. Setting the default TTL to
+Sets the default TTL to use for this key when it is converted into a DNSKEY RR\&. If the key is imported into a zone, this is the TTL that will be used for it, unless there was already a DNSKEY RRset in place, in which case the existing TTL would take precedence\&. Setting the default TTL to
0
or
none
-removes it.
+removes it\&.
.RE
.PP
\-p \fIprotocol\fR
.RS 4
-Sets the protocol value for the key. The protocol is a number between 0 and 255. The default is 3 (DNSSEC). Other possible values for this argument are listed in RFC 2535 and its successors.
+Sets the protocol value for the key\&. The protocol is a number between 0 and 255\&. The default is 3 (DNSSEC)\&. Other possible values for this argument are listed in RFC 2535 and its successors\&.
.RE
.PP
\-S \fIkey\fR
.RS 4
-Generate a key as an explicit successor to an existing key. The name, algorithm, size, and type of the key will be set to match the predecessor. The activation date of the new key will be set to the inactivation date of the existing one. The publication date will be set to the activation date minus the prepublication interval, which defaults to 30 days.
+Generate a key as an explicit successor to an existing key\&. The name, algorithm, size, and type of the key will be set to match the predecessor\&. The activation date of the new key will be set to the inactivation date of the existing one\&. The publication date will be set to the activation date minus the prepublication interval, which defaults to 30 days\&.
.RE
.PP
\-t \fItype\fR
.RS 4
-Indicates the use of the key.
+Indicates the use of the key\&.
\fBtype\fR
-must be one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default is AUTHCONF. AUTH refers to the ability to authenticate data, and CONF the ability to encrypt data.
+must be one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF\&. The default is AUTHCONF\&. AUTH refers to the ability to authenticate data, and CONF the ability to encrypt data\&.
.RE
.PP
\-v \fIlevel\fR
.RS 4
-Sets the debugging level.
+Sets the debugging level\&.
.RE
.PP
\-V
.RS 4
-Prints version information.
+Prints version information\&.
.RE
.PP
\-y
.RS 4
-Allows DNSSEC key files to be generated even if the key ID would collide with that of an existing key, in the event of either key being revoked. (This is only safe to use if you are sure you won't be using RFC 5011 trust anchor maintenance with either of the keys involved.)
+Allows DNSSEC key files to be generated even if the key ID would collide with that of an existing key, in the event of either key being revoked\&. (This is only safe to use if you are sure you won\*(Aqt be using RFC 5011 trust anchor maintenance with either of the keys involved\&.)
.RE
.SH "TIMING OPTIONS"
.PP
-Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '\-', it is interpreted as an offset from the present time. For convenience, if such an offset is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the offset is computed in years (defined as 365 24\-hour days, ignoring leap years), months (defined as 30 24\-hour days), weeks, days, hours, or minutes, respectively. Without a suffix, the offset is computed in seconds. To explicitly prevent a date from being set, use 'none' or 'never'.
+Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS\&. If the argument begins with a \*(Aq+\*(Aq or \*(Aq\-\*(Aq, it is interpreted as an offset from the present time\&. For convenience, if such an offset is followed by one of the suffixes \*(Aqy\*(Aq, \*(Aqmo\*(Aq, \*(Aqw\*(Aq, \*(Aqd\*(Aq, \*(Aqh\*(Aq, or \*(Aqmi\*(Aq, then the offset is computed in years (defined as 365 24\-hour days, ignoring leap years), months (defined as 30 24\-hour days), weeks, days, hours, or minutes, respectively\&. Without a suffix, the offset is computed in seconds\&. To explicitly prevent a date from being set, use \*(Aqnone\*(Aq or \*(Aqnever\*(Aq\&.
.PP
\-P \fIdate/offset\fR
.RS 4
-Sets the date on which a key is to be published to the zone. After that date, the key will be included in the zone but will not be used to sign it. If not set, and if the \-G option has not been used, the default is "now".
+Sets the date on which a key is to be published to the zone\&. After that date, the key will be included in the zone but will not be used to sign it\&. If not set, and if the \-G option has not been used, the default is "now"\&.
.RE
.PP
\-A \fIdate/offset\fR
.RS 4
-Sets the date on which the key is to be activated. After that date, the key will be included in the zone and used to sign it. If not set, and if the \-G option has not been used, the default is "now".
+Sets the date on which the key is to be activated\&. After that date, the key will be included in the zone and used to sign it\&. If not set, and if the \-G option has not been used, the default is "now"\&.
.RE
.PP
\-R \fIdate/offset\fR
.RS 4
-Sets the date on which the key is to be revoked. After that date, the key will be flagged as revoked. It will be included in the zone and will be used to sign it.
+Sets the date on which the key is to be revoked\&. After that date, the key will be flagged as revoked\&. It will be included in the zone and will be used to sign it\&.
.RE
.PP
\-I \fIdate/offset\fR
.RS 4
-Sets the date on which the key is to be retired. After that date, the key will still be included in the zone, but it will not be used to sign it.
+Sets the date on which the key is to be retired\&. After that date, the key will still be included in the zone, but it will not be used to sign it\&.
.RE
.PP
\-D \fIdate/offset\fR
.RS 4
-Sets the date on which the key is to be deleted. After that date, the key will no longer be included in the zone. (It may remain in the key repository, however.)
+Sets the date on which the key is to be deleted\&. After that date, the key will no longer be included in the zone\&. (It may remain in the key repository, however\&.)
.RE
.PP
\-i \fIinterval\fR
.RS 4
-Sets the prepublication interval for a key. If set, then the publication and activation dates must be separated by at least this much time. If the activation date is specified but the publication date isn't, then the publication date will default to this much time before the activation date; conversely, if the publication date is specified but activation date isn't, then activation will be set to this much time after publication.
+Sets the prepublication interval for a key\&. If set, then the publication and activation dates must be separated by at least this much time\&. If the activation date is specified but the publication date isn\*(Aqt, then the publication date will default to this much time before the activation date; conversely, if the publication date is specified but activation date isn\*(Aqt, then activation will be set to this much time after publication\&.
.sp
-If the key is being created as an explicit successor to another key, then the default prepublication interval is 30 days; otherwise it is zero.
+If the key is being created as an explicit successor to another key, then the default prepublication interval is 30 days; otherwise it is zero\&.
.sp
-As with date offsets, if the argument is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the interval is measured in years, months, weeks, days, hours, or minutes, respectively. Without a suffix, the interval is measured in seconds.
+As with date offsets, if the argument is followed by one of the suffixes \*(Aqy\*(Aq, \*(Aqmo\*(Aq, \*(Aqw\*(Aq, \*(Aqd\*(Aq, \*(Aqh\*(Aq, or \*(Aqmi\*(Aq, then the interval is measured in years, months, weeks, days, hours, or minutes, respectively\&. Without a suffix, the interval is measured in seconds\&.
.RE
.SH "GENERATED KEY FILES"
.PP
When
\fBdnssec\-keyfromlabel\fR
completes successfully, it prints a string of the form
-\fIKnnnn.+aaa+iiiii\fR
-to the standard output. This is an identification string for the key files it has generated.
-.TP 4
-\(bu
-\fInnnn\fR
-is the key name.
-.TP 4
-\(bu
-\fIaaa\fR
-is the numeric representation of the algorithm.
-.TP 4
-\(bu
-\fIiiiii\fR
-is the key identifier (or footprint).
+Knnnn\&.+aaa+iiiii
+to the standard output\&. This is an identification string for the key files it has generated\&.
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+nnnn
+is the key name\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+aaa
+is the numeric representation of the algorithm\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+iiiii
+is the key identifier (or footprint)\&.
+.RE
.PP
\fBdnssec\-keyfromlabel\fR
-creates two files, with names based on the printed string.
-\fIKnnnn.+aaa+iiiii.key\fR
+creates two files, with names based on the printed string\&.
+Knnnn\&.+aaa+iiiii\&.key
contains the public key, and
-\fIKnnnn.+aaa+iiiii.private\fR
-contains the private key.
+Knnnn\&.+aaa+iiiii\&.private
+contains the private key\&.
.PP
The
-\fI.key\fR
-file contains a DNS KEY record that can be inserted into a zone file (directly or with a $INCLUDE statement).
+\&.key
+file contains a DNS KEY record that can be inserted into a zone file (directly or with a $INCLUDE statement)\&.
.PP
The
-\fI.private\fR
-file contains algorithm\-specific fields. For obvious security reasons, this file does not have general read permission.
+\&.private
+file contains algorithm\-specific fields\&. For obvious security reasons, this file does not have general read permission\&.
.SH "SEE ALSO"
.PP
-\fBdnssec\-keygen\fR(8),
-\fBdnssec\-signzone\fR(8),
+\fBdnssec-keygen\fR(8),
+\fBdnssec-signzone\fR(8),
BIND 9 Administrator Reference Manual,
-RFC 4034.
+RFC 4034\&.
.SH "AUTHOR"
.PP
-Internet Systems Consortium
+\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
-Copyright \(co 2008\-2012, 2014 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2008-2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.br
diff --git a/bin/dnssec/dnssec-keyfromlabel.docbook b/bin/dnssec/dnssec-keyfromlabel.docbook
index a47c95589f64..6ee9f952e66c 100644
--- a/bin/dnssec/dnssec-keyfromlabel.docbook
+++ b/bin/dnssec/dnssec-keyfromlabel.docbook
@@ -1,8 +1,5 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2008-2012, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2008-2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -17,9 +14,14 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<refentry id="man.dnssec-keyfromlabel">
+<!-- Converted by db4-upgrade version 1.0 -->
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.dnssec-keyfromlabel">
+ <info>
+ <date>2014-02-27</date>
+ </info>
<refentryinfo>
- <date>February 27, 2014</date>
+ <corpname>ISC</corpname>
+ <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
</refentryinfo>
<refmeta>
@@ -41,42 +43,43 @@
<year>2011</year>
<year>2012</year>
<year>2014</year>
+ <year>2015</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
<refsynopsisdiv>
- <cmdsynopsis>
+ <cmdsynopsis sepchar=" ">
<command>dnssec-keyfromlabel</command>
- <arg choice="req">-l <replaceable class="parameter">label</replaceable></arg>
- <arg><option>-3</option></arg>
- <arg><option>-a <replaceable class="parameter">algorithm</replaceable></option></arg>
- <arg><option>-A <replaceable class="parameter">date/offset</replaceable></option></arg>
- <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
- <arg><option>-D <replaceable class="parameter">date/offset</replaceable></option></arg>
- <arg><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
- <arg><option>-f <replaceable class="parameter">flag</replaceable></option></arg>
- <arg><option>-G</option></arg>
- <arg><option>-I <replaceable class="parameter">date/offset</replaceable></option></arg>
- <arg><option>-i <replaceable class="parameter">interval</replaceable></option></arg>
- <arg><option>-k</option></arg>
- <arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
- <arg><option>-L <replaceable class="parameter">ttl</replaceable></option></arg>
- <arg><option>-n <replaceable class="parameter">nametype</replaceable></option></arg>
- <arg><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg>
- <arg><option>-p <replaceable class="parameter">protocol</replaceable></option></arg>
- <arg><option>-R <replaceable class="parameter">date/offset</replaceable></option></arg>
- <arg><option>-S <replaceable class="parameter">key</replaceable></option></arg>
- <arg><option>-t <replaceable class="parameter">type</replaceable></option></arg>
- <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
- <arg><option>-V</option></arg>
- <arg><option>-y</option></arg>
- <arg choice="req">name</arg>
+ <arg choice="req" rep="norepeat">-l <replaceable class="parameter">label</replaceable></arg>
+ <arg choice="opt" rep="norepeat"><option>-3</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-a <replaceable class="parameter">algorithm</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-A <replaceable class="parameter">date/offset</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">class</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-D <replaceable class="parameter">date/offset</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-f <replaceable class="parameter">flag</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-G</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-I <replaceable class="parameter">date/offset</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-i <replaceable class="parameter">interval</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-k</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-L <replaceable class="parameter">ttl</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-n <replaceable class="parameter">nametype</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-p <replaceable class="parameter">protocol</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-R <replaceable class="parameter">date/offset</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-S <replaceable class="parameter">key</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">type</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-v <replaceable class="parameter">level</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-V</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-y</option></arg>
+ <arg choice="req" rep="norepeat">name</arg>
</cmdsynopsis>
</refsynopsisdiv>
- <refsect1>
- <title>DESCRIPTION</title>
+ <refsection><info><title>DESCRIPTION</title></info>
+
<para><command>dnssec-keyfromlabel</command>
generates a key pair of files that referencing a key object stored
in a cryptographic hardware service module (HSM). The private key
@@ -90,10 +93,10 @@
line. This must match the name of the zone for which the key is
being generated.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>OPTIONS</title></info>
- <refsect1>
- <title>OPTIONS</title>
<variablelist>
<varlistentry>
@@ -328,10 +331,10 @@
</varlistentry>
</variablelist>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>TIMING OPTIONS</title></info>
- <refsect1>
- <title>TIMING OPTIONS</title>
<para>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
@@ -417,7 +420,7 @@
</para>
<para>
If the key is being created as an explicit successor to another
- key, then the default prepublication interval is 30 days;
+ key, then the default prepublication interval is 30 days;
otherwise it is zero.
</para>
<para>
@@ -431,10 +434,10 @@
</varlistentry>
</variablelist>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>GENERATED KEY FILES</title></info>
- <refsect1>
- <title>GENERATED KEY FILES</title>
<para>
When <command>dnssec-keyfromlabel</command> completes
successfully,
@@ -458,7 +461,7 @@
</para>
</listitem>
</itemizedlist>
- <para><command>dnssec-keyfromlabel</command>
+ <para><command>dnssec-keyfromlabel</command>
creates two files, with names based
on the printed string. <filename>Knnnn.+aaa+iiiii.key</filename>
contains the public key, and
@@ -477,10 +480,10 @@
fields. For obvious security reasons, this file does not have
general read permission.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>SEE ALSO</title></info>
- <refsect1>
- <title>SEE ALSO</title>
<para><citerefentry>
<refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
@@ -490,16 +493,6 @@
<citetitle>BIND 9 Administrator Reference Manual</citetitle>,
<citetitle>RFC 4034</citetitle>.
</para>
- </refsect1>
-
- <refsect1>
- <title>AUTHOR</title>
- <para><corpauthor>Internet Systems Consortium</corpauthor>
- </para>
- </refsect1>
+ </refsection>
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->
+</refentry>
diff --git a/bin/dnssec/dnssec-keyfromlabel.html b/bin/dnssec/dnssec-keyfromlabel.html
index 36971c466adc..eeb5345913ad 100644
--- a/bin/dnssec/dnssec-keyfromlabel.html
+++ b/bin/dnssec/dnssec-keyfromlabel.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2008-2012, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2008-2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -13,14 +13,13 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>dnssec-keyfromlabel</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
<a name="man.dnssec-keyfromlabel"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -30,13 +29,13 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code> {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-3</code>] [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-k</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-S <em class="replaceable"><code>key</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y</code>] {name}</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543539"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">dnssec-keyfromlabel</strong></span>
+<div class="refsection">
+<a name="id-1.7"></a><h2>DESCRIPTION</h2>
+<p><span class="command"><strong>dnssec-keyfromlabel</strong></span>
generates a key pair of files that referencing a key object stored
in a cryptographic hardware service module (HSM). The private key
file can be used for DNSSEC signing of zone data as if it were a
- conventional signing key created by <span><strong class="command">dnssec-keygen</strong></span>,
+ conventional signing key created by <span class="command"><strong>dnssec-keygen</strong></span>,
but the key material is stored within the HSM, and the actual signing
takes place there.
</p>
@@ -46,9 +45,9 @@
being generated.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543560"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
+<div class="refsection">
+<a name="id-1.8"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
<p>
@@ -103,7 +102,7 @@
<dt><span class="term">-C</span></dt>
<dd><p>
Compatibility mode: generates an old-style key, without
- any metadata. By default, <span><strong class="command">dnssec-keyfromlabel</strong></span>
+ any metadata. By default, <span class="command"><strong>dnssec-keyfromlabel</strong></span>
will include the key's creation date in the metadata stored
with the private key, and other dates may be set there as well
(publication date, activation date, etc). Keys that include
@@ -128,7 +127,7 @@
<dt><span class="term">-h</span></dt>
<dd><p>
Prints a short summary of the options and arguments to
- <span><strong class="command">dnssec-keyfromlabel</strong></span>.
+ <span class="command"><strong>dnssec-keyfromlabel</strong></span>.
</p></dd>
<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
<dd><p>
@@ -189,8 +188,8 @@
</p></dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2544046"></a><h2>TIMING OPTIONS</h2>
+<div class="refsection">
+<a name="id-1.9"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@@ -202,7 +201,7 @@
is computed in seconds. To explicitly prevent a date from being
set, use 'none' or 'never'.
</p>
-<div class="variablelist"><dl>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>
<dd><p>
Sets the date on which a key is to be published to the zone.
@@ -248,7 +247,7 @@
</p>
<p>
If the key is being created as an explicit successor to another
- key, then the default prepublication interval is 30 days;
+ key, then the default prepublication interval is 30 days;
otherwise it is zero.
</p>
<p>
@@ -261,26 +260,26 @@
</dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543008"></a><h2>GENERATED KEY FILES</h2>
+<div class="refsection">
+<a name="id-1.10"></a><h2>GENERATED KEY FILES</h2>
<p>
- When <span><strong class="command">dnssec-keyfromlabel</strong></span> completes
+ When <span class="command"><strong>dnssec-keyfromlabel</strong></span> completes
successfully,
it prints a string of the form <code class="filename">Knnnn.+aaa+iiiii</code>
to the standard output. This is an identification string for
the key files it has generated.
</p>
-<div class="itemizedlist"><ul type="disc">
-<li><p><code class="filename">nnnn</code> is the key name.
+<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem"><p><code class="filename">nnnn</code> is the key name.
</p></li>
-<li><p><code class="filename">aaa</code> is the numeric representation
+<li class="listitem"><p><code class="filename">aaa</code> is the numeric representation
of the algorithm.
</p></li>
-<li><p><code class="filename">iiiii</code> is the key identifier (or
+<li class="listitem"><p><code class="filename">iiiii</code> is the key identifier (or
footprint).
</p></li>
</ul></div>
-<p><span><strong class="command">dnssec-keyfromlabel</strong></span>
+<p><span class="command"><strong>dnssec-keyfromlabel</strong></span>
creates two files, with names based
on the printed string. <code class="filename">Knnnn.+aaa+iiiii.key</code>
contains the public key, and
@@ -300,18 +299,13 @@
general read permission.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543080"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.11"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 4034</em>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543113"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
- </p>
-</div>
</div></body>
</html>
diff --git a/bin/dnssec/dnssec-keygen.8 b/bin/dnssec/dnssec-keygen.8
index 2cd5d76ff516..acbbbbd0e6fe 100644
--- a/bin/dnssec/dnssec-keygen.8
+++ b/bin/dnssec/dnssec-keygen.8
@@ -13,301 +13,341 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id$
-.\"
.hy 0
.ad l
-.\" Title: dnssec\-keygen
+'\" t
+.\" Title: dnssec-keygen
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: February 07, 2014
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 2014-02-07
.\" Manual: BIND9
-.\" Source: BIND9
+.\" Source: ISC
+.\" Language: English
.\"
-.TH "DNSSEC\-KEYGEN" "8" "February 07, 2014" "BIND9" "BIND9"
+.TH "DNSSEC\-KEYGEN" "8" "2014\-02\-07" "ISC" "BIND9"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
.SH "NAME"
-dnssec\-keygen \- DNSSEC key generation tool
+dnssec-keygen \- DNSSEC key generation tool
.SH "SYNOPSIS"
-.HP 14
+.HP \w'\fBdnssec\-keygen\fR\ 'u
\fBdnssec\-keygen\fR [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-3\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-C\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-g\ \fR\fB\fIgenerator\fR\fR] [\fB\-h\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-k\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-q\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-S\ \fR\fB\fIkey\fR\fR] [\fB\-s\ \fR\fB\fIstrength\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] [\fB\-z\fR] {name}
.SH "DESCRIPTION"
.PP
\fBdnssec\-keygen\fR
-generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC 4034. It can also generate keys for use with TSIG (Transaction Signatures) as defined in RFC 2845, or TKEY (Transaction Key) as defined in RFC 2930.
+generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC 4034\&. It can also generate keys for use with TSIG (Transaction Signatures) as defined in RFC 2845, or TKEY (Transaction Key) as defined in RFC 2930\&.
.PP
The
\fBname\fR
-of the key is specified on the command line. For DNSSEC keys, this must match the name of the zone for which the key is being generated.
+of the key is specified on the command line\&. For DNSSEC keys, this must match the name of the zone for which the key is being generated\&.
.SH "OPTIONS"
.PP
\-a \fIalgorithm\fR
.RS 4
-Selects the cryptographic algorithm. For DNSSEC keys, the value of
+Selects the cryptographic algorithm\&. For DNSSEC keys, the value of
\fBalgorithm\fR
-must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST, ECDSAP256SHA256 or ECDSAP384SHA384. For TSIG/TKEY, the value must be DH (Diffie Hellman), HMAC\-MD5, HMAC\-SHA1, HMAC\-SHA224, HMAC\-SHA256, HMAC\-SHA384, or HMAC\-SHA512. These values are case insensitive.
+must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST, ECDSAP256SHA256 or ECDSAP384SHA384\&. For TSIG/TKEY, the value must be DH (Diffie Hellman), HMAC\-MD5, HMAC\-SHA1, HMAC\-SHA224, HMAC\-SHA256, HMAC\-SHA384, or HMAC\-SHA512\&. These values are case insensitive\&.
.sp
If no algorithm is specified, then RSASHA1 will be used by default, unless the
\fB\-3\fR
-option is specified, in which case NSEC3RSASHA1 will be used instead. (If
+option is specified, in which case NSEC3RSASHA1 will be used instead\&. (If
\fB\-3\fR
-is used and an algorithm is specified, that algorithm will be checked for compatibility with NSEC3.)
+is used and an algorithm is specified, that algorithm will be checked for compatibility with NSEC3\&.)
.sp
-Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm, and DSA is recommended. For TSIG, HMAC\-MD5 is mandatory.
+Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm, and DSA is recommended\&. For TSIG, HMAC\-MD5 is mandatory\&.
.sp
-Note 2: DH, HMAC\-MD5, and HMAC\-SHA1 through HMAC\-SHA512 automatically set the \-T KEY option.
+Note 2: DH, HMAC\-MD5, and HMAC\-SHA1 through HMAC\-SHA512 automatically set the \-T KEY option\&.
.RE
.PP
\-b \fIkeysize\fR
.RS 4
-Specifies the number of bits in the key. The choice of key size depends on the algorithm used. RSA keys must be between 512 and 2048 bits. Diffie Hellman keys must be between 128 and 4096 bits. DSA keys must be between 512 and 1024 bits and an exact multiple of 64. HMAC keys must be between 1 and 512 bits. Elliptic curve algorithms don't need this parameter.
+Specifies the number of bits in the key\&. The choice of key size depends on the algorithm used\&. RSA keys must be between 512 and 2048 bits\&. Diffie Hellman keys must be between 128 and 4096 bits\&. DSA keys must be between 512 and 1024 bits and an exact multiple of 64\&. HMAC keys must be between 1 and 512 bits\&. Elliptic curve algorithms don\*(Aqt need this parameter\&.
.sp
-The key size does not need to be specified if using a default algorithm. The default key size is 1024 bits for zone signing keys (ZSK's) and 2048 bits for key signing keys (KSK's, generated with
-\fB\-f KSK\fR). However, if an algorithm is explicitly specified with the
+The key size does not need to be specified if using a default algorithm\&. The default key size is 1024 bits for zone signing keys (ZSK\*(Aqs) and 2048 bits for key signing keys (KSK\*(Aqs, generated with
+\fB\-f KSK\fR)\&. However, if an algorithm is explicitly specified with the
\fB\-a\fR, then there is no default key size, and the
\fB\-b\fR
-must be used.
+must be used\&.
.RE
.PP
\-n \fInametype\fR
.RS 4
-Specifies the owner type of the key. The value of
+Specifies the owner type of the key\&. The value of
\fBnametype\fR
-must either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)), USER (for a key associated with a user(KEY)) or OTHER (DNSKEY). These values are case insensitive. Defaults to ZONE for DNSKEY generation.
+must either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)), USER (for a key associated with a user(KEY)) or OTHER (DNSKEY)\&. These values are case insensitive\&. Defaults to ZONE for DNSKEY generation\&.
.RE
.PP
\-3
.RS 4
-Use an NSEC3\-capable algorithm to generate a DNSSEC key. If this option is used and no algorithm is explicitly set on the command line, NSEC3RSASHA1 will be used by default. Note that RSASHA256, RSASHA512, ECCGOST, ECDSAP256SHA256 and ECDSAP384SHA384 algorithms are NSEC3\-capable.
+Use an NSEC3\-capable algorithm to generate a DNSSEC key\&. If this option is used and no algorithm is explicitly set on the command line, NSEC3RSASHA1 will be used by default\&. Note that RSASHA256, RSASHA512, ECCGOST, ECDSAP256SHA256 and ECDSAP384SHA384 algorithms are NSEC3\-capable\&.
.RE
.PP
\-C
.RS 4
-Compatibility mode: generates an old\-style key, without any metadata. By default,
+Compatibility mode: generates an old\-style key, without any metadata\&. By default,
\fBdnssec\-keygen\fR
-will include the key's creation date in the metadata stored with the private key, and other dates may be set there as well (publication date, activation date, etc). Keys that include this data may be incompatible with older versions of BIND; the
+will include the key\*(Aqs creation date in the metadata stored with the private key, and other dates may be set there as well (publication date, activation date, etc)\&. Keys that include this data may be incompatible with older versions of BIND; the
\fB\-C\fR
-option suppresses them.
+option suppresses them\&.
.RE
.PP
\-c \fIclass\fR
.RS 4
-Indicates that the DNS record containing the key should have the specified class. If not specified, class IN is used.
+Indicates that the DNS record containing the key should have the specified class\&. If not specified, class IN is used\&.
.RE
.PP
\-E \fIengine\fR
.RS 4
-Uses a crypto hardware (OpenSSL engine) for random number and, when supported, key generation. When compiled with PKCS#11 support it defaults to pkcs11; the empty name resets it to no engine.
+Uses a crypto hardware (OpenSSL engine) for random number and, when supported, key generation\&. When compiled with PKCS#11 support it defaults to pkcs11; the empty name resets it to no engine\&.
.RE
.PP
\-f \fIflag\fR
.RS 4
-Set the specified flag in the flag field of the KEY/DNSKEY record. The only recognized flags are KSK (Key Signing Key) and REVOKE.
+Set the specified flag in the flag field of the KEY/DNSKEY record\&. The only recognized flags are KSK (Key Signing Key) and REVOKE\&.
.RE
.PP
\-G
.RS 4
-Generate a key, but do not publish it or sign with it. This option is incompatible with \-P and \-A.
+Generate a key, but do not publish it or sign with it\&. This option is incompatible with \-P and \-A\&.
.RE
.PP
\-g \fIgenerator\fR
.RS 4
-If generating a Diffie Hellman key, use this generator. Allowed values are 2 and 5. If no generator is specified, a known prime from RFC 2539 will be used if possible; otherwise the default is 2.
+If generating a Diffie Hellman key, use this generator\&. Allowed values are 2 and 5\&. If no generator is specified, a known prime from RFC 2539 will be used if possible; otherwise the default is 2\&.
.RE
.PP
\-h
.RS 4
Prints a short summary of the options and arguments to
-\fBdnssec\-keygen\fR.
+\fBdnssec\-keygen\fR\&.
.RE
.PP
\-K \fIdirectory\fR
.RS 4
-Sets the directory in which the key files are to be written.
+Sets the directory in which the key files are to be written\&.
.RE
.PP
\-k
.RS 4
-Deprecated in favor of \-T KEY.
+Deprecated in favor of \-T KEY\&.
.RE
.PP
\-L \fIttl\fR
.RS 4
-Sets the default TTL to use for this key when it is converted into a DNSKEY RR. If the key is imported into a zone, this is the TTL that will be used for it, unless there was already a DNSKEY RRset in place, in which case the existing TTL would take precedence. If this value is not set and there is no existing DNSKEY RRset, the TTL will default to the SOA TTL. Setting the default TTL to
+Sets the default TTL to use for this key when it is converted into a DNSKEY RR\&. If the key is imported into a zone, this is the TTL that will be used for it, unless there was already a DNSKEY RRset in place, in which case the existing TTL would take precedence\&. If this value is not set and there is no existing DNSKEY RRset, the TTL will default to the SOA TTL\&. Setting the default TTL to
0
or
none
-is the same as leaving it unset.
+is the same as leaving it unset\&.
.RE
.PP
\-p \fIprotocol\fR
.RS 4
-Sets the protocol value for the generated key. The protocol is a number between 0 and 255. The default is 3 (DNSSEC). Other possible values for this argument are listed in RFC 2535 and its successors.
+Sets the protocol value for the generated key\&. The protocol is a number between 0 and 255\&. The default is 3 (DNSSEC)\&. Other possible values for this argument are listed in RFC 2535 and its successors\&.
.RE
.PP
\-q
.RS 4
-Quiet mode: Suppresses unnecessary output, including progress indication. Without this option, when
+Quiet mode: Suppresses unnecessary output, including progress indication\&. Without this option, when
\fBdnssec\-keygen\fR
is run interactively to generate an RSA or DSA key pair, it will print a string of symbols to
-\fIstderr\fR
-indicating the progress of the key generation. A '.' indicates that a random number has been found which passed an initial sieve test; '+' means a number has passed a single round of the Miller\-Rabin primality test; a space means that the number has passed all the tests and is a satisfactory key.
+stderr
+indicating the progress of the key generation\&. A \*(Aq\&.\*(Aq indicates that a random number has been found which passed an initial sieve test; \*(Aq+\*(Aq means a number has passed a single round of the Miller\-Rabin primality test; a space means that the number has passed all the tests and is a satisfactory key\&.
.RE
.PP
\-r \fIrandomdev\fR
.RS 4
-Specifies the source of randomness. If the operating system does not provide a
-\fI/dev/random\fR
-or equivalent device, the default source of randomness is keyboard input.
-\fIrandomdev\fR
-specifies the name of a character device or file containing random data to be used instead of the default. The special value
-\fIkeyboard\fR
-indicates that keyboard input should be used.
+Specifies the source of randomness\&. If the operating system does not provide a
+/dev/random
+or equivalent device, the default source of randomness is keyboard input\&.
+randomdev
+specifies the name of a character device or file containing random data to be used instead of the default\&. The special value
+keyboard
+indicates that keyboard input should be used\&.
.RE
.PP
\-S \fIkey\fR
.RS 4
-Create a new key which is an explicit successor to an existing key. The name, algorithm, size, and type of the key will be set to match the existing key. The activation date of the new key will be set to the inactivation date of the existing one. The publication date will be set to the activation date minus the prepublication interval, which defaults to 30 days.
+Create a new key which is an explicit successor to an existing key\&. The name, algorithm, size, and type of the key will be set to match the existing key\&. The activation date of the new key will be set to the inactivation date of the existing one\&. The publication date will be set to the activation date minus the prepublication interval, which defaults to 30 days\&.
.RE
.PP
\-s \fIstrength\fR
.RS 4
-Specifies the strength value of the key. The strength is a number between 0 and 15, and currently has no defined purpose in DNSSEC.
+Specifies the strength value of the key\&. The strength is a number between 0 and 15, and currently has no defined purpose in DNSSEC\&.
.RE
.PP
\-T \fIrrtype\fR
.RS 4
-Specifies the resource record type to use for the key.
+Specifies the resource record type to use for the key\&.
\fBrrtype\fR
-must be either DNSKEY or KEY. The default is DNSKEY when using a DNSSEC algorithm, but it can be overridden to KEY for use with SIG(0).
-Using any TSIG algorithm (HMAC\-* or DH) forces this option to KEY.
+must be either DNSKEY or KEY\&. The default is DNSKEY when using a DNSSEC algorithm, but it can be overridden to KEY for use with SIG(0)\&.
+Using any TSIG algorithm (HMAC\-* or DH) forces this option to KEY\&.
.RE
.PP
\-t \fItype\fR
.RS 4
-Indicates the use of the key.
+Indicates the use of the key\&.
\fBtype\fR
-must be one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default is AUTHCONF. AUTH refers to the ability to authenticate data, and CONF the ability to encrypt data.
+must be one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF\&. The default is AUTHCONF\&. AUTH refers to the ability to authenticate data, and CONF the ability to encrypt data\&.
.RE
.PP
\-v \fIlevel\fR
.RS 4
-Sets the debugging level.
+Sets the debugging level\&.
.RE
.PP
\-V
.RS 4
-Prints version information.
+Prints version information\&.
.RE
.SH "TIMING OPTIONS"
.PP
-Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '\-', it is interpreted as an offset from the present time. For convenience, if such an offset is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the offset is computed in years (defined as 365 24\-hour days, ignoring leap years), months (defined as 30 24\-hour days), weeks, days, hours, or minutes, respectively. Without a suffix, the offset is computed in seconds. To explicitly prevent a date from being set, use 'none' or 'never'.
+Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS\&. If the argument begins with a \*(Aq+\*(Aq or \*(Aq\-\*(Aq, it is interpreted as an offset from the present time\&. For convenience, if such an offset is followed by one of the suffixes \*(Aqy\*(Aq, \*(Aqmo\*(Aq, \*(Aqw\*(Aq, \*(Aqd\*(Aq, \*(Aqh\*(Aq, or \*(Aqmi\*(Aq, then the offset is computed in years (defined as 365 24\-hour days, ignoring leap years), months (defined as 30 24\-hour days), weeks, days, hours, or minutes, respectively\&. Without a suffix, the offset is computed in seconds\&. To explicitly prevent a date from being set, use \*(Aqnone\*(Aq or \*(Aqnever\*(Aq\&.
.PP
\-P \fIdate/offset\fR
.RS 4
-Sets the date on which a key is to be published to the zone. After that date, the key will be included in the zone but will not be used to sign it. If not set, and if the \-G option has not been used, the default is "now".
+Sets the date on which a key is to be published to the zone\&. After that date, the key will be included in the zone but will not be used to sign it\&. If not set, and if the \-G option has not been used, the default is "now"\&.
.RE
.PP
\-A \fIdate/offset\fR
.RS 4
-Sets the date on which the key is to be activated. After that date, the key will be included in the zone and used to sign it. If not set, and if the \-G option has not been used, the default is "now". If set, if and \-P is not set, then the publication date will be set to the activation date minus the prepublication interval.
+Sets the date on which the key is to be activated\&. After that date, the key will be included in the zone and used to sign it\&. If not set, and if the \-G option has not been used, the default is "now"\&. If set, if and \-P is not set, then the publication date will be set to the activation date minus the prepublication interval\&.
.RE
.PP
\-R \fIdate/offset\fR
.RS 4
-Sets the date on which the key is to be revoked. After that date, the key will be flagged as revoked. It will be included in the zone and will be used to sign it.
+Sets the date on which the key is to be revoked\&. After that date, the key will be flagged as revoked\&. It will be included in the zone and will be used to sign it\&.
.RE
.PP
\-I \fIdate/offset\fR
.RS 4
-Sets the date on which the key is to be retired. After that date, the key will still be included in the zone, but it will not be used to sign it.
+Sets the date on which the key is to be retired\&. After that date, the key will still be included in the zone, but it will not be used to sign it\&.
.RE
.PP
\-D \fIdate/offset\fR
.RS 4
-Sets the date on which the key is to be deleted. After that date, the key will no longer be included in the zone. (It may remain in the key repository, however.)
+Sets the date on which the key is to be deleted\&. After that date, the key will no longer be included in the zone\&. (It may remain in the key repository, however\&.)
.RE
.PP
\-i \fIinterval\fR
.RS 4
-Sets the prepublication interval for a key. If set, then the publication and activation dates must be separated by at least this much time. If the activation date is specified but the publication date isn't, then the publication date will default to this much time before the activation date; conversely, if the publication date is specified but activation date isn't, then activation will be set to this much time after publication.
+Sets the prepublication interval for a key\&. If set, then the publication and activation dates must be separated by at least this much time\&. If the activation date is specified but the publication date isn\*(Aqt, then the publication date will default to this much time before the activation date; conversely, if the publication date is specified but activation date isn\*(Aqt, then activation will be set to this much time after publication\&.
.sp
-If the key is being created as an explicit successor to another key, then the default prepublication interval is 30 days; otherwise it is zero.
+If the key is being created as an explicit successor to another key, then the default prepublication interval is 30 days; otherwise it is zero\&.
.sp
-As with date offsets, if the argument is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the interval is measured in years, months, weeks, days, hours, or minutes, respectively. Without a suffix, the interval is measured in seconds.
+As with date offsets, if the argument is followed by one of the suffixes \*(Aqy\*(Aq, \*(Aqmo\*(Aq, \*(Aqw\*(Aq, \*(Aqd\*(Aq, \*(Aqh\*(Aq, or \*(Aqmi\*(Aq, then the interval is measured in years, months, weeks, days, hours, or minutes, respectively\&. Without a suffix, the interval is measured in seconds\&.
.RE
.SH "GENERATED KEYS"
.PP
When
\fBdnssec\-keygen\fR
completes successfully, it prints a string of the form
-\fIKnnnn.+aaa+iiiii\fR
-to the standard output. This is an identification string for the key it has generated.
-.TP 4
-\(bu
-\fInnnn\fR
-is the key name.
-.TP 4
-\(bu
-\fIaaa\fR
-is the numeric representation of the algorithm.
-.TP 4
-\(bu
-\fIiiiii\fR
-is the key identifier (or footprint).
+Knnnn\&.+aaa+iiiii
+to the standard output\&. This is an identification string for the key it has generated\&.
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+nnnn
+is the key name\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+aaa
+is the numeric representation of the algorithm\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+iiiii
+is the key identifier (or footprint)\&.
+.RE
.PP
\fBdnssec\-keygen\fR
-creates two files, with names based on the printed string.
-\fIKnnnn.+aaa+iiiii.key\fR
+creates two files, with names based on the printed string\&.
+Knnnn\&.+aaa+iiiii\&.key
contains the public key, and
-\fIKnnnn.+aaa+iiiii.private\fR
-contains the private key.
+Knnnn\&.+aaa+iiiii\&.private
+contains the private key\&.
.PP
The
-\fI.key\fR
-file contains a DNS KEY record that can be inserted into a zone file (directly or with a $INCLUDE statement).
+\&.key
+file contains a DNS KEY record that can be inserted into a zone file (directly or with a $INCLUDE statement)\&.
.PP
The
-\fI.private\fR
-file contains algorithm\-specific fields. For obvious security reasons, this file does not have general read permission.
+\&.private
+file contains algorithm\-specific fields\&. For obvious security reasons, this file does not have general read permission\&.
.PP
Both
-\fI.key\fR
+\&.key
and
-\fI.private\fR
-files are generated for symmetric encryption algorithms such as HMAC\-MD5, even though the public and private key are equivalent.
+\&.private
+files are generated for symmetric encryption algorithms such as HMAC\-MD5, even though the public and private key are equivalent\&.
.SH "EXAMPLE"
.PP
To generate a 768\-bit DSA key for the domain
-\fBexample.com\fR, the following command would be issued:
+\fBexample\&.com\fR, the following command would be issued:
.PP
-\fBdnssec\-keygen \-a DSA \-b 768 \-n ZONE example.com\fR
+\fBdnssec\-keygen \-a DSA \-b 768 \-n ZONE example\&.com\fR
.PP
The command would print a string of the form:
.PP
-\fBKexample.com.+003+26160\fR
+\fBKexample\&.com\&.+003+26160\fR
.PP
In this example,
\fBdnssec\-keygen\fR
creates the files
-\fIKexample.com.+003+26160.key\fR
+Kexample\&.com\&.+003+26160\&.key
and
-\fIKexample.com.+003+26160.private\fR.
+Kexample\&.com\&.+003+26160\&.private\&.
.SH "SEE ALSO"
.PP
-\fBdnssec\-signzone\fR(8),
+\fBdnssec-signzone\fR(8),
BIND 9 Administrator Reference Manual,
RFC 2539,
RFC 2845,
-RFC 4034.
+RFC 4034\&.
.SH "AUTHOR"
.PP
-Internet Systems Consortium
+\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007\-2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.br
-Copyright \(co 2000\-2003 Internet Software Consortium.
+Copyright \(co 2004, 2005, 2007-2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000-2003 Internet Software Consortium.
.br
diff --git a/bin/dnssec/dnssec-keygen.docbook b/bin/dnssec/dnssec-keygen.docbook
index 472575f0d002..4737f5a821ca 100644
--- a/bin/dnssec/dnssec-keygen.docbook
+++ b/bin/dnssec/dnssec-keygen.docbook
@@ -1,6 +1,3 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2004, 2005, 2007-2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
@@ -18,9 +15,14 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<refentry id="man.dnssec-keygen">
+<!-- Converted by db4-upgrade version 1.0 -->
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.dnssec-keygen">
+ <info>
+ <date>2014-02-07</date>
+ </info>
<refentryinfo>
- <date>February 07, 2014</date>
+ <corpname>ISC</corpname>
+ <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
</refentryinfo>
<refmeta>
@@ -58,43 +60,43 @@
</docinfo>
<refsynopsisdiv>
- <cmdsynopsis>
+ <cmdsynopsis sepchar=" ">
<command>dnssec-keygen</command>
- <arg><option>-a <replaceable class="parameter">algorithm</replaceable></option></arg>
- <arg ><option>-b <replaceable class="parameter">keysize</replaceable></option></arg>
- <arg><option>-n <replaceable class="parameter">nametype</replaceable></option></arg>
- <arg><option>-3</option></arg>
- <arg><option>-A <replaceable class="parameter">date/offset</replaceable></option></arg>
- <arg><option>-C</option></arg>
- <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
- <arg><option>-D <replaceable class="parameter">date/offset</replaceable></option></arg>
- <arg><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
- <arg><option>-f <replaceable class="parameter">flag</replaceable></option></arg>
- <arg><option>-G</option></arg>
- <arg><option>-g <replaceable class="parameter">generator</replaceable></option></arg>
- <arg><option>-h</option></arg>
- <arg><option>-I <replaceable class="parameter">date/offset</replaceable></option></arg>
- <arg><option>-i <replaceable class="parameter">interval</replaceable></option></arg>
- <arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
- <arg><option>-L <replaceable class="parameter">ttl</replaceable></option></arg>
- <arg><option>-k</option></arg>
- <arg><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg>
- <arg><option>-p <replaceable class="parameter">protocol</replaceable></option></arg>
- <arg><option>-q</option></arg>
- <arg><option>-R <replaceable class="parameter">date/offset</replaceable></option></arg>
- <arg><option>-r <replaceable class="parameter">randomdev</replaceable></option></arg>
- <arg><option>-S <replaceable class="parameter">key</replaceable></option></arg>
- <arg><option>-s <replaceable class="parameter">strength</replaceable></option></arg>
- <arg><option>-t <replaceable class="parameter">type</replaceable></option></arg>
- <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
- <arg><option>-V</option></arg>
- <arg><option>-z</option></arg>
- <arg choice="req">name</arg>
+ <arg choice="opt" rep="norepeat"><option>-a <replaceable class="parameter">algorithm</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-b <replaceable class="parameter">keysize</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-n <replaceable class="parameter">nametype</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-3</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-A <replaceable class="parameter">date/offset</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-C</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">class</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-D <replaceable class="parameter">date/offset</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-f <replaceable class="parameter">flag</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-G</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-g <replaceable class="parameter">generator</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-h</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-I <replaceable class="parameter">date/offset</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-i <replaceable class="parameter">interval</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-L <replaceable class="parameter">ttl</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-k</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-p <replaceable class="parameter">protocol</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-q</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-R <replaceable class="parameter">date/offset</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">randomdev</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-S <replaceable class="parameter">key</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-s <replaceable class="parameter">strength</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">type</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-v <replaceable class="parameter">level</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-V</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-z</option></arg>
+ <arg choice="req" rep="norepeat">name</arg>
</cmdsynopsis>
</refsynopsisdiv>
- <refsect1>
- <title>DESCRIPTION</title>
+ <refsection><info><title>DESCRIPTION</title></info>
+
<para><command>dnssec-keygen</command>
generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
and RFC 4034. It can also generate keys for use with
@@ -106,10 +108,10 @@
line. For DNSSEC keys, this must match the name of the zone for
which the key is being generated.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>OPTIONS</title></info>
- <refsect1>
- <title>OPTIONS</title>
<variablelist>
<varlistentry>
@@ -431,10 +433,10 @@
</varlistentry>
</variablelist>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>TIMING OPTIONS</title></info>
- <refsect1>
- <title>TIMING OPTIONS</title>
<para>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
@@ -522,7 +524,7 @@
</para>
<para>
If the key is being created as an explicit successor to another
- key, then the default prepublication interval is 30 days;
+ key, then the default prepublication interval is 30 days;
otherwise it is zero.
</para>
<para>
@@ -536,11 +538,11 @@
</varlistentry>
</variablelist>
- </refsect1>
+ </refsection>
- <refsect1>
- <title>GENERATED KEYS</title>
+ <refsection><info><title>GENERATED KEYS</title></info>
+
<para>
When <command>dnssec-keygen</command> completes
successfully,
@@ -565,7 +567,7 @@
</para>
</listitem>
</itemizedlist>
- <para><command>dnssec-keygen</command>
+ <para><command>dnssec-keygen</command>
creates two files, with names based
on the printed string. <filename>Knnnn.+aaa+iiiii.key</filename>
contains the public key, and
@@ -590,10 +592,10 @@
files are generated for symmetric encryption algorithms such as
HMAC-MD5, even though the public and private key are equivalent.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>EXAMPLE</title></info>
- <refsect1>
- <title>EXAMPLE</title>
<para>
To generate a 768-bit DSA key for the domain
<userinput>example.com</userinput>, the following command would be
@@ -612,10 +614,10 @@
and
<filename>Kexample.com.+003+26160.private</filename>.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>SEE ALSO</title></info>
- <refsect1>
- <title>SEE ALSO</title>
<para><citerefentry>
<refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
@@ -624,16 +626,6 @@
<citetitle>RFC 2845</citetitle>,
<citetitle>RFC 4034</citetitle>.
</para>
- </refsect1>
+ </refsection>
- <refsect1>
- <title>AUTHOR</title>
- <para><corpauthor>Internet Systems Consortium</corpauthor>
- </para>
- </refsect1>
-
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->
+</refentry>
diff --git a/bin/dnssec/dnssec-keygen.html b/bin/dnssec/dnssec-keygen.html
index 9cf62ebc7660..a8917a374c90 100644
--- a/bin/dnssec/dnssec-keygen.html
+++ b/bin/dnssec/dnssec-keygen.html
@@ -14,14 +14,13 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>dnssec-keygen</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
<a name="man.dnssec-keygen"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -31,9 +30,9 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-3</code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-C</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-k</code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-q</code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S <em class="replaceable"><code>key</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-z</code>] {name}</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543608"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">dnssec-keygen</strong></span>
+<div class="refsection">
+<a name="id-1.7"></a><h2>DESCRIPTION</h2>
+<p><span class="command"><strong>dnssec-keygen</strong></span>
generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
and RFC 4034. It can also generate keys for use with
TSIG (Transaction Signatures) as defined in RFC 2845, or TKEY
@@ -45,9 +44,9 @@
which the key is being generated.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543626"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
+<div class="refsection">
+<a name="id-1.8"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
<p>
@@ -120,7 +119,7 @@
<dt><span class="term">-C</span></dt>
<dd><p>
Compatibility mode: generates an old-style key, without
- any metadata. By default, <span><strong class="command">dnssec-keygen</strong></span>
+ any metadata. By default, <span class="command"><strong>dnssec-keygen</strong></span>
will include the key's creation date in the metadata stored
with the private key, and other dates may be set there as well
(publication date, activation date, etc). Keys that include
@@ -159,7 +158,7 @@
<dt><span class="term">-h</span></dt>
<dd><p>
Prints a short summary of the options and arguments to
- <span><strong class="command">dnssec-keygen</strong></span>.
+ <span class="command"><strong>dnssec-keygen</strong></span>.
</p></dd>
<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
<dd><p>
@@ -191,7 +190,7 @@
<dd><p>
Quiet mode: Suppresses unnecessary output, including
progress indication. Without this option, when
- <span><strong class="command">dnssec-keygen</strong></span> is run interactively
+ <span class="command"><strong>dnssec-keygen</strong></span> is run interactively
to generate an RSA or DSA key pair, it will print a string
of symbols to <code class="filename">stderr</code> indicating the
progress of the key generation. A '.' indicates that a
@@ -261,8 +260,8 @@
</p></dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2544220"></a><h2>TIMING OPTIONS</h2>
+<div class="refsection">
+<a name="id-1.9"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@@ -274,7 +273,7 @@
is computed in seconds. To explicitly prevent a date from being
set, use 'none' or 'never'.
</p>
-<div class="variablelist"><dl>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>
<dd><p>
Sets the date on which a key is to be published to the zone.
@@ -322,7 +321,7 @@
</p>
<p>
If the key is being created as an explicit successor to another
- key, then the default prepublication interval is 30 days;
+ key, then the default prepublication interval is 30 days;
otherwise it is zero.
</p>
<p>
@@ -335,27 +334,27 @@
</dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2544410"></a><h2>GENERATED KEYS</h2>
+<div class="refsection">
+<a name="id-1.10"></a><h2>GENERATED KEYS</h2>
<p>
- When <span><strong class="command">dnssec-keygen</strong></span> completes
+ When <span class="command"><strong>dnssec-keygen</strong></span> completes
successfully,
it prints a string of the form <code class="filename">Knnnn.+aaa+iiiii</code>
to the standard output. This is an identification string for
the key it has generated.
</p>
-<div class="itemizedlist"><ul type="disc">
-<li><p><code class="filename">nnnn</code> is the key name.
+<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem"><p><code class="filename">nnnn</code> is the key name.
</p></li>
-<li><p><code class="filename">aaa</code> is the numeric representation
+<li class="listitem"><p><code class="filename">aaa</code> is the numeric representation
of the
algorithm.
</p></li>
-<li><p><code class="filename">iiiii</code> is the key identifier (or
+<li class="listitem"><p><code class="filename">iiiii</code> is the key identifier (or
footprint).
</p></li>
</ul></div>
-<p><span><strong class="command">dnssec-keygen</strong></span>
+<p><span class="command"><strong>dnssec-keygen</strong></span>
creates two files, with names based
on the printed string. <code class="filename">Knnnn.+aaa+iiiii.key</code>
contains the public key, and
@@ -381,8 +380,8 @@
HMAC-MD5, even though the public and private key are equivalent.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2544492"></a><h2>EXAMPLE</h2>
+<div class="refsection">
+<a name="id-1.11"></a><h2>EXAMPLE</h2>
<p>
To generate a 768-bit DSA key for the domain
<strong class="userinput"><code>example.com</code></strong>, the following command would be
@@ -396,14 +395,14 @@
<p><strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
</p>
<p>
- In this example, <span><strong class="command">dnssec-keygen</strong></span> creates
+ In this example, <span class="command"><strong>dnssec-keygen</strong></span> creates
the files <code class="filename">Kexample.com.+003+26160.key</code>
and
<code class="filename">Kexample.com.+003+26160.private</code>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2544604"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.12"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 2539</em>,
@@ -411,10 +410,5 @@
<em class="citetitle">RFC 4034</em>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2544635"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
- </p>
-</div>
</div></body>
</html>
diff --git a/bin/dnssec/dnssec-revoke.8 b/bin/dnssec/dnssec-revoke.8
index eb8754557556..15ac846aaac7 100644
--- a/bin/dnssec/dnssec-revoke.8
+++ b/bin/dnssec/dnssec-revoke.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2009, 2011, 2014 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2011, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -12,82 +12,95 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id$
-.\"
.hy 0
.ad l
-.\" Title: dnssec\-revoke
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: October 20, 2011
+'\" t
+.\" Title: dnssec-revoke
+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 2011-10-20
.\" Manual: BIND9
.\" Source: BIND9
+.\" Language: English
.\"
-.TH "DNSSEC\-REVOKE" "8" "October 20, 2011" "BIND9" "BIND9"
+.TH "DNSSEC\-REVOKE" "8" "2011\-10\-20" "BIND9" "BIND9"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
.SH "NAME"
-dnssec\-revoke \- Set the REVOKED bit on a DNSSEC key
+dnssec-revoke \- Set the REVOKED bit on a DNSSEC key
.SH "SYNOPSIS"
-.HP 14
+.HP \w'\fBdnssec\-revoke\fR\ 'u
\fBdnssec\-revoke\fR [\fB\-hr\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\fR] [\fB\-R\fR] {keyfile}
.SH "DESCRIPTION"
.PP
\fBdnssec\-revoke\fR
-reads a DNSSEC key file, sets the REVOKED bit on the key as defined in RFC 5011, and creates a new pair of key files containing the now\-revoked key.
+reads a DNSSEC key file, sets the REVOKED bit on the key as defined in RFC 5011, and creates a new pair of key files containing the now\-revoked key\&.
.SH "OPTIONS"
.PP
\-h
.RS 4
-Emit usage message and exit.
+Emit usage message and exit\&.
.RE
.PP
\-K \fIdirectory\fR
.RS 4
-Sets the directory in which the key files are to reside.
+Sets the directory in which the key files are to reside\&.
.RE
.PP
\-r
.RS 4
-After writing the new keyset files remove the original keyset files.
+After writing the new keyset files remove the original keyset files\&.
.RE
.PP
\-v \fIlevel\fR
.RS 4
-Sets the debugging level.
+Sets the debugging level\&.
.RE
.PP
\-V
.RS 4
-Prints version information.
+Prints version information\&.
.RE
.PP
\-E \fIengine\fR
.RS 4
-Use the given OpenSSL engine. When compiled with PKCS#11 support it defaults to pkcs11; the empty name resets it to no engine.
+Use the given OpenSSL engine\&. When compiled with PKCS#11 support it defaults to pkcs11; the empty name resets it to no engine\&.
.RE
.PP
\-f
.RS 4
Force overwrite: Causes
\fBdnssec\-revoke\fR
-to write the new key pair even if a file already exists matching the algorithm and key ID of the revoked key.
+to write the new key pair even if a file already exists matching the algorithm and key ID of the revoked key\&.
.RE
.PP
\-R
.RS 4
-Print the key tag of the key with the REVOKE bit set but do not revoke the key.
+Print the key tag of the key with the REVOKE bit set but do not revoke the key\&.
.RE
.SH "SEE ALSO"
.PP
-\fBdnssec\-keygen\fR(8),
+\fBdnssec-keygen\fR(8),
BIND 9 Administrator Reference Manual,
-RFC 5011.
-.SH "AUTHOR"
-.PP
-Internet Systems Consortium
+RFC 5011\&.
.SH "COPYRIGHT"
-Copyright \(co 2009, 2011, 2014 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2009, 2011, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.br
diff --git a/bin/dnssec/dnssec-revoke.c b/bin/dnssec/dnssec-revoke.c
index 6756a38129e0..4e2a18a93683 100644
--- a/bin/dnssec/dnssec-revoke.c
+++ b/bin/dnssec/dnssec-revoke.c
@@ -79,7 +79,8 @@ main(int argc, char **argv) {
#else
const char *engine = NULL;
#endif
- char *filename = NULL, *dir = NULL;
+ char const *filename = NULL;
+ char *dir = NULL;
char newname[1024], oldname[1024];
char keystr[DST_KEY_FORMATSIZE];
char *endp;
diff --git a/bin/dnssec/dnssec-revoke.docbook b/bin/dnssec/dnssec-revoke.docbook
index 85463d682cda..19708d2b3d4d 100644
--- a/bin/dnssec/dnssec-revoke.docbook
+++ b/bin/dnssec/dnssec-revoke.docbook
@@ -1,8 +1,5 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2009, 2011, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2011, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -17,10 +14,11 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<refentry id="man.dnssec-revoke">
- <refentryinfo>
- <date>October 20, 2011</date>
- </refentryinfo>
+<!-- Converted by db4-upgrade version 1.0 -->
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.dnssec-revoke">
+ <info>
+ <date>2011-10-20</date>
+ </info>
<refmeta>
<refentrytitle><application>dnssec-revoke</application></refentrytitle>
@@ -38,35 +36,36 @@
<year>2009</year>
<year>2011</year>
<year>2014</year>
+ <year>2015</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
<refsynopsisdiv>
- <cmdsynopsis>
+ <cmdsynopsis sepchar=" ">
<command>dnssec-revoke</command>
- <arg><option>-hr</option></arg>
- <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
- <arg><option>-V</option></arg>
- <arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
- <arg><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
- <arg><option>-f</option></arg>
- <arg><option>-R</option></arg>
- <arg choice="req">keyfile</arg>
+ <arg choice="opt" rep="norepeat"><option>-hr</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-v <replaceable class="parameter">level</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-V</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-f</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-R</option></arg>
+ <arg choice="req" rep="norepeat">keyfile</arg>
</cmdsynopsis>
</refsynopsisdiv>
- <refsect1>
- <title>DESCRIPTION</title>
+ <refsection><info><title>DESCRIPTION</title></info>
+
<para><command>dnssec-revoke</command>
reads a DNSSEC key file, sets the REVOKED bit on the key as defined
in RFC 5011, and creates a new pair of key files containing the
now-revoked key.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>OPTIONS</title></info>
- <refsect1>
- <title>OPTIONS</title>
<variablelist>
<varlistentry>
@@ -77,7 +76,7 @@
</para>
</listitem>
</varlistentry>
-
+
<varlistentry>
<term>-K <replaceable class="parameter">directory</replaceable></term>
<listitem>
@@ -146,26 +145,16 @@
</listitem>
</varlistentry>
</variablelist>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>SEE ALSO</title></info>
- <refsect1>
- <title>SEE ALSO</title>
<para><citerefentry>
<refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citetitle>BIND 9 Administrator Reference Manual</citetitle>,
<citetitle>RFC 5011</citetitle>.
</para>
- </refsect1>
+ </refsection>
- <refsect1>
- <title>AUTHOR</title>
- <para><corpauthor>Internet Systems Consortium</corpauthor>
- </para>
- </refsect1>
-
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->
+</refentry>
diff --git a/bin/dnssec/dnssec-revoke.html b/bin/dnssec/dnssec-revoke.html
index d09b7dcd378a..58bbdae4155f 100644
--- a/bin/dnssec/dnssec-revoke.html
+++ b/bin/dnssec/dnssec-revoke.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2009, 2011, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2011, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -13,14 +13,13 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>dnssec-revoke</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
<a name="man.dnssec-revoke"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -30,17 +29,17 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">dnssec-revoke</code> [<code class="option">-hr</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f</code>] [<code class="option">-R</code>] {keyfile}</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543397"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">dnssec-revoke</strong></span>
+<div class="refsection">
+<a name="id-1.6"></a><h2>DESCRIPTION</h2>
+<p><span class="command"><strong>dnssec-revoke</strong></span>
reads a DNSSEC key file, sets the REVOKED bit on the key as defined
in RFC 5011, and creates a new pair of key files containing the
now-revoked key.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543409"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
+<div class="refsection">
+<a name="id-1.7"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-h</span></dt>
<dd><p>
Emit usage message and exit.
@@ -69,7 +68,7 @@
</p></dd>
<dt><span class="term">-f</span></dt>
<dd><p>
- Force overwrite: Causes <span><strong class="command">dnssec-revoke</strong></span> to
+ Force overwrite: Causes <span class="command"><strong>dnssec-revoke</strong></span> to
write the new key pair even if a file already exists matching
the algorithm and key ID of the revoked key.
</p></dd>
@@ -80,17 +79,12 @@
</p></dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543541"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.8"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 5011</em>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543565"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
- </p>
-</div>
</div></body>
</html>
diff --git a/bin/dnssec/dnssec-settime.8 b/bin/dnssec/dnssec-settime.8
index 821e4db990f1..37951ad2e0df 100644
--- a/bin/dnssec/dnssec-settime.8
+++ b/bin/dnssec/dnssec-settime.8
@@ -12,26 +12,41 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id$
-.\"
.hy 0
.ad l
-.\" Title: dnssec\-settime
+'\" t
+.\" Title: dnssec-settime
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: February 07, 2014
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 2014-02-07
.\" Manual: BIND9
-.\" Source: BIND9
+.\" Source: ISC
+.\" Language: English
.\"
-.TH "DNSSEC\-SETTIME" "8" "February 07, 2014" "BIND9" "BIND9"
+.TH "DNSSEC\-SETTIME" "8" "2014\-02\-07" "ISC" "BIND9"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
.SH "NAME"
-dnssec\-settime \- Set the key timing metadata for a DNSSEC key
+dnssec-settime \- Set the key timing metadata for a DNSSEC key
.SH "SYNOPSIS"
-.HP 15
+.HP \w'\fBdnssec\-settime\fR\ 'u
\fBdnssec\-settime\fR [\fB\-f\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-h\fR] [\fB\-V\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] {keyfile}
.SH "DESCRIPTION"
.PP
@@ -42,114 +57,114 @@ reads a DNSSEC private key file and sets the key timing metadata as specified by
\fB\-R\fR,
\fB\-I\fR, and
\fB\-D\fR
-options. The metadata can then be used by
+options\&. The metadata can then be used by
\fBdnssec\-signzone\fR
-or other signing software to determine when a key is to be published, whether it should be used for signing a zone, etc.
+or other signing software to determine when a key is to be published, whether it should be used for signing a zone, etc\&.
.PP
If none of these options is set on the command line, then
\fBdnssec\-settime\fR
-simply prints the key timing metadata already stored in the key.
+simply prints the key timing metadata already stored in the key\&.
.PP
-When key metadata fields are changed, both files of a key pair (\fIKnnnn.+aaa+iiiii.key\fR
+When key metadata fields are changed, both files of a key pair (Knnnn\&.+aaa+iiiii\&.key
and
-\fIKnnnn.+aaa+iiiii.private\fR) are regenerated. Metadata fields are stored in the private file. A human\-readable description of the metadata is also placed in comments in the key file. The private file's permissions are always set to be inaccessible to anyone other than the owner (mode 0600).
+Knnnn\&.+aaa+iiiii\&.private) are regenerated\&. Metadata fields are stored in the private file\&. A human\-readable description of the metadata is also placed in comments in the key file\&. The private file\*(Aqs permissions are always set to be inaccessible to anyone other than the owner (mode 0600)\&.
.SH "OPTIONS"
.PP
\-f
.RS 4
-Force an update of an old\-format key with no metadata fields. Without this option,
+Force an update of an old\-format key with no metadata fields\&. Without this option,
\fBdnssec\-settime\fR
-will fail when attempting to update a legacy key. With this option, the key will be recreated in the new format, but with the original key data retained. The key's creation date will be set to the present time. If no other values are specified, then the key's publication and activation dates will also be set to the present time.
+will fail when attempting to update a legacy key\&. With this option, the key will be recreated in the new format, but with the original key data retained\&. The key\*(Aqs creation date will be set to the present time\&. If no other values are specified, then the key\*(Aqs publication and activation dates will also be set to the present time\&.
.RE
.PP
\-K \fIdirectory\fR
.RS 4
-Sets the directory in which the key files are to reside.
+Sets the directory in which the key files are to reside\&.
.RE
.PP
\-L \fIttl\fR
.RS 4
-Sets the default TTL to use for this key when it is converted into a DNSKEY RR. If the key is imported into a zone, this is the TTL that will be used for it, unless there was already a DNSKEY RRset in place, in which case the existing TTL would take precedence. If this value is not set and there is no existing DNSKEY RRset, the TTL will default to the SOA TTL. Setting the default TTL to
+Sets the default TTL to use for this key when it is converted into a DNSKEY RR\&. If the key is imported into a zone, this is the TTL that will be used for it, unless there was already a DNSKEY RRset in place, in which case the existing TTL would take precedence\&. If this value is not set and there is no existing DNSKEY RRset, the TTL will default to the SOA TTL\&. Setting the default TTL to
0
or
none
-removes it from the key.
+removes it from the key\&.
.RE
.PP
\-h
.RS 4
-Emit usage message and exit.
+Emit usage message and exit\&.
.RE
.PP
\-V
.RS 4
-Prints version information.
+Prints version information\&.
.RE
.PP
\-v \fIlevel\fR
.RS 4
-Sets the debugging level.
+Sets the debugging level\&.
.RE
.PP
\-E \fIengine\fR
.RS 4
-Use the given OpenSSL engine. When compiled with PKCS#11 support it defaults to pkcs11; the empty name resets it to no engine.
+Use the given OpenSSL engine\&. When compiled with PKCS#11 support it defaults to pkcs11; the empty name resets it to no engine\&.
.RE
.SH "TIMING OPTIONS"
.PP
-Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '\-', it is interpreted as an offset from the present time. For convenience, if such an offset is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the offset is computed in years (defined as 365 24\-hour days, ignoring leap years), months (defined as 30 24\-hour days), weeks, days, hours, or minutes, respectively. Without a suffix, the offset is computed in seconds. To unset a date, use 'none' or 'never'.
+Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS\&. If the argument begins with a \*(Aq+\*(Aq or \*(Aq\-\*(Aq, it is interpreted as an offset from the present time\&. For convenience, if such an offset is followed by one of the suffixes \*(Aqy\*(Aq, \*(Aqmo\*(Aq, \*(Aqw\*(Aq, \*(Aqd\*(Aq, \*(Aqh\*(Aq, or \*(Aqmi\*(Aq, then the offset is computed in years (defined as 365 24\-hour days, ignoring leap years), months (defined as 30 24\-hour days), weeks, days, hours, or minutes, respectively\&. Without a suffix, the offset is computed in seconds\&. To unset a date, use \*(Aqnone\*(Aq or \*(Aqnever\*(Aq\&.
.PP
\-P \fIdate/offset\fR
.RS 4
-Sets the date on which a key is to be published to the zone. After that date, the key will be included in the zone but will not be used to sign it.
+Sets the date on which a key is to be published to the zone\&. After that date, the key will be included in the zone but will not be used to sign it\&.
.RE
.PP
\-A \fIdate/offset\fR
.RS 4
-Sets the date on which the key is to be activated. After that date, the key will be included in the zone and used to sign it.
+Sets the date on which the key is to be activated\&. After that date, the key will be included in the zone and used to sign it\&.
.RE
.PP
\-R \fIdate/offset\fR
.RS 4
-Sets the date on which the key is to be revoked. After that date, the key will be flagged as revoked. It will be included in the zone and will be used to sign it.
+Sets the date on which the key is to be revoked\&. After that date, the key will be flagged as revoked\&. It will be included in the zone and will be used to sign it\&.
.RE
.PP
\-I \fIdate/offset\fR
.RS 4
-Sets the date on which the key is to be retired. After that date, the key will still be included in the zone, but it will not be used to sign it.
+Sets the date on which the key is to be retired\&. After that date, the key will still be included in the zone, but it will not be used to sign it\&.
.RE
.PP
\-D \fIdate/offset\fR
.RS 4
-Sets the date on which the key is to be deleted. After that date, the key will no longer be included in the zone. (It may remain in the key repository, however.)
+Sets the date on which the key is to be deleted\&. After that date, the key will no longer be included in the zone\&. (It may remain in the key repository, however\&.)
.RE
.PP
\-S \fIpredecessor key\fR
.RS 4
-Select a key for which the key being modified will be an explicit successor. The name, algorithm, size, and type of the predecessor key must exactly match those of the key being modified. The activation date of the successor key will be set to the inactivation date of the predecessor. The publication date will be set to the activation date minus the prepublication interval, which defaults to 30 days.
+Select a key for which the key being modified will be an explicit successor\&. The name, algorithm, size, and type of the predecessor key must exactly match those of the key being modified\&. The activation date of the successor key will be set to the inactivation date of the predecessor\&. The publication date will be set to the activation date minus the prepublication interval, which defaults to 30 days\&.
.RE
.PP
\-i \fIinterval\fR
.RS 4
-Sets the prepublication interval for a key. If set, then the publication and activation dates must be separated by at least this much time. If the activation date is specified but the publication date isn't, then the publication date will default to this much time before the activation date; conversely, if the publication date is specified but activation date isn't, then activation will be set to this much time after publication.
+Sets the prepublication interval for a key\&. If set, then the publication and activation dates must be separated by at least this much time\&. If the activation date is specified but the publication date isn\*(Aqt, then the publication date will default to this much time before the activation date; conversely, if the publication date is specified but activation date isn\*(Aqt, then activation will be set to this much time after publication\&.
.sp
-If the key is being set to be an explicit successor to another key, then the default prepublication interval is 30 days; otherwise it is zero.
+If the key is being set to be an explicit successor to another key, then the default prepublication interval is 30 days; otherwise it is zero\&.
.sp
-As with date offsets, if the argument is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the interval is measured in years, months, weeks, days, hours, or minutes, respectively. Without a suffix, the interval is measured in seconds.
+As with date offsets, if the argument is followed by one of the suffixes \*(Aqy\*(Aq, \*(Aqmo\*(Aq, \*(Aqw\*(Aq, \*(Aqd\*(Aq, \*(Aqh\*(Aq, or \*(Aqmi\*(Aq, then the interval is measured in years, months, weeks, days, hours, or minutes, respectively\&. Without a suffix, the interval is measured in seconds\&.
.RE
.SH "PRINTING OPTIONS"
.PP
\fBdnssec\-settime\fR
-can also be used to print the timing metadata associated with a key.
+can also be used to print the timing metadata associated with a key\&.
.PP
\-u
.RS 4
-Print times in UNIX epoch format.
+Print times in UNIX epoch format\&.
.RE
.PP
\-p \fIC/P/A/R/I/D/all\fR
.RS 4
-Print a specific metadata value or set of metadata values. The
+Print a specific metadata value or set of metadata values\&. The
\fB\-p\fR
option may be followed by one or more of the following letters to indicate which value or values to print:
\fBC\fR
@@ -163,18 +178,19 @@ for the revocation date,
\fBI\fR
for the inactivation date, or
\fBD\fR
-for the deletion date. To print all of the metadata, use
-\fB\-p all\fR.
+for the deletion date\&. To print all of the metadata, use
+\fB\-p all\fR\&.
.RE
.SH "SEE ALSO"
.PP
-\fBdnssec\-keygen\fR(8),
-\fBdnssec\-signzone\fR(8),
+\fBdnssec-keygen\fR(8),
+\fBdnssec-signzone\fR(8),
BIND 9 Administrator Reference Manual,
-RFC 5011.
+RFC 5011\&.
.SH "AUTHOR"
.PP
-Internet Systems Consortium
+\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
-Copyright \(co 2009\-2011, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2009-2011, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.br
diff --git a/bin/dnssec/dnssec-settime.c b/bin/dnssec/dnssec-settime.c
index e26356c788b1..a95d39a23660 100644
--- a/bin/dnssec/dnssec-settime.c
+++ b/bin/dnssec/dnssec-settime.c
@@ -122,7 +122,8 @@ main(int argc, char **argv) {
#else
const char *engine = NULL;
#endif
- char *filename = NULL, *directory = NULL;
+ const char *filename = NULL;
+ char *directory = NULL;
char newname[1024];
char keystr[DST_KEY_FORMATSIZE];
char *endp, *p;
diff --git a/bin/dnssec/dnssec-settime.docbook b/bin/dnssec/dnssec-settime.docbook
index 942f1889cf60..db2b90a1c976 100644
--- a/bin/dnssec/dnssec-settime.docbook
+++ b/bin/dnssec/dnssec-settime.docbook
@@ -1,6 +1,3 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2009-2011, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
-
@@ -17,9 +14,14 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<refentry id="man.dnssec-settime">
+<!-- Converted by db4-upgrade version 1.0 -->
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.dnssec-settime">
+ <info>
+ <date>2014-02-07</date>
+ </info>
<refentryinfo>
- <date>February 07, 2014</date>
+ <corpname>ISC</corpname>
+ <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
</refentryinfo>
<refmeta>
@@ -45,26 +47,26 @@
</docinfo>
<refsynopsisdiv>
- <cmdsynopsis>
+ <cmdsynopsis sepchar=" ">
<command>dnssec-settime</command>
- <arg><option>-f</option></arg>
- <arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
- <arg><option>-L <replaceable class="parameter">ttl</replaceable></option></arg>
- <arg><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg>
- <arg><option>-A <replaceable class="parameter">date/offset</replaceable></option></arg>
- <arg><option>-R <replaceable class="parameter">date/offset</replaceable></option></arg>
- <arg><option>-I <replaceable class="parameter">date/offset</replaceable></option></arg>
- <arg><option>-D <replaceable class="parameter">date/offset</replaceable></option></arg>
- <arg><option>-h</option></arg>
- <arg><option>-V</option></arg>
- <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
- <arg><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
- <arg choice="req">keyfile</arg>
+ <arg choice="opt" rep="norepeat"><option>-f</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-L <replaceable class="parameter">ttl</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-A <replaceable class="parameter">date/offset</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-R <replaceable class="parameter">date/offset</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-I <replaceable class="parameter">date/offset</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-D <replaceable class="parameter">date/offset</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-h</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-V</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-v <replaceable class="parameter">level</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
+ <arg choice="req" rep="norepeat">keyfile</arg>
</cmdsynopsis>
</refsynopsisdiv>
- <refsect1>
- <title>DESCRIPTION</title>
+ <refsection><info><title>DESCRIPTION</title></info>
+
<para><command>dnssec-settime</command>
reads a DNSSEC private key file and sets the key timing metadata
as specified by the <option>-P</option>, <option>-A</option>,
@@ -88,10 +90,10 @@
file. The private file's permissions are always set to be
inaccessible to anyone other than the owner (mode 0600).
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>OPTIONS</title></info>
- <refsect1>
- <title>OPTIONS</title>
<variablelist>
<varlistentry>
@@ -103,13 +105,13 @@
fail when attempting to update a legacy key. With this option,
the key will be recreated in the new format, but with the
original key data retained. The key's creation date will be
- set to the present time. If no other values are specified,
- then the key's publication and activation dates will also
+ set to the present time. If no other values are specified,
+ then the key's publication and activation dates will also
be set to the present time.
</para>
</listitem>
</varlistentry>
-
+
<varlistentry>
<term>-K <replaceable class="parameter">directory</replaceable></term>
<listitem>
@@ -143,7 +145,7 @@
</para>
</listitem>
</varlistentry>
-
+
<varlistentry>
<term>-V</term>
<listitem>
@@ -172,10 +174,10 @@
</listitem>
</varlistentry>
</variablelist>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>TIMING OPTIONS</title></info>
- <refsect1>
- <title>TIMING OPTIONS</title>
<para>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@@ -272,7 +274,7 @@
</para>
<para>
If the key is being set to be an explicit successor to another
- key, then the default prepublication interval is 30 days;
+ key, then the default prepublication interval is 30 days;
otherwise it is zero.
</para>
<para>
@@ -285,10 +287,10 @@
</listitem>
</varlistentry>
</variablelist>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>PRINTING OPTIONS</title></info>
- <refsect1>
- <title>PRINTING OPTIONS</title>
<para>
<command>dnssec-settime</command> can also be used to print the
timing metadata associated with a key.
@@ -323,10 +325,10 @@
</varlistentry>
</variablelist>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>SEE ALSO</title></info>
- <refsect1>
- <title>SEE ALSO</title>
<para><citerefentry>
<refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
@@ -336,16 +338,6 @@
<citetitle>BIND 9 Administrator Reference Manual</citetitle>,
<citetitle>RFC 5011</citetitle>.
</para>
- </refsect1>
+ </refsection>
- <refsect1>
- <title>AUTHOR</title>
- <para><corpauthor>Internet Systems Consortium</corpauthor>
- </para>
- </refsect1>
-
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->
+</refentry>
diff --git a/bin/dnssec/dnssec-settime.html b/bin/dnssec/dnssec-settime.html
index 0132e07ceee6..d66bf73e34cf 100644
--- a/bin/dnssec/dnssec-settime.html
+++ b/bin/dnssec/dnssec-settime.html
@@ -13,14 +13,13 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>dnssec-settime</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
<a name="man.dnssec-settime"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -30,20 +29,20 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">dnssec-settime</code> [<code class="option">-f</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-V</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] {keyfile}</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543450"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">dnssec-settime</strong></span>
+<div class="refsection">
+<a name="id-1.7"></a><h2>DESCRIPTION</h2>
+<p><span class="command"><strong>dnssec-settime</strong></span>
reads a DNSSEC private key file and sets the key timing metadata
as specified by the <code class="option">-P</code>, <code class="option">-A</code>,
<code class="option">-R</code>, <code class="option">-I</code>, and <code class="option">-D</code>
options. The metadata can then be used by
- <span><strong class="command">dnssec-signzone</strong></span> or other signing software to
+ <span class="command"><strong>dnssec-signzone</strong></span> or other signing software to
determine when a key is to be published, whether it should be
used for signing a zone, etc.
</p>
<p>
If none of these options is set on the command line,
- then <span><strong class="command">dnssec-settime</strong></span> simply prints the key timing
+ then <span class="command"><strong>dnssec-settime</strong></span> simply prints the key timing
metadata already stored in the key.
</p>
<p>
@@ -56,18 +55,18 @@
inaccessible to anyone other than the owner (mode 0600).
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543498"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
+<div class="refsection">
+<a name="id-1.8"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-f</span></dt>
<dd><p>
Force an update of an old-format key with no metadata fields.
- Without this option, <span><strong class="command">dnssec-settime</strong></span> will
+ Without this option, <span class="command"><strong>dnssec-settime</strong></span> will
fail when attempting to update a legacy key. With this option,
the key will be recreated in the new format, but with the
original key data retained. The key's creation date will be
- set to the present time. If no other values are specified,
- then the key's publication and activation dates will also
+ set to the present time. If no other values are specified,
+ then the key's publication and activation dates will also
be set to the present time.
</p></dd>
<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
@@ -104,8 +103,8 @@
</p></dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543697"></a><h2>TIMING OPTIONS</h2>
+<div class="refsection">
+<a name="id-1.9"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@@ -116,7 +115,7 @@
days, hours, or minutes, respectively. Without a suffix, the offset
is computed in seconds. To unset a date, use 'none' or 'never'.
</p>
-<div class="variablelist"><dl>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>
<dd><p>
Sets the date on which a key is to be published to the zone.
@@ -170,7 +169,7 @@
</p>
<p>
If the key is being set to be an explicit successor to another
- key, then the default prepublication interval is 30 days;
+ key, then the default prepublication interval is 30 days;
otherwise it is zero.
</p>
<p>
@@ -183,13 +182,13 @@
</dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543835"></a><h2>PRINTING OPTIONS</h2>
+<div class="refsection">
+<a name="id-1.10"></a><h2>PRINTING OPTIONS</h2>
<p>
- <span><strong class="command">dnssec-settime</strong></span> can also be used to print the
+ <span class="command"><strong>dnssec-settime</strong></span> can also be used to print the
timing metadata associated with a key.
</p>
-<div class="variablelist"><dl>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-u</span></dt>
<dd><p>
Print times in UNIX epoch format.
@@ -209,18 +208,13 @@
</p></dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543913"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.11"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 5011</em>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543946"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
- </p>
-</div>
</div></body>
</html>
diff --git a/bin/dnssec/dnssec-signzone.8 b/bin/dnssec/dnssec-signzone.8
index be2f5b34e0ad..214bb55123e0 100644
--- a/bin/dnssec/dnssec-signzone.8
+++ b/bin/dnssec/dnssec-signzone.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2009, 2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2009, 2011, 2013-2015 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,438 +13,458 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id$
-.\"
.hy 0
.ad l
-.\" Title: dnssec\-signzone
+'\" t
+.\" Title: dnssec-signzone
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: December 11, 2013
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 2013-12-11
.\" Manual: BIND9
-.\" Source: BIND9
+.\" Source: ISC
+.\" Language: English
.\"
-.TH "DNSSEC\-SIGNZONE" "8" "December 11, 2013" "BIND9" "BIND9"
+.TH "DNSSEC\-SIGNZONE" "8" "2013\-12\-11" "ISC" "BIND9"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
.SH "NAME"
-dnssec\-signzone \- DNSSEC zone signing tool
+dnssec-signzone \- DNSSEC zone signing tool
.SH "SYNOPSIS"
-.HP 16
+.HP \w'\fBdnssec\-signzone\fR\ 'u
\fBdnssec\-signzone\fR [\fB\-a\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-e\ \fR\fB\fIend\-time\fR\fR] [\fB\-f\ \fR\fB\fIoutput\-file\fR\fR] [\fB\-g\fR] [\fB\-h\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-k\ \fR\fB\fIkey\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-I\ \fR\fB\fIinput\-format\fR\fR] [\fB\-j\ \fR\fB\fIjitter\fR\fR] [\fB\-N\ \fR\fB\fIsoa\-serial\-format\fR\fR] [\fB\-o\ \fR\fB\fIorigin\fR\fR] [\fB\-O\ \fR\fB\fIoutput\-format\fR\fR] [\fB\-P\fR] [\fB\-p\fR] [\fB\-R\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-S\fR] [\fB\-s\ \fR\fB\fIstart\-time\fR\fR] [\fB\-T\ \fR\fB\fIttl\fR\fR] [\fB\-t\fR] [\fB\-u\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] [\fB\-X\ \fR\fB\fIextended\ end\-time\fR\fR] [\fB\-x\fR] [\fB\-z\fR] [\fB\-3\ \fR\fB\fIsalt\fR\fR] [\fB\-H\ \fR\fB\fIiterations\fR\fR] [\fB\-A\fR] {zonefile} [key...]
.SH "DESCRIPTION"
.PP
\fBdnssec\-signzone\fR
-signs a zone. It generates NSEC and RRSIG records and produces a signed version of the zone. The security status of delegations from the signed zone (that is, whether the child zones are secure or not) is determined by the presence or absence of a
-\fIkeyset\fR
-file for each child zone.
+signs a zone\&. It generates NSEC and RRSIG records and produces a signed version of the zone\&. The security status of delegations from the signed zone (that is, whether the child zones are secure or not) is determined by the presence or absence of a
+keyset
+file for each child zone\&.
.SH "OPTIONS"
.PP
\-a
.RS 4
-Verify all generated signatures.
+Verify all generated signatures\&.
.RE
.PP
\-c \fIclass\fR
.RS 4
-Specifies the DNS class of the zone.
+Specifies the DNS class of the zone\&.
.RE
.PP
\-C
.RS 4
Compatibility mode: Generate a
-\fIkeyset\-\fR\fI\fIzonename\fR\fR
+keyset\-\fIzonename\fR
file in addition to
-\fIdsset\-\fR\fI\fIzonename\fR\fR
+dsset\-\fIzonename\fR
when signing a zone, for use by older versions of
-\fBdnssec\-signzone\fR.
+\fBdnssec\-signzone\fR\&.
.RE
.PP
\-d \fIdirectory\fR
.RS 4
Look for
-\fIdsset\-\fR
+dsset\-
or
-\fIkeyset\-\fR
+keyset\-
files in
-\fBdirectory\fR.
+\fBdirectory\fR\&.
.RE
.PP
\-D
.RS 4
Output only those record types automatically managed by
-\fBdnssec\-signzone\fR, i.e. RRSIG, NSEC, NSEC3 and NSEC3PARAM records. If smart signing (\fB\-S\fR) is used, DNSKEY records are also included. The resulting file can be included in the original zone file with
-\fB$INCLUDE\fR. This option cannot be combined with
+\fBdnssec\-signzone\fR, i\&.e\&. RRSIG, NSEC, NSEC3 and NSEC3PARAM records\&. If smart signing (\fB\-S\fR) is used, DNSKEY records are also included\&. The resulting file can be included in the original zone file with
+\fB$INCLUDE\fR\&. This option cannot be combined with
\fB\-O raw\fR
-or serial number updating.
+or serial number updating\&.
.RE
.PP
\-E \fIengine\fR
.RS 4
-Uses a crypto hardware (OpenSSL engine) for the crypto operations it supports, for instance signing with private keys from a secure key store. When compiled with PKCS#11 support it defaults to pkcs11; the empty name resets it to no engine.
+Uses a crypto hardware (OpenSSL engine) for the crypto operations it supports, for instance signing with private keys from a secure key store\&. When compiled with PKCS#11 support it defaults to pkcs11; the empty name resets it to no engine\&.
.RE
.PP
\-g
.RS 4
Generate DS records for child zones from
-\fIdsset\-\fR
+dsset\-
or
-\fIkeyset\-\fR
-file. Existing DS records will be removed.
+keyset\-
+file\&. Existing DS records will be removed\&.
.RE
.PP
\-K \fIdirectory\fR
.RS 4
-Key repository: Specify a directory to search for DNSSEC keys. If not specified, defaults to the current directory.
+Key repository: Specify a directory to search for DNSSEC keys\&. If not specified, defaults to the current directory\&.
.RE
.PP
\-k \fIkey\fR
.RS 4
-Treat specified key as a key signing key ignoring any key flags. This option may be specified multiple times.
+Treat specified key as a key signing key ignoring any key flags\&. This option may be specified multiple times\&.
.RE
.PP
\-l \fIdomain\fR
.RS 4
-Generate a DLV set in addition to the key (DNSKEY) and DS sets. The domain is appended to the name of the records.
+Generate a DLV set in addition to the key (DNSKEY) and DS sets\&. The domain is appended to the name of the records\&.
.RE
.PP
\-s \fIstart\-time\fR
.RS 4
-Specify the date and time when the generated RRSIG records become valid. This can be either an absolute or relative time. An absolute start time is indicated by a number in YYYYMMDDHHMMSS notation; 20000530144500 denotes 14:45:00 UTC on May 30th, 2000. A relative start time is indicated by +N, which is N seconds from the current time. If no
+Specify the date and time when the generated RRSIG records become valid\&. This can be either an absolute or relative time\&. An absolute start time is indicated by a number in YYYYMMDDHHMMSS notation; 20000530144500 denotes 14:45:00 UTC on May 30th, 2000\&. A relative start time is indicated by +N, which is N seconds from the current time\&. If no
\fBstart\-time\fR
-is specified, the current time minus 1 hour (to allow for clock skew) is used.
+is specified, the current time minus 1 hour (to allow for clock skew) is used\&.
.RE
.PP
\-e \fIend\-time\fR
.RS 4
-Specify the date and time when the generated RRSIG records expire. As with
-\fBstart\-time\fR, an absolute time is indicated in YYYYMMDDHHMMSS notation. A time relative to the start time is indicated with +N, which is N seconds from the start time. A time relative to the current time is indicated with now+N. If no
+Specify the date and time when the generated RRSIG records expire\&. As with
+\fBstart\-time\fR, an absolute time is indicated in YYYYMMDDHHMMSS notation\&. A time relative to the start time is indicated with +N, which is N seconds from the start time\&. A time relative to the current time is indicated with now+N\&. If no
\fBend\-time\fR
-is specified, 30 days from the start time is used as a default.
+is specified, 30 days from the start time is used as a default\&.
\fBend\-time\fR
must be later than
-\fBstart\-time\fR.
+\fBstart\-time\fR\&.
.RE
.PP
\-X \fIextended end\-time\fR
.RS 4
-Specify the date and time when the generated RRSIG records for the DNSKEY RRset will expire. This is to be used in cases when the DNSKEY signatures need to persist longer than signatures on other records; e.g., when the private component of the KSK is kept offline and the KSK signature is to be refreshed manually.
+Specify the date and time when the generated RRSIG records for the DNSKEY RRset will expire\&. This is to be used in cases when the DNSKEY signatures need to persist longer than signatures on other records; e\&.g\&., when the private component of the KSK is kept offline and the KSK signature is to be refreshed manually\&.
.sp
As with
-\fBstart\-time\fR, an absolute time is indicated in YYYYMMDDHHMMSS notation. A time relative to the start time is indicated with +N, which is N seconds from the start time. A time relative to the current time is indicated with now+N. If no
+\fBstart\-time\fR, an absolute time is indicated in YYYYMMDDHHMMSS notation\&. A time relative to the start time is indicated with +N, which is N seconds from the start time\&. A time relative to the current time is indicated with now+N\&. If no
\fBextended end\-time\fR
is specified, the value of
\fBend\-time\fR
-is used as the default. (\fBend\-time\fR, in turn, defaults to 30 days from the start time.)
+is used as the default\&. (\fBend\-time\fR, in turn, defaults to 30 days from the start time\&.)
\fBextended end\-time\fR
must be later than
-\fBstart\-time\fR.
+\fBstart\-time\fR\&.
.RE
.PP
\-f \fIoutput\-file\fR
.RS 4
-The name of the output file containing the signed zone. The default is to append
-\fI.signed\fR
-to the input filename. If
+The name of the output file containing the signed zone\&. The default is to append
+\&.signed
+to the input filename\&. If
\fBoutput\-file\fR
is set to
-"\-", then the signed zone is written to the standard output, with a default output format of "full".
+"\-", then the signed zone is written to the standard output, with a default output format of "full"\&.
.RE
.PP
\-h
.RS 4
Prints a short summary of the options and arguments to
-\fBdnssec\-signzone\fR.
+\fBdnssec\-signzone\fR\&.
.RE
.PP
\-V
.RS 4
-Prints version information.
+Prints version information\&.
.RE
.PP
\-i \fIinterval\fR
.RS 4
-When a previously\-signed zone is passed as input, records may be resigned. The
+When a previously\-signed zone is passed as input, records may be resigned\&. The
\fBinterval\fR
-option specifies the cycle interval as an offset from the current time (in seconds). If a RRSIG record expires after the cycle interval, it is retained. Otherwise, it is considered to be expiring soon, and it will be replaced.
+option specifies the cycle interval as an offset from the current time (in seconds)\&. If a RRSIG record expires after the cycle interval, it is retained\&. Otherwise, it is considered to be expiring soon, and it will be replaced\&.
.sp
-The default cycle interval is one quarter of the difference between the signature end and start times. So if neither
+The default cycle interval is one quarter of the difference between the signature end and start times\&. So if neither
\fBend\-time\fR
or
\fBstart\-time\fR
are specified,
\fBdnssec\-signzone\fR
-generates signatures that are valid for 30 days, with a cycle interval of 7.5 days. Therefore, if any existing RRSIG records are due to expire in less than 7.5 days, they would be replaced.
+generates signatures that are valid for 30 days, with a cycle interval of 7\&.5 days\&. Therefore, if any existing RRSIG records are due to expire in less than 7\&.5 days, they would be replaced\&.
.RE
.PP
\-I \fIinput\-format\fR
.RS 4
-The format of the input zone file. Possible formats are
+The format of the input zone file\&. Possible formats are
\fB"text"\fR
(default) and
-\fB"raw"\fR. This option is primarily intended to be used for dynamic signed zones so that the dumped zone file in a non\-text format containing updates can be signed directly. The use of this option does not make much sense for non\-dynamic zones.
+\fB"raw"\fR\&. This option is primarily intended to be used for dynamic signed zones so that the dumped zone file in a non\-text format containing updates can be signed directly\&. The use of this option does not make much sense for non\-dynamic zones\&.
.RE
.PP
\-j \fIjitter\fR
.RS 4
-When signing a zone with a fixed signature lifetime, all RRSIG records issued at the time of signing expires simultaneously. If the zone is incrementally signed, i.e. a previously\-signed zone is passed as input to the signer, all expired signatures have to be regenerated at about the same time. The
+When signing a zone with a fixed signature lifetime, all RRSIG records issued at the time of signing expires simultaneously\&. If the zone is incrementally signed, i\&.e\&. a previously\-signed zone is passed as input to the signer, all expired signatures have to be regenerated at about the same time\&. The
\fBjitter\fR
-option specifies a jitter window that will be used to randomize the signature expire time, thus spreading incremental signature regeneration over time.
+option specifies a jitter window that will be used to randomize the signature expire time, thus spreading incremental signature regeneration over time\&.
.sp
-Signature lifetime jitter also to some extent benefits validators and servers by spreading out cache expiration, i.e. if large numbers of RRSIGs don't expire at the same time from all caches there will be less congestion than if all validators need to refetch at mostly the same time.
+Signature lifetime jitter also to some extent benefits validators and servers by spreading out cache expiration, i\&.e\&. if large numbers of RRSIGs don\*(Aqt expire at the same time from all caches there will be less congestion than if all validators need to refetch at mostly the same time\&.
.RE
.PP
\-L \fIserial\fR
.RS 4
-When writing a signed zone to 'raw' format, set the "source serial" value in the header to the specified serial number. (This is expected to be used primarily for testing purposes.)
+When writing a signed zone to \*(Aqraw\*(Aq format, set the "source serial" value in the header to the specified serial number\&. (This is expected to be used primarily for testing purposes\&.)
.RE
.PP
\-n \fIncpus\fR
.RS 4
-Specifies the number of threads to use. By default, one thread is started for each detected CPU.
+Specifies the number of threads to use\&. By default, one thread is started for each detected CPU\&.
.RE
.PP
\-N \fIsoa\-serial\-format\fR
.RS 4
-The SOA serial number format of the signed zone. Possible formats are
+The SOA serial number format of the signed zone\&. Possible formats are
\fB"keep"\fR
(default),
\fB"increment"\fR
and
-\fB"unixtime"\fR.
-.RS 4
+\fB"unixtime"\fR\&.
.PP
\fB"keep"\fR
.RS 4
-Do not modify the SOA serial number.
+Do not modify the SOA serial number\&.
.RE
.PP
\fB"increment"\fR
.RS 4
-Increment the SOA serial number using RFC 1982 arithmetics.
+Increment the SOA serial number using RFC 1982 arithmetics\&.
.RE
.PP
\fB"unixtime"\fR
.RS 4
-Set the SOA serial number to the number of seconds since epoch.
-.RE
+Set the SOA serial number to the number of seconds since epoch\&.
.RE
.RE
.PP
\-o \fIorigin\fR
.RS 4
-The zone origin. If not specified, the name of the zone file is assumed to be the origin.
+The zone origin\&. If not specified, the name of the zone file is assumed to be the origin\&.
.RE
.PP
\-O \fIoutput\-format\fR
.RS 4
-The format of the output file containing the signed zone. Possible formats are
+The format of the output file containing the signed zone\&. Possible formats are
\fB"text"\fR
(default)
\fB"full"\fR, which is text output in a format suitable for processing by external scripts, and
\fB"raw"\fR
or
\fB"raw=N"\fR, which store the zone in a binary format for rapid loading by
-\fBnamed\fR.
+\fBnamed\fR\&.
\fB"raw=N"\fR
specifies the format version of the raw zone file: if N is 0, the raw file can be read by any version of
-\fBnamed\fR; if N is 1, the file can be read by release 9.9.0 or higher. The default is 1.
+\fBnamed\fR; if N is 1, the file can be read by release 9\&.9\&.0 or higher\&. The default is 1\&.
.RE
.PP
\-p
.RS 4
-Use pseudo\-random data when signing the zone. This is faster, but less secure, than using real random data. This option may be useful when signing large zones or when the entropy source is limited.
+Use pseudo\-random data when signing the zone\&. This is faster, but less secure, than using real random data\&. This option may be useful when signing large zones or when the entropy source is limited\&.
.RE
.PP
\-P
.RS 4
-Disable post sign verification tests.
+Disable post sign verification tests\&.
.sp
-The post sign verification test ensures that for each algorithm in use there is at least one non revoked self signed KSK key, that all revoked KSK keys are self signed, and that all records in the zone are signed by the algorithm. This option skips these tests.
+The post sign verification test ensures that for each algorithm in use there is at least one non revoked self signed KSK key, that all revoked KSK keys are self signed, and that all records in the zone are signed by the algorithm\&. This option skips these tests\&.
.RE
.PP
\-Q
.RS 4
-Remove signatures from keys that are no longer active.
+Remove signatures from keys that are no longer active\&.
.sp
-Normally, when a previously\-signed zone is passed as input to the signer, and a DNSKEY record has been removed and replaced with a new one, signatures from the old key that are still within their validity period are retained. This allows the zone to continue to validate with cached copies of the old DNSKEY RRset. The
+Normally, when a previously\-signed zone is passed as input to the signer, and a DNSKEY record has been removed and replaced with a new one, signatures from the old key that are still within their validity period are retained\&. This allows the zone to continue to validate with cached copies of the old DNSKEY RRset\&. The
\fB\-Q\fR
forces
\fBdnssec\-signzone\fR
-to remove signatures from keys that are no longer active. This enables ZSK rollover using the procedure described in RFC 4641, section 4.2.1.1 ("Pre\-Publish Key Rollover").
+to remove signatures from keys that are no longer active\&. This enables ZSK rollover using the procedure described in RFC 4641, section 4\&.2\&.1\&.1 ("Pre\-Publish Key Rollover")\&.
.RE
.PP
\-R
.RS 4
-Remove signatures from keys that are no longer published.
+Remove signatures from keys that are no longer published\&.
.sp
This option is similar to
\fB\-Q\fR, except it forces
\fBdnssec\-signzone\fR
-to signatures from keys that are no longer published. This enables ZSK rollover using the procedure described in RFC 4641, section 4.2.1.2 ("Double Signature Zone Signing Key Rollover").
+to signatures from keys that are no longer published\&. This enables ZSK rollover using the procedure described in RFC 4641, section 4\&.2\&.1\&.2 ("Double Signature Zone Signing Key Rollover")\&.
.RE
.PP
\-r \fIrandomdev\fR
.RS 4
-Specifies the source of randomness. If the operating system does not provide a
-\fI/dev/random\fR
-or equivalent device, the default source of randomness is keyboard input.
-\fIrandomdev\fR
-specifies the name of a character device or file containing random data to be used instead of the default. The special value
-\fIkeyboard\fR
-indicates that keyboard input should be used.
+Specifies the source of randomness\&. If the operating system does not provide a
+/dev/random
+or equivalent device, the default source of randomness is keyboard input\&.
+randomdev
+specifies the name of a character device or file containing random data to be used instead of the default\&. The special value
+keyboard
+indicates that keyboard input should be used\&.
.RE
.PP
\-S
.RS 4
Smart signing: Instructs
\fBdnssec\-signzone\fR
-to search the key repository for keys that match the zone being signed, and to include them in the zone if appropriate.
+to search the key repository for keys that match the zone being signed, and to include them in the zone if appropriate\&.
.sp
-When a key is found, its timing metadata is examined to determine how it should be used, according to the following rules. Each successive rule takes priority over the prior ones:
-.RS 4
+When a key is found, its timing metadata is examined to determine how it should be used, according to the following rules\&. Each successive rule takes priority over the prior ones:
.PP
.RS 4
-If no timing metadata has been set for the key, the key is published in the zone and used to sign the zone.
+If no timing metadata has been set for the key, the key is published in the zone and used to sign the zone\&.
.RE
.PP
.RS 4
-If the key's publication date is set and is in the past, the key is published in the zone.
+If the key\*(Aqs publication date is set and is in the past, the key is published in the zone\&.
.RE
.PP
.RS 4
-If the key's activation date is set and in the past, the key is published (regardless of publication date) and used to sign the zone.
+If the key\*(Aqs activation date is set and in the past, the key is published (regardless of publication date) and used to sign the zone\&.
.RE
.PP
.RS 4
-If the key's revocation date is set and in the past, and the key is published, then the key is revoked, and the revoked key is used to sign the zone.
+If the key\*(Aqs revocation date is set and in the past, and the key is published, then the key is revoked, and the revoked key is used to sign the zone\&.
.RE
.PP
.RS 4
-If either of the key's unpublication or deletion dates are set and in the past, the key is NOT published or used to sign the zone, regardless of any other metadata.
-.RE
+If either of the key\*(Aqs unpublication or deletion dates are set and in the past, the key is NOT published or used to sign the zone, regardless of any other metadata\&.
.RE
.RE
.PP
\-T \fIttl\fR
.RS 4
-Specifies a TTL to be used for new DNSKEY records imported into the zone from the key repository. If not specified, the default is the TTL value from the zone's SOA record. This option is ignored when signing without
-\fB\-S\fR, since DNSKEY records are not imported from the key repository in that case. It is also ignored if there are any pre\-existing DNSKEY records at the zone apex, in which case new records' TTL values will be set to match them, or if any of the imported DNSKEY records had a default TTL value. In the event of a a conflict between TTL values in imported keys, the shortest one is used.
+Specifies a TTL to be used for new DNSKEY records imported into the zone from the key repository\&. If not specified, the default is the TTL value from the zone\*(Aqs SOA record\&. This option is ignored when signing without
+\fB\-S\fR, since DNSKEY records are not imported from the key repository in that case\&. It is also ignored if there are any pre\-existing DNSKEY records at the zone apex, in which case new records\*(Aq TTL values will be set to match them, or if any of the imported DNSKEY records had a default TTL value\&. In the event of a a conflict between TTL values in imported keys, the shortest one is used\&.
.RE
.PP
\-t
.RS 4
-Print statistics at completion.
+Print statistics at completion\&.
.RE
.PP
\-u
.RS 4
-Update NSEC/NSEC3 chain when re\-signing a previously signed zone. With this option, a zone signed with NSEC can be switched to NSEC3, or a zone signed with NSEC3 can be switch to NSEC or to NSEC3 with different parameters. Without this option,
+Update NSEC/NSEC3 chain when re\-signing a previously signed zone\&. With this option, a zone signed with NSEC can be switched to NSEC3, or a zone signed with NSEC3 can be switch to NSEC or to NSEC3 with different parameters\&. Without this option,
\fBdnssec\-signzone\fR
-will retain the existing chain when re\-signing.
+will retain the existing chain when re\-signing\&.
.RE
.PP
\-v \fIlevel\fR
.RS 4
-Sets the debugging level.
+Sets the debugging level\&.
.RE
.PP
\-x
.RS 4
-Only sign the DNSKEY RRset with key\-signing keys, and omit signatures from zone\-signing keys. (This is similar to the
+Only sign the DNSKEY RRset with key\-signing keys, and omit signatures from zone\-signing keys\&. (This is similar to the
\fBdnssec\-dnskey\-kskonly yes;\fR
zone option in
-\fBnamed\fR.)
+\fBnamed\fR\&.)
.RE
.PP
\-z
.RS 4
-Ignore KSK flag on key when determining what to sign. This causes KSK\-flagged keys to sign all records, not just the DNSKEY RRset. (This is similar to the
+Ignore KSK flag on key when determining what to sign\&. This causes KSK\-flagged keys to sign all records, not just the DNSKEY RRset\&. (This is similar to the
\fBupdate\-check\-ksk no;\fR
zone option in
-\fBnamed\fR.)
+\fBnamed\fR\&.)
.RE
.PP
\-3 \fIsalt\fR
.RS 4
-Generate an NSEC3 chain with the given hex encoded salt. A dash (\fIsalt\fR) can be used to indicate that no salt is to be used when generating the NSEC3 chain.
+Generate an NSEC3 chain with the given hex encoded salt\&. A dash (\fIsalt\fR) can be used to indicate that no salt is to be used when generating the NSEC3 chain\&.
.RE
.PP
\-H \fIiterations\fR
.RS 4
-When generating an NSEC3 chain, use this many iterations. The default is 10.
+When generating an NSEC3 chain, use this many iterations\&. The default is 10\&.
.RE
.PP
\-A
.RS 4
-When generating an NSEC3 chain set the OPTOUT flag on all NSEC3 records and do not generate NSEC3 records for insecure delegations.
+When generating an NSEC3 chain set the OPTOUT flag on all NSEC3 records and do not generate NSEC3 records for insecure delegations\&.
.sp
-Using this option twice (i.e.,
-\fB\-AA\fR) turns the OPTOUT flag off for all records. This is useful when using the
+Using this option twice (i\&.e\&.,
+\fB\-AA\fR) turns the OPTOUT flag off for all records\&. This is useful when using the
\fB\-u\fR
-option to modify an NSEC3 chain which previously had OPTOUT set.
+option to modify an NSEC3 chain which previously had OPTOUT set\&.
.RE
.PP
zonefile
.RS 4
-The file containing the zone to be signed.
+The file containing the zone to be signed\&.
.RE
.PP
key
.RS 4
-Specify which keys should be used to sign the zone. If no keys are specified, then the zone will be examined for DNSKEY records at the zone apex. If these are found and there are matching private keys, in the current directory, then these will be used for signing.
+Specify which keys should be used to sign the zone\&. If no keys are specified, then the zone will be examined for DNSKEY records at the zone apex\&. If these are found and there are matching private keys, in the current directory, then these will be used for signing\&.
.RE
.SH "EXAMPLE"
.PP
The following command signs the
-\fBexample.com\fR
+\fBexample\&.com\fR
zone with the DSA key generated by
\fBdnssec\-keygen\fR
-(Kexample.com.+003+17247). Because the
+(Kexample\&.com\&.+003+17247)\&. Because the
\fB\-S\fR
-option is not being used, the zone's keys must be in the master file (\fIdb.example.com\fR). This invocation looks for
-\fIdsset\fR
-files, in the current directory, so that DS records can be imported from them (\fB\-g\fR).
+option is not being used, the zone\*(Aqs keys must be in the master file (db\&.example\&.com)\&. This invocation looks for
+dsset
+files, in the current directory, so that DS records can be imported from them (\fB\-g\fR)\&.
.sp
+.if n \{\
.RS 4
+.\}
.nf
-% dnssec\-signzone \-g \-o example.com db.example.com \\
-Kexample.com.+003+17247
-db.example.com.signed
+% dnssec\-signzone \-g \-o example\&.com db\&.example\&.com \e
+Kexample\&.com\&.+003+17247
+db\&.example\&.com\&.signed
%
.fi
+.if n \{\
.RE
+.\}
.PP
In the above example,
\fBdnssec\-signzone\fR
creates the file
-\fIdb.example.com.signed\fR. This file should be referenced in a zone statement in a
-\fInamed.conf\fR
-file.
+db\&.example\&.com\&.signed\&. This file should be referenced in a zone statement in a
+named\&.conf
+file\&.
.PP
-This example re\-signs a previously signed zone with default parameters. The private keys are assumed to be in the current directory.
+This example re\-signs a previously signed zone with default parameters\&. The private keys are assumed to be in the current directory\&.
.sp
+.if n \{\
.RS 4
+.\}
.nf
-% cp db.example.com.signed db.example.com
-% dnssec\-signzone \-o example.com db.example.com
-db.example.com.signed
+% cp db\&.example\&.com\&.signed db\&.example\&.com
+% dnssec\-signzone \-o example\&.com db\&.example\&.com
+db\&.example\&.com\&.signed
%
.fi
+.if n \{\
.RE
+.\}
.SH "SEE ALSO"
.PP
-\fBdnssec\-keygen\fR(8),
+\fBdnssec-keygen\fR(8),
BIND 9 Administrator Reference Manual,
RFC 4033,
-RFC 4641.
+RFC 4641\&.
.SH "AUTHOR"
.PP
-Internet Systems Consortium
+\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
-Copyright \(co 2004\-2009, 2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
.br
-Copyright \(co 2000\-2003 Internet Software Consortium.
+Copyright \(co 2004-2009, 2011, 2013-2015 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000-2003 Internet Software Consortium.
.br
diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c
index 6ef8e44b9d3a..6e85fe1107dc 100644
--- a/bin/dnssec/dnssec-signzone.c
+++ b/bin/dnssec/dnssec-signzone.c
@@ -1,5 +1,5 @@
/*
- * Portions Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -1099,6 +1099,10 @@ signname(dns_dbnode_t *node, dns_name_t *name) {
dns_diff_clear(&add);
}
+/*
+ * See if the node contains any non RRSIG/NSEC records and report to
+ * caller. Clean out extranous RRSIG records for node.
+ */
static inline isc_boolean_t
active_node(dns_dbnode_t *node) {
dns_rdatasetiter_t *rdsiter = NULL;
@@ -1771,9 +1775,12 @@ nsecify(void) {
continue;
}
- if (dns_name_equal(name, gorigin))
+ if (dns_name_equal(name, gorigin)) {
remove_records(node, dns_rdatatype_nsec3param,
ISC_TRUE);
+ /* Clean old rrsigs at apex. */
+ (void)active_node(node);
+ }
if (is_delegation(gdb, gversion, gorigin, name, node, &nsttl)) {
zonecut = dns_fixedname_name(&fzonecut);
@@ -2189,8 +2196,11 @@ nsec3ify(unsigned int hashalg, dns_iterations_t iterations,
continue;
}
- if (dns_name_equal(name, gorigin))
+ if (dns_name_equal(name, gorigin)) {
remove_records(node, dns_rdatatype_nsec, ISC_TRUE);
+ /* Clean old rrsigs at apex. */
+ (void)active_node(node);
+ }
result = dns_dbiterator_next(dbiter);
nextnode = NULL;
diff --git a/bin/dnssec/dnssec-signzone.docbook b/bin/dnssec/dnssec-signzone.docbook
index 4a092112c76f..75e9b2d518da 100644
--- a/bin/dnssec/dnssec-signzone.docbook
+++ b/bin/dnssec/dnssec-signzone.docbook
@@ -1,8 +1,5 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004-2009, 2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2009, 2011, 2013-2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,9 +15,14 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<refentry id="man.dnssec-signzone">
+<!-- Converted by db4-upgrade version 1.0 -->
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.dnssec-signzone">
+ <info>
+ <date>2013-12-11</date>
+ </info>
<refentryinfo>
- <date>December 11, 2013</date>
+ <corpname>ISC</corpname>
+ <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
</refentryinfo>
<refmeta>
@@ -45,6 +47,7 @@
<year>2011</year>
<year>2013</year>
<year>2014</year>
+ <year>2015</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -57,51 +60,51 @@
</docinfo>
<refsynopsisdiv>
- <cmdsynopsis>
+ <cmdsynopsis sepchar=" ">
<command>dnssec-signzone</command>
- <arg><option>-a</option></arg>
- <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
- <arg><option>-d <replaceable class="parameter">directory</replaceable></option></arg>
- <arg><option>-D</option></arg>
- <arg><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
- <arg><option>-e <replaceable class="parameter">end-time</replaceable></option></arg>
- <arg><option>-f <replaceable class="parameter">output-file</replaceable></option></arg>
- <arg><option>-g</option></arg>
- <arg><option>-h</option></arg>
- <arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
- <arg><option>-k <replaceable class="parameter">key</replaceable></option></arg>
- <arg><option>-L <replaceable class="parameter">serial</replaceable></option></arg>
- <arg><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
- <arg><option>-i <replaceable class="parameter">interval</replaceable></option></arg>
- <arg><option>-I <replaceable class="parameter">input-format</replaceable></option></arg>
- <arg><option>-j <replaceable class="parameter">jitter</replaceable></option></arg>
- <arg><option>-N <replaceable class="parameter">soa-serial-format</replaceable></option></arg>
- <arg><option>-o <replaceable class="parameter">origin</replaceable></option></arg>
- <arg><option>-O <replaceable class="parameter">output-format</replaceable></option></arg>
- <arg><option>-P</option></arg>
- <arg><option>-p</option></arg>
- <arg><option>-R</option></arg>
- <arg><option>-r <replaceable class="parameter">randomdev</replaceable></option></arg>
- <arg><option>-S</option></arg>
- <arg><option>-s <replaceable class="parameter">start-time</replaceable></option></arg>
- <arg><option>-T <replaceable class="parameter">ttl</replaceable></option></arg>
- <arg><option>-t</option></arg>
- <arg><option>-u</option></arg>
- <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
- <arg><option>-V</option></arg>
- <arg><option>-X <replaceable class="parameter">extended end-time</replaceable></option></arg>
- <arg><option>-x</option></arg>
- <arg><option>-z</option></arg>
- <arg><option>-3 <replaceable class="parameter">salt</replaceable></option></arg>
- <arg><option>-H <replaceable class="parameter">iterations</replaceable></option></arg>
- <arg><option>-A</option></arg>
- <arg choice="req">zonefile</arg>
- <arg rep="repeat">key</arg>
+ <arg choice="opt" rep="norepeat"><option>-a</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">class</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-d <replaceable class="parameter">directory</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-D</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-e <replaceable class="parameter">end-time</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-f <replaceable class="parameter">output-file</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-g</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-h</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-k <replaceable class="parameter">key</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-L <replaceable class="parameter">serial</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-i <replaceable class="parameter">interval</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-I <replaceable class="parameter">input-format</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-j <replaceable class="parameter">jitter</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-N <replaceable class="parameter">soa-serial-format</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-o <replaceable class="parameter">origin</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-O <replaceable class="parameter">output-format</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-P</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-p</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-R</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">randomdev</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-S</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-s <replaceable class="parameter">start-time</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-T <replaceable class="parameter">ttl</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-t</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-u</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-v <replaceable class="parameter">level</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-V</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-X <replaceable class="parameter">extended end-time</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-x</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-z</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-3 <replaceable class="parameter">salt</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-H <replaceable class="parameter">iterations</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-A</option></arg>
+ <arg choice="req" rep="norepeat">zonefile</arg>
+ <arg rep="repeat" choice="opt">key</arg>
</cmdsynopsis>
</refsynopsisdiv>
- <refsect1>
- <title>DESCRIPTION</title>
+ <refsection><info><title>DESCRIPTION</title></info>
+
<para><command>dnssec-signzone</command>
signs a zone. It generates
NSEC and RRSIG records and produces a signed version of the
@@ -110,10 +113,10 @@
determined by the presence or absence of a
<filename>keyset</filename> file for each child zone.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>OPTIONS</title></info>
- <refsect1>
- <title>OPTIONS</title>
<variablelist>
<varlistentry>
@@ -387,7 +390,7 @@
<term>-L <replaceable class="parameter">serial</replaceable></term>
<listitem>
<para>
- When writing a signed zone to 'raw' format, set the "source serial"
+ When writing a signed zone to 'raw' format, set the "source serial"
value in the header to the specified serial number. (This is
expected to be used primarily for testing purposes.)
</para>
@@ -508,7 +511,7 @@
<para>
Normally, when a previously-signed zone is passed as input
to the signer, and a DNSKEY record has been removed and
- replaced with a new one, signatures from the old key
+ replaced with a new one, signatures from the old key
that are still within their validity period are retained.
This allows the zone to continue to validate with cached
copies of the old DNSKEY RRset. The <option>-Q</option>
@@ -589,7 +592,7 @@
<para>
If the key's activation date is set and in the past, the
key is published (regardless of publication date) and
- used to sign the zone.
+ used to sign the zone.
</para>
</listitem>
</varlistentry>
@@ -754,10 +757,10 @@
</varlistentry>
</variablelist>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>EXAMPLE</title></info>
- <refsect1>
- <title>EXAMPLE</title>
<para>
The following command signs the <userinput>example.com</userinput>
zone with the DSA key generated by <command>dnssec-keygen</command>
@@ -785,26 +788,16 @@ db.example.com.signed
% dnssec-signzone -o example.com db.example.com
db.example.com.signed
%</programlisting>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>SEE ALSO</title></info>
- <refsect1>
- <title>SEE ALSO</title>
<para><citerefentry>
<refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citetitle>BIND 9 Administrator Reference Manual</citetitle>,
<citetitle>RFC 4033</citetitle>, <citetitle>RFC 4641</citetitle>.
</para>
- </refsect1>
+ </refsection>
- <refsect1>
- <title>AUTHOR</title>
- <para><corpauthor>Internet Systems Consortium</corpauthor>
- </para>
- </refsect1>
-
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->
+</refentry>
diff --git a/bin/dnssec/dnssec-signzone.html b/bin/dnssec/dnssec-signzone.html
index 3995507201b6..fec6c8f76673 100644
--- a/bin/dnssec/dnssec-signzone.html
+++ b/bin/dnssec/dnssec-signzone.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2009, 2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2009, 2011, 2013-2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,14 +14,13 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>dnssec-signzone</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
<a name="man.dnssec-signzone"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -31,9 +30,9 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-P</code>] [<code class="option">-p</code>] [<code class="option">-R</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S</code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-T <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-t</code>] [<code class="option">-u</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-X <em class="replaceable"><code>extended end-time</code></em></code>] [<code class="option">-x</code>] [<code class="option">-z</code>] [<code class="option">-3 <em class="replaceable"><code>salt</code></em></code>] [<code class="option">-H <em class="replaceable"><code>iterations</code></em></code>] [<code class="option">-A</code>] {zonefile} [key...]</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543644"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">dnssec-signzone</strong></span>
+<div class="refsection">
+<a name="id-1.7"></a><h2>DESCRIPTION</h2>
+<p><span class="command"><strong>dnssec-signzone</strong></span>
signs a zone. It generates
NSEC and RRSIG records and produces a signed version of the
zone. The security status of delegations from the signed zone
@@ -42,9 +41,9 @@
<code class="filename">keyset</code> file for each child zone.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543659"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
+<div class="refsection">
+<a name="id-1.8"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-a</span></dt>
<dd><p>
Verify all generated signatures.
@@ -60,7 +59,7 @@
file in addition to
<code class="filename">dsset-<em class="replaceable"><code>zonename</code></em></code>
when signing a zone, for use by older versions of
- <span><strong class="command">dnssec-signzone</strong></span>.
+ <span class="command"><strong>dnssec-signzone</strong></span>.
</p></dd>
<dt><span class="term">-d <em class="replaceable"><code>directory</code></em></span></dt>
<dd><p>
@@ -70,11 +69,11 @@
<dt><span class="term">-D</span></dt>
<dd><p>
Output only those record types automatically managed by
- <span><strong class="command">dnssec-signzone</strong></span>, i.e. RRSIG, NSEC,
+ <span class="command"><strong>dnssec-signzone</strong></span>, i.e. RRSIG, NSEC,
NSEC3 and NSEC3PARAM records. If smart signing
(<code class="option">-S</code>) is used, DNSKEY records are also
included. The resulting file can be included in the original
- zone file with <span><strong class="command">$INCLUDE</strong></span>. This option
+ zone file with <span class="command"><strong>$INCLUDE</strong></span>. This option
cannot be combined with <code class="option">-O raw</code> or serial
number updating.
</p></dd>
@@ -163,7 +162,7 @@
<dt><span class="term">-h</span></dt>
<dd><p>
Prints a short summary of the options and arguments to
- <span><strong class="command">dnssec-signzone</strong></span>.
+ <span class="command"><strong>dnssec-signzone</strong></span>.
</p></dd>
<dt><span class="term">-V</span></dt>
<dd><p>
@@ -183,7 +182,7 @@
The default cycle interval is one quarter of the difference
between the signature end and start times. So if neither
<code class="option">end-time</code> or <code class="option">start-time</code>
- are specified, <span><strong class="command">dnssec-signzone</strong></span>
+ are specified, <span class="command"><strong>dnssec-signzone</strong></span>
generates
signatures that are valid for 30 days, with a cycle
interval of 7.5 days. Therefore, if any existing RRSIG records
@@ -194,8 +193,8 @@
<dt><span class="term">-I <em class="replaceable"><code>input-format</code></em></span></dt>
<dd><p>
The format of the input zone file.
- Possible formats are <span><strong class="command">"text"</strong></span> (default)
- and <span><strong class="command">"raw"</strong></span>.
+ Possible formats are <span class="command"><strong>"text"</strong></span> (default)
+ and <span class="command"><strong>"raw"</strong></span>.
This option is primarily intended to be used for dynamic
signed zones so that the dumped zone file in a non-text
format containing updates can be signed directly.
@@ -225,7 +224,7 @@
</dd>
<dt><span class="term">-L <em class="replaceable"><code>serial</code></em></span></dt>
<dd><p>
- When writing a signed zone to 'raw' format, set the "source serial"
+ When writing a signed zone to 'raw' format, set the "source serial"
value in the header to the specified serial number. (This is
expected to be used primarily for testing purposes.)
</p></dd>
@@ -238,17 +237,17 @@
<dd>
<p>
The SOA serial number format of the signed zone.
- Possible formats are <span><strong class="command">"keep"</strong></span> (default),
- <span><strong class="command">"increment"</strong></span> and
- <span><strong class="command">"unixtime"</strong></span>.
+ Possible formats are <span class="command"><strong>"keep"</strong></span> (default),
+ <span class="command"><strong>"increment"</strong></span> and
+ <span class="command"><strong>"unixtime"</strong></span>.
</p>
-<div class="variablelist"><dl>
-<dt><span class="term"><span><strong class="command">"keep"</strong></span></span></dt>
+<div class="variablelist"><dl class="variablelist">
+<dt><span class="term"><span class="command"><strong>"keep"</strong></span></span></dt>
<dd><p>Do not modify the SOA serial number.</p></dd>
-<dt><span class="term"><span><strong class="command">"increment"</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>"increment"</strong></span></span></dt>
<dd><p>Increment the SOA serial number using RFC 1982
arithmetics.</p></dd>
-<dt><span class="term"><span><strong class="command">"unixtime"</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>"unixtime"</strong></span></span></dt>
<dd><p>Set the SOA serial number to the number of seconds
since epoch.</p></dd>
</dl></div>
@@ -261,15 +260,15 @@
<dt><span class="term">-O <em class="replaceable"><code>output-format</code></em></span></dt>
<dd><p>
The format of the output file containing the signed zone.
- Possible formats are <span><strong class="command">"text"</strong></span> (default)
- <span><strong class="command">"full"</strong></span>, which is text output in a
+ Possible formats are <span class="command"><strong>"text"</strong></span> (default)
+ <span class="command"><strong>"full"</strong></span>, which is text output in a
format suitable for processing by external scripts,
- and <span><strong class="command">"raw"</strong></span> or <span><strong class="command">"raw=N"</strong></span>,
+ and <span class="command"><strong>"raw"</strong></span> or <span class="command"><strong>"raw=N"</strong></span>,
which store the zone in a binary format for rapid loading
- by <span><strong class="command">named</strong></span>. <span><strong class="command">"raw=N"</strong></span>
+ by <span class="command"><strong>named</strong></span>. <span class="command"><strong>"raw=N"</strong></span>
specifies the format version of the raw zone file: if N
is 0, the raw file can be read by any version of
- <span><strong class="command">named</strong></span>; if N is 1, the file can be
+ <span class="command"><strong>named</strong></span>; if N is 1, the file can be
read by release 9.9.0 or higher. The default is 1.
</p></dd>
<dt><span class="term">-p</span></dt>
@@ -300,11 +299,11 @@
<p>
Normally, when a previously-signed zone is passed as input
to the signer, and a DNSKEY record has been removed and
- replaced with a new one, signatures from the old key
+ replaced with a new one, signatures from the old key
that are still within their validity period are retained.
This allows the zone to continue to validate with cached
copies of the old DNSKEY RRset. The <code class="option">-Q</code>
- forces <span><strong class="command">dnssec-signzone</strong></span> to remove
+ forces <span class="command"><strong>dnssec-signzone</strong></span> to remove
signatures from keys that are no longer active. This
enables ZSK rollover using the procedure described in
RFC 4641, section 4.2.1.1 ("Pre-Publish Key Rollover").
@@ -317,7 +316,7 @@
</p>
<p>
This option is similar to <code class="option">-Q</code>, except it
- forces <span><strong class="command">dnssec-signzone</strong></span> to signatures from
+ forces <span class="command"><strong>dnssec-signzone</strong></span> to signatures from
keys that are no longer published. This enables ZSK rollover
using the procedure described in RFC 4641, section 4.2.1.2
("Double Signature Zone Signing Key Rollover").
@@ -338,7 +337,7 @@
<dt><span class="term">-S</span></dt>
<dd>
<p>
- Smart signing: Instructs <span><strong class="command">dnssec-signzone</strong></span> to
+ Smart signing: Instructs <span class="command"><strong>dnssec-signzone</strong></span> to
search the key repository for keys that match the zone being
signed, and to include them in the zone if appropriate.
</p>
@@ -348,7 +347,7 @@
rules. Each successive rule takes priority over the prior
ones:
</p>
-<div class="variablelist"><dl>
+<div class="variablelist"><dl class="variablelist">
<dt></dt>
<dd><p>
If no timing metadata has been set for the key, the key is
@@ -363,7 +362,7 @@
<dd><p>
If the key's activation date is set and in the past, the
key is published (regardless of publication date) and
- used to sign the zone.
+ used to sign the zone.
</p></dd>
<dt></dt>
<dd><p>
@@ -403,7 +402,7 @@
zone. With this option, a zone signed with NSEC can be
switched to NSEC3, or a zone signed with NSEC3 can
be switch to NSEC or to NSEC3 with different parameters.
- Without this option, <span><strong class="command">dnssec-signzone</strong></span> will
+ Without this option, <span class="command"><strong>dnssec-signzone</strong></span> will
retain the existing chain when re-signing.
</p></dd>
<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
@@ -414,16 +413,16 @@
<dd><p>
Only sign the DNSKEY RRset with key-signing keys, and omit
signatures from zone-signing keys. (This is similar to the
- <span><strong class="command">dnssec-dnskey-kskonly yes;</strong></span> zone option in
- <span><strong class="command">named</strong></span>.)
+ <span class="command"><strong>dnssec-dnskey-kskonly yes;</strong></span> zone option in
+ <span class="command"><strong>named</strong></span>.)
</p></dd>
<dt><span class="term">-z</span></dt>
<dd><p>
Ignore KSK flag on key when determining what to sign. This
causes KSK-flagged keys to sign all records, not just the
DNSKEY RRset. (This is similar to the
- <span><strong class="command">update-check-ksk no;</strong></span> zone option in
- <span><strong class="command">named</strong></span>.)
+ <span class="command"><strong>update-check-ksk no;</strong></span> zone option in
+ <span class="command"><strong>named</strong></span>.)
</p></dd>
<dt><span class="term">-3 <em class="replaceable"><code>salt</code></em></span></dt>
<dd><p>
@@ -464,23 +463,23 @@
</p></dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2545181"></a><h2>EXAMPLE</h2>
+<div class="refsection">
+<a name="id-1.9"></a><h2>EXAMPLE</h2>
<p>
The following command signs the <strong class="userinput"><code>example.com</code></strong>
- zone with the DSA key generated by <span><strong class="command">dnssec-keygen</strong></span>
- (Kexample.com.+003+17247). Because the <span><strong class="command">-S</strong></span> option
+ zone with the DSA key generated by <span class="command"><strong>dnssec-keygen</strong></span>
+ (Kexample.com.+003+17247). Because the <span class="command"><strong>-S</strong></span> option
is not being used, the zone's keys must be in the master file
(<code class="filename">db.example.com</code>). This invocation looks
for <code class="filename">dsset</code> files, in the current directory,
- so that DS records can be imported from them (<span><strong class="command">-g</strong></span>).
+ so that DS records can be imported from them (<span class="command"><strong>-g</strong></span>).
</p>
<pre class="programlisting">% dnssec-signzone -g -o example.com db.example.com \
Kexample.com.+003+17247
db.example.com.signed
%</pre>
<p>
- In the above example, <span><strong class="command">dnssec-signzone</strong></span> creates
+ In the above example, <span class="command"><strong>dnssec-signzone</strong></span> creates
the file <code class="filename">db.example.com.signed</code>. This
file should be referenced in a zone statement in a
<code class="filename">named.conf</code> file.
@@ -494,17 +493,12 @@ db.example.com.signed
db.example.com.signed
%</pre>
</div>
-<div class="refsect1" lang="en">
-<a name="id2545237"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.10"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 4033</em>, <em class="citetitle">RFC 4641</em>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2545265"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
- </p>
-</div>
</div></body>
</html>
diff --git a/bin/dnssec/dnssec-verify.8 b/bin/dnssec/dnssec-verify.8
index df4278333dd7..6add24745664 100644
--- a/bin/dnssec/dnssec-verify.8
+++ b/bin/dnssec/dnssec-verify.8
@@ -1,102 +1,118 @@
-.\" Copyright (C) 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
-.\"
+.\" Copyright (C) 2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
+.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
-.\"
+.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id$
-.\"
.hy 0
.ad l
-.\" Title: dnssec\-verify
+'\" t
+.\" Title: dnssec-verify
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: June 26, 2012
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 2012-06-26
.\" Manual: BIND9
-.\" Source: BIND9
+.\" Source: ISC
+.\" Language: English
.\"
-.TH "DNSSEC\-VERIFY" "8" "June 26, 2012" "BIND9" "BIND9"
+.TH "DNSSEC\-VERIFY" "8" "2012\-06\-26" "ISC" "BIND9"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
.SH "NAME"
-dnssec\-verify \- DNSSEC zone verification tool
+dnssec-verify \- DNSSEC zone verification tool
.SH "SYNOPSIS"
-.HP 14
+.HP \w'\fBdnssec\-verify\fR\ 'u
\fBdnssec\-verify\fR [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-I\ \fR\fB\fIinput\-format\fR\fR] [\fB\-o\ \fR\fB\fIorigin\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] [\fB\-x\fR] [\fB\-z\fR] {zonefile}
.SH "DESCRIPTION"
.PP
\fBdnssec\-verify\fR
-verifies that a zone is fully signed for each algorithm found in the DNSKEY RRset for the zone, and that the NSEC / NSEC3 chains are complete.
+verifies that a zone is fully signed for each algorithm found in the DNSKEY RRset for the zone, and that the NSEC / NSEC3 chains are complete\&.
.SH "OPTIONS"
.PP
\-c \fIclass\fR
.RS 4
-Specifies the DNS class of the zone.
+Specifies the DNS class of the zone\&.
.RE
.PP
\-I \fIinput\-format\fR
.RS 4
-The format of the input zone file. Possible formats are
+The format of the input zone file\&. Possible formats are
\fB"text"\fR
(default) and
-\fB"raw"\fR. This option is primarily intended to be used for dynamic signed zones so that the dumped zone file in a non\-text format containing updates can be verified independently. The use of this option does not make much sense for non\-dynamic zones.
+\fB"raw"\fR\&. This option is primarily intended to be used for dynamic signed zones so that the dumped zone file in a non\-text format containing updates can be verified independently\&. The use of this option does not make much sense for non\-dynamic zones\&.
.RE
.PP
\-o \fIorigin\fR
.RS 4
-The zone origin. If not specified, the name of the zone file is assumed to be the origin.
+The zone origin\&. If not specified, the name of the zone file is assumed to be the origin\&.
.RE
.PP
\-v \fIlevel\fR
.RS 4
-Sets the debugging level.
+Sets the debugging level\&.
.RE
.PP
\-V
.RS 4
-Prints version information.
+Prints version information\&.
.RE
.PP
\-x
.RS 4
-Only verify that the DNSKEY RRset is signed with key\-signing keys. Without this flag, it is assumed that the DNSKEY RRset will be signed by all active keys. When this flag is set, it will not be an error if the DNSKEY RRset is not signed by zone\-signing keys. This corresponds to the
+Only verify that the DNSKEY RRset is signed with key\-signing keys\&. Without this flag, it is assumed that the DNSKEY RRset will be signed by all active keys\&. When this flag is set, it will not be an error if the DNSKEY RRset is not signed by zone\-signing keys\&. This corresponds to the
\fB\-x\fR
option in
-\fBdnssec\-signzone\fR.
+\fBdnssec\-signzone\fR\&.
.RE
.PP
\-z
.RS 4
-Ignore the KSK flag on the keys when determining whether the zone if correctly signed. Without this flag it is assumed that there will be a non\-revoked, self\-signed DNSKEY with the KSK flag set for each algorithm and that RRsets other than DNSKEY RRset will be signed with a different DNSKEY without the KSK flag set.
+Ignore the KSK flag on the keys when determining whether the zone if correctly signed\&. Without this flag it is assumed that there will be a non\-revoked, self\-signed DNSKEY with the KSK flag set for each algorithm and that RRsets other than DNSKEY RRset will be signed with a different DNSKEY without the KSK flag set\&.
.sp
-With this flag set, we only require that for each algorithm, there will be at least one non\-revoked, self\-signed DNSKEY, regardless of the KSK flag state, and that other RRsets will be signed by a non\-revoked key for the same algorithm that includes the self\-signed key; the same key may be used for both purposes. This corresponds to the
+With this flag set, we only require that for each algorithm, there will be at least one non\-revoked, self\-signed DNSKEY, regardless of the KSK flag state, and that other RRsets will be signed by a non\-revoked key for the same algorithm that includes the self\-signed key; the same key may be used for both purposes\&. This corresponds to the
\fB\-z\fR
option in
-\fBdnssec\-signzone\fR.
+\fBdnssec\-signzone\fR\&.
.RE
.PP
zonefile
.RS 4
-The file containing the zone to be signed.
+The file containing the zone to be signed\&.
.RE
.SH "SEE ALSO"
.PP
-\fBdnssec\-signzone\fR(8),
+\fBdnssec-signzone\fR(8),
BIND 9 Administrator Reference Manual,
-RFC 4033.
+RFC 4033\&.
.SH "AUTHOR"
.PP
-Internet Systems Consortium
+\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
-Copyright \(co 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.br
diff --git a/bin/dnssec/dnssec-verify.docbook b/bin/dnssec/dnssec-verify.docbook
index d3c47c9c15a6..22f88998d31c 100644
--- a/bin/dnssec/dnssec-verify.docbook
+++ b/bin/dnssec/dnssec-verify.docbook
@@ -1,8 +1,5 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -17,9 +14,14 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<refentry id="man.dnssec-verify">
+<!-- Converted by db4-upgrade version 1.0 -->
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.dnssec-verify">
+ <info>
+ <date>2012-06-26</date>
+ </info>
<refentryinfo>
- <date>June 26, 2012</date>
+ <corpname>ISC</corpname>
+ <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
</refentryinfo>
<refmeta>
@@ -37,36 +39,37 @@
<copyright>
<year>2012</year>
<year>2014</year>
+ <year>2015</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
<refsynopsisdiv>
- <cmdsynopsis>
+ <cmdsynopsis sepchar=" ">
<command>dnssec-verify</command>
- <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
- <arg><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
- <arg><option>-I <replaceable class="parameter">input-format</replaceable></option></arg>
- <arg><option>-o <replaceable class="parameter">origin</replaceable></option></arg>
- <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
- <arg><option>-V</option></arg>
- <arg><option>-x</option></arg>
- <arg><option>-z</option></arg>
- <arg choice="req">zonefile</arg>
+ <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">class</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-I <replaceable class="parameter">input-format</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-o <replaceable class="parameter">origin</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-v <replaceable class="parameter">level</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-V</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-x</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-z</option></arg>
+ <arg choice="req" rep="norepeat">zonefile</arg>
</cmdsynopsis>
</refsynopsisdiv>
- <refsect1>
- <title>DESCRIPTION</title>
+ <refsection><info><title>DESCRIPTION</title></info>
+
<para><command>dnssec-verify</command>
verifies that a zone is fully signed for each algorithm found
in the DNSKEY RRset for the zone, and that the NSEC / NSEC3
chains are complete.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>OPTIONS</title></info>
- <refsect1>
- <title>OPTIONS</title>
<variablelist>
<varlistentry>
@@ -169,10 +172,10 @@
</varlistentry>
</variablelist>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>SEE ALSO</title></info>
- <refsect1>
- <title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
@@ -180,16 +183,6 @@
<citetitle>BIND 9 Administrator Reference Manual</citetitle>,
<citetitle>RFC 4033</citetitle>.
</para>
- </refsect1>
+ </refsection>
- <refsect1>
- <title>AUTHOR</title>
- <para><corpauthor>Internet Systems Consortium</corpauthor>
- </para>
- </refsect1>
-
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->
+</refentry>
diff --git a/bin/dnssec/dnssec-verify.html b/bin/dnssec/dnssec-verify.html
index 8e237668992a..b973634e054b 100644
--- a/bin/dnssec/dnssec-verify.html
+++ b/bin/dnssec/dnssec-verify.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -13,14 +13,13 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>dnssec-verify</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
<a name="man.dnssec-verify"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -30,17 +29,17 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">dnssec-verify</code> [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-x</code>] [<code class="option">-z</code>] {zonefile}</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543405"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">dnssec-verify</strong></span>
+<div class="refsection">
+<a name="id-1.7"></a><h2>DESCRIPTION</h2>
+<p><span class="command"><strong>dnssec-verify</strong></span>
verifies that a zone is fully signed for each algorithm found
in the DNSKEY RRset for the zone, and that the NSEC / NSEC3
chains are complete.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543417"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
+<div class="refsection">
+<a name="id-1.8"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
<dd><p>
Specifies the DNS class of the zone.
@@ -48,8 +47,8 @@
<dt><span class="term">-I <em class="replaceable"><code>input-format</code></em></span></dt>
<dd><p>
The format of the input zone file.
- Possible formats are <span><strong class="command">"text"</strong></span> (default)
- and <span><strong class="command">"raw"</strong></span>.
+ Possible formats are <span class="command"><strong>"text"</strong></span> (default)
+ and <span class="command"><strong>"raw"</strong></span>.
This option is primarily intended to be used for dynamic
signed zones so that the dumped zone file in a non-text
format containing updates can be verified independently.
@@ -76,7 +75,7 @@
will be signed by all active keys. When this flag is set,
it will not be an error if the DNSKEY RRset is not signed
by zone-signing keys. This corresponds to the <code class="option">-x</code>
- option in <span><strong class="command">dnssec-signzone</strong></span>.
+ option in <span class="command"><strong>dnssec-signzone</strong></span>.
</p></dd>
<dt><span class="term">-z</span></dt>
<dd>
@@ -95,7 +94,7 @@
will be signed by a non-revoked key for the same algorithm
that includes the self-signed key; the same key may be used
for both purposes. This corresponds to the <code class="option">-z</code>
- option in <span><strong class="command">dnssec-signzone</strong></span>.
+ option in <span class="command"><strong>dnssec-signzone</strong></span>.
</p>
</dd>
<dt><span class="term">zonefile</span></dt>
@@ -104,18 +103,13 @@
</p></dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543640"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.9"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 4033</em>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543666"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
- </p>
-</div>
</div></body>
</html>
diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in
index 1d4a365d552f..3af6d83b83c9 100644
--- a/bin/named/Makefile.in
+++ b/bin/named/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2002 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -19,7 +19,7 @@ srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
@BIND9_PRODUCT@
diff --git a/bin/named/client.c b/bin/named/client.c
index de2d596c8832..9ad78be84f66 100644
--- a/bin/named/client.c
+++ b/bin/named/client.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -953,6 +953,12 @@ ns_client_send(ns_client_t *client) {
else if (client->view->preferred_glue == dns_rdatatype_aaaa)
preferred_glue = DNS_MESSAGERENDER_PREFER_AAAA;
}
+ if (preferred_glue == 0) {
+ if (isc_sockaddr_pf(&client->peeraddr) == AF_INET)
+ preferred_glue = DNS_MESSAGERENDER_PREFER_A;
+ else
+ preferred_glue = DNS_MESSAGERENDER_PREFER_AAAA;
+ }
#ifdef ALLOW_FILTER_AAAA_ON_V4
/*
@@ -1194,7 +1200,7 @@ ns_client_error(ns_client_t *client, isc_result_t result) {
*/
if (wouldlog) {
ns_client_log(client,
- NS_LOGCATEGORY_QUERY_EERRORS,
+ NS_LOGCATEGORY_QUERY_ERRORS,
NS_LOGMODULE_CLIENT,
loglevel,
"%s", log_buf);
@@ -1666,7 +1672,7 @@ client_request(isc_task_t *task, isc_event_t *event) {
(void)client_addopt(client);
ns_client_log(client, NS_LOGCATEGORY_CLIENT,
- NS_LOGMODULE_CLIENT, ISC_LOG_WARNING,
+ NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(1),
"message parsing failed: %s",
isc_result_totext(result));
ns_client_error(client, result);
diff --git a/bin/named/config.c b/bin/named/config.c
index cab6f1fd0db8..4798272ac353 100644
--- a/bin/named/config.c
+++ b/bin/named/config.c
@@ -103,9 +103,9 @@ options {\n\
transfers-per-ns 2;\n\
transfers-in 10;\n\
transfers-out 10;\n\
- treat-cr-as-space true;\n\
- use-id-pool true;\n\
- use-ixfr true;\n\
+# treat-cr-as-space <obsolete>;\n\
+# use-id-pool <obsolete>;\n\
+# use-ixfr <obsolete>;\n\
edns-udp-size 4096;\n\
max-udp-size 4096;\n\
request-nsid false;\n\
diff --git a/bin/named/control.c b/bin/named/control.c
index 37e3a38437b3..b1b744f2ceab 100644
--- a/bin/named/control.c
+++ b/bin/named/control.c
@@ -24,6 +24,7 @@
#include <isc/app.h>
#include <isc/event.h>
+#include <isc/lex.h>
#include <isc/mem.h>
#include <isc/string.h>
#include <isc/timer.h>
@@ -36,6 +37,7 @@
#include <isccc/result.h>
#include <named/control.h>
+#include <named/globals.h>
#include <named/log.h>
#include <named/os.h>
#include <named/server.h>
@@ -43,15 +45,30 @@
#include <named/ns_smf_globals.h>
#endif
-static isc_boolean_t
-command_compare(const char *text, const char *command) {
- unsigned int commandlen = strlen(command);
- if (strncasecmp(text, command, commandlen) == 0 &&
- (text[commandlen] == '\0' ||
- text[commandlen] == ' ' ||
- text[commandlen] == '\t'))
- return (ISC_TRUE);
- return (ISC_FALSE);
+static isc_result_t
+getcommand(isc_lex_t *lex, char **cmdp) {
+ isc_result_t result;
+ isc_token_t token;
+
+ REQUIRE(cmdp != NULL && *cmdp == NULL);
+
+ result = isc_lex_gettoken(lex, ISC_LEXOPT_EOF, &token);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ isc_lex_ungettoken(lex, &token);
+
+ if (token.type != isc_tokentype_string)
+ return (ISC_R_FAILURE);
+
+ *cmdp = token.value.as_textregion.base;
+
+ return (ISC_R_SUCCESS);
+}
+
+static inline isc_boolean_t
+command_compare(const char *str, const char *command) {
+ return ISC_TF(strcasecmp(str, command) == 0);
}
/*%
@@ -61,9 +78,12 @@ command_compare(const char *text, const char *command) {
isc_result_t
ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
isccc_sexpr_t *data;
+ char *cmdline = NULL;
char *command = NULL;
isc_result_t result;
int log_level;
+ isc_buffer_t src;
+ isc_lex_t *lex = NULL;
#ifdef HAVE_LIBSCF
ns_smf_want_disable = 0;
#endif
@@ -76,7 +96,7 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
return (ISC_R_FAILURE);
}
- result = isccc_cc_lookupstring(data, "type", &command);
+ result = isccc_cc_lookupstring(data, "type", &cmdline);
if (result != ISC_R_SUCCESS) {
/*
* We have no idea what this is.
@@ -84,6 +104,20 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
return (result);
}
+ result = isc_lex_create(ns_g_mctx, strlen(cmdline), &lex);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ isc_buffer_init(&src, cmdline, strlen(cmdline));
+ isc_buffer_add(&src, strlen(cmdline));
+ result = isc_lex_openbuffer(lex, &src);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+
+ result = getcommand(lex, &command);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+
/*
* Compare the 'command' parameter against all known control commands.
*/
@@ -93,20 +127,21 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
} else {
log_level = ISC_LOG_INFO;
}
+
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_CONTROL, log_level,
"received control channel command '%s'",
command);
if (command_compare(command, NS_COMMAND_RELOAD)) {
- result = ns_server_reloadcommand(ns_g_server, command, text);
+ result = ns_server_reloadcommand(ns_g_server, lex, text);
} else if (command_compare(command, NS_COMMAND_RECONFIG)) {
result = ns_server_reconfigcommand(ns_g_server);
} else if (command_compare(command, NS_COMMAND_REFRESH)) {
- result = ns_server_refreshcommand(ns_g_server, command, text);
+ result = ns_server_refreshcommand(ns_g_server, lex, text);
} else if (command_compare(command, NS_COMMAND_RETRANSFER)) {
result = ns_server_retransfercommand(ns_g_server,
- command, text);
+ lex, text);
} else if (command_compare(command, NS_COMMAND_HALT)) {
#ifdef HAVE_LIBSCF
/*
@@ -116,7 +151,7 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
*/
if (ns_smf_got_instance == 1 && ns_smf_chroot == 1) {
result = ns_smf_add_message(text);
- return (result);
+ goto cleanup;
}
/*
* If we are managed by smf(5) but not in chroot,
@@ -132,7 +167,7 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
#endif
/* Do not flush master files */
ns_server_flushonshutdown(ns_g_server, ISC_FALSE);
- ns_os_shutdownmsg(command, text);
+ ns_os_shutdownmsg(cmdline, text);
isc_app_shutdown();
result = ISC_R_SUCCESS;
} else if (command_compare(command, NS_COMMAND_STOP)) {
@@ -143,51 +178,51 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
#ifdef HAVE_LIBSCF
if (ns_smf_got_instance == 1 && ns_smf_chroot == 1) {
result = ns_smf_add_message(text);
- return (result);
+ goto cleanup;
}
if (ns_smf_got_instance == 1 && ns_smf_chroot == 0)
ns_smf_want_disable = 1;
#endif
ns_server_flushonshutdown(ns_g_server, ISC_TRUE);
- ns_os_shutdownmsg(command, text);
+ ns_os_shutdownmsg(cmdline, text);
isc_app_shutdown();
result = ISC_R_SUCCESS;
} else if (command_compare(command, NS_COMMAND_DUMPSTATS)) {
result = ns_server_dumpstats(ns_g_server);
} else if (command_compare(command, NS_COMMAND_QUERYLOG)) {
- result = ns_server_togglequerylog(ns_g_server, command);
+ result = ns_server_togglequerylog(ns_g_server, lex);
} else if (command_compare(command, NS_COMMAND_DUMPDB)) {
- ns_server_dumpdb(ns_g_server, command);
+ ns_server_dumpdb(ns_g_server, lex);
result = ISC_R_SUCCESS;
} else if (command_compare(command, NS_COMMAND_SECROOTS)) {
- result = ns_server_dumpsecroots(ns_g_server, command);
+ result = ns_server_dumpsecroots(ns_g_server, lex);
} else if (command_compare(command, NS_COMMAND_TRACE)) {
- result = ns_server_setdebuglevel(ns_g_server, command);
+ result = ns_server_setdebuglevel(ns_g_server, lex);
} else if (command_compare(command, NS_COMMAND_NOTRACE)) {
ns_g_debuglevel = 0;
isc_log_setdebuglevel(ns_g_lctx, ns_g_debuglevel);
result = ISC_R_SUCCESS;
} else if (command_compare(command, NS_COMMAND_FLUSH)) {
- result = ns_server_flushcache(ns_g_server, command);
+ result = ns_server_flushcache(ns_g_server, lex);
} else if (command_compare(command, NS_COMMAND_FLUSHNAME)) {
- result = ns_server_flushnode(ns_g_server, command, ISC_FALSE);
+ result = ns_server_flushnode(ns_g_server, lex, ISC_FALSE);
} else if (command_compare(command, NS_COMMAND_FLUSHTREE)) {
- result = ns_server_flushnode(ns_g_server, command, ISC_TRUE);
+ result = ns_server_flushnode(ns_g_server, lex, ISC_TRUE);
} else if (command_compare(command, NS_COMMAND_STATUS)) {
result = ns_server_status(ns_g_server, text);
} else if (command_compare(command, NS_COMMAND_TSIGLIST)) {
result = ns_server_tsiglist(ns_g_server, text);
} else if (command_compare(command, NS_COMMAND_TSIGDELETE)) {
- result = ns_server_tsigdelete(ns_g_server, command, text);
+ result = ns_server_tsigdelete(ns_g_server, lex, text);
} else if (command_compare(command, NS_COMMAND_FREEZE)) {
- result = ns_server_freeze(ns_g_server, ISC_TRUE, command,
+ result = ns_server_freeze(ns_g_server, ISC_TRUE, lex,
text);
} else if (command_compare(command, NS_COMMAND_UNFREEZE) ||
command_compare(command, NS_COMMAND_THAW)) {
- result = ns_server_freeze(ns_g_server, ISC_FALSE, command,
+ result = ns_server_freeze(ns_g_server, ISC_FALSE, lex,
text);
} else if (command_compare(command, NS_COMMAND_SYNC)) {
- result = ns_server_sync(ns_g_server, command, text);
+ result = ns_server_sync(ns_g_server, lex, text);
} else if (command_compare(command, NS_COMMAND_RECURSING)) {
result = ns_server_dumprecursing(ns_g_server);
} else if (command_compare(command, NS_COMMAND_TIMERPOKE)) {
@@ -196,18 +231,18 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
} else if (command_compare(command, NS_COMMAND_NULL)) {
result = ISC_R_SUCCESS;
} else if (command_compare(command, NS_COMMAND_NOTIFY)) {
- result = ns_server_notifycommand(ns_g_server, command, text);
+ result = ns_server_notifycommand(ns_g_server, lex, text);
} else if (command_compare(command, NS_COMMAND_VALIDATION)) {
- result = ns_server_validation(ns_g_server, command);
+ result = ns_server_validation(ns_g_server, lex);
} else if (command_compare(command, NS_COMMAND_SIGN) ||
command_compare(command, NS_COMMAND_LOADKEYS)) {
- result = ns_server_rekey(ns_g_server, command, text);
+ result = ns_server_rekey(ns_g_server, lex, text);
} else if (command_compare(command, NS_COMMAND_ADDZONE)) {
- result = ns_server_add_zone(ns_g_server, command, text);
+ result = ns_server_add_zone(ns_g_server, cmdline, text);
} else if (command_compare(command, NS_COMMAND_DELZONE)) {
- result = ns_server_del_zone(ns_g_server, command, text);
+ result = ns_server_del_zone(ns_g_server, lex, text);
} else if (command_compare(command, NS_COMMAND_SIGNING)) {
- result = ns_server_signing(ns_g_server, command, text);
+ result = ns_server_signing(ns_g_server, lex, text);
} else {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_CONTROL, ISC_LOG_WARNING,
@@ -216,5 +251,9 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
result = DNS_R_UNKNOWNCOMMAND;
}
+ cleanup:
+ if (lex != NULL)
+ isc_lex_destroy(&lex);
+
return (result);
}
diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c
index ddb7000ca7aa..afe4a801f999 100644
--- a/bin/named/controlconf.c
+++ b/bin/named/controlconf.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2008, 2011-2014, 2016 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2008, 2011-2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -539,6 +539,10 @@ newconnection(controllistener_t *listener, isc_socket_t *sock) {
conn->sock = sock;
isccc_ccmsg_init(listener->mctx, sock, &conn->ccmsg);
+
+ /* Set a 32 KiB upper limit on incoming message. */
+ isccc_ccmsg_setmaxsize(&conn->ccmsg, 32768);
+
conn->ccmsg_valid = ISC_TRUE;
conn->sending = ISC_FALSE;
conn->timer = NULL;
diff --git a/bin/named/include/named/log.h b/bin/named/include/named/log.h
index 032743acbfb2..adc9ae2897dc 100644
--- a/bin/named/include/named/log.h
+++ b/bin/named/include/named/log.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2009, 2015 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -36,7 +36,7 @@
#define NS_LOGCATEGORY_QUERIES (&ns_g_categories[4])
#define NS_LOGCATEGORY_UNMATCHED (&ns_g_categories[5])
#define NS_LOGCATEGORY_UPDATE_SECURITY (&ns_g_categories[6])
-#define NS_LOGCATEGORY_QUERY_EERRORS (&ns_g_categories[7])
+#define NS_LOGCATEGORY_QUERY_ERRORS (&ns_g_categories[7])
/*
* Backwards compatibility.
diff --git a/bin/named/include/named/query.h b/bin/named/include/named/query.h
index 444729a98f77..312602dc805f 100644
--- a/bin/named/include/named/query.h
+++ b/bin/named/include/named/query.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2010, 2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2010, 2011, 2013, 2014, 2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -46,6 +46,7 @@ struct ns_query {
isc_boolean_t timerset;
dns_name_t * qname;
dns_name_t * origqname;
+ dns_rdatatype_t qtype;
unsigned int dboptions;
unsigned int fetchoptions;
dns_db_t * gluedb;
diff --git a/bin/named/include/named/server.h b/bin/named/include/named/server.h
index a3696f1614c1..3cb4674a9f29 100644
--- a/bin/named/include/named/server.h
+++ b/bin/named/include/named/server.h
@@ -15,8 +15,6 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id$ */
-
#ifndef NAMED_SERVER_H
#define NAMED_SERVER_H 1
@@ -223,7 +221,8 @@ ns_server_flushonshutdown(ns_server_t *server, isc_boolean_t flush);
*/
isc_result_t
-ns_server_reloadcommand(ns_server_t *server, char *args, isc_buffer_t *text);
+ns_server_reloadcommand(ns_server_t *server, isc_lex_t *lex,
+ isc_buffer_t *text);
/*%<
* Act on a "reload" command from the command channel.
*/
@@ -235,26 +234,28 @@ ns_server_reconfigcommand(ns_server_t *server);
*/
isc_result_t
-ns_server_notifycommand(ns_server_t *server, char *args, isc_buffer_t *text);
+ns_server_notifycommand(ns_server_t *server, isc_lex_t *lex,
+ isc_buffer_t *text);
/*%<
* Act on a "notify" command from the command channel.
*/
isc_result_t
-ns_server_refreshcommand(ns_server_t *server, char *args, isc_buffer_t *text);
+ns_server_refreshcommand(ns_server_t *server, isc_lex_t *lex,
+ isc_buffer_t *text);
/*%<
* Act on a "refresh" command from the command channel.
*/
isc_result_t
-ns_server_retransfercommand(ns_server_t *server, char *args,
+ns_server_retransfercommand(ns_server_t *server, isc_lex_t *lex,
isc_buffer_t *text);
/*%<
* Act on a "retransfer" command from the command channel.
*/
isc_result_t
-ns_server_togglequerylog(ns_server_t *server, char *args);
+ns_server_togglequerylog(ns_server_t *server, isc_lex_t *lex);
/*%<
* Enable/disable logging of queries. (Takes "yes" or "no" argument,
* but can also be used as a toggle for backward comptibility.)
@@ -270,25 +271,25 @@ ns_server_dumpstats(ns_server_t *server);
* Dump the current cache to the dump file.
*/
isc_result_t
-ns_server_dumpdb(ns_server_t *server, char *args);
+ns_server_dumpdb(ns_server_t *server, isc_lex_t *lex);
/*%
* Dump the current security roots to the secroots file.
*/
isc_result_t
-ns_server_dumpsecroots(ns_server_t *server, char *args);
+ns_server_dumpsecroots(ns_server_t *server, isc_lex_t *lex);
/*%
* Change or increment the server debug level.
*/
isc_result_t
-ns_server_setdebuglevel(ns_server_t *server, char *args);
+ns_server_setdebuglevel(ns_server_t *server, isc_lex_t *lex);
/*%
* Flush the server's cache(s)
*/
isc_result_t
-ns_server_flushcache(ns_server_t *server, char *args);
+ns_server_flushcache(ns_server_t *server, isc_lex_t *lex);
/*%
* Flush a particular name from the server's cache. If 'tree' is false,
@@ -296,7 +297,8 @@ ns_server_flushcache(ns_server_t *server, char *args);
* flush all the names under the specified name.
*/
isc_result_t
-ns_server_flushnode(ns_server_t *server, char *args, isc_boolean_t tree);
+ns_server_flushnode(ns_server_t *server, isc_lex_t *lex,
+ isc_boolean_t tree);
/*%
* Report the server's status.
@@ -314,20 +316,21 @@ ns_server_tsiglist(ns_server_t *server, isc_buffer_t *text);
* Delete a specific key (with optional view).
*/
isc_result_t
-ns_server_tsigdelete(ns_server_t *server, char *command, isc_buffer_t *text);
+ns_server_tsigdelete(ns_server_t *server, isc_lex_t *lex,
+ isc_buffer_t *text);
/*%
* Enable or disable updates for a zone.
*/
isc_result_t
-ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args,
- isc_buffer_t *text);
+ns_server_freeze(ns_server_t *server, isc_boolean_t freeze,
+ isc_lex_t *lex, isc_buffer_t *text);
/*%
* Dump zone updates to disk, optionally removing the journal file
*/
isc_result_t
-ns_server_sync(ns_server_t *server, char *args, isc_buffer_t *text);
+ns_server_sync(ns_server_t *server, isc_lex_t *lex, isc_buffer_t *text);
/*%
* Update a zone's DNSKEY set from the key repository. If
@@ -337,7 +340,7 @@ ns_server_sync(ns_server_t *server, char *args, isc_buffer_t *text);
* take place incrementally.
*/
isc_result_t
-ns_server_rekey(ns_server_t *server, char *args, isc_buffer_t *text);
+ns_server_rekey(ns_server_t *server, isc_lex_t *lex, isc_buffer_t *text);
/*%
* Dump the current recursive queries.
@@ -355,7 +358,7 @@ ns_add_reserved_dispatch(ns_server_t *server, const isc_sockaddr_t *addr);
* Enable or disable dnssec validation.
*/
isc_result_t
-ns_server_validation(ns_server_t *server, char *args);
+ns_server_validation(ns_server_t *server, isc_lex_t *lex);
/*%
* Add a zone to a running process
@@ -367,11 +370,11 @@ ns_server_add_zone(ns_server_t *server, char *args, isc_buffer_t *text);
* Deletes a zone from a running process
*/
isc_result_t
-ns_server_del_zone(ns_server_t *server, char *args, isc_buffer_t *text);
+ns_server_del_zone(ns_server_t *server, isc_lex_t *lex, isc_buffer_t *text);
/*%
* Lists the status of the signing records for a given zone.
*/
isc_result_t
-ns_server_signing(ns_server_t *server, char *args, isc_buffer_t *text);
+ns_server_signing(ns_server_t *server, isc_lex_t *lex, isc_buffer_t *text);
#endif /* NAMED_SERVER_H */
diff --git a/bin/named/lwdgrbn.c b/bin/named/lwdgrbn.c
index 3e7b15bbdbbf..85dbafdc21d6 100644
--- a/bin/named/lwdgrbn.c
+++ b/bin/named/lwdgrbn.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007, 2009, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2009, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -184,7 +184,7 @@ iterate_node(lwres_grbnresponse_t *grbn, dns_db_t *db, dns_dbnode_t *node,
if (oldlens != NULL)
isc_mem_put(mctx, oldlens, oldsize * sizeof(*oldlens));
if (newrdatas != NULL)
- isc_mem_put(mctx, newrdatas, used * sizeof(*oldrdatas));
+ isc_mem_put(mctx, newrdatas, used * sizeof(*newrdatas));
return (result);
}
@@ -403,14 +403,18 @@ start_lookup(ns_lwdclient_t *client) {
INSIST(client->lookup == NULL);
dns_fixedname_init(&absname);
- result = ns_lwsearchctx_current(&client->searchctx,
- dns_fixedname_name(&absname));
+
/*
- * This will return failure if relative name + suffix is too long.
- * In this case, just go on to the next entry in the search path.
+ * Perform search across all search domains until success
+ * is returned. Return in case of failure.
*/
- if (result != ISC_R_SUCCESS)
- start_lookup(client);
+ while (ns_lwsearchctx_current(&client->searchctx,
+ dns_fixedname_name(&absname)) != ISC_R_SUCCESS) {
+ if (ns_lwsearchctx_next(&client->searchctx) != ISC_R_SUCCESS) {
+ ns_lwdclient_errorpktsend(client, LWRES_R_FAILURE);
+ return;
+ }
+ }
result = dns_lookup_create(cm->mctx,
dns_fixedname_name(&absname),
diff --git a/bin/named/lwresd.8 b/bin/named/lwresd.8
index 400e8a7e531b..5c209ea057d0 100644
--- a/bin/named/lwresd.8
+++ b/bin/named/lwresd.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007-2009, 2014 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007-2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,70 +13,85 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id$
-.\"
.hy 0
.ad l
+'\" t
.\" Title: lwresd
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: January 20, 2009
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 2009-01-20
.\" Manual: BIND9
-.\" Source: BIND9
+.\" Source: ISC
+.\" Language: English
.\"
-.TH "LWRESD" "8" "January 20, 2009" "BIND9" "BIND9"
+.TH "LWRESD" "8" "2009\-01\-20" "ISC" "BIND9"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
.SH "NAME"
lwresd \- lightweight resolver daemon
.SH "SYNOPSIS"
-.HP 7
+.HP \w'\fBlwresd\fR\ 'u
\fBlwresd\fR [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-C\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-i\ \fR\fB\fIpid\-file\fR\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-P\ \fR\fB\fIport\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] [\fB\-4\fR] [\fB\-6\fR]
.SH "DESCRIPTION"
.PP
\fBlwresd\fR
-is the daemon providing name lookup services to clients that use the BIND 9 lightweight resolver library. It is essentially a stripped\-down, caching\-only name server that answers queries using the BIND 9 lightweight resolver protocol rather than the DNS protocol.
+is the daemon providing name lookup services to clients that use the BIND 9 lightweight resolver library\&. It is essentially a stripped\-down, caching\-only name server that answers queries using the BIND 9 lightweight resolver protocol rather than the DNS protocol\&.
.PP
\fBlwresd\fR
-listens for resolver queries on a UDP port on the IPv4 loopback interface, 127.0.0.1. This means that
+listens for resolver queries on a UDP port on the IPv4 loopback interface, 127\&.0\&.0\&.1\&. This means that
\fBlwresd\fR
-can only be used by processes running on the local machine. By default, UDP port number 921 is used for lightweight resolver requests and responses.
+can only be used by processes running on the local machine\&. By default, UDP port number 921 is used for lightweight resolver requests and responses\&.
.PP
-Incoming lightweight resolver requests are decoded by the server which then resolves them using the DNS protocol. When the DNS lookup completes,
+Incoming lightweight resolver requests are decoded by the server which then resolves them using the DNS protocol\&. When the DNS lookup completes,
\fBlwresd\fR
-encodes the answers in the lightweight resolver format and returns them to the client that made the request.
+encodes the answers in the lightweight resolver format and returns them to the client that made the request\&.
.PP
If
-\fI/etc/resolv.conf\fR
+/etc/resolv\&.conf
contains any
\fBnameserver\fR
entries,
\fBlwresd\fR
-sends recursive DNS queries to those servers. This is similar to the use of forwarders in a caching name server. If no
+sends recursive DNS queries to those servers\&. This is similar to the use of forwarders in a caching name server\&. If no
\fBnameserver\fR
entries are present, or if forwarding fails,
\fBlwresd\fR
-resolves the queries autonomously starting at the root name servers, using a built\-in list of root server hints.
+resolves the queries autonomously starting at the root name servers, using a built\-in list of root server hints\&.
.SH "OPTIONS"
.PP
\-4
.RS 4
-Use IPv4 only even if the host machine is capable of IPv6.
+Use IPv4 only even if the host machine is capable of IPv6\&.
\fB\-4\fR
and
\fB\-6\fR
-are mutually exclusive.
+are mutually exclusive\&.
.RE
.PP
\-6
.RS 4
-Use IPv6 only even if the host machine is capable of IPv4.
+Use IPv6 only even if the host machine is capable of IPv4\&.
\fB\-4\fR
and
\fB\-6\fR
-are mutually exclusive.
+are mutually exclusive\&.
.RE
.PP
\-c \fIconfig\-file\fR
@@ -84,10 +99,10 @@ are mutually exclusive.
Use
\fIconfig\-file\fR
as the configuration file instead of the default,
-\fI/etc/lwresd.conf\fR.
+/etc/lwresd\&.conf\&.
\fB\-c\fR
can not be used with
-\fB\-C\fR.
+\fB\-C\fR\&.
.RE
.PP
\-C \fIconfig\-file\fR
@@ -95,29 +110,29 @@ can not be used with
Use
\fIconfig\-file\fR
as the configuration file instead of the default,
-\fI/etc/resolv.conf\fR.
+/etc/resolv\&.conf\&.
\fB\-C\fR
can not be used with
-\fB\-c\fR.
+\fB\-c\fR\&.
.RE
.PP
\-d \fIdebug\-level\fR
.RS 4
-Set the daemon's debug level to
-\fIdebug\-level\fR. Debugging traces from
+Set the daemon\*(Aqs debug level to
+\fIdebug\-level\fR\&. Debugging traces from
\fBlwresd\fR
-become more verbose as the debug level increases.
+become more verbose as the debug level increases\&.
.RE
.PP
\-f
.RS 4
-Run the server in the foreground (i.e. do not daemonize).
+Run the server in the foreground (i\&.e\&. do not daemonize)\&.
.RE
.PP
\-g
.RS 4
Run the server in the foreground and force all logging to
-\fIstderr\fR.
+stderr\&.
.RE
.PP
\-i \fIpid\-file\fR
@@ -125,49 +140,60 @@ Run the server in the foreground and force all logging to
Use
\fIpid\-file\fR
as the PID file instead of the default,
-\fI/var/run/lwresd/lwresd.pid\fR.
+/var/run/lwresd/lwresd\&.pid\&.
.RE
.PP
\-m \fIflag\fR
.RS 4
-Turn on memory usage debugging flags. Possible flags are
+Turn on memory usage debugging flags\&. Possible flags are
\fIusage\fR,
\fItrace\fR,
\fIrecord\fR,
\fIsize\fR, and
-\fImctx\fR. These correspond to the ISC_MEM_DEBUGXXXX flags described in
-\fI<isc/mem.h>\fR.
+\fImctx\fR\&. These correspond to the ISC_MEM_DEBUGXXXX flags described in
+<isc/mem\&.h>\&.
.RE
.PP
\-n \fI#cpus\fR
.RS 4
Create
\fI#cpus\fR
-worker threads to take advantage of multiple CPUs. If not specified,
+worker threads to take advantage of multiple CPUs\&. If not specified,
\fBlwresd\fR
-will try to determine the number of CPUs present and create one thread per CPU. If it is unable to determine the number of CPUs, a single worker thread will be created.
+will try to determine the number of CPUs present and create one thread per CPU\&. If it is unable to determine the number of CPUs, a single worker thread will be created\&.
.RE
.PP
\-P \fIport\fR
.RS 4
Listen for lightweight resolver queries on port
-\fIport\fR. If not specified, the default is port 921.
+\fIport\fR\&. If not specified, the default is port 921\&.
.RE
.PP
\-p \fIport\fR
.RS 4
Send DNS lookups to port
-\fIport\fR. If not specified, the default is port 53. This provides a way of testing the lightweight resolver daemon with a name server that listens for queries on a non\-standard port number.
+\fIport\fR\&. If not specified, the default is port 53\&. This provides a way of testing the lightweight resolver daemon with a name server that listens for queries on a non\-standard port number\&.
.RE
.PP
\-s
.RS 4
Write memory usage statistics to
-\fIstdout\fR
-on exit.
-.RS
-.B "Note:"
-This option is mainly of interest to BIND 9 developers and may be removed or changed in a future release.
+stdout
+on exit\&.
+.if n \{\
+.sp
+.\}
+.RS 4
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.ps +1
+\fBNote\fR
+.ps -1
+.br
+This option is mainly of interest to BIND 9 developers and may be removed or changed in a future release\&.
+.sp .5v
.RE
.RE
.PP
@@ -175,14 +201,25 @@ This option is mainly of interest to BIND 9 developers and may be removed or cha
.RS 4
Chroot to
\fIdirectory\fR
-after processing the command line arguments, but before reading the configuration file.
-.RS
-.B "Warning:"
+after processing the command line arguments, but before reading the configuration file\&.
+.if n \{\
+.sp
+.\}
+.RS 4
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.ps +1
+\fBWarning\fR
+.ps -1
+.br
This option should be used in conjunction with the
\fB\-u\fR
-option, as chrooting a process running as root doesn't enhance security on most systems; the way
+option, as chrooting a process running as root doesn\*(Aqt enhance security on most systems; the way
\fBchroot(2)\fR
-is defined allows a process with root privileges to escape a chroot jail.
+is defined allows a process with root privileges to escape a chroot jail\&.
+.sp .5v
.RE
.RE
.PP
@@ -190,34 +227,35 @@ is defined allows a process with root privileges to escape a chroot jail.
.RS 4
Setuid to
\fIuser\fR
-after completing privileged operations, such as creating sockets that listen on privileged ports.
+after completing privileged operations, such as creating sockets that listen on privileged ports\&.
.RE
.PP
\-v
.RS 4
-Report the version number and exit.
+Report the version number and exit\&.
.RE
.SH "FILES"
.PP
-\fI/etc/resolv.conf\fR
+/etc/resolv\&.conf
.RS 4
-The default configuration file.
+The default configuration file\&.
.RE
.PP
-\fI/var/run/lwresd.pid\fR
+/var/run/lwresd\&.pid
.RS 4
-The default process\-id file.
+The default process\-id file\&.
.RE
.SH "SEE ALSO"
.PP
\fBnamed\fR(8),
\fBlwres\fR(3),
-\fBresolver\fR(5).
+\fBresolver\fR(5)\&.
.SH "AUTHOR"
.PP
-Internet Systems Consortium
+\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007\-2009, 2014 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2004, 2005, 2007-2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001 Internet Software Consortium.
.br
diff --git a/bin/named/lwresd.docbook b/bin/named/lwresd.docbook
index 307131ad8475..6e3399ecb186 100644
--- a/bin/named/lwresd.docbook
+++ b/bin/named/lwresd.docbook
@@ -1,8 +1,5 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005, 2007-2009, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007-2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,9 +15,14 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<refentry>
+<!-- Converted by db4-upgrade version 1.0 -->
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.lwresd">
+ <info>
+ <date>2009-01-20</date>
+ </info>
<refentryinfo>
- <date>January 20, 2009</date>
+ <corpname>ISC</corpname>
+ <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
</refentryinfo>
<refmeta>
@@ -42,6 +44,7 @@
<year>2008</year>
<year>2009</year>
<year>2014</year>
+ <year>2015</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -52,29 +55,29 @@
</docinfo>
<refsynopsisdiv>
- <cmdsynopsis>
+ <cmdsynopsis sepchar=" ">
<command>lwresd</command>
- <arg><option>-c <replaceable class="parameter">config-file</replaceable></option></arg>
- <arg><option>-C <replaceable class="parameter">config-file</replaceable></option></arg>
- <arg><option>-d <replaceable class="parameter">debug-level</replaceable></option></arg>
- <arg><option>-f</option></arg>
- <arg><option>-g</option></arg>
- <arg><option>-i <replaceable class="parameter">pid-file</replaceable></option></arg>
- <arg><option>-m <replaceable class="parameter">flag</replaceable></option></arg>
- <arg><option>-n <replaceable class="parameter">#cpus</replaceable></option></arg>
- <arg><option>-P <replaceable class="parameter">port</replaceable></option></arg>
- <arg><option>-p <replaceable class="parameter">port</replaceable></option></arg>
- <arg><option>-s</option></arg>
- <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
- <arg><option>-u <replaceable class="parameter">user</replaceable></option></arg>
- <arg><option>-v</option></arg>
- <arg><option>-4</option></arg>
- <arg><option>-6</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">config-file</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-C <replaceable class="parameter">config-file</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-d <replaceable class="parameter">debug-level</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-f</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-g</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-i <replaceable class="parameter">pid-file</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-m <replaceable class="parameter">flag</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-n <replaceable class="parameter">#cpus</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-P <replaceable class="parameter">port</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-p <replaceable class="parameter">port</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-s</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-u <replaceable class="parameter">user</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-v</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-4</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-6</option></arg>
</cmdsynopsis>
</refsynopsisdiv>
- <refsect1>
- <title>DESCRIPTION</title>
+ <refsection><info><title>DESCRIPTION</title></info>
+
<para><command>lwresd</command>
is the daemon providing name lookup
@@ -84,7 +87,7 @@
resolver protocol rather than the DNS protocol.
</para>
- <para><command>lwresd</command>
+ <para><command>lwresd</command>
listens for resolver queries on a
UDP port on the IPv4 loopback interface, 127.0.0.1. This
means that <command>lwresd</command> can only be used by
@@ -109,10 +112,10 @@
queries autonomously starting at the root name servers, using
a built-in list of root server hints.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>OPTIONS</title></info>
- <refsect1>
- <title>OPTIONS</title>
<variablelist>
@@ -214,7 +217,7 @@
<replaceable class="parameter">trace</replaceable>,
<replaceable class="parameter">record</replaceable>,
<replaceable class="parameter">size</replaceable>, and
- <replaceable class="parameter">mctx</replaceable>.
+ <replaceable class="parameter">mctx</replaceable>.
These correspond to the ISC_MEM_DEBUGXXXX flags described in
<filename>&lt;isc/mem.h&gt;</filename>.
</para>
@@ -318,10 +321,10 @@
</variablelist>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>FILES</title></info>
- <refsect1>
- <title>FILES</title>
<variablelist>
@@ -345,10 +348,10 @@
</variablelist>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>SEE ALSO</title></info>
- <refsect1>
- <title>SEE ALSO</title>
<para><citerefentry>
<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
@@ -359,16 +362,6 @@
<refentrytitle>resolver</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>.
</para>
- </refsect1>
-
- <refsect1>
- <title>AUTHOR</title>
- <para><corpauthor>Internet Systems Consortium</corpauthor>
- </para>
- </refsect1>
+ </refsection>
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->
+</refentry>
diff --git a/bin/named/lwresd.html b/bin/named/lwresd.html
index 4bef3e262593..c6afd57f6211 100644
--- a/bin/named/lwresd.html
+++ b/bin/named/lwresd.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007-2009, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007-2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,15 +14,14 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>lwresd</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476282"></a><div class="titlepage"></div>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
+<a name="man.lwresd"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p><span class="application">lwresd</span> &#8212; lightweight resolver daemon</p>
@@ -31,19 +30,19 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">lwresd</code> [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-C <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-i <em class="replaceable"><code>pid-file</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-P <em class="replaceable"><code>port</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-4</code>] [<code class="option">-6</code>]</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543479"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">lwresd</strong></span>
+<div class="refsection">
+<a name="id-1.7"></a><h2>DESCRIPTION</h2>
+<p><span class="command"><strong>lwresd</strong></span>
is the daemon providing name lookup
services to clients that use the BIND 9 lightweight resolver
library. It is essentially a stripped-down, caching-only name
server that answers queries using the BIND 9 lightweight
resolver protocol rather than the DNS protocol.
</p>
-<p><span><strong class="command">lwresd</strong></span>
+<p><span class="command"><strong>lwresd</strong></span>
listens for resolver queries on a
UDP port on the IPv4 loopback interface, 127.0.0.1. This
- means that <span><strong class="command">lwresd</strong></span> can only be used by
+ means that <span class="command"><strong>lwresd</strong></span> can only be used by
processes running on the local machine. By default, UDP port
number 921 is used for lightweight resolver requests and
responses.
@@ -51,24 +50,24 @@
<p>
Incoming lightweight resolver requests are decoded by the
server which then resolves them using the DNS protocol. When
- the DNS lookup completes, <span><strong class="command">lwresd</strong></span> encodes
+ the DNS lookup completes, <span class="command"><strong>lwresd</strong></span> encodes
the answers in the lightweight resolver format and returns
them to the client that made the request.
</p>
<p>
If <code class="filename">/etc/resolv.conf</code> contains any
- <code class="option">nameserver</code> entries, <span><strong class="command">lwresd</strong></span>
+ <code class="option">nameserver</code> entries, <span class="command"><strong>lwresd</strong></span>
sends recursive DNS queries to those servers. This is similar
to the use of forwarders in a caching name server. If no
<code class="option">nameserver</code> entries are present, or if
- forwarding fails, <span><strong class="command">lwresd</strong></span> resolves the
+ forwarding fails, <span class="command"><strong>lwresd</strong></span> resolves the
queries autonomously starting at the root name servers, using
a built-in list of root server hints.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543526"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
+<div class="refsection">
+<a name="id-1.8"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-4</span></dt>
<dd><p>
Use IPv4 only even if the host machine is capable of IPv6.
@@ -99,7 +98,7 @@
<dt><span class="term">-d <em class="replaceable"><code>debug-level</code></em></span></dt>
<dd><p>
Set the daemon's debug level to <em class="replaceable"><code>debug-level</code></em>.
- Debugging traces from <span><strong class="command">lwresd</strong></span> become
+ Debugging traces from <span class="command"><strong>lwresd</strong></span> become
more verbose as the debug level increases.
</p></dd>
<dt><span class="term">-f</span></dt>
@@ -124,7 +123,7 @@
<em class="replaceable"><code>trace</code></em>,
<em class="replaceable"><code>record</code></em>,
<em class="replaceable"><code>size</code></em>, and
- <em class="replaceable"><code>mctx</code></em>.
+ <em class="replaceable"><code>mctx</code></em>.
These correspond to the ISC_MEM_DEBUGXXXX flags described in
<code class="filename">&lt;isc/mem.h&gt;</code>.
</p></dd>
@@ -132,7 +131,7 @@
<dd><p>
Create <em class="replaceable"><code>#cpus</code></em> worker threads
to take advantage of multiple CPUs. If not specified,
- <span><strong class="command">lwresd</strong></span> will try to determine the
+ <span class="command"><strong>lwresd</strong></span> will try to determine the
number of CPUs present and create one thread per CPU.
If it is unable to determine the number of CPUs, a
single worker thread will be created.
@@ -196,9 +195,9 @@
</p></dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543943"></a><h2>FILES</h2>
-<div class="variablelist"><dl>
+<div class="refsection">
+<a name="id-1.9"></a><h2>FILES</h2>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term"><code class="filename">/etc/resolv.conf</code></span></dt>
<dd><p>
The default configuration file.
@@ -209,17 +208,12 @@
</p></dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543982"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.10"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">lwres</span>(3)</span>,
<span class="citerefentry"><span class="refentrytitle">resolver</span>(5)</span>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2544017"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
- </p>
-</div>
</div></body>
</html>
diff --git a/bin/named/main.c b/bin/named/main.c
index 5664e6545e4c..539366d8b660 100644
--- a/bin/named/main.c
+++ b/bin/named/main.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -298,11 +298,13 @@ static void
lwresd_usage(void) {
fprintf(stderr,
"usage: lwresd [-4|-6] [-c conffile | -C resolvconffile] "
- "[-d debuglevel]\n"
- " [-f|-g] [-n number_of_cpus] [-p port] "
- "[-P listen-port] [-s]\n"
- " [-t chrootdir] [-u username] [-i pidfile]\n"
- " [-m {usage|trace|record|size|mctx}]\n");
+ "[-d debuglevel] [-f|-g]\n"
+ " [-i pidfile] [-n number_of_cpus] "
+ "[-p port] [-P listen-port]\n"
+ " [-s] [-S sockets] [-t chrootdir] [-u username] "
+ "[-U listeners]\n"
+ " [-m {usage|trace|record|size|mctx}]\n"
+ "usage: lwresd [-v|-V]\n");
}
static void
@@ -315,8 +317,10 @@ usage(void) {
"usage: named [-4|-6] [-c conffile] [-d debuglevel] "
"[-E engine] [-f|-g]\n"
" [-n number_of_cpus] [-p port] [-s] "
- "[-t chrootdir] [-u username]\n"
- " [-m {usage|trace|record|size|mctx}]\n");
+ "[-S sockets] [-t chrootdir]\n"
+ " [-u username] [-U listeners] "
+ "[-m {usage|trace|record|size|mctx}]\n"
+ "usage: named [-v|-V]\n");
}
static void
@@ -609,6 +613,7 @@ parse_command_line(int argc, char *argv[]) {
printf("%s %s%s%s <id:%s>\n", ns_g_product, ns_g_version,
(*ns_g_description != '\0') ? " " : "",
ns_g_description, ns_g_srcid);
+ printf("running on %s\n", ns_os_uname());
printf("built by %s with %s\n",
ns_g_builder, ns_g_configargs);
#ifdef __clang__
@@ -677,6 +682,8 @@ create_managers(void) {
isc_result_t result;
unsigned int socks;
+ INSIST(ns_g_cpus_detected > 0);
+
#ifdef ISC_PLATFORM_USETHREADS
if (ns_g_cpus == 0)
ns_g_cpus = ns_g_cpus_detected;
@@ -693,10 +700,8 @@ create_managers(void) {
if (ns_g_udpdisp == 0) {
if (ns_g_cpus_detected == 1)
ns_g_udpdisp = 1;
- else if (ns_g_cpus_detected < 4)
- ns_g_udpdisp = 2;
else
- ns_g_udpdisp = ns_g_cpus_detected / 2;
+ ns_g_udpdisp = ns_g_cpus_detected - 1;
}
if (ns_g_udpdisp > ns_g_cpus)
ns_g_udpdisp = ns_g_cpus;
@@ -909,6 +914,9 @@ setup(void) {
ns_g_srcid, saved_command_line);
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN,
+ ISC_LOG_NOTICE, "running on %s", ns_os_uname());
+
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN,
ISC_LOG_NOTICE, "built with %s", ns_g_configargs);
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN,
diff --git a/bin/named/named.8 b/bin/named/named.8
index 09bd4c117d28..23e35e580e21 100644
--- a/bin/named/named.8
+++ b/bin/named/named.8
@@ -13,54 +13,69 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id$
-.\"
.hy 0
.ad l
+'\" t
.\" Title: named
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: February 20, 2014
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 2014-02-20
.\" Manual: BIND9
-.\" Source: BIND9
+.\" Source: ISC
+.\" Language: English
.\"
-.TH "NAMED" "8" "February 20, 2014" "BIND9" "BIND9"
+.TH "NAMED" "8" "2014\-02\-20" "ISC" "BIND9"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
.SH "NAME"
named \- Internet domain name server
.SH "SYNOPSIS"
-.HP 6
+.HP \w'\fBnamed\fR\ 'u
\fBnamed\fR [\fB\-4\fR] [\fB\-6\fR] [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-E\ \fR\fB\fIengine\-name\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-M\ \fR\fB\fIoption\fR\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-S\ \fR\fB\fI#max\-socks\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-U\ \fR\fB\fI#listeners\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] [\fB\-V\fR] [\fB\-x\ \fR\fB\fIcache\-file\fR\fR]
.SH "DESCRIPTION"
.PP
\fBnamed\fR
-is a Domain Name System (DNS) server, part of the BIND 9 distribution from ISC. For more information on the DNS, see RFCs 1033, 1034, and 1035.
+is a Domain Name System (DNS) server, part of the BIND 9 distribution from ISC\&. For more information on the DNS, see RFCs 1033, 1034, and 1035\&.
.PP
When invoked without arguments,
\fBnamed\fR
will read the default configuration file
-\fI/etc/named.conf\fR, read any initial data, and listen for queries.
+/etc/named\&.conf, read any initial data, and listen for queries\&.
.SH "OPTIONS"
.PP
\-4
.RS 4
-Use IPv4 only even if the host machine is capable of IPv6.
+Use IPv4 only even if the host machine is capable of IPv6\&.
\fB\-4\fR
and
\fB\-6\fR
-are mutually exclusive.
+are mutually exclusive\&.
.RE
.PP
\-6
.RS 4
-Use IPv6 only even if the host machine is capable of IPv4.
+Use IPv6 only even if the host machine is capable of IPv4\&.
\fB\-4\fR
and
\fB\-6\fR
-are mutually exclusive.
+are mutually exclusive\&.
.RE
.PP
\-c \fIconfig\-file\fR
@@ -68,79 +83,90 @@ are mutually exclusive.
Use
\fIconfig\-file\fR
as the configuration file instead of the default,
-\fI/etc/named.conf\fR. To ensure that reloading the configuration file continues to work after the server has changed its working directory due to to a possible
+/etc/named\&.conf\&. To ensure that reloading the configuration file continues to work after the server has changed its working directory due to to a possible
\fBdirectory\fR
option in the configuration file,
\fIconfig\-file\fR
-should be an absolute pathname.
+should be an absolute pathname\&.
.RE
.PP
\-d \fIdebug\-level\fR
.RS 4
-Set the daemon's debug level to
-\fIdebug\-level\fR. Debugging traces from
+Set the daemon\*(Aqs debug level to
+\fIdebug\-level\fR\&. Debugging traces from
\fBnamed\fR
-become more verbose as the debug level increases.
+become more verbose as the debug level increases\&.
.RE
.PP
\-E \fIengine\-name\fR
.RS 4
-Use a crypto hardware (OpenSSL engine) for the crypto operations it supports, for instance re\-signing with private keys from a secure key store. When compiled with PKCS#11 support
+Use a crypto hardware (OpenSSL engine) for the crypto operations it supports, for instance re\-signing with private keys from a secure key store\&. When compiled with PKCS#11 support
\fIengine\-name\fR
-defaults to pkcs11, the empty name resets it to no engine.
+defaults to pkcs11, the empty name resets it to no engine\&.
.RE
.PP
\-f
.RS 4
-Run the server in the foreground (i.e. do not daemonize).
+Run the server in the foreground (i\&.e\&. do not daemonize)\&.
.RE
.PP
\-g
.RS 4
Run the server in the foreground and force all logging to
-\fIstderr\fR.
+stderr\&.
.RE
.PP
\-M \fIoption\fR
.RS 4
-Sets the default memory context options. Currently the only supported option is
-\fIexternal\fR, which causes the internal memory manager to be bypassed in favor of system\-provided memory allocation functions.
+Sets the default memory context options\&. Currently the only supported option is
+\fIexternal\fR, which causes the internal memory manager to be bypassed in favor of system\-provided memory allocation functions\&.
.RE
.PP
\-m \fIflag\fR
.RS 4
-Turn on memory usage debugging flags. Possible flags are
+Turn on memory usage debugging flags\&. Possible flags are
\fIusage\fR,
\fItrace\fR,
\fIrecord\fR,
\fIsize\fR, and
-\fImctx\fR. These correspond to the ISC_MEM_DEBUGXXXX flags described in
-\fI<isc/mem.h>\fR.
+\fImctx\fR\&. These correspond to the ISC_MEM_DEBUGXXXX flags described in
+<isc/mem\&.h>\&.
.RE
.PP
\-n \fI#cpus\fR
.RS 4
Create
\fI#cpus\fR
-worker threads to take advantage of multiple CPUs. If not specified,
+worker threads to take advantage of multiple CPUs\&. If not specified,
\fBnamed\fR
-will try to determine the number of CPUs present and create one thread per CPU. If it is unable to determine the number of CPUs, a single worker thread will be created.
+will try to determine the number of CPUs present and create one thread per CPU\&. If it is unable to determine the number of CPUs, a single worker thread will be created\&.
.RE
.PP
\-p \fIport\fR
.RS 4
Listen for queries on port
-\fIport\fR. If not specified, the default is port 53.
+\fIport\fR\&. If not specified, the default is port 53\&.
.RE
.PP
\-s
.RS 4
Write memory usage statistics to
-\fIstdout\fR
-on exit.
-.RS
-.B "Note:"
-This option is mainly of interest to BIND 9 developers and may be removed or changed in a future release.
+stdout
+on exit\&.
+.if n \{\
+.sp
+.\}
+.RS 4
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.ps +1
+\fBNote\fR
+.ps -1
+.br
+This option is mainly of interest to BIND 9 developers and may be removed or changed in a future release\&.
+.sp .5v
.RE
.RE
.PP
@@ -150,12 +176,23 @@ Allow
\fBnamed\fR
to use up to
\fI#max\-socks\fR
-sockets.
-.RS
-.B "Warning:"
-This option should be unnecessary for the vast majority of users. The use of this option could even be harmful because the specified value may exceed the limitation of the underlying system API. It is therefore set only when the default configuration causes exhaustion of file descriptors and the operational environment is known to support the specified number of sockets. Note also that the actual maximum number is normally a little fewer than the specified value because
+sockets\&.
+.if n \{\
+.sp
+.\}
+.RS 4
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.ps +1
+\fBWarning\fR
+.ps -1
+.br
+This option should be unnecessary for the vast majority of users\&. The use of this option could even be harmful because the specified value may exceed the limitation of the underlying system API\&. It is therefore set only when the default configuration causes exhaustion of file descriptors and the operational environment is known to support the specified number of sockets\&. Note also that the actual maximum number is normally a little fewer than the specified value because
\fBnamed\fR
-reserves some file descriptors for its internal use.
+reserves some file descriptors for its internal use\&.
+.sp .5v
.RE
.RE
.PP
@@ -163,14 +200,25 @@ reserves some file descriptors for its internal use.
.RS 4
Chroot to
\fIdirectory\fR
-after processing the command line arguments, but before reading the configuration file.
-.RS
-.B "Warning:"
+after processing the command line arguments, but before reading the configuration file\&.
+.if n \{\
+.sp
+.\}
+.RS 4
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.ps +1
+\fBWarning\fR
+.ps -1
+.br
This option should be used in conjunction with the
\fB\-u\fR
-option, as chrooting a process running as root doesn't enhance security on most systems; the way
+option, as chrooting a process running as root doesn\*(Aqt enhance security on most systems; the way
\fBchroot(2)\fR
-is defined allows a process with root privileges to escape a chroot jail.
+is defined allows a process with root privileges to escape a chroot jail\&.
+.sp .5v
.RE
.RE
.PP
@@ -178,115 +226,138 @@ is defined allows a process with root privileges to escape a chroot jail.
.RS 4
Use
\fI#listeners\fR
-worker threads to listen for incoming UDP packets on each address. If not specified,
+worker threads to listen for incoming UDP packets on each address\&. If not specified,
\fBnamed\fR
-will calculate a default value based on the number of detected CPUs: 1 for 1 CPU, 2 for 2\-4 CPUs, and the number of detected CPUs divided by 2 for values higher than 4. If
+will calculate a default value based on the number of detected CPUs: 1 for 1 CPU, and the number of detected CPUs minus one for machines with more than 1 CPU\&. This cannot be increased to a value higher than the number of CPUs\&. If
\fB\-n\fR
has been set to a higher value than the number of detected CPUs, then
\fB\-U\fR
-may be increased as high as that value, but no higher.
+may be increased as high as that value, but no higher\&. On Windows, the number of UDP listeners is hardwired to 1 and this option has no effect\&.
.RE
.PP
\-u \fIuser\fR
.RS 4
Setuid to
\fIuser\fR
-after completing privileged operations, such as creating sockets that listen on privileged ports.
-.RS
-.B "Note:"
+after completing privileged operations, such as creating sockets that listen on privileged ports\&.
+.if n \{\
+.sp
+.\}
+.RS 4
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.ps +1
+\fBNote\fR
+.ps -1
+.br
On Linux,
\fBnamed\fR
-uses the kernel's capability mechanism to drop all root privileges except the ability to
+uses the kernel\*(Aqs capability mechanism to drop all root privileges except the ability to
\fBbind(2)\fR
-to a privileged port and set process resource limits. Unfortunately, this means that the
+to a privileged port and set process resource limits\&. Unfortunately, this means that the
\fB\-u\fR
option only works when
\fBnamed\fR
-is run on kernel 2.2.18 or later, or kernel 2.3.99\-pre3 or later, since previous kernels did not allow privileges to be retained after
-\fBsetuid(2)\fR.
+is run on kernel 2\&.2\&.18 or later, or kernel 2\&.3\&.99\-pre3 or later, since previous kernels did not allow privileges to be retained after
+\fBsetuid(2)\fR\&.
+.sp .5v
.RE
.RE
.PP
\-v
.RS 4
-Report the version number and exit.
+Report the version number and exit\&.
.RE
.PP
\-V
.RS 4
-Report the version number and build options, and exit.
+Report the version number and build options, and exit\&.
.RE
.PP
\-x \fIcache\-file\fR
.RS 4
Load data from
\fIcache\-file\fR
-into the cache of the default view.
-.RS
-.B "Warning:"
-This option must not be used. It is only of interest to BIND 9 developers and may be removed or changed in a future release.
+into the cache of the default view\&.
+.if n \{\
+.sp
+.\}
+.RS 4
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.br
+.ps +1
+\fBWarning\fR
+.ps -1
+.br
+This option must not be used\&. It is only of interest to BIND 9 developers and may be removed or changed in a future release\&.
+.sp .5v
.RE
.RE
.SH "SIGNALS"
.PP
In routine operation, signals should not be used to control the nameserver;
\fBrndc\fR
-should be used instead.
+should be used instead\&.
.PP
SIGHUP
.RS 4
-Force a reload of the server.
+Force a reload of the server\&.
.RE
.PP
SIGINT, SIGTERM
.RS 4
-Shut down the server.
+Shut down the server\&.
.RE
.PP
-The result of sending any other signals to the server is undefined.
+The result of sending any other signals to the server is undefined\&.
.SH "CONFIGURATION"
.PP
The
\fBnamed\fR
-configuration file is too complex to describe in detail here. A complete description is provided in the
-BIND 9 Administrator Reference Manual.
+configuration file is too complex to describe in detail here\&. A complete description is provided in the
+BIND 9 Administrator Reference Manual\&.
.PP
\fBnamed\fR
inherits the
\fBumask\fR
-(file creation mode mask) from the parent process. If files created by
+(file creation mode mask) from the parent process\&. If files created by
\fBnamed\fR, such as journal files, need to have custom permissions, the
\fBumask\fR
should be set explicitly in the script used to start the
\fBnamed\fR
-process.
+process\&.
.SH "FILES"
.PP
-\fI/etc/named.conf\fR
+/etc/named\&.conf
.RS 4
-The default configuration file.
+The default configuration file\&.
.RE
.PP
-\fI/var/run/named/named.pid\fR
+/var/run/named/named\&.pid
.RS 4
-The default process\-id file.
+The default process\-id file\&.
.RE
.SH "SEE ALSO"
.PP
RFC 1033,
RFC 1034,
RFC 1035,
-\fBnamed\-checkconf\fR(8),
-\fBnamed\-checkzone\fR(8),
+\fBnamed-checkconf\fR(8),
+\fBnamed-checkzone\fR(8),
\fBrndc\fR(8),
\fBlwresd\fR(8),
\fBnamed.conf\fR(5),
-BIND 9 Administrator Reference Manual.
+BIND 9 Administrator Reference Manual\&.
.SH "AUTHOR"
.PP
-Internet Systems Consortium
+\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
-Copyright \(co 2004\-2009, 2011, 2013\-2015 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2004-2009, 2011, 2013-2015 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001, 2003 Internet Software Consortium.
.br
diff --git a/bin/named/named.conf.5 b/bin/named/named.conf.5
index c4d75437da2e..532e83def831 100644
--- a/bin/named/named.conf.5
+++ b/bin/named/named.conf.5
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2011, 2013-2015 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -12,32 +12,47 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id$
-.\"
.hy 0
.ad l
-.\" Title: \fInamed.conf\fR
+'\" t
+.\" Title: named.conf
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: January 08, 2014
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 2014-01-08
.\" Manual: BIND9
-.\" Source: BIND9
+.\" Source: ISC
+.\" Language: English
.\"
-.TH "\fINAMED.CONF\fR" "5" "January 08, 2014" "BIND9" "BIND9"
+.TH "NAMED\&.CONF" "5" "2014\-01\-08" "ISC" "BIND9"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
.SH "NAME"
named.conf \- configuration file for named
.SH "SYNOPSIS"
-.HP 11
-\fBnamed.conf\fR
+.HP \w'\fBnamed\&.conf\fR\ 'u
+\fBnamed\&.conf\fR
.SH "DESCRIPTION"
.PP
-\fInamed.conf\fR
+named\&.conf
is the configuration file for
-\fBnamed\fR. Statements are enclosed in braces and terminated with a semi\-colon. Clauses in the statements are also semi\-colon terminated. The usual comment styles are supported:
+\fBnamed\fR\&. Statements are enclosed in braces and terminated with a semi\-colon\&. Clauses in the statements are also semi\-colon terminated\&. The usual comment styles are supported:
.PP
C style: /* */
.PP
@@ -46,34 +61,48 @@ C++ style: // to end of line
Unix style: # to end of line
.SH "ACL"
.sp
+.if n \{\
.RS 4
+.\}
.nf
-acl \fIstring\fR { \fIaddress_match_element\fR; ... };
+acl \fIstring\fR { \fIaddress_match_element\fR; \&.\&.\&. };
.fi
+.if n \{\
.RE
+.\}
.SH "KEY"
.sp
+.if n \{\
.RS 4
+.\}
.nf
key \fIdomain_name\fR {
algorithm \fIstring\fR;
secret \fIstring\fR;
};
.fi
+.if n \{\
.RE
+.\}
.SH "MASTERS"
.sp
+.if n \{\
.RS 4
+.\}
.nf
masters \fIstring\fR [ port \fIinteger\fR ] {
( \fImasters\fR | \fIipv4_address\fR [port \fIinteger\fR] |
- \fIipv6_address\fR [port \fIinteger\fR] ) [ key \fIstring\fR ]; ...
+ \fIipv6_address\fR [port \fIinteger\fR] ) [ key \fIstring\fR ]; \&.\&.\&.
};
.fi
+.if n \{\
.RE
+.\}
.SH "SERVER"
.sp
+.if n \{\
.RS 4
+.\}
.nf
server ( \fIipv4_address\fR\fI[/prefixlen]\fR | \fIipv6_address\fR\fI[/prefixlen]\fR ) {
bogus \fIboolean\fR;
@@ -92,41 +121,57 @@ server ( \fIipv4_address\fR\fI[/prefixlen]\fR | \fIipv6_address\fR\fI[/prefixlen
support\-ixfr \fIboolean\fR; // obsolete
};
.fi
+.if n \{\
.RE
-.SH "TRUSTED\-KEYS"
+.\}
+.SH "TRUSTED-KEYS"
.sp
+.if n \{\
.RS 4
+.\}
.nf
trusted\-keys {
- \fIdomain_name\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; ...
+ \fIdomain_name\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; \&.\&.\&.
};
.fi
+.if n \{\
.RE
-.SH "MANAGED\-KEYS"
+.\}
+.SH "MANAGED-KEYS"
.sp
+.if n \{\
.RS 4
+.\}
.nf
managed\-keys {
- \fIdomain_name\fR \fBinitial\-key\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; ...
+ \fIdomain_name\fR \fBinitial\-key\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; \&.\&.\&.
};
.fi
+.if n \{\
.RE
+.\}
.SH "CONTROLS"
.sp
+.if n \{\
.RS 4
+.\}
.nf
controls {
inet ( \fIipv4_address\fR | \fIipv6_address\fR | * )
[ port ( \fIinteger\fR | * ) ]
- allow { \fIaddress_match_element\fR; ... }
- [ keys { \fIstring\fR; ... } ];
+ allow { \fIaddress_match_element\fR; \&.\&.\&. }
+ [ keys { \fIstring\fR; \&.\&.\&. } ];
unix \fIunsupported\fR; // not implemented
};
.fi
+.if n \{\
.RE
+.\}
.SH "LOGGING"
.sp
+.if n \{\
.RS 4
+.\}
.nf
logging {
channel \fIstring\fR {
@@ -139,32 +184,40 @@ logging {
print\-severity \fIboolean\fR;
print\-category \fIboolean\fR;
};
- category \fIstring\fR { \fIstring\fR; ... };
+ category \fIstring\fR { \fIstring\fR; \&.\&.\&. };
};
.fi
+.if n \{\
.RE
+.\}
.SH "LWRES"
.sp
+.if n \{\
.RS 4
+.\}
.nf
lwres {
listen\-on [ port \fIinteger\fR ] {
- ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
+ ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; \&.\&.\&.
};
view \fIstring\fR \fIoptional_class\fR;
- search { \fIstring\fR; ... };
+ search { \fIstring\fR; \&.\&.\&. };
ndots \fIinteger\fR;
};
.fi
+.if n \{\
.RE
+.\}
.SH "OPTIONS"
.sp
+.if n \{\
.RS 4
+.\}
.nf
options {
- avoid\-v4\-udp\-ports { \fIport\fR; ... };
- avoid\-v6\-udp\-ports { \fIport\fR; ... };
- blackhole { \fIaddress_match_element\fR; ... };
+ avoid\-v4\-udp\-ports { \fIport\fR; \&.\&.\&. };
+ avoid\-v6\-udp\-ports { \fIport\fR; \&.\&.\&. };
+ blackhole { \fIaddress_match_element\fR; \&.\&.\&. };
coresize \fIsize\fR;
datasize \fIsize\fR;
directory \fIquoted_string\fR;
@@ -175,8 +228,8 @@ options {
host\-statistics\-max \fInumber\fR; // not implemented
hostname ( \fIquoted_string\fR | none );
interface\-interval \fIinteger\fR;
- listen\-on [ port \fIinteger\fR ] { \fIaddress_match_element\fR; ... };
- listen\-on\-v6 [ port \fIinteger\fR ] { \fIaddress_match_element\fR; ... };
+ listen\-on [ port \fIinteger\fR ] { \fIaddress_match_element\fR; \&.\&.\&. };
+ listen\-on\-v6 [ port \fIinteger\fR ] { \fIaddress_match_element\fR; \&.\&.\&. };
match\-mapped\-addresses \fIboolean\fR;
memstatistics\-file \fIquoted_string\fR;
pid\-file ( \fIquoted_string\fR | none );
@@ -200,18 +253,17 @@ options {
transfers\-per\-ns \fIinteger\fR;
transfers\-in \fIinteger\fR;
transfers\-out \fIinteger\fR;
- use\-ixfr \fIboolean\fR;
version ( \fIquoted_string\fR | none );
- allow\-recursion { \fIaddress_match_element\fR; ... };
- allow\-recursion\-on { \fIaddress_match_element\fR; ... };
- sortlist { \fIaddress_match_element\fR; ... };
- topology { \fIaddress_match_element\fR; ... }; // not implemented
+ allow\-recursion { \fIaddress_match_element\fR; \&.\&.\&. };
+ allow\-recursion\-on { \fIaddress_match_element\fR; \&.\&.\&. };
+ sortlist { \fIaddress_match_element\fR; \&.\&.\&. };
+ topology { \fIaddress_match_element\fR; \&.\&.\&. }; // not implemented
auth\-nxdomain \fIboolean\fR; // default changed
minimal\-responses \fIboolean\fR;
recursion \fIboolean\fR;
rrset\-order {
[ class \fIstring\fR ] [ type \fIstring\fR ]
- [ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; ...
+ [ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; \&.\&.\&.
};
provide\-ixfr \fIboolean\fR;
request\-ixfr \fIboolean\fR;
@@ -246,12 +298,12 @@ options {
dual\-stack\-servers [ port \fIinteger\fR ] {
( \fIquoted_string\fR [port \fIinteger\fR] |
\fIipv4_address\fR [port \fIinteger\fR] |
- \fIipv6_address\fR [port \fIinteger\fR] ); ...
+ \fIipv6_address\fR [port \fIinteger\fR] ); \&.\&.\&.
};
edns\-udp\-size \fIinteger\fR;
max\-udp\-size \fIinteger\fR;
- root\-delegation\-only [ exclude { \fIquoted_string\fR; ... } ];
- disable\-algorithms \fIstring\fR { \fIstring\fR; ... };
+ root\-delegation\-only [ exclude { \fIquoted_string\fR; \&.\&.\&. } ];
+ disable\-algorithms \fIstring\fR { \fIstring\fR; \&.\&.\&. };
dnssec\-enable \fIboolean\fR;
dnssec\-validation \fIboolean\fR;
dnssec\-lookaside ( \fIauto\fR | \fIno\fR | \fIdomain\fR trust\-anchor \fIdomain\fR );
@@ -273,13 +325,13 @@ options {
disable\-empty\-zone \fIstring\fR;
dialup \fIdialuptype\fR;
ixfr\-from\-differences \fIixfrdiff\fR;
- allow\-query { \fIaddress_match_element\fR; ... };
- allow\-query\-on { \fIaddress_match_element\fR; ... };
- allow\-query\-cache { \fIaddress_match_element\fR; ... };
- allow\-query\-cache\-on { \fIaddress_match_element\fR; ... };
- allow\-transfer { \fIaddress_match_element\fR; ... };
- allow\-update { \fIaddress_match_element\fR; ... };
- allow\-update\-forwarding { \fIaddress_match_element\fR; ... };
+ allow\-query { \fIaddress_match_element\fR; \&.\&.\&. };
+ allow\-query\-on { \fIaddress_match_element\fR; \&.\&.\&. };
+ allow\-query\-cache { \fIaddress_match_element\fR; \&.\&.\&. };
+ allow\-query\-cache\-on { \fIaddress_match_element\fR; \&.\&.\&. };
+ allow\-transfer { \fIaddress_match_element\fR; \&.\&.\&. };
+ allow\-update { \fIaddress_match_element\fR; \&.\&.\&. };
+ allow\-update\-forwarding { \fIaddress_match_element\fR; \&.\&.\&. };
update\-check\-ksk \fIboolean\fR;
dnssec\-dnskey\-kskonly \fIboolean\fR;
masterfile\-format ( text | raw );
@@ -289,12 +341,12 @@ options {
notify\-delay \fIseconds\fR;
notify\-to\-soa \fIboolean\fR;
also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
- [ port \fIinteger\fR ]; ...
- [ key \fIkeyname\fR ] ... };
- allow\-notify { \fIaddress_match_element\fR; ... };
+ [ port \fIinteger\fR ]; \&.\&.\&.
+ [ key \fIkeyname\fR ] \&.\&.\&. };
+ allow\-notify { \fIaddress_match_element\fR; \&.\&.\&. };
forward ( first | only );
forwarders [ port \fIinteger\fR ] {
- ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
+ ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; \&.\&.\&.
};
max\-journal\-size \fIsize_no_default\fR;
max\-transfer\-time\-in \fIinteger\fR;
@@ -335,7 +387,7 @@ options {
\fInamelist\fR
} [ except\-from { \fInamelist\fR } ];
nsec3\-test\-zone \fIboolean\fR; // testing only
- allow\-v6\-synthesis { \fIaddress_match_element\fR; ... }; // obsolete
+ allow\-v6\-synthesis { \fIaddress_match_element\fR; \&.\&.\&. }; // obsolete
deallocate\-on\-exit \fIboolean\fR; // obsolete
fake\-iquery \fIboolean\fR; // obsolete
fetch\-glue \fIboolean\fR; // obsolete
@@ -347,41 +399,46 @@ options {
serial\-queries \fIinteger\fR; // obsolete
treat\-cr\-as\-space \fIboolean\fR; // obsolete
use\-id\-pool \fIboolean\fR; // obsolete
+ use\-ixfr \fIboolean\fR; // obsolete
};
.fi
+.if n \{\
.RE
+.\}
.SH "VIEW"
.sp
+.if n \{\
.RS 4
+.\}
.nf
view \fIstring\fR \fIoptional_class\fR {
- match\-clients { \fIaddress_match_element\fR; ... };
- match\-destinations { \fIaddress_match_element\fR; ... };
+ match\-clients { \fIaddress_match_element\fR; \&.\&.\&. };
+ match\-destinations { \fIaddress_match_element\fR; \&.\&.\&. };
match\-recursive\-only \fIboolean\fR;
key \fIstring\fR {
algorithm \fIstring\fR;
secret \fIstring\fR;
};
zone \fIstring\fR \fIoptional_class\fR {
- ...
+ \&.\&.\&.
};
server ( \fIipv4_address\fR\fI[/prefixlen]\fR | \fIipv6_address\fR\fI[/prefixlen]\fR ) {
- ...
+ \&.\&.\&.
};
trusted\-keys {
\fIstring\fR \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR;
- [...]
+ [\&.\&.\&.]
};
- allow\-recursion { \fIaddress_match_element\fR; ... };
- allow\-recursion\-on { \fIaddress_match_element\fR; ... };
- sortlist { \fIaddress_match_element\fR; ... };
- topology { \fIaddress_match_element\fR; ... }; // not implemented
+ allow\-recursion { \fIaddress_match_element\fR; \&.\&.\&. };
+ allow\-recursion\-on { \fIaddress_match_element\fR; \&.\&.\&. };
+ sortlist { \fIaddress_match_element\fR; \&.\&.\&. };
+ topology { \fIaddress_match_element\fR; \&.\&.\&. }; // not implemented
auth\-nxdomain \fIboolean\fR; // default changed
minimal\-responses \fIboolean\fR;
recursion \fIboolean\fR;
rrset\-order {
[ class \fIstring\fR ] [ type \fIstring\fR ]
- [ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; ...
+ [ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; \&.\&.\&.
};
provide\-ixfr \fIboolean\fR;
request\-ixfr \fIboolean\fR;
@@ -416,12 +473,12 @@ view \fIstring\fR \fIoptional_class\fR {
dual\-stack\-servers [ port \fIinteger\fR ] {
( \fIquoted_string\fR [port \fIinteger\fR] |
\fIipv4_address\fR [port \fIinteger\fR] |
- \fIipv6_address\fR [port \fIinteger\fR] ); ...
+ \fIipv6_address\fR [port \fIinteger\fR] ); \&.\&.\&.
};
edns\-udp\-size \fIinteger\fR;
max\-udp\-size \fIinteger\fR;
- root\-delegation\-only [ exclude { \fIquoted_string\fR; ... } ];
- disable\-algorithms \fIstring\fR { \fIstring\fR; ... };
+ root\-delegation\-only [ exclude { \fIquoted_string\fR; \&.\&.\&. } ];
+ disable\-algorithms \fIstring\fR { \fIstring\fR; \&.\&.\&. };
dnssec\-enable \fIboolean\fR;
dnssec\-validation \fIboolean\fR;
dnssec\-lookaside ( \fIauto\fR | \fIno\fR | \fIdomain\fR trust\-anchor \fIdomain\fR );
@@ -443,13 +500,13 @@ view \fIstring\fR \fIoptional_class\fR {
disable\-empty\-zone \fIstring\fR;
dialup \fIdialuptype\fR;
ixfr\-from\-differences \fIixfrdiff\fR;
- allow\-query { \fIaddress_match_element\fR; ... };
- allow\-query\-on { \fIaddress_match_element\fR; ... };
- allow\-query\-cache { \fIaddress_match_element\fR; ... };
- allow\-query\-cache\-on { \fIaddress_match_element\fR; ... };
- allow\-transfer { \fIaddress_match_element\fR; ... };
- allow\-update { \fIaddress_match_element\fR; ... };
- allow\-update\-forwarding { \fIaddress_match_element\fR; ... };
+ allow\-query { \fIaddress_match_element\fR; \&.\&.\&. };
+ allow\-query\-on { \fIaddress_match_element\fR; \&.\&.\&. };
+ allow\-query\-cache { \fIaddress_match_element\fR; \&.\&.\&. };
+ allow\-query\-cache\-on { \fIaddress_match_element\fR; \&.\&.\&. };
+ allow\-transfer { \fIaddress_match_element\fR; \&.\&.\&. };
+ allow\-update { \fIaddress_match_element\fR; \&.\&.\&. };
+ allow\-update\-forwarding { \fIaddress_match_element\fR; \&.\&.\&. };
update\-check\-ksk \fIboolean\fR;
dnssec\-dnskey\-kskonly \fIboolean\fR;
masterfile\-format ( text | raw );
@@ -459,12 +516,12 @@ view \fIstring\fR \fIoptional_class\fR {
notify\-delay \fIseconds\fR;
notify\-to\-soa \fIboolean\fR;
also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
- [ port \fIinteger\fR ]; ...
- [ key \fIkeyname\fR ] ... };
- allow\-notify { \fIaddress_match_element\fR; ... };
+ [ port \fIinteger\fR ]; \&.\&.\&.
+ [ key \fIkeyname\fR ] \&.\&.\&. };
+ allow\-notify { \fIaddress_match_element\fR; \&.\&.\&. };
forward ( first | only );
forwarders [ port \fIinteger\fR ] {
- ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
+ ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; \&.\&.\&.
};
max\-journal\-size \fIsize_no_default\fR;
max\-transfer\-time\-in \fIinteger\fR;
@@ -492,16 +549,20 @@ view \fIstring\fR \fIoptional_class\fR {
zero\-no\-soa\-ttl \fIboolean\fR;
zero\-no\-soa\-ttl\-cache \fIboolean\fR;
dnssec\-secure\-to\-insecure \fIboolean\fR;
- allow\-v6\-synthesis { \fIaddress_match_element\fR; ... }; // obsolete
+ allow\-v6\-synthesis { \fIaddress_match_element\fR; \&.\&.\&. }; // obsolete
fetch\-glue \fIboolean\fR; // obsolete
maintain\-ixfr\-base \fIboolean\fR; // obsolete
max\-ixfr\-log\-size \fIsize\fR; // obsolete
};
.fi
+.if n \{\
.RE
+.\}
.SH "ZONE"
.sp
+.if n \{\
.RS 4
+.\}
.nf
zone \fIstring\fR \fIoptional_class\fR {
type ( master | slave | stub | hint | redirect |
@@ -510,7 +571,7 @@ zone \fIstring\fR \fIoptional_class\fR {
masters [ port \fIinteger\fR ] {
( \fImasters\fR |
\fIipv4_address\fR [port \fIinteger\fR] |
- \fIipv6_address\fR [ port \fIinteger\fR ] ) [ key \fIstring\fR ]; ...
+ \fIipv6_address\fR [ port \fIinteger\fR ] ) [ key \fIstring\fR ]; \&.\&.\&.
};
database \fIstring\fR;
delegation\-only \fIboolean\fR;
@@ -524,18 +585,18 @@ zone \fIstring\fR \fIoptional_class\fR {
journal \fIquoted_string\fR;
zero\-no\-soa\-ttl \fIboolean\fR;
dnssec\-secure\-to\-insecure \fIboolean\fR;
- allow\-query { \fIaddress_match_element\fR; ... };
- allow\-query\-on { \fIaddress_match_element\fR; ... };
- allow\-transfer { \fIaddress_match_element\fR; ... };
- allow\-update { \fIaddress_match_element\fR; ... };
- allow\-update\-forwarding { \fIaddress_match_element\fR; ... };
+ allow\-query { \fIaddress_match_element\fR; \&.\&.\&. };
+ allow\-query\-on { \fIaddress_match_element\fR; \&.\&.\&. };
+ allow\-transfer { \fIaddress_match_element\fR; \&.\&.\&. };
+ allow\-update { \fIaddress_match_element\fR; \&.\&.\&. };
+ allow\-update\-forwarding { \fIaddress_match_element\fR; \&.\&.\&. };
update\-policy \fIlocal\fR | \fI {
( grant | deny ) \fR\fI\fIstring\fR\fR\fI
( name | subdomain | wildcard | self | selfsub | selfwild |
krb5\-self | ms\-self | krb5\-subdomain | ms\-subdomain |
tcp\-self | zonesub | 6to4\-self ) \fR\fI\fIstring\fR\fR\fI
\fR\fI\fIrrtypelist\fR\fR\fI;
- \fR\fI[...]\fR\fI
+ \fR\fI[\&.\&.\&.]\fR\fI
}\fR;
update\-check\-ksk \fIboolean\fR;
dnssec\-dnskey\-kskonly \fIboolean\fR;
@@ -546,12 +607,12 @@ zone \fIstring\fR \fIoptional_class\fR {
notify\-delay \fIseconds\fR;
notify\-to\-soa \fIboolean\fR;
also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
- [ port \fIinteger\fR ]; ...
- [ key \fIkeyname\fR ] ... };
- allow\-notify { \fIaddress_match_element\fR; ... };
+ [ port \fIinteger\fR ]; \&.\&.\&.
+ [ key \fIkeyname\fR ] \&.\&.\&. };
+ allow\-notify { \fIaddress_match_element\fR; \&.\&.\&. };
forward ( first | only );
forwarders [ port \fIinteger\fR ] {
- ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
+ ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; \&.\&.\&.
};
max\-journal\-size \fIsize_no_default\fR;
max\-transfer\-time\-in \fIinteger\fR;
@@ -585,16 +646,22 @@ zone \fIstring\fR \fIoptional_class\fR {
pubkey \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; // obsolete
};
.fi
+.if n \{\
.RE
+.\}
.SH "FILES"
.PP
-\fI/etc/named.conf\fR
+/etc/named\&.conf
.SH "SEE ALSO"
.PP
\fBnamed\fR(8),
-\fBnamed\-checkconf\fR(8),
+\fBnamed-checkconf\fR(8),
\fBrndc\fR(8),
-BIND 9 Administrator Reference Manual.
+BIND 9 Administrator Reference Manual\&.
+.SH "AUTHOR"
+.PP
+\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
-Copyright \(co 2004\-2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2004-2011, 2013-2015 Internet Systems Consortium, Inc. ("ISC")
.br
diff --git a/bin/named/named.conf.docbook b/bin/named/named.conf.docbook
index 85d13db95d39..01cb62aaa009 100644
--- a/bin/named/named.conf.docbook
+++ b/bin/named/named.conf.docbook
@@ -1,8 +1,5 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004-2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2011, 2013-2015 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -17,9 +14,14 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<refentry>
+<!-- Converted by db4-upgrade version 1.0 -->
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.named.conf">
+ <info>
+ <date>2014-01-08</date>
+ </info>
<refentryinfo>
- <date>January 08, 2014</date>
+ <corpname>ISC</corpname>
+ <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
</refentryinfo>
<refmeta>
@@ -45,18 +47,19 @@
<year>2011</year>
<year>2013</year>
<year>2014</year>
+ <year>2015</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
<refsynopsisdiv>
- <cmdsynopsis>
+ <cmdsynopsis sepchar=" ">
<command>named.conf</command>
</cmdsynopsis>
</refsynopsisdiv>
- <refsect1>
- <title>DESCRIPTION</title>
+ <refsection><info><title>DESCRIPTION</title></info>
+
<para><filename>named.conf</filename> is the configuration file
for
<command>named</command>. Statements are enclosed
@@ -73,39 +76,39 @@
<para>
Unix style: # to end of line
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>ACL</title></info>
- <refsect1>
- <title>ACL</title>
- <literallayout>
+ <literallayout class="normal">
acl <replaceable>string</replaceable> { <replaceable>address_match_element</replaceable>; ... };
</literallayout>
- </refsect1>
+ </refsection>
- <refsect1>
- <title>KEY</title>
- <literallayout>
+ <refsection><info><title>KEY</title></info>
+
+ <literallayout class="normal">
key <replaceable>domain_name</replaceable> {
algorithm <replaceable>string</replaceable>;
secret <replaceable>string</replaceable>;
};
</literallayout>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>MASTERS</title></info>
- <refsect1>
- <title>MASTERS</title>
- <literallayout>
+ <literallayout class="normal">
masters <replaceable>string</replaceable> <optional> port <replaceable>integer</replaceable> </optional> {
( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
<replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ) <optional> key <replaceable>string</replaceable> </optional>; ...
};
</literallayout>
- </refsect1>
+ </refsection>
- <refsect1>
- <title>SERVER</title>
- <literallayout>
+ <refsection><info><title>SERVER</title></info>
+
+ <literallayout class="normal">
server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> | <replaceable>ipv6_address<optional>/prefixlen</optional></replaceable> ) {
bogus <replaceable>boolean</replaceable>;
edns <replaceable>boolean</replaceable>;
@@ -124,29 +127,29 @@ server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable>
support-ixfr <replaceable>boolean</replaceable>; // obsolete
};
</literallayout>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>TRUSTED-KEYS</title></info>
- <refsect1>
- <title>TRUSTED-KEYS</title>
- <literallayout>
+ <literallayout class="normal">
trusted-keys {
- <replaceable>domain_name</replaceable> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ...
+ <replaceable>domain_name</replaceable> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ...
};
</literallayout>
- </refsect1>
+ </refsection>
- <refsect1>
- <title>MANAGED-KEYS</title>
- <literallayout>
+ <refsection><info><title>MANAGED-KEYS</title></info>
+
+ <literallayout class="normal">
managed-keys {
- <replaceable>domain_name</replaceable> <constant>initial-key</constant> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ...
+ <replaceable>domain_name</replaceable> <constant>initial-key</constant> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ...
};
</literallayout>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>CONTROLS</title></info>
- <refsect1>
- <title>CONTROLS</title>
- <literallayout>
+ <literallayout class="normal">
controls {
inet ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> | * )
<optional> port ( <replaceable>integer</replaceable> | * ) </optional>
@@ -155,11 +158,11 @@ controls {
unix <replaceable>unsupported</replaceable>; // not implemented
};
</literallayout>
- </refsect1>
+ </refsection>
- <refsect1>
- <title>LOGGING</title>
- <literallayout>
+ <refsection><info><title>LOGGING</title></info>
+
+ <literallayout class="normal">
logging {
channel <replaceable>string</replaceable> {
file <replaceable>log_file</replaceable>;
@@ -174,11 +177,11 @@ logging {
category <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
};
</literallayout>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>LWRES</title></info>
- <refsect1>
- <title>LWRES</title>
- <literallayout>
+ <literallayout class="normal">
lwres {
listen-on <optional> port <replaceable>integer</replaceable> </optional> {
( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
@@ -188,11 +191,11 @@ lwres {
ndots <replaceable>integer</replaceable>;
};
</literallayout>
- </refsect1>
+ </refsection>
- <refsect1>
- <title>OPTIONS</title>
- <literallayout>
+ <refsection><info><title>OPTIONS</title></info>
+
+ <literallayout class="normal">
options {
avoid-v4-udp-ports { <replaceable>port</replaceable>; ... };
avoid-v6-udp-ports { <replaceable>port</replaceable>; ... };
@@ -232,7 +235,6 @@ options {
transfers-per-ns <replaceable>integer</replaceable>;
transfers-in <replaceable>integer</replaceable>;
transfers-out <replaceable>integer</replaceable>;
- use-ixfr <replaceable>boolean</replaceable>;
version ( <replaceable>quoted_string</replaceable> | none );
allow-recursion { <replaceable>address_match_element</replaceable>; ... };
allow-recursion-on { <replaceable>address_match_element</replaceable>; ... };
@@ -392,13 +394,14 @@ options {
serial-queries <replaceable>integer</replaceable>; // obsolete
treat-cr-as-space <replaceable>boolean</replaceable>; // obsolete
use-id-pool <replaceable>boolean</replaceable>; // obsolete
+ use-ixfr <replaceable>boolean</replaceable>; // obsolete
};
</literallayout>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>VIEW</title></info>
- <refsect1>
- <title>VIEW</title>
- <literallayout>
+ <literallayout class="normal">
view <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
match-clients { <replaceable>address_match_element</replaceable>; ... };
match-destinations { <replaceable>address_match_element</replaceable>; ... };
@@ -559,11 +562,11 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
};
</literallayout>
- </refsect1>
+ </refsection>
- <refsect1>
- <title>ZONE</title>
- <literallayout>
+ <refsection><info><title>ZONE</title></info>
+
+ <literallayout class="normal">
zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
type ( master | slave | stub | hint | redirect |
forward | delegation-only );
@@ -657,16 +660,16 @@ zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
pubkey <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>; // obsolete
};
</literallayout>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>FILES</title></info>
- <refsect1>
- <title>FILES</title>
<para><filename>/etc/named.conf</filename>
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>SEE ALSO</title></info>
- <refsect1>
- <title>SEE ALSO</title>
<para><citerefentry>
<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
@@ -678,10 +681,6 @@ zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
</citerefentry>,
<citetitle>BIND 9 Administrator Reference Manual</citetitle>.
</para>
- </refsect1>
+ </refsection>
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->
+</refentry>
diff --git a/bin/named/named.conf.html b/bin/named/named.conf.html
index 0e1d2eb60da3..e21dd36c886f 100644
--- a/bin/named/named.conf.html
+++ b/bin/named/named.conf.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2011, 2013-2015 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -13,15 +13,14 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>named.conf</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476282"></a><div class="titlepage"></div>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
+<a name="man.named.conf"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p><code class="filename">named.conf</code> &#8212; configuration file for named</p>
@@ -30,11 +29,11 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">named.conf</code> </p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543367"></a><h2>DESCRIPTION</h2>
+<div class="refsection">
+<a name="id-1.7"></a><h2>DESCRIPTION</h2>
<p><code class="filename">named.conf</code> is the configuration file
for
- <span><strong class="command">named</strong></span>. Statements are enclosed
+ <span class="command"><strong>named</strong></span>. Statements are enclosed
in braces and terminated with a semi-colon. Clauses in
the statements are also semi-colon terminated. The usual
comment styles are supported:
@@ -49,15 +48,15 @@
Unix style: # to end of line
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543395"></a><h2>ACL</h2>
+<div class="refsection">
+<a name="id-1.8"></a><h2>ACL</h2>
<div class="literallayout"><p><br>
acl <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
<br>
</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543411"></a><h2>KEY</h2>
+<div class="refsection">
+<a name="id-1.9"></a><h2>KEY</h2>
<div class="literallayout"><p><br>
key <em class="replaceable"><code>domain_name</code></em> {<br>
algorithm <em class="replaceable"><code>string</code></em>;<br>
@@ -65,8 +64,8 @@ key <em class="replaceable"><code>domain_name</code></em> {<br>
};<br>
</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543430"></a><h2>MASTERS</h2>
+<div class="refsection">
+<a name="id-1.10"></a><h2>MASTERS</h2>
<div class="literallayout"><p><br>
masters <em class="replaceable"><code>string</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
@@ -74,8 +73,8 @@ masters <em class="replaceable"><code>string</code></em> [<span class="optional"
};<br>
</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543476"></a><h2>SERVER</h2>
+<div class="refsection">
+<a name="id-1.11"></a><h2>SERVER</h2>
<div class="literallayout"><p><br>
server ( <em class="replaceable"><code>ipv4_address[<span class="optional">/prefixlen</span>]</code></em> | <em class="replaceable"><code>ipv6_address[<span class="optional">/prefixlen</span>]</code></em> ) {<br>
bogus <em class="replaceable"><code>boolean</code></em>;<br>
@@ -96,24 +95,24 @@ server ( <em class="replaceable"><code>ipv4_address[<span class="optional">/pref
};<br>
</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543544"></a><h2>TRUSTED-KEYS</h2>
+<div class="refsection">
+<a name="id-1.12"></a><h2>TRUSTED-KEYS</h2>
<div class="literallayout"><p><br>
trusted-keys {<br>
- <em class="replaceable"><code>domain_name</code></em> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ... <br>
+ <em class="replaceable"><code>domain_name</code></em> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ...<br>
};<br>
</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543570"></a><h2>MANAGED-KEYS</h2>
+<div class="refsection">
+<a name="id-1.13"></a><h2>MANAGED-KEYS</h2>
<div class="literallayout"><p><br>
managed-keys {<br>
- <em class="replaceable"><code>domain_name</code></em> <code class="constant">initial-key</code> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ... <br>
+ <em class="replaceable"><code>domain_name</code></em> <code class="constant">initial-key</code> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ...<br>
};<br>
</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543598"></a><h2>CONTROLS</h2>
+<div class="refsection">
+<a name="id-1.14"></a><h2>CONTROLS</h2>
<div class="literallayout"><p><br>
controls {<br>
inet ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
@@ -124,8 +123,8 @@ controls {<br>
};<br>
</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543634"></a><h2>LOGGING</h2>
+<div class="refsection">
+<a name="id-1.15"></a><h2>LOGGING</h2>
<div class="literallayout"><p><br>
logging {<br>
channel <em class="replaceable"><code>string</code></em> {<br>
@@ -142,8 +141,8 @@ logging {<br>
};<br>
</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543672"></a><h2>LWRES</h2>
+<div class="refsection">
+<a name="id-1.16"></a><h2>LWRES</h2>
<div class="literallayout"><p><br>
lwres {<br>
listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
@@ -155,8 +154,8 @@ lwres {<br>
};<br>
</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543714"></a><h2>OPTIONS</h2>
+<div class="refsection">
+<a name="id-1.17"></a><h2>OPTIONS</h2>
<div class="literallayout"><p><br>
options {<br>
avoid-v4-udp-ports { <em class="replaceable"><code>port</code></em>; ... };<br>
@@ -197,7 +196,6 @@ options {<br>
transfers-per-ns <em class="replaceable"><code>integer</code></em>;<br>
transfers-in <em class="replaceable"><code>integer</code></em>;<br>
transfers-out <em class="replaceable"><code>integer</code></em>;<br>
- use-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
version ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
allow-recursion { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
allow-recursion-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
@@ -258,9 +256,9 @@ options {<br>
dns64-server <em class="replaceable"><code>string</code></em>;<br>
dns64-contact <em class="replaceable"><code>string</code></em>;<br>
dns64 <em class="replaceable"><code>prefix</code></em> {<br>
- clients { <font color="red">&lt;replacable&gt;acl&lt;/replacable&gt;</font>; };<br>
- exclude { <font color="red">&lt;replacable&gt;acl&lt;/replacable&gt;</font>; };<br>
- mapped { <font color="red">&lt;replacable&gt;acl&lt;/replacable&gt;</font>; };<br>
+ clients { <span style="color: red">&lt;replacable&gt;acl&lt;/replacable&gt;</span>; };<br>
+ exclude { <span style="color: red">&lt;replacable&gt;acl&lt;/replacable&gt;</span>; };<br>
+ mapped { <span style="color: red">&lt;replacable&gt;acl&lt;/replacable&gt;</span>; };<br>
break-dnssec <em class="replaceable"><code>boolean</code></em>;<br>
recursive-only <em class="replaceable"><code>boolean</code></em>;<br>
suffix <em class="replaceable"><code>ipv6_address</code></em>;<br>
@@ -357,11 +355,12 @@ options {<br>
serial-queries <em class="replaceable"><code>integer</code></em>; // obsolete<br>
treat-cr-as-space <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
use-id-pool <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+ use-ixfr <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
};<br>
</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2544593"></a><h2>VIEW</h2>
+<div class="refsection">
+<a name="id-1.18"></a><h2>VIEW</h2>
<div class="literallayout"><p><br>
view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
match-clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
@@ -445,9 +444,9 @@ view <em class="replaceable"><code>string</code></em> <em class="replaceable"><c
dns64-server <em class="replaceable"><code>string</code></em>;<br>
dns64-contact <em class="replaceable"><code>string</code></em>;<br>
dns64 <em class="replaceable"><code>prefix</code></em> {<br>
- clients { <font color="red">&lt;replacable&gt;acl&lt;/replacable&gt;</font>; };<br>
- exclude { <font color="red">&lt;replacable&gt;acl&lt;/replacable&gt;</font>; };<br>
- mapped { <font color="red">&lt;replacable&gt;acl&lt;/replacable&gt;</font>; };<br>
+ clients { <span style="color: red">&lt;replacable&gt;acl&lt;/replacable&gt;</span>; };<br>
+ exclude { <span style="color: red">&lt;replacable&gt;acl&lt;/replacable&gt;</span>; };<br>
+ mapped { <span style="color: red">&lt;replacable&gt;acl&lt;/replacable&gt;</span>; };<br>
break-dnssec <em class="replaceable"><code>boolean</code></em>;<br>
recursive-only <em class="replaceable"><code>boolean</code></em>;<br>
suffix <em class="replaceable"><code>ipv6_address</code></em>;<br>
@@ -524,8 +523,8 @@ view <em class="replaceable"><code>string</code></em> <em class="replaceable"><c
};<br>
</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2545308"></a><h2>ZONE</h2>
+<div class="refsection">
+<a name="id-1.19"></a><h2>ZONE</h2>
<div class="literallayout"><p><br>
zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
type ( master | slave | stub | hint | redirect |<br>
@@ -621,13 +620,13 @@ zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><c
};<br>
</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2545698"></a><h2>FILES</h2>
+<div class="refsection">
+<a name="id-1.20"></a><h2>FILES</h2>
<p><code class="filename">/etc/named.conf</code>
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2545709"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.21"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
diff --git a/bin/named/named.docbook b/bin/named/named.docbook
index 0ea469d35766..ff6c00f87e46 100644
--- a/bin/named/named.docbook
+++ b/bin/named/named.docbook
@@ -1,6 +1,3 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2004-2009, 2011, 2013-2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
@@ -18,9 +15,14 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<refentry id="man.named">
+<!-- Converted by db4-upgrade version 1.0 -->
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.named">
+ <info>
+ <date>2014-02-20</date>
+ </info>
<refentryinfo>
- <date>February 20, 2014</date>
+ <corpname>ISC</corpname>
+ <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
</refentryinfo>
<refmeta>
@@ -57,32 +59,32 @@
</docinfo>
<refsynopsisdiv>
- <cmdsynopsis>
+ <cmdsynopsis sepchar=" ">
<command>named</command>
- <arg><option>-4</option></arg>
- <arg><option>-6</option></arg>
- <arg><option>-c <replaceable class="parameter">config-file</replaceable></option></arg>
- <arg><option>-d <replaceable class="parameter">debug-level</replaceable></option></arg>
- <arg><option>-E <replaceable class="parameter">engine-name</replaceable></option></arg>
- <arg><option>-f</option></arg>
- <arg><option>-g</option></arg>
- <arg><option>-M <replaceable class="parameter">option</replaceable></option></arg>
- <arg><option>-m <replaceable class="parameter">flag</replaceable></option></arg>
- <arg><option>-n <replaceable class="parameter">#cpus</replaceable></option></arg>
- <arg><option>-p <replaceable class="parameter">port</replaceable></option></arg>
- <arg><option>-s</option></arg>
- <arg><option>-S <replaceable class="parameter">#max-socks</replaceable></option></arg>
- <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
- <arg><option>-U <replaceable class="parameter">#listeners</replaceable></option></arg>
- <arg><option>-u <replaceable class="parameter">user</replaceable></option></arg>
- <arg><option>-v</option></arg>
- <arg><option>-V</option></arg>
- <arg><option>-x <replaceable class="parameter">cache-file</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-4</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-6</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">config-file</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-d <replaceable class="parameter">debug-level</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-E <replaceable class="parameter">engine-name</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-f</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-g</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-M <replaceable class="parameter">option</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-m <replaceable class="parameter">flag</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-n <replaceable class="parameter">#cpus</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-p <replaceable class="parameter">port</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-s</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-S <replaceable class="parameter">#max-socks</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-U <replaceable class="parameter">#listeners</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-u <replaceable class="parameter">user</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-v</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-V</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-x <replaceable class="parameter">cache-file</replaceable></option></arg>
</cmdsynopsis>
</refsynopsisdiv>
- <refsect1>
- <title>DESCRIPTION</title>
+ <refsection><info><title>DESCRIPTION</title></info>
+
<para><command>named</command>
is a Domain Name System (DNS) server,
part of the BIND 9 distribution from ISC. For more
@@ -95,10 +97,10 @@
<filename>/etc/named.conf</filename>, read any initial
data, and listen for queries.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>OPTIONS</title></info>
- <refsect1>
- <title>OPTIONS</title>
<variablelist>
<varlistentry>
@@ -307,11 +309,14 @@
worker threads to listen for incoming UDP packets on each
address. If not specified, <command>named</command> will
calculate a default value based on the number of detected
- CPUs: 1 for 1 CPU, 2 for 2-4 CPUs, and the number of
- detected CPUs divided by 2 for values higher than 4.
+ CPUs: 1 for 1 CPU, and the number of detected CPUs
+ minus one for machines with more than 1 CPU. This cannot
+ be increased to a value higher than the number of CPUs.
If <option>-n</option> has been set to a higher value than
the number of detected CPUs, then <option>-U</option> may
be increased as high as that value, but no higher.
+ On Windows, the number of UDP listeners is hardwired to 1
+ and this option has no effect.
</para>
</listitem>
</varlistentry>
@@ -379,10 +384,10 @@
</variablelist>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>SIGNALS</title></info>
- <refsect1>
- <title>SIGNALS</title>
<para>
In routine operation, signals should not be used to control
the nameserver; <command>rndc</command> should be used
@@ -415,10 +420,10 @@
The result of sending any other signals to the server is undefined.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>CONFIGURATION</title></info>
- <refsect1>
- <title>CONFIGURATION</title>
<para>
The <command>named</command> configuration file is too complex
to describe in detail here. A complete description is provided
@@ -435,10 +440,10 @@
<command>named</command> process.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>FILES</title></info>
- <refsect1>
- <title>FILES</title>
<variablelist>
@@ -462,10 +467,10 @@
</variablelist>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>SEE ALSO</title></info>
- <refsect1>
- <title>SEE ALSO</title>
<para><citetitle>RFC 1033</citetitle>,
<citetitle>RFC 1034</citetitle>,
<citetitle>RFC 1035</citetitle>,
@@ -491,16 +496,6 @@
</citerefentry>,
<citetitle>BIND 9 Administrator Reference Manual</citetitle>.
</para>
- </refsect1>
-
- <refsect1>
- <title>AUTHOR</title>
- <para><corpauthor>Internet Systems Consortium</corpauthor>
- </para>
- </refsect1>
+ </refsection>
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->
+</refentry>
diff --git a/bin/named/named.html b/bin/named/named.html
index 83494ee5d9c0..04a6b19530b0 100644
--- a/bin/named/named.html
+++ b/bin/named/named.html
@@ -14,14 +14,13 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>named</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
<a name="man.named"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -31,24 +30,24 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine-name</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-M <em class="replaceable"><code>option</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-S <em class="replaceable"><code>#max-socks</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-U <em class="replaceable"><code>#listeners</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-V</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543518"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">named</strong></span>
+<div class="refsection">
+<a name="id-1.7"></a><h2>DESCRIPTION</h2>
+<p><span class="command"><strong>named</strong></span>
is a Domain Name System (DNS) server,
part of the BIND 9 distribution from ISC. For more
information on the DNS, see RFCs 1033, 1034, and 1035.
</p>
<p>
- When invoked without arguments, <span><strong class="command">named</strong></span>
+ When invoked without arguments, <span class="command"><strong>named</strong></span>
will
read the default configuration file
<code class="filename">/etc/named.conf</code>, read any initial
data, and listen for queries.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543543"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
+<div class="refsection">
+<a name="id-1.8"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-4</span></dt>
<dd><p>
Use IPv4 only even if the host machine is capable of IPv6.
@@ -76,7 +75,7 @@
<dt><span class="term">-d <em class="replaceable"><code>debug-level</code></em></span></dt>
<dd><p>
Set the daemon's debug level to <em class="replaceable"><code>debug-level</code></em>.
- Debugging traces from <span><strong class="command">named</strong></span> become
+ Debugging traces from <span class="command"><strong>named</strong></span> become
more verbose as the debug level increases.
</p></dd>
<dt><span class="term">-E <em class="replaceable"><code>engine-name</code></em></span></dt>
@@ -119,7 +118,7 @@
<dd><p>
Create <em class="replaceable"><code>#cpus</code></em> worker threads
to take advantage of multiple CPUs. If not specified,
- <span><strong class="command">named</strong></span> will try to determine the
+ <span class="command"><strong>named</strong></span> will try to determine the
number of CPUs present and create one thread per CPU.
If it is unable to determine the number of CPUs, a
single worker thread will be created.
@@ -145,7 +144,7 @@
<dt><span class="term">-S <em class="replaceable"><code>#max-socks</code></em></span></dt>
<dd>
<p>
- Allow <span><strong class="command">named</strong></span> to use up to
+ Allow <span class="command"><strong>named</strong></span> to use up to
<em class="replaceable"><code>#max-socks</code></em> sockets.
</p>
<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
@@ -162,7 +161,7 @@
specified number of sockets.
Note also that the actual maximum number is normally a little
fewer than the specified value because
- <span><strong class="command">named</strong></span> reserves some file descriptors
+ <span class="command"><strong>named</strong></span> reserves some file descriptors
for its internal use.
</p>
</div>
@@ -190,13 +189,16 @@
<dd><p>
Use <em class="replaceable"><code>#listeners</code></em>
worker threads to listen for incoming UDP packets on each
- address. If not specified, <span><strong class="command">named</strong></span> will
+ address. If not specified, <span class="command"><strong>named</strong></span> will
calculate a default value based on the number of detected
- CPUs: 1 for 1 CPU, 2 for 2-4 CPUs, and the number of
- detected CPUs divided by 2 for values higher than 4.
+ CPUs: 1 for 1 CPU, and the number of detected CPUs
+ minus one for machines with more than 1 CPU. This cannot
+ be increased to a value higher than the number of CPUs.
If <code class="option">-n</code> has been set to a higher value than
the number of detected CPUs, then <code class="option">-U</code> may
be increased as high as that value, but no higher.
+ On Windows, the number of UDP listeners is hardwired to 1
+ and this option has no effect.
</p></dd>
<dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt>
<dd>
@@ -208,13 +210,13 @@
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>
- On Linux, <span><strong class="command">named</strong></span> uses the kernel's
+ On Linux, <span class="command"><strong>named</strong></span> uses the kernel's
capability mechanism to drop all root privileges
except the ability to <code class="function">bind(2)</code> to
a
privileged port and set process resource limits.
Unfortunately, this means that the <code class="option">-u</code>
- option only works when <span><strong class="command">named</strong></span> is
+ option only works when <span class="command"><strong>named</strong></span> is
run
on kernel 2.2.18 or later, or kernel 2.3.99-pre3 or
later, since previous kernels did not allow privileges
@@ -247,14 +249,14 @@
</dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2544192"></a><h2>SIGNALS</h2>
+<div class="refsection">
+<a name="id-1.9"></a><h2>SIGNALS</h2>
<p>
In routine operation, signals should not be used to control
- the nameserver; <span><strong class="command">rndc</strong></span> should be used
+ the nameserver; <span class="command"><strong>rndc</strong></span> should be used
instead.
</p>
-<div class="variablelist"><dl>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">SIGHUP</span></dt>
<dd><p>
Force a reload of the server.
@@ -268,26 +270,26 @@
The result of sending any other signals to the server is undefined.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2544308"></a><h2>CONFIGURATION</h2>
+<div class="refsection">
+<a name="id-1.10"></a><h2>CONFIGURATION</h2>
<p>
- The <span><strong class="command">named</strong></span> configuration file is too complex
+ The <span class="command"><strong>named</strong></span> configuration file is too complex
to describe in detail here. A complete description is provided
in the
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
<p>
- <span><strong class="command">named</strong></span> inherits the <code class="function">umask</code>
+ <span class="command"><strong>named</strong></span> inherits the <code class="function">umask</code>
(file creation mode mask) from the parent process. If files
- created by <span><strong class="command">named</strong></span>, such as journal files,
+ created by <span class="command"><strong>named</strong></span>, such as journal files,
need to have custom permissions, the <code class="function">umask</code>
should be set explicitly in the script used to start the
- <span><strong class="command">named</strong></span> process.
+ <span class="command"><strong>named</strong></span> process.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2544344"></a><h2>FILES</h2>
-<div class="variablelist"><dl>
+<div class="refsection">
+<a name="id-1.11"></a><h2>FILES</h2>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term"><code class="filename">/etc/named.conf</code></span></dt>
<dd><p>
The default configuration file.
@@ -298,8 +300,8 @@
</p></dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2544384"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.12"></a><h2>SEE ALSO</h2>
<p><em class="citetitle">RFC 1033</em>,
<em class="citetitle">RFC 1034</em>,
<em class="citetitle">RFC 1035</em>,
@@ -311,10 +313,5 @@
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2544454"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
- </p>
-</div>
</div></body>
</html>
diff --git a/bin/named/query.c b/bin/named/query.c
index 8df3c714514a..d780671eb539 100644
--- a/bin/named/query.c
+++ b/bin/named/query.c
@@ -26,6 +26,7 @@
#include <isc/print.h>
#include <isc/serial.h>
#include <isc/stats.h>
+#include <isc/thread.h>
#include <isc/util.h>
#include <dns/adb.h>
@@ -90,6 +91,9 @@
/*% Want Recursion? */
#define WANTRECURSION(c) (((c)->query.attributes & \
NS_QUERYATTR_WANTRECURSION) != 0)
+/*% Is TCP? */
+#define TCP(c) (((c)->attributes & NS_CLIENTATTR_TCP) != 0)
+
/*% Want DNSSEC? */
#define WANTDNSSEC(c) (((c)->attributes & \
NS_CLIENTATTR_WANTDNSSEC) != 0)
@@ -118,26 +122,37 @@
DNS_RDATASETATTR_NOQNAME) != 0)
#ifdef WANT_QUERYTRACE
-#define CTRACE(l,m) do { \
- if (client != NULL && client->query.qname != NULL) { \
- if (isc_log_wouldlog(ns_g_lctx, l)) { \
- char qbuf[DNS_NAME_FORMATSIZE]; \
- dns_name_format(client->query.qname, \
- qbuf, sizeof(qbuf)); \
- isc_log_write(ns_g_lctx, \
- NS_LOGCATEGORY_CLIENT, \
- NS_LOGMODULE_QUERY, \
- l, "client %p (%s): %s", \
- client, qbuf, (m)); \
- } \
- } else { \
- isc_log_write(ns_g_lctx, \
- NS_LOGCATEGORY_CLIENT, \
- NS_LOGMODULE_QUERY, \
- l, "client %p (<unknown-name>): %s", \
- client, (m)); \
- } \
-} while(0)
+static inline void
+client_trace(ns_client_t *client, int level, const char *message) {
+ if (client != NULL && client->query.qname != NULL) {
+ if (isc_log_wouldlog(ns_g_lctx, level)) {
+ char qbuf[DNS_NAME_FORMATSIZE];
+ char tbuf[DNS_RDATATYPE_FORMATSIZE];
+ dns_name_format(client->query.qname,
+ qbuf, sizeof(qbuf));
+ dns_rdatatype_format(client->query.qtype,
+ tbuf, sizeof(tbuf));
+ isc_log_write(ns_g_lctx,
+ NS_LOGCATEGORY_CLIENT,
+ NS_LOGMODULE_QUERY, level,
+ "query client=%p thread=0x%lx "
+ "(%s/%s): %s",
+ client,
+ (unsigned long) isc_thread_self(),
+ qbuf, tbuf, message);
+ }
+ } else {
+ isc_log_write(ns_g_lctx,
+ NS_LOGCATEGORY_CLIENT,
+ NS_LOGMODULE_QUERY, level,
+ "query client=%p thread=0x%lx "
+ "(<unknown-query>): %s",
+ client,
+ (unsigned long) isc_thread_self(),
+ message);
+ }
+}
+#define CTRACE(l,m) client_trace(client, l, m)
#else
#define CTRACE(l,m) ((void)m)
#endif /* WANT_QUERYTRACE */
@@ -330,6 +345,8 @@ query_reset(ns_client_t *client, isc_boolean_t everything) {
isc_buffer_t *dbuf, *dbuf_next;
ns_dbversion_t *dbversion, *dbversion_next;
+ CTRACE(ISC_LOG_DEBUG(3), "query_reset");
+
/*%
* Reset the query state of a client to its default state.
*/
@@ -471,7 +488,7 @@ query_getnamebuf(ns_client_t *client) {
dbuf = ISC_LIST_TAIL(client->query.namebufs);
INSIST(dbuf != NULL);
isc_buffer_availableregion(dbuf, &r);
- if (r.length < 255) {
+ if (r.length < DNS_NAME_MAXWIRE) {
result = query_newnamebuf(client);
if (result != ISC_R_SUCCESS) {
CTRACE(ISC_LOG_DEBUG(3),
@@ -951,7 +968,7 @@ rpz_log_fail(ns_client_t *client, int level,
*/
dns_name_format(client->query.qname, namebuf1, sizeof(namebuf1));
dns_name_format(name, namebuf2, sizeof(namebuf2));
- ns_client_log(client, NS_LOGCATEGORY_QUERY_EERRORS,
+ ns_client_log(client, NS_LOGCATEGORY_QUERY_ERRORS,
NS_LOGMODULE_QUERY, level,
"rpz %s rewrite %s via %s %sfailed: %s",
dns_rpz_type2str(rpz_type),
@@ -3732,7 +3749,7 @@ query_resume(isc_task_t *task, isc_event_t *event) {
ns_client_t *client;
isc_boolean_t fetch_canceled, client_shuttingdown;
isc_result_t result;
- isc_logcategory_t *logcategory = NS_LOGCATEGORY_QUERY_EERRORS;
+ isc_logcategory_t *logcategory = NS_LOGCATEGORY_QUERY_ERRORS;
int errorloglevel;
/*
@@ -4419,8 +4436,6 @@ rpz_find(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qnamef,
policy = DNS_RPZ_POLICY_MISS;
break;
default:
- dns_db_detach(dbp);
- dns_zone_detach(zonep);
rpz_log_fail(client, DNS_RPZ_ERROR_LEVEL, rpz_type, qnamef,
"", result);
CTRACE(ISC_LOG_ERROR,
@@ -5668,6 +5683,10 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
isc_boolean_t associated;
dns_section_t section;
dns_ttl_t ttl;
+#ifdef WANT_QUERYTRACE
+ char mbuf[BUFSIZ];
+ char qbuf[DNS_NAME_FORMATSIZE];
+#endif
CTRACE(ISC_LOG_DEBUG(3), "query_find");
@@ -5702,6 +5721,25 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
dns_clientinfomethods_init(&cm, ns_client_sourceip);
dns_clientinfo_init(&ci, client);
+#ifdef WANT_QUERYTRACE
+ if (client->query.origqname != NULL)
+ dns_name_format(client->query.origqname, qbuf,
+ sizeof(qbuf));
+ else
+ snprintf(qbuf, sizeof(qbuf), "<unset>");
+
+ snprintf(mbuf, sizeof(mbuf) - 1,
+ "client attr:0x%x, query attr:0x%X, restarts:%d, "
+ "origqname:%s, timer:%d, authdb:%d, referral:%d",
+ client->attributes,
+ client->query.attributes,
+ client->query.restarts, qbuf,
+ (int) client->query.timerset,
+ (int) client->query.authdbset,
+ (int) client->query.isreferral);
+ CTRACE(ISC_LOG_DEBUG(3), mbuf);
+#endif
+
if (event != NULL) {
/*
* We're returning from recursion. Restore the query context
@@ -5711,7 +5749,33 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
rpz_st = client->query.rpz_st;
if (rpz_st != NULL &&
- (rpz_st->state & DNS_RPZ_RECURSING) != 0) {
+ (rpz_st->state & DNS_RPZ_RECURSING) != 0)
+ {
+ CTRACE(ISC_LOG_DEBUG(3), "resume from RPZ recursion");
+#ifdef WANT_QUERYTRACE
+ {
+ char rbuf[DNS_NAME_FORMATSIZE] = "<unset>";
+ char fbuf[DNS_NAME_FORMATSIZE] = "<unset>";
+ if (rpz_st->qname != NULL)
+ dns_name_format(rpz_st->qname,
+ qbuf, sizeof(qbuf));
+ else
+ snprintf(qbuf, sizeof(qbuf),
+ "<unset>");
+ if (rpz_st->r_name != NULL)
+ dns_name_format(rpz_st->r_name,
+ rbuf, sizeof(rbuf));
+ if (rpz_st->fname != NULL)
+ dns_name_format(rpz_st->fname,
+ fbuf, sizeof(fbuf));
+
+ snprintf(mbuf, sizeof(mbuf) - 1,
+ "rpz qname %s, rname:%s, fname:%s",
+ qbuf, rbuf, fbuf);
+ CTRACE(ISC_LOG_DEBUG(3), mbuf);
+ }
+#endif
+
is_zone = rpz_st->q.is_zone;
authoritative = rpz_st->q.authoritative;
zone = rpz_st->q.zone;
@@ -5741,6 +5805,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
rdataset = event->rdataset;
sigrdataset = event->sigrdataset;
}
+ INSIST(rdataset != NULL);
if (qtype == dns_rdatatype_rrsig || qtype == dns_rdatatype_sig)
type = dns_rdatatype_any;
@@ -5846,11 +5911,14 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
options |= DNS_GETDB_NOEXACT;
result = query_getdb(client, client->query.qname, qtype, options,
&zone, &db, &version, &is_zone);
- if ((result != ISC_R_SUCCESS || !is_zone) && !RECURSIONOK(client) &&
- (options & DNS_GETDB_NOEXACT) != 0 && qtype == dns_rdatatype_ds) {
+ if (ISC_UNLIKELY((result != ISC_R_SUCCESS || !is_zone) &&
+ qtype == dns_rdatatype_ds &&
+ !RECURSIONOK(client) &&
+ (options & DNS_GETDB_NOEXACT) != 0))
+ {
/*
- * Look to see if we are authoritative for the
- * child zone if the query type is DS.
+ * If the query type is DS, look to see if we are
+ * authoritative for the child zone.
*/
dns_db_t *tdb = NULL;
dns_zone_t *tzone = NULL;
@@ -5923,7 +5991,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
* We'll need some resources...
*/
dbuf = query_getnamebuf(client);
- if (dbuf == NULL) {
+ if (ISC_UNLIKELY(dbuf == NULL)) {
CTRACE(ISC_LOG_ERROR,
"query_find: query_getnamebuf failed (2)");
QUERY_ERROR(DNS_R_SERVFAIL);
@@ -5931,7 +5999,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
}
fname = query_newname(client, dbuf, &b);
rdataset = query_newrdataset(client);
- if (fname == NULL || rdataset == NULL) {
+ if (ISC_UNLIKELY(fname == NULL || rdataset == NULL)) {
CTRACE(ISC_LOG_ERROR,
"query_find: query_newname failed (2)");
QUERY_ERROR(DNS_R_SERVFAIL);
@@ -6072,7 +6140,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
inc_stats(client,
dns_nsstatscounter_rateslipped);
client->message->flags |=
- DNS_MESSAGEFLAG_TC;
+ DNS_MESSAGEFLAG_TC;
if (resp_result == DNS_R_NXDOMAIN)
client->message->rcode =
dns_rcode_nxdomain;
@@ -7737,7 +7805,7 @@ log_queryerror(ns_client_t *client, isc_result_t result, int line, int level) {
}
}
- ns_client_log(client, NS_LOGCATEGORY_QUERY_EERRORS, NS_LOGMODULE_QUERY,
+ ns_client_log(client, NS_LOGCATEGORY_QUERY_ERRORS, NS_LOGMODULE_QUERY,
level, "query failed (%s)%s%s%s%s%s%s at %s:%d",
isc_result_totext(result), sep1, namep, sep2,
classp, sep2, typep, __FILE__, line);
@@ -7758,8 +7826,16 @@ ns_query_start(ns_client_t *client) {
/*
* Test only.
*/
- if (ns_g_clienttest && (client->attributes & NS_CLIENTATTR_TCP) == 0)
- RUNTIME_CHECK(ns_client_replace(client) == ISC_R_SUCCESS);
+ if (ns_g_clienttest && !TCP(client)) {
+ result = ns_client_replace(client);
+ if (result == ISC_R_SHUTTINGDOWN) {
+ ns_client_next(client, result);
+ return;
+ } else if (result != ISC_R_SUCCESS) {
+ query_error(client, result, __LINE__);
+ return;
+ }
+ }
/*
* Ensure that appropriate cleanups occur.
@@ -7806,6 +7882,14 @@ ns_query_start(ns_client_t *client) {
}
/*
+ * Check for multiple question queries, since edns1 is dead.
+ */
+ if (message->counts[DNS_SECTION_QUESTION] > 1) {
+ query_error(client, DNS_R_FORMERR, __LINE__);
+ return;
+ }
+
+ /*
* Get the question name.
*/
result = dns_message_firstname(message, DNS_SECTION_QUESTION);
@@ -7833,19 +7917,11 @@ ns_query_start(ns_client_t *client) {
log_query(client, saved_flags, saved_extflags);
/*
- * Check for multiple question queries, since edns1 is dead.
- */
- if (message->counts[DNS_SECTION_QUESTION] > 1) {
- query_error(client, DNS_R_FORMERR, __LINE__);
- return;
- }
-
- /*
* Check for meta-queries like IXFR and AXFR.
*/
rdataset = ISC_LIST_HEAD(client->query.qname->list);
INSIST(rdataset != NULL);
- qtype = rdataset->type;
+ client->query.qtype = qtype = rdataset->type;
dns_rdatatypestats_increment(ns_g_server->rcvquerystats, qtype);
if (dns_rdatatype_ismeta(qtype)) {
diff --git a/bin/named/server.c b/bin/named/server.c
index d7d1a59fc16c..e6a1651f22d6 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -188,6 +188,7 @@ struct ns_cache {
dns_view_t *primaryview;
isc_boolean_t needflush;
isc_boolean_t adbsizeadjusted;
+ dns_rdataclass_t rdclass;
ISC_LINK(ns_cache_t) link;
};
@@ -1388,13 +1389,16 @@ setquerystats(dns_zone_t *zone, isc_mem_t *mctx, dns_zonestat_level_t level) {
}
static ns_cache_t *
-cachelist_find(ns_cachelist_t *cachelist, const char *cachename) {
+cachelist_find(ns_cachelist_t *cachelist, const char *cachename,
+ dns_rdataclass_t rdclass)
+{
ns_cache_t *nsc;
for (nsc = ISC_LIST_HEAD(*cachelist);
nsc != NULL;
nsc = ISC_LIST_NEXT(nsc, link)) {
- if (strcmp(dns_cache_getname(nsc->cache), cachename) == 0)
+ if (nsc->rdclass == rdclass &&
+ strcmp(dns_cache_getname(nsc->cache), cachename) == 0)
return (nsc);
}
@@ -1405,7 +1409,8 @@ static isc_boolean_t
cache_reusable(dns_view_t *originview, dns_view_t *view,
isc_boolean_t new_zero_no_soattl)
{
- if (originview->checknames != view->checknames ||
+ if (originview->rdclass != view->rdclass ||
+ originview->checknames != view->checknames ||
dns_resolver_getzeronosoattl(originview->resolver) !=
new_zero_no_soattl ||
originview->acceptexpired != view->acceptexpired ||
@@ -2595,7 +2600,7 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
else
cachename = view->name;
cache = NULL;
- nsc = cachelist_find(cachelist, cachename);
+ nsc = cachelist_find(cachelist, cachename, view->rdclass);
if (nsc != NULL) {
if (!cache_sharable(nsc->primaryview, view, zero_no_soattl,
cleaning_interval, max_cache_size)) {
@@ -2677,6 +2682,7 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
nsc->primaryview = view;
nsc->needflush = ISC_FALSE;
nsc->adbsizeadjusted = ISC_FALSE;
+ nsc->rdclass = view->rdclass;
ISC_LINK_INIT(nsc, link);
ISC_LIST_APPEND(*cachelist, nsc, link);
}
@@ -3760,8 +3766,15 @@ get_viewinfo(const cfg_obj_t *vconfig, const char **namep,
viewname = cfg_obj_asstring(cfg_tuple_get(vconfig, "name"));
classobj = cfg_tuple_get(vconfig, "class");
- result = ns_config_getclass(classobj, dns_rdataclass_in,
- &viewclass);
+ CHECK(ns_config_getclass(classobj, dns_rdataclass_in,
+ &viewclass));
+ if (dns_rdataclass_ismeta(viewclass)) {
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
+ "view '%s': class must not be meta",
+ viewname);
+ CHECK(ISC_R_FAILURE);
+ }
} else {
viewname = "_default";
viewclass = dns_rdataclass_in;
@@ -3770,6 +3783,7 @@ get_viewinfo(const cfg_obj_t *vconfig, const char **namep,
*namep = viewname;
*classp = viewclass;
+cleanup:
return (result);
}
@@ -6603,28 +6617,61 @@ ns_server_reloadwanted(ns_server_t *server) {
}
static char *
-next_token(char **stringp, const char *delim) {
- char *res;
+next_token(isc_lex_t *lex, isc_buffer_t *text) {
+ isc_result_t result;
+ isc_token_t token;
- do {
- res = strsep(stringp, delim);
- if (res == NULL)
- break;
- } while (*res == '\0');
- return (res);
+ token.type = isc_tokentype_unknown;
+ result = isc_lex_gettoken(lex, ISC_LEXOPT_EOF|ISC_LEXOPT_QSTRING,
+ &token);
+
+ switch (result) {
+ case ISC_R_NOMORE:
+ (void) isc_lex_close(lex);
+ break;
+ case ISC_R_SUCCESS:
+ if (token.type == isc_tokentype_eof)
+ (void) isc_lex_close(lex);
+ break;
+ case ISC_R_NOSPACE:
+ if (text != NULL) {
+ (void) putstr(text, "token too large");
+ (void) putnull(text);
+ }
+ return (NULL);
+ default:
+ if (text != NULL) {
+ (void) putstr(text, isc_result_totext(result));
+ (void) putnull(text);
+ }
+ return (NULL);
+ }
+
+ if (token.type == isc_tokentype_string ||
+ token.type == isc_tokentype_qstring)
+ return (token.value.as_textregion.base);
+
+ return (NULL);
}
/*
- * Find the zone specified in the control channel command 'args',
- * if any. If a zone is specified, point '*zonep' at it, otherwise
- * set '*zonep' to NULL.
+ * Find the zone specified in the control channel command, if any.
+ * If a zone is specified, point '*zonep' at it, otherwise
+ * set '*zonep' to NULL, and f 'zonename' is not NULL, copy
+ * the zone name into it (N.B. 'zonename' must have space to hold
+ * a full DNS name).
+ *
+ * If 'zonetxt' is set, the caller has already pulled a token
+ * off the command line that is to be used as the zone name. (This
+ * is sometimes done when it's necessary to check for an optional
+ * argument before the zone name, as in "rndc sync [-clean] zone".)
*/
static isc_result_t
-zone_from_args(ns_server_t *server, char *args, const char *zonetxt,
- dns_zone_t **zonep, const char **zonename,
+zone_from_args(ns_server_t *server, isc_lex_t *lex, const char *zonetxt,
+ dns_zone_t **zonep, char *zonename,
isc_buffer_t *text, isc_boolean_t skip)
{
- char *input, *ptr;
+ char *ptr;
char *classtxt;
const char *viewtxt = NULL;
dns_fixedname_t fname;
@@ -6633,43 +6680,42 @@ zone_from_args(ns_server_t *server, char *args, const char *zonetxt,
dns_view_t *view = NULL;
dns_rdataclass_t rdclass;
char problem[DNS_NAME_FORMATSIZE + 500] = "";
+ char zonebuf[DNS_NAME_FORMATSIZE];
REQUIRE(zonep != NULL && *zonep == NULL);
- REQUIRE(zonename == NULL || *zonename == NULL);
-
- input = args;
if (skip) {
/* Skip the command name. */
- ptr = next_token(&input, " \t");
+ ptr = next_token(lex, text);
if (ptr == NULL)
return (ISC_R_UNEXPECTEDEND);
}
/* Look for the zone name. */
if (zonetxt == NULL)
- zonetxt = next_token(&input, " \t");
+ zonetxt = next_token(lex, text);
if (zonetxt == NULL)
return (ISC_R_SUCCESS);
- if (zonename != NULL)
- *zonename = zonetxt;
- /* Look for the optional class name. */
- classtxt = next_token(&input, " \t");
- if (classtxt != NULL) {
- /* Look for the optional view name. */
- viewtxt = next_token(&input, " \t");
- }
+ /* Copy zonetxt because it'll be overwritten by next_token() */
+ strlcpy(zonebuf, zonetxt, DNS_NAME_FORMATSIZE);
+ if (zonename != NULL)
+ strlcpy(zonename, zonetxt, DNS_NAME_FORMATSIZE);
dns_fixedname_init(&fname);
name = dns_fixedname_name(&fname);
- CHECK(dns_name_fromstring(name, zonetxt, 0, NULL));
+ CHECK(dns_name_fromstring(name, zonebuf, 0, NULL));
+ /* Look for the optional class name. */
+ classtxt = next_token(lex, text);
if (classtxt != NULL) {
isc_textregion_t r;
r.base = classtxt;
r.length = strlen(classtxt);
CHECK(dns_rdataclass_fromtext(&rdclass, &r));
+
+ /* Look for the optional view name. */
+ viewtxt = next_token(lex, text);
} else
rdclass = dns_rdataclass_in;
@@ -6680,11 +6726,11 @@ zone_from_args(ns_server_t *server, char *args, const char *zonetxt,
if (result == ISC_R_NOTFOUND)
snprintf(problem, sizeof(problem),
"no matching zone '%s' in any view",
- zonetxt);
+ zonebuf);
else if (result == ISC_R_MULTIPLE)
snprintf(problem, sizeof(problem),
"zone '%s' was found in multiple views",
- zonetxt);
+ zonebuf);
} else {
result = dns_viewlist_find(&server->viewlist, viewtxt,
rdclass, &view);
@@ -6698,7 +6744,7 @@ zone_from_args(ns_server_t *server, char *args, const char *zonetxt,
if (result != ISC_R_SUCCESS)
snprintf(problem, sizeof(problem),
"no matching zone '%s' in view '%s'",
- zonetxt, viewtxt);
+ zonebuf, viewtxt);
}
/* Partial match? */
@@ -6726,7 +6772,7 @@ zone_from_args(ns_server_t *server, char *args, const char *zonetxt,
* Act on a "retransfer" command from the command channel.
*/
isc_result_t
-ns_server_retransfercommand(ns_server_t *server, char *args,
+ns_server_retransfercommand(ns_server_t *server, isc_lex_t *lex,
isc_buffer_t *text)
{
isc_result_t result;
@@ -6734,7 +6780,7 @@ ns_server_retransfercommand(ns_server_t *server, char *args,
dns_zone_t *raw = NULL;
dns_zonetype_t type;
- result = zone_from_args(server, args, NULL, &zone, NULL,
+ result = zone_from_args(server, lex, NULL, &zone, NULL,
text, ISC_TRUE);
if (result != ISC_R_SUCCESS)
return (result);
@@ -6759,13 +6805,15 @@ ns_server_retransfercommand(ns_server_t *server, char *args,
* Act on a "reload" command from the command channel.
*/
isc_result_t
-ns_server_reloadcommand(ns_server_t *server, char *args, isc_buffer_t *text) {
+ns_server_reloadcommand(ns_server_t *server, isc_lex_t *lex,
+ isc_buffer_t *text)
+{
isc_result_t result;
dns_zone_t *zone = NULL;
dns_zonetype_t type;
const char *msg = NULL;
- result = zone_from_args(server, args, NULL, &zone, NULL,
+ result = zone_from_args(server, lex, NULL, &zone, NULL,
text, ISC_TRUE);
if (result != ISC_R_SUCCESS)
return (result);
@@ -6833,12 +6881,14 @@ cleanup:
* Act on a "notify" command from the command channel.
*/
isc_result_t
-ns_server_notifycommand(ns_server_t *server, char *args, isc_buffer_t *text) {
+ns_server_notifycommand(ns_server_t *server, isc_lex_t *lex,
+ isc_buffer_t *text)
+{
isc_result_t result;
dns_zone_t *zone = NULL;
const unsigned char msg[] = "zone notify queued";
- result = zone_from_args(server, args, NULL, &zone, NULL,
+ result = zone_from_args(server, lex, NULL, &zone, NULL,
text, ISC_TRUE);
if (result != ISC_R_SUCCESS)
return (result);
@@ -6857,14 +6907,16 @@ ns_server_notifycommand(ns_server_t *server, char *args, isc_buffer_t *text) {
* Act on a "refresh" command from the command channel.
*/
isc_result_t
-ns_server_refreshcommand(ns_server_t *server, char *args, isc_buffer_t *text) {
+ns_server_refreshcommand(ns_server_t *server, isc_lex_t *lex,
+ isc_buffer_t *text)
+{
isc_result_t result;
dns_zone_t *zone = NULL, *raw = NULL;
const unsigned char msg1[] = "zone refresh queued";
const unsigned char msg2[] = "not a slave or stub zone";
dns_zonetype_t type;
- result = zone_from_args(server, args, NULL, &zone, NULL,
+ result = zone_from_args(server, lex, NULL, &zone, NULL,
text, ISC_TRUE);
if (result != ISC_R_SUCCESS)
return (result);
@@ -6894,16 +6946,16 @@ ns_server_refreshcommand(ns_server_t *server, char *args, isc_buffer_t *text) {
}
isc_result_t
-ns_server_togglequerylog(ns_server_t *server, char *args) {
+ns_server_togglequerylog(ns_server_t *server, isc_lex_t *lex) {
isc_boolean_t value;
char *ptr;
/* Skip the command name. */
- ptr = next_token(&args, " \t");
+ ptr = next_token(lex, NULL);
if (ptr == NULL)
return (ISC_R_UNEXPECTEDEND);
- ptr = next_token(&args, " \t");
+ ptr = next_token(lex, NULL);
if (ptr == NULL)
value = server->log_queries ? ISC_FALSE : ISC_TRUE;
else if (strcasecmp(ptr, "yes") == 0 || strcasecmp(ptr, "on") == 0)
@@ -7239,7 +7291,7 @@ dumpdone(void *arg, isc_result_t result) {
}
isc_result_t
-ns_server_dumpdb(ns_server_t *server, char *args) {
+ns_server_dumpdb(ns_server_t *server, isc_lex_t *lex) {
struct dumpcontext *dctx = NULL;
dns_view_t *view;
isc_result_t result;
@@ -7247,7 +7299,7 @@ ns_server_dumpdb(ns_server_t *server, char *args) {
const char *sep;
/* Skip the command name. */
- ptr = next_token(&args, " \t");
+ ptr = next_token(lex, NULL);
if (ptr == NULL)
return (ISC_R_UNEXPECTEDEND);
@@ -7275,37 +7327,37 @@ ns_server_dumpdb(ns_server_t *server, char *args) {
CHECKMF(isc_stdio_open(server->dumpfile, "w", &dctx->fp),
"could not open dump file", server->dumpfile);
- sep = (args == NULL) ? "" : ": ";
+ ptr = next_token(lex, NULL);
+ sep = (ptr == NULL) ? "" : ": ";
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
- "dumpdb started%s%s", sep, (args != NULL) ? args : "");
+ "dumpdb started%s%s", sep, (ptr != NULL) ? ptr : "");
- ptr = next_token(&args, " \t");
if (ptr != NULL && strcmp(ptr, "-all") == 0) {
/* also dump zones */
dctx->dumpzones = ISC_TRUE;
- ptr = next_token(&args, " \t");
+ ptr = next_token(lex, NULL);
} else if (ptr != NULL && strcmp(ptr, "-cache") == 0) {
/* this is the default */
- ptr = next_token(&args, " \t");
+ ptr = next_token(lex, NULL);
} else if (ptr != NULL && strcmp(ptr, "-zones") == 0) {
/* only dump zones, suppress caches */
dctx->dumpadb = ISC_FALSE;
dctx->dumpbad = ISC_FALSE;
dctx->dumpcache = ISC_FALSE;
dctx->dumpzones = ISC_TRUE;
- ptr = next_token(&args, " \t");
+ ptr = next_token(lex, NULL);
#ifdef ENABLE_FETCHLIMIT
} else if (ptr != NULL && strcmp(ptr, "-adb") == 0) {
/* only dump adb, suppress other caches */
dctx->dumpbad = ISC_FALSE;
dctx->dumpcache = ISC_FALSE;
- ptr = next_token(&args, " \t");
+ ptr = next_token(lex, NULL);
} else if (ptr != NULL && strcmp(ptr, "-bad") == 0) {
/* only dump badcache, suppress other caches */
dctx->dumpadb = ISC_FALSE;
dctx->dumpcache = ISC_FALSE;
- ptr = next_token(&args, " \t");
+ ptr = next_token(lex, NULL);
#endif /* ENABLE_FETCHLIMIT */
}
@@ -7319,7 +7371,7 @@ ns_server_dumpdb(ns_server_t *server, char *args) {
CHECK(add_view_tolist(dctx, view));
}
if (ptr != NULL) {
- ptr = next_token(&args, " \t");
+ ptr = next_token(lex, NULL);
if (ptr != NULL)
goto nextview;
}
@@ -7333,7 +7385,7 @@ ns_server_dumpdb(ns_server_t *server, char *args) {
}
isc_result_t
-ns_server_dumpsecroots(ns_server_t *server, char *args) {
+ns_server_dumpsecroots(ns_server_t *server, isc_lex_t *lex) {
dns_view_t *view;
dns_keytable_t *secroots = NULL;
isc_result_t result;
@@ -7343,11 +7395,11 @@ ns_server_dumpsecroots(ns_server_t *server, char *args) {
char tbuf[64];
/* Skip the command name. */
- ptr = next_token(&args, " \t");
+ ptr = next_token(lex, NULL);
if (ptr == NULL)
return (ISC_R_UNEXPECTEDEND);
- ptr = next_token(&args, " \t");
+ ptr = next_token(lex, NULL);
CHECKMF(isc_stdio_open(server->secrootsfile, "w", &fp),
"could not open secroots dump file", server->secrootsfile);
@@ -7376,7 +7428,7 @@ ns_server_dumpsecroots(ns_server_t *server, char *args) {
isc_result_totext(result));
}
if (ptr != NULL)
- ptr = next_token(&args, " \t");
+ ptr = next_token(lex, NULL);
} while (ptr != NULL);
cleanup:
@@ -7438,26 +7490,25 @@ ns_server_dumprecursing(ns_server_t *server) {
}
isc_result_t
-ns_server_setdebuglevel(ns_server_t *server, char *args) {
+ns_server_setdebuglevel(ns_server_t *server, isc_lex_t *lex) {
char *ptr;
- char *levelstr;
char *endp;
long newlevel;
UNUSED(server);
/* Skip the command name. */
- ptr = next_token(&args, " \t");
+ ptr = next_token(lex, NULL);
if (ptr == NULL)
return (ISC_R_UNEXPECTEDEND);
/* Look for the new level name. */
- levelstr = next_token(&args, " \t");
- if (levelstr == NULL) {
+ ptr = next_token(lex, NULL);
+ if (ptr == NULL) {
if (ns_g_debuglevel < 99)
ns_g_debuglevel++;
} else {
- newlevel = strtol(levelstr, &endp, 10);
+ newlevel = strtol(ptr, &endp, 10);
if (*endp != '\0' || newlevel < 0 || newlevel > 99)
return (ISC_R_RANGE);
ns_g_debuglevel = (unsigned int)newlevel;
@@ -7470,20 +7521,20 @@ ns_server_setdebuglevel(ns_server_t *server, char *args) {
}
isc_result_t
-ns_server_validation(ns_server_t *server, char *args) {
- char *ptr, *viewname;
+ns_server_validation(ns_server_t *server, isc_lex_t *lex) {
+ char *ptr;
dns_view_t *view;
isc_boolean_t changed = ISC_FALSE;
isc_result_t result;
isc_boolean_t enable;
/* Skip the command name. */
- ptr = next_token(&args, " \t");
+ ptr = next_token(lex, NULL);
if (ptr == NULL)
return (ISC_R_UNEXPECTEDEND);
/* Find out what we are to do. */
- ptr = next_token(&args, " \t");
+ ptr = next_token(lex, NULL);
if (ptr == NULL)
return (ISC_R_UNEXPECTEDEND);
@@ -7497,7 +7548,7 @@ ns_server_validation(ns_server_t *server, char *args) {
return (DNS_R_SYNTAX);
/* Look for the view name. */
- viewname = next_token(&args, " \t");
+ ptr = next_token(lex, NULL);
result = isc_task_beginexclusive(server->task);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
@@ -7505,7 +7556,7 @@ ns_server_validation(ns_server_t *server, char *args) {
view != NULL;
view = ISC_LIST_NEXT(view, link))
{
- if (viewname != NULL && strcasecmp(viewname, view->name) != 0)
+ if (ptr != NULL && strcasecmp(ptr, view->name) != 0)
continue;
result = dns_view_flushcache(view);
if (result != ISC_R_SUCCESS)
@@ -7523,8 +7574,8 @@ ns_server_validation(ns_server_t *server, char *args) {
}
isc_result_t
-ns_server_flushcache(ns_server_t *server, char *args) {
- char *ptr, *viewname;
+ns_server_flushcache(ns_server_t *server, isc_lex_t *lex) {
+ char *ptr;
dns_view_t *view;
isc_boolean_t flushed;
isc_boolean_t found;
@@ -7532,12 +7583,12 @@ ns_server_flushcache(ns_server_t *server, char *args) {
ns_cache_t *nsc;
/* Skip the command name. */
- ptr = next_token(&args, " \t");
+ ptr = next_token(lex, NULL);
if (ptr == NULL)
return (ISC_R_UNEXPECTEDEND);
/* Look for the view name. */
- viewname = next_token(&args, " \t");
+ ptr = next_token(lex, NULL);
result = isc_task_beginexclusive(server->task);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
@@ -7550,7 +7601,7 @@ ns_server_flushcache(ns_server_t *server, char *args) {
* list, flush these caches, and then update other views that refer to
* the flushed cache DB.
*/
- if (viewname != NULL) {
+ if (ptr != NULL) {
/*
* Mark caches that need to be flushed. This is an O(#view^2)
* operation in the very worst case, but should be normally
@@ -7561,7 +7612,7 @@ ns_server_flushcache(ns_server_t *server, char *args) {
view != NULL;
view = ISC_LIST_NEXT(view, link))
{
- if (strcasecmp(viewname, view->name) != 0)
+ if (strcasecmp(ptr, view->name) != 0)
continue;
found = ISC_TRUE;
for (nsc = ISC_LIST_HEAD(server->cachelist);
@@ -7580,7 +7631,7 @@ ns_server_flushcache(ns_server_t *server, char *args) {
for (nsc = ISC_LIST_HEAD(server->cachelist);
nsc != NULL;
nsc = ISC_LIST_NEXT(nsc, link)) {
- if (viewname != NULL && !nsc->needflush)
+ if (ptr != NULL && !nsc->needflush)
continue;
nsc->needflush = ISC_TRUE;
result = dns_view_flushcache2(nsc->primaryview, ISC_FALSE);
@@ -7634,11 +7685,11 @@ ns_server_flushcache(ns_server_t *server, char *args) {
}
if (flushed && found) {
- if (viewname != NULL)
+ if (ptr != NULL)
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"flushing cache in view '%s' succeeded",
- viewname);
+ ptr);
else
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
@@ -7649,7 +7700,7 @@ ns_server_flushcache(ns_server_t *server, char *args) {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
"flushing cache in view '%s' failed: "
- "view not found", viewname);
+ "view not found", ptr);
result = ISC_R_NOTFOUND;
} else
result = ISC_R_FAILURE;
@@ -7659,8 +7710,9 @@ ns_server_flushcache(ns_server_t *server, char *args) {
}
isc_result_t
-ns_server_flushnode(ns_server_t *server, char *args, isc_boolean_t tree) {
- char *ptr, *target, *viewname;
+ns_server_flushnode(ns_server_t *server, isc_lex_t *lex, isc_boolean_t tree) {
+ char *ptr, *viewname;
+ char target[DNS_NAME_FORMATSIZE];
dns_view_t *view;
isc_boolean_t flushed;
isc_boolean_t found;
@@ -7670,15 +7722,16 @@ ns_server_flushnode(ns_server_t *server, char *args, isc_boolean_t tree) {
dns_name_t *name;
/* Skip the command name. */
- ptr = next_token(&args, " \t");
+ ptr = next_token(lex, NULL);
if (ptr == NULL)
return (ISC_R_UNEXPECTEDEND);
/* Find the domain name to flush. */
- target = next_token(&args, " \t");
- if (target == NULL)
+ ptr = next_token(lex, NULL);
+ if (ptr == NULL)
return (ISC_R_UNEXPECTEDEND);
+ strlcpy(target, ptr, DNS_NAME_FORMATSIZE);
isc_buffer_constinit(&b, target, strlen(target));
isc_buffer_add(&b, strlen(target));
dns_fixedname_init(&fixed);
@@ -7688,7 +7741,7 @@ ns_server_flushnode(ns_server_t *server, char *args, isc_boolean_t tree) {
return (result);
/* Look for the view name. */
- viewname = next_token(&args, " \t");
+ viewname = next_token(lex, NULL);
result = isc_task_beginexclusive(server->task);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
@@ -7868,19 +7921,22 @@ delete_keynames(dns_tsig_keyring_t *ring, char *target,
}
isc_result_t
-ns_server_tsigdelete(ns_server_t *server, char *command, isc_buffer_t *text) {
+ns_server_tsigdelete(ns_server_t *server, isc_lex_t *lex, isc_buffer_t *text) {
isc_result_t result;
unsigned int n;
dns_view_t *view;
unsigned int foundkeys = 0;
- char *target;
- char *viewname;
+ char *ptr, *viewname;
+ char target[DNS_NAME_FORMATSIZE];
+
+ (void)next_token(lex, text); /* skip command name */
- (void)next_token(&command, " \t"); /* skip command name */
- target = next_token(&command, " \t");
- if (target == NULL)
+ ptr = next_token(lex, text);
+ if (ptr == NULL)
return (ISC_R_UNEXPECTEDEND);
- viewname = next_token(&command, " \t");
+ strlcpy(target, ptr, DNS_NAME_FORMATSIZE);
+
+ viewname = next_token(lex, text);
result = isc_task_beginexclusive(server->task);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
@@ -8039,18 +8095,23 @@ ns_server_tsiglist(ns_server_t *server, isc_buffer_t *text) {
* Act on a "sign" or "loadkeys" command from the command channel.
*/
isc_result_t
-ns_server_rekey(ns_server_t *server, char *args, isc_buffer_t *text) {
+ns_server_rekey(ns_server_t *server, isc_lex_t *lex, isc_buffer_t *text) {
isc_result_t result;
dns_zone_t *zone = NULL;
dns_zonetype_t type;
isc_uint16_t keyopts;
isc_boolean_t fullsign = ISC_FALSE;
+ char *ptr;
- if (strncasecmp(args, NS_COMMAND_SIGN, strlen(NS_COMMAND_SIGN)) == 0)
- fullsign = ISC_TRUE;
+ ptr = next_token(lex, text);
+ if (ptr == NULL)
+ return (ISC_R_UNEXPECTEDEND);
- result = zone_from_args(server, args, NULL, &zone, NULL,
- text, ISC_TRUE);
+ if (strcasecmp(ptr, NS_COMMAND_SIGN) == 0)
+ fullsign = ISC_TRUE;
+
+ result = zone_from_args(server, lex, NULL, &zone, NULL,
+ text, ISC_FALSE);
if (result != ISC_R_SUCCESS)
return (result);
if (zone == NULL)
@@ -8105,7 +8166,7 @@ synczone(dns_zone_t *zone, void *uap) {
}
isc_result_t
-ns_server_sync(ns_server_t *server, char *args, isc_buffer_t *text) {
+ns_server_sync(ns_server_t *server, isc_lex_t *lex, isc_buffer_t *text) {
isc_result_t result, tresult;
dns_view_t *view;
dns_zone_t *zone = NULL;
@@ -8114,16 +8175,16 @@ ns_server_sync(ns_server_t *server, char *args, isc_buffer_t *text) {
const char *vname, *sep, *msg = NULL, *arg;
isc_boolean_t cleanup = ISC_FALSE;
- (void) next_token(&args, " \t");
+ (void) next_token(lex, text);
- arg = next_token(&args, " \t");
+ arg = next_token(lex, text);
if (arg != NULL &&
(strcmp(arg, "-clean") == 0 || strcmp(arg, "-clear") == 0)) {
cleanup = ISC_TRUE;
- arg = next_token(&args, " \t");
+ arg = next_token(lex, text);
}
- result = zone_from_args(server, args, arg, &zone, NULL,
+ result = zone_from_args(server, lex, arg, &zone, NULL,
text, ISC_FALSE);
if (result != ISC_R_SUCCESS)
return (result);
@@ -8187,8 +8248,8 @@ ns_server_sync(ns_server_t *server, char *args, isc_buffer_t *text) {
* Act on a "freeze" or "thaw" command from the command channel.
*/
isc_result_t
-ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args,
- isc_buffer_t *text)
+ns_server_freeze(ns_server_t *server, isc_boolean_t freeze,
+ isc_lex_t *lex, isc_buffer_t *text)
{
isc_result_t result, tresult;
dns_zone_t *zone = NULL, *raw = NULL;
@@ -8200,7 +8261,7 @@ ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args,
isc_boolean_t frozen;
const char *msg = NULL;
- result = zone_from_args(server, args, NULL, &zone, NULL,
+ result = zone_from_args(server, lex, NULL, &zone, NULL,
text, ISC_TRUE);
if (result != ISC_R_SUCCESS)
return (result);
@@ -8388,7 +8449,7 @@ ns_server_add_zone(ns_server_t *server, char *args, isc_buffer_t *text) {
dns_fixedname_init(&fname);
dnsname = dns_fixedname_name(&fname);
- CHECK(dns_name_fromtext(dnsname, &buf, dns_rootname, ISC_FALSE, NULL));
+ CHECK(dns_name_fromtext(dnsname, &buf, dns_rootname, 0, NULL));
/* Make sense of optional class argument */
obj = cfg_tuple_get(parms, "class");
@@ -8562,21 +8623,21 @@ ns_server_add_zone(ns_server_t *server, char *args, isc_buffer_t *text) {
* Act on a "delzone" command from the command channel.
*/
isc_result_t
-ns_server_del_zone(ns_server_t *server, char *args, isc_buffer_t *text) {
- isc_result_t result;
+ns_server_del_zone(ns_server_t *server, isc_lex_t *lex, isc_buffer_t *text) {
+ isc_result_t result, tresult;
dns_zone_t *zone = NULL;
dns_view_t *view = NULL;
dns_db_t *dbp = NULL;
const char *filename = NULL;
char *tmpname = NULL;
char buf[1024];
- const char *zonename = NULL;
+ char zonename[DNS_NAME_FORMATSIZE];
size_t znamelen = 0;
FILE *ifp = NULL, *ofp = NULL;
isc_boolean_t inheader = ISC_TRUE;
/* Parse parameters */
- CHECK(zone_from_args(server, args, NULL, &zone, &zonename,
+ CHECK(zone_from_args(server, lex, NULL, &zone, zonename,
text, ISC_TRUE));
if (zone == NULL) {
@@ -8593,7 +8654,16 @@ ns_server_del_zone(ns_server_t *server, char *args, isc_buffer_t *text) {
goto cleanup;
}
- INSIST(zonename != NULL);
+ /* Is this a policy zone? */
+ if (dns_zone_get_rpz(zone)) {
+ TCHECK(putstr(text, "zone '"));
+ TCHECK(putstr(text, zonename));
+ TCHECK(putstr(text,
+ "' cannot be deleted: response-policy zone."));
+ result = ISC_R_FAILURE;
+ goto cleanup;
+ }
+
znamelen = strlen(zonename);
/* Dig out configuration for this zone */
@@ -8774,7 +8844,7 @@ newzone_cfgctx_destroy(void **cfgp) {
}
isc_result_t
-ns_server_signing(ns_server_t *server, char *args, isc_buffer_t *text) {
+ns_server_signing(ns_server_t *server, isc_lex_t *lex, isc_buffer_t *text) {
isc_result_t result = ISC_R_SUCCESS;
dns_zone_t *zone = NULL;
dns_name_t *origin;
@@ -8795,43 +8865,51 @@ ns_server_signing(ns_server_t *server, char *args, isc_buffer_t *text) {
dns_rdataset_init(&privset);
/* Skip the command name. */
- ptr = next_token(&args, " \t");
+ ptr = next_token(lex, text);
if (ptr == NULL)
return (ISC_R_UNEXPECTEDEND);
/* Find out what we are to do. */
- ptr = next_token(&args, " \t");
+ ptr = next_token(lex, text);
if (ptr == NULL)
return (ISC_R_UNEXPECTEDEND);
if (strcasecmp(ptr, "-list") == 0)
list = ISC_TRUE;
else if ((strcasecmp(ptr, "-clear") == 0) ||
- (strcasecmp(ptr, "-clean") == 0)) {
+ (strcasecmp(ptr, "-clean") == 0))
+ {
clear = ISC_TRUE;
- ptr = next_token(&args, " \t");
+ ptr = next_token(lex, text);
if (ptr == NULL)
return (ISC_R_UNEXPECTEDEND);
strlcpy(keystr, ptr, sizeof(keystr));
} else if (strcasecmp(ptr, "-nsec3param") == 0) {
- const char *hashstr, *flagstr, *iterstr;
- char nbuf[512];
+ char hashbuf[64], flagbuf[64], iterbuf[64];
+ char nbuf[256];
chain = ISC_TRUE;
- hashstr = next_token(&args, " \t");
- if (hashstr == NULL)
+ ptr = next_token(lex, text);
+ if (ptr == NULL)
return (ISC_R_UNEXPECTEDEND);
- if (strcasecmp(hashstr, "none") == 0)
+ if (strcasecmp(ptr, "none") == 0)
hash = 0;
else {
- flagstr = next_token(&args, " \t");
- iterstr = next_token(&args, " \t");
- if (flagstr == NULL || iterstr == NULL)
+ strlcpy(hashbuf, ptr, sizeof(hashbuf));
+
+ ptr = next_token(lex, text);
+ if (ptr == NULL)
+ return (ISC_R_UNEXPECTEDEND);
+ strlcpy(flagbuf, ptr, sizeof(flagbuf));
+
+ ptr = next_token(lex, text);
+ if (ptr == NULL)
return (ISC_R_UNEXPECTEDEND);
+ strlcpy(iterbuf, ptr, sizeof(iterbuf));
n = snprintf(nbuf, sizeof(nbuf), "%s %s %s",
- hashstr, flagstr, iterstr);
+ hashbuf, flagbuf, iterbuf);
if (n == sizeof(nbuf))
return (ISC_R_NOSPACE);
n = sscanf(nbuf, "%hu %hu %hu", &hash, &flags, &iter);
@@ -8841,7 +8919,7 @@ ns_server_signing(ns_server_t *server, char *args, isc_buffer_t *text) {
if (hash > 0xffU || flags > 0xffU)
return (ISC_R_RANGE);
- ptr = next_token(&args, " \t");
+ ptr = next_token(lex, text);
if (ptr == NULL)
return (ISC_R_UNEXPECTEDEND);
if (strcmp(ptr, "-") != 0) {
@@ -8855,7 +8933,7 @@ ns_server_signing(ns_server_t *server, char *args, isc_buffer_t *text) {
} else
CHECK(DNS_R_SYNTAX);
- CHECK(zone_from_args(server, args, NULL, &zone, NULL,
+ CHECK(zone_from_args(server, lex, NULL, &zone, NULL,
text, ISC_FALSE));
if (zone == NULL)
CHECK(ISC_R_UNEXPECTEDEND);
diff --git a/bin/named/statschannel.c b/bin/named/statschannel.c
index 4bfd52176a9a..06eb43224342 100644
--- a/bin/named/statschannel.c
+++ b/bin/named/statschannel.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008-2015 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2008-2016 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -2028,10 +2028,12 @@ ns_stats_dump(ns_server_t *server, FILE *fp) {
if (zonestats != NULL) {
char zonename[DNS_NAME_FORMATSIZE];
- dns_name_format(dns_zone_getorigin(zone),
- zonename, sizeof(zonename));
view = dns_zone_getview(zone);
+ if (view == NULL)
+ continue;
+ dns_name_format(dns_zone_getorigin(zone),
+ zonename, sizeof(zonename));
fprintf(fp, "[%s", zonename);
if (strcmp(view->name, "_default") != 0)
fprintf(fp, " (view: %s)", view->name);
diff --git a/bin/named/unix/include/named/os.h b/bin/named/unix/include/named/os.h
index c979e53871d7..b0ac1d568ce2 100644
--- a/bin/named/unix/include/named/os.h
+++ b/bin/named/unix/include/named/os.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007-2009, 2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,8 +15,6 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: os.h,v 1.31 2009/08/05 23:47:43 tbox Exp $ */
-
#ifndef NS_OS_H
#define NS_OS_H 1
@@ -72,4 +70,7 @@ ns_os_tzset(void);
void
ns_os_started(void);
+char *
+ns_os_uname(void);
+
#endif /* NS_OS_H */
diff --git a/bin/named/unix/os.c b/bin/named/unix/os.c
index 18e8c3910373..953bbdd163b4 100644
--- a/bin/named/unix/os.c
+++ b/bin/named/unix/os.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2011, 2013, 2014, 2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,8 +15,6 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: os.c,v 1.107 2011/03/02 00:02:54 marka Exp $ */
-
/*! \file */
#include <config.h>
@@ -24,6 +22,9 @@
#include <sys/types.h> /* dev_t FreeBSD 2.1 */
#include <sys/stat.h>
+#ifdef HAVE_UNAME
+#include <sys/utsname.h>
+#endif
#include <ctype.h>
#include <errno.h>
@@ -966,3 +967,33 @@ ns_os_tzset(void) {
tzset();
#endif
}
+
+static char unamebuf[BUFSIZ];
+static char *unamep = NULL;
+
+static void
+getuname(void) {
+#ifdef HAVE_UNAME
+ struct utsname uts;
+
+ memset(&uts, 0, sizeof(uts));
+ if (uname(&uts) < 0) {
+ strcpy(unamebuf, "unknown architecture");
+ return;
+ }
+
+ snprintf(unamebuf, sizeof(unamebuf),
+ "%s %s %s %s",
+ uts.sysname, uts.machine, uts.release, uts.version);
+#else
+ strcpy(unamebuf, "unknown architecture");
+#endif
+ unamep = unamebuf;
+}
+
+char *
+ns_os_uname(void) {
+ if (unamep == NULL)
+ getuname();
+ return (unamep);
+}
diff --git a/bin/named/xfrout.c b/bin/named/xfrout.c
index f8535b21ea7b..351b6166559e 100644
--- a/bin/named/xfrout.c
+++ b/bin/named/xfrout.c
@@ -1246,6 +1246,7 @@ sendstream(xfrout_ctx_t *xfr) {
dns_rdataset_t *msgrds = NULL;
dns_compress_t cctx;
isc_boolean_t cleanup_cctx = ISC_FALSE;
+ isc_boolean_t is_tcp;
int n_rrs;
@@ -1253,7 +1254,8 @@ sendstream(xfrout_ctx_t *xfr) {
isc_buffer_clear(&xfr->txlenbuf);
isc_buffer_clear(&xfr->txbuf);
- if ((xfr->client->attributes & NS_CLIENTATTR_TCP) == 0) {
+ is_tcp = ISC_TF((xfr->client->attributes & NS_CLIENTATTR_TCP) != 0);
+ if (!is_tcp) {
/*
* In the UDP case, we put the response data directly into
* the client message.
@@ -1442,9 +1444,17 @@ sendstream(xfrout_ctx_t *xfr) {
if (! xfr->many_answers)
break;
+ /*
+ * At this stage, at least 1 RR has been rendered into
+ * the message. Check if we want to clamp this message
+ * here (TCP only). 20480 was set as an upper limit to
+ * improve message compression.
+ */
+ if ((isc_buffer_usedlength(&xfr->buf) >= 20480) && is_tcp)
+ break;
}
- if ((xfr->client->attributes & NS_CLIENTATTR_TCP) != 0) {
+ if (is_tcp) {
CHECK(dns_compress_init(&cctx, -1, xfr->mctx));
dns_compress_setsensitive(&cctx, ISC_TRUE);
cleanup_cctx = ISC_TRUE;
diff --git a/bin/nsupdate/Makefile.in b/bin/nsupdate/Makefile.in
index 5dc20ad90714..50734189070f 100644
--- a/bin/nsupdate/Makefile.in
+++ b/bin/nsupdate/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004, 2006-2009, 2012-2014 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2006-2009, 2012-2015 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2000-2002 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -19,7 +19,7 @@ srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
@BIND9_MAKE_INCLUDES@
diff --git a/bin/nsupdate/nsupdate.1 b/bin/nsupdate/nsupdate.1
index 28d5f42d7834..f5669ccec6cc 100644
--- a/bin/nsupdate/nsupdate.1
+++ b/bin/nsupdate/nsupdate.1
@@ -13,164 +13,179 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id$
-.\"
.hy 0
.ad l
+'\" t
.\" Title: nsupdate
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: April 18, 2014
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 2014-04-18
.\" Manual: BIND9
-.\" Source: BIND9
+.\" Source: ISC
+.\" Language: English
.\"
-.TH "NSUPDATE" "1" "April 18, 2014" "BIND9" "BIND9"
+.TH "NSUPDATE" "1" "2014\-04\-18" "ISC" "BIND9"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
.SH "NAME"
nsupdate \- Dynamic DNS update utility
.SH "SYNOPSIS"
-.HP 9
+.HP \w'\fBnsupdate\fR\ 'u
\fBnsupdate\fR [\fB\-d\fR] [\fB\-D\fR] [\fB\-L\ \fR\fB\fIlevel\fR\fR] [[\fB\-g\fR] | [\fB\-o\fR] | [\fB\-l\fR] | [\fB\-y\ \fR\fB\fI[hmac:]\fR\fIkeyname:secret\fR\fR] | [\fB\-k\ \fR\fB\fIkeyfile\fR\fR]] [\fB\-t\ \fR\fB\fItimeout\fR\fR] [\fB\-u\ \fR\fB\fIudptimeout\fR\fR] [\fB\-r\ \fR\fB\fIudpretries\fR\fR] [\fB\-R\ \fR\fB\fIrandomdev\fR\fR] [\fB\-v\fR] [\fB\-V\fR] [filename]
.SH "DESCRIPTION"
.PP
\fBnsupdate\fR
-is used to submit Dynamic DNS Update requests as defined in RFC 2136 to a name server. This allows resource records to be added or removed from a zone without manually editing the zone file. A single update request can contain requests to add or remove more than one resource record.
+is used to submit Dynamic DNS Update requests as defined in RFC 2136 to a name server\&. This allows resource records to be added or removed from a zone without manually editing the zone file\&. A single update request can contain requests to add or remove more than one resource record\&.
.PP
Zones that are under dynamic control via
\fBnsupdate\fR
-or a DHCP server should not be edited by hand. Manual edits could conflict with dynamic updates and cause data to be lost.
+or a DHCP server should not be edited by hand\&. Manual edits could conflict with dynamic updates and cause data to be lost\&.
.PP
The resource records that are dynamically added or removed with
\fBnsupdate\fR
-have to be in the same zone. Requests are sent to the zone's master server. This is identified by the MNAME field of the zone's SOA record.
+have to be in the same zone\&. Requests are sent to the zone\*(Aqs master server\&. This is identified by the MNAME field of the zone\*(Aqs SOA record\&.
.PP
-Transaction signatures can be used to authenticate the Dynamic DNS updates. These use the TSIG resource record type described in RFC 2845 or the SIG(0) record described in RFC 2535 and RFC 2931 or GSS\-TSIG as described in RFC 3645.
+Transaction signatures can be used to authenticate the Dynamic DNS updates\&. These use the TSIG resource record type described in RFC 2845 or the SIG(0) record described in RFC 2535 and RFC 2931 or GSS\-TSIG as described in RFC 3645\&.
.PP
TSIG relies on a shared secret that should only be known to
\fBnsupdate\fR
-and the name server. For instance, suitable
+and the name server\&. For instance, suitable
\fBkey\fR
and
\fBserver\fR
statements would be added to
-\fI/etc/named.conf\fR
-so that the name server can associate the appropriate secret key and algorithm with the IP address of the client application that will be using TSIG authentication. You can use
+/etc/named\&.conf
+so that the name server can associate the appropriate secret key and algorithm with the IP address of the client application that will be using TSIG authentication\&. You can use
\fBddns\-confgen\fR
-to generate suitable configuration fragments.
+to generate suitable configuration fragments\&.
\fBnsupdate\fR
uses the
\fB\-y\fR
or
\fB\-k\fR
-options to provide the TSIG shared secret. These options are mutually exclusive.
+options to provide the TSIG shared secret\&. These options are mutually exclusive\&.
.PP
-SIG(0) uses public key cryptography. To use a SIG(0) key, the public key must be stored in a KEY record in a zone served by the name server.
+SIG(0) uses public key cryptography\&. To use a SIG(0) key, the public key must be stored in a KEY record in a zone served by the name server\&.
.PP
-GSS\-TSIG uses Kerberos credentials. Standard GSS\-TSIG mode is switched on with the
+GSS\-TSIG uses Kerberos credentials\&. Standard GSS\-TSIG mode is switched on with the
\fB\-g\fR
-flag. A non\-standards\-compliant variant of GSS\-TSIG used by Windows 2000 can be switched on with the
+flag\&. A non\-standards\-compliant variant of GSS\-TSIG used by Windows 2000 can be switched on with the
\fB\-o\fR
-flag.
+flag\&.
.SH "OPTIONS"
.PP
\-d
.RS 4
-Debug mode. This provides tracing information about the update requests that are made and the replies received from the name server.
+Debug mode\&. This provides tracing information about the update requests that are made and the replies received from the name server\&.
.RE
.PP
\-D
.RS 4
-Extra debug mode.
+Extra debug mode\&.
.RE
.PP
\-k \fIkeyfile\fR
.RS 4
-The file containing the TSIG authentication key. Keyfiles may be in two formats: a single file containing a
-\fInamed.conf\fR\-format
+The file containing the TSIG authentication key\&. Keyfiles may be in two formats: a single file containing a
+named\&.conf\-format
\fBkey\fR
statement, which may be generated automatically by
\fBddns\-confgen\fR, or a pair of files whose names are of the format
-\fIK{name}.+157.+{random}.key\fR
+K{name}\&.+157\&.+{random}\&.key
and
-\fIK{name}.+157.+{random}.private\fR, which can be generated by
-\fBdnssec\-keygen\fR. The
+K{name}\&.+157\&.+{random}\&.private, which can be generated by
+\fBdnssec\-keygen\fR\&. The
\fB\-k\fR
-may also be used to specify a SIG(0) key used to authenticate Dynamic DNS update requests. In this case, the key specified is not an HMAC\-MD5 key.
+may also be used to specify a SIG(0) key used to authenticate Dynamic DNS update requests\&. In this case, the key specified is not an HMAC\-MD5 key\&.
.RE
.PP
\-l
.RS 4
-Local\-host only mode. This sets the server address to localhost (disabling the
+Local\-host only mode\&. This sets the server address to localhost (disabling the
\fBserver\fR
-so that the server address cannot be overridden). Connections to the local server will use a TSIG key found in
-\fI/var/run/named/session.key\fR, which is automatically generated by
+so that the server address cannot be overridden)\&. Connections to the local server will use a TSIG key found in
+/var/run/named/session\&.key, which is automatically generated by
\fBnamed\fR
if any local master zone has set
\fBupdate\-policy\fR
to
-\fBlocal\fR. The location of this key file can be overridden with the
+\fBlocal\fR\&. The location of this key file can be overridden with the
\fB\-k\fR
-option.
+option\&.
.RE
.PP
\-L \fIlevel\fR
.RS 4
-Set the logging debug level. If zero, logging is disabled.
+Set the logging debug level\&. If zero, logging is disabled\&.
.RE
.PP
\-p \fIport\fR
.RS 4
-Set the port to use for connections to a name server. The default is 53.
+Set the port to use for connections to a name server\&. The default is 53\&.
.RE
.PP
\-r \fIudpretries\fR
.RS 4
-The number of UDP retries. The default is 3. If zero, only one update request will be made.
+The number of UDP retries\&. The default is 3\&. If zero, only one update request will be made\&.
.RE
.PP
\-R \fIrandomdev\fR
.RS 4
-Where to obtain randomness. If the operating system does not provide a
-\fI/dev/random\fR
-or equivalent device, the default source of randomness is keyboard input.
-\fIrandomdev\fR
-specifies the name of a character device or file containing random data to be used instead of the default. The special value
-\fIkeyboard\fR
-indicates that keyboard input should be used. This option may be specified multiple times.
+Where to obtain randomness\&. If the operating system does not provide a
+/dev/random
+or equivalent device, the default source of randomness is keyboard input\&.
+randomdev
+specifies the name of a character device or file containing random data to be used instead of the default\&. The special value
+keyboard
+indicates that keyboard input should be used\&. This option may be specified multiple times\&.
.RE
.PP
\-t \fItimeout\fR
.RS 4
-The maximum time an update request can take before it is aborted. The default is 300 seconds. Zero can be used to disable the timeout.
+The maximum time an update request can take before it is aborted\&. The default is 300 seconds\&. Zero can be used to disable the timeout\&.
.RE
.PP
\-u \fIudptimeout\fR
.RS 4
-The UDP retry interval. The default is 3 seconds. If zero, the interval will be computed from the timeout interval and number of UDP retries.
+The UDP retry interval\&. The default is 3 seconds\&. If zero, the interval will be computed from the timeout interval and number of UDP retries\&.
.RE
.PP
\-v
.RS 4
-Use TCP even for small update requests. By default,
+Use TCP even for small update requests\&. By default,
\fBnsupdate\fR
-uses UDP to send update requests to the name server unless they are too large to fit in a UDP request in which case TCP will be used. TCP may be preferable when a batch of update requests is made.
+uses UDP to send update requests to the name server unless they are too large to fit in a UDP request in which case TCP will be used\&. TCP may be preferable when a batch of update requests is made\&.
.RE
.PP
\-V
.RS 4
-Print the version number and exit.
+Print the version number and exit\&.
.RE
.PP
\-y \fI[hmac:]\fR\fIkeyname:secret\fR
.RS 4
-Literal TSIG authentication key.
+Literal TSIG authentication key\&.
\fIkeyname\fR
is the name of the key, and
\fIsecret\fR
-is the base64 encoded shared secret.
+is the base64 encoded shared secret\&.
\fIhmac\fR
is the name of the key algorithm; valid choices are
hmac\-md5,
@@ -178,105 +193,104 @@ hmac\-sha1,
hmac\-sha224,
hmac\-sha256,
hmac\-sha384, or
-hmac\-sha512. If
+hmac\-sha512\&. If
\fIhmac\fR
is not specified, the default is
-hmac\-md5.
+hmac\-md5\&.
.sp
NOTE: Use of the
\fB\-y\fR
-option is discouraged because the shared secret is supplied as a command line argument in clear text. This may be visible in the output from
+option is discouraged because the shared secret is supplied as a command line argument in clear text\&. This may be visible in the output from
\fBps\fR(1)
-or in a history file maintained by the user's shell.
+or in a history file maintained by the user\*(Aqs shell\&.
.RE
.SH "INPUT FORMAT"
.PP
\fBnsupdate\fR
reads input from
\fIfilename\fR
-or standard input. Each command is supplied on exactly one line of input. Some commands are for administrative purposes. The others are either update instructions or prerequisite checks on the contents of the zone. These checks set conditions that some name or set of resource records (RRset) either exists or is absent from the zone. These conditions must be met if the entire update request is to succeed. Updates will be rejected if the tests for the prerequisite conditions fail.
+or standard input\&. Each command is supplied on exactly one line of input\&. Some commands are for administrative purposes\&. The others are either update instructions or prerequisite checks on the contents of the zone\&. These checks set conditions that some name or set of resource records (RRset) either exists or is absent from the zone\&. These conditions must be met if the entire update request is to succeed\&. Updates will be rejected if the tests for the prerequisite conditions fail\&.
.PP
-Every update request consists of zero or more prerequisites and zero or more updates. This allows a suitably authenticated update request to proceed if some specified resource records are present or missing from the zone. A blank input line (or the
+Every update request consists of zero or more prerequisites and zero or more updates\&. This allows a suitably authenticated update request to proceed if some specified resource records are present or missing from the zone\&. A blank input line (or the
\fBsend\fR
-command) causes the accumulated commands to be sent as one Dynamic DNS update request to the name server.
+command) causes the accumulated commands to be sent as one Dynamic DNS update request to the name server\&.
.PP
The command formats and their meaning are as follows:
.PP
\fBserver\fR {servername} [port]
.RS 4
Sends all dynamic update requests to the name server
-\fIservername\fR. When no server statement is provided,
+\fIservername\fR\&. When no server statement is provided,
\fBnsupdate\fR
-will send updates to the master server of the correct zone. The MNAME field of that zone's SOA record will identify the master server for that zone.
+will send updates to the master server of the correct zone\&. The MNAME field of that zone\*(Aqs SOA record will identify the master server for that zone\&.
\fIport\fR
is the port number on
\fIservername\fR
-where the dynamic update requests get sent. If no port number is specified, the default DNS port number of 53 is used.
+where the dynamic update requests get sent\&. If no port number is specified, the default DNS port number of 53 is used\&.
.RE
.PP
\fBlocal\fR {address} [port]
.RS 4
Sends all dynamic update requests using the local
-\fIaddress\fR. When no local statement is provided,
+\fIaddress\fR\&. When no local statement is provided,
\fBnsupdate\fR
-will send updates using an address and port chosen by the system.
+will send updates using an address and port chosen by the system\&.
\fIport\fR
-can additionally be used to make requests come from a specific port. If no port number is specified, the system will assign one.
+can additionally be used to make requests come from a specific port\&. If no port number is specified, the system will assign one\&.
.RE
.PP
\fBzone\fR {zonename}
.RS 4
Specifies that all updates are to be made to the zone
-\fIzonename\fR. If no
+\fIzonename\fR\&. If no
\fIzone\fR
statement is provided,
\fBnsupdate\fR
-will attempt determine the correct zone to update based on the rest of the input.
+will attempt determine the correct zone to update based on the rest of the input\&.
.RE
.PP
\fBclass\fR {classname}
.RS 4
-Specify the default class. If no
+Specify the default class\&. If no
\fIclass\fR
is specified, the default class is
-\fIIN\fR.
+\fIIN\fR\&.
.RE
.PP
\fBttl\fR {seconds}
.RS 4
-Specify the default time to live for records to be added. The value
+Specify the default time to live for records to be added\&. The value
\fInone\fR
-will clear the default ttl.
+will clear the default ttl\&.
.RE
.PP
\fBkey\fR [hmac:] {keyname} {secret}
.RS 4
Specifies that all updates are to be TSIG\-signed using the
-\fIkeyname\fR
-\fIsecret\fR
-pair. If
+\fIkeyname\fR\fIsecret\fR
+pair\&. If
\fIhmac\fR
is specified, then it sets the signing algorithm in use; the default is
-hmac\-md5. The
+hmac\-md5\&. The
\fBkey\fR
command overrides any key specified on the command line via
\fB\-y\fR
or
-\fB\-k\fR.
+\fB\-k\fR\&.
.RE
.PP
\fBgsstsig\fR
.RS 4
-Use GSS\-TSIG to sign the updated. This is equivalent to specifying
+Use GSS\-TSIG to sign the updated\&. This is equivalent to specifying
\fB\-g\fR
-on the commandline.
+on the commandline\&.
.RE
.PP
\fBoldgsstsig\fR
.RS 4
-Use the Windows 2000 version of GSS\-TSIG to sign the updated. This is equivalent to specifying
+Use the Windows 2000 version of GSS\-TSIG to sign the updated\&. This is equivalent to specifying
\fB\-o\fR
-on the commandline.
+on the commandline\&.
.RE
.PP
\fBrealm\fR {[realm_name]}
@@ -284,20 +298,20 @@ on the commandline.
When using GSS\-TSIG use
\fIrealm_name\fR
rather than the default realm in
-\fIkrb5.conf\fR. If no realm is specified the saved realm is cleared.
+krb5\&.conf\&. If no realm is specified the saved realm is cleared\&.
.RE
.PP
\fB[prereq]\fR\fB nxdomain\fR {domain\-name}
.RS 4
Requires that no resource record of any type exists with name
-\fIdomain\-name\fR.
+\fIdomain\-name\fR\&.
.RE
.PP
\fB[prereq]\fR\fB yxdomain\fR {domain\-name}
.RS 4
Requires that
\fIdomain\-name\fR
-exists (has as at least one resource record, of any type).
+exists (has as at least one resource record, of any type)\&.
.RE
.PP
\fB[prereq]\fR\fB nxrrset\fR {domain\-name} [class] {type}
@@ -306,9 +320,9 @@ Requires that no resource record exists of the specified
\fItype\fR,
\fIclass\fR
and
-\fIdomain\-name\fR. If
+\fIdomain\-name\fR\&. If
\fIclass\fR
-is omitted, IN (internet) is assumed.
+is omitted, IN (internet) is assumed\&.
.RE
.PP
\fB[prereq]\fR\fB yxrrset\fR {domain\-name} [class] {type}
@@ -318,9 +332,9 @@ This requires that a resource record of the specified
\fIclass\fR
and
\fIdomain\-name\fR
-must exist. If
+must exist\&. If
\fIclass\fR
-is omitted, IN (internet) is assumed.
+is omitted, IN (internet) is assumed\&.
.RE
.PP
\fB[prereq]\fR\fB yxrrset\fR {domain\-name} [class] {type} {data...}
@@ -331,26 +345,26 @@ from each set of prerequisites of this form sharing a common
\fItype\fR,
\fIclass\fR, and
\fIdomain\-name\fR
-are combined to form a set of RRs. This set of RRs must exactly match the set of RRs existing in the zone at the given
+are combined to form a set of RRs\&. This set of RRs must exactly match the set of RRs existing in the zone at the given
\fItype\fR,
\fIclass\fR, and
-\fIdomain\-name\fR. The
+\fIdomain\-name\fR\&. The
\fIdata\fR
-are written in the standard text representation of the resource record's RDATA.
+are written in the standard text representation of the resource record\*(Aqs RDATA\&.
.RE
.PP
\fB[update]\fR\fB del\fR\fB[ete]\fR {domain\-name} [ttl] [class] [type\ [data...]]
.RS 4
Deletes any resource records named
-\fIdomain\-name\fR. If
+\fIdomain\-name\fR\&. If
\fItype\fR
and
\fIdata\fR
-is provided, only matching resource records will be removed. The internet class is assumed if
+is provided, only matching resource records will be removed\&. The internet class is assumed if
\fIclass\fR
-is not supplied. The
+is not supplied\&. The
\fIttl\fR
-is ignored, and is only allowed for compatibility.
+is ignored, and is only allowed for compatibility\&.
.RE
.PP
\fB[update]\fR\fB add\fR {domain\-name} {ttl} [class] {type} {data...}
@@ -359,99 +373,105 @@ Adds a new resource record with the specified
\fIttl\fR,
\fIclass\fR
and
-\fIdata\fR.
+\fIdata\fR\&.
.RE
.PP
\fBshow\fR
.RS 4
-Displays the current message, containing all of the prerequisites and updates specified since the last send.
+Displays the current message, containing all of the prerequisites and updates specified since the last send\&.
.RE
.PP
\fBsend\fR
.RS 4
-Sends the current message. This is equivalent to entering a blank line.
+Sends the current message\&. This is equivalent to entering a blank line\&.
.RE
.PP
\fBanswer\fR
.RS 4
-Displays the answer.
+Displays the answer\&.
.RE
.PP
\fBdebug\fR
.RS 4
-Turn on debugging.
+Turn on debugging\&.
.RE
.PP
\fBversion\fR
.RS 4
-Print version number.
+Print version number\&.
.RE
.PP
\fBhelp\fR
.RS 4
-Print a list of commands.
+Print a list of commands\&.
.RE
.PP
-Lines beginning with a semicolon are comments and are ignored.
+Lines beginning with a semicolon are comments and are ignored\&.
.SH "EXAMPLES"
.PP
The examples below show how
\fBnsupdate\fR
could be used to insert and delete resource records from the
-\fBexample.com\fR
-zone. Notice that the input in each example contains a trailing blank line so that a group of commands are sent as one dynamic update request to the master name server for
-\fBexample.com\fR.
+\fBexample\&.com\fR
+zone\&. Notice that the input in each example contains a trailing blank line so that a group of commands are sent as one dynamic update request to the master name server for
+\fBexample\&.com\fR\&.
.sp
+.if n \{\
.RS 4
+.\}
.nf
# nsupdate
-> update delete oldhost.example.com A
-> update add newhost.example.com 86400 A 172.16.1.1
+> update delete oldhost\&.example\&.com A
+> update add newhost\&.example\&.com 86400 A 172\&.16\&.1\&.1
> send
.fi
+.if n \{\
.RE
-.sp
+.\}
.PP
Any A records for
-\fBoldhost.example.com\fR
-are deleted. And an A record for
-\fBnewhost.example.com\fR
-with IP address 172.16.1.1 is added. The newly\-added record has a 1 day TTL (86400 seconds).
+\fBoldhost\&.example\&.com\fR
+are deleted\&. And an A record for
+\fBnewhost\&.example\&.com\fR
+with IP address 172\&.16\&.1\&.1 is added\&. The newly\-added record has a 1 day TTL (86400 seconds)\&.
.sp
+.if n \{\
.RS 4
+.\}
.nf
# nsupdate
-> prereq nxdomain nickname.example.com
-> update add nickname.example.com 86400 CNAME somehost.example.com
+> prereq nxdomain nickname\&.example\&.com
+> update add nickname\&.example\&.com 86400 CNAME somehost\&.example\&.com
> send
.fi
+.if n \{\
.RE
-.sp
+.\}
.PP
The prerequisite condition gets the name server to check that there are no resource records of any type for
-\fBnickname.example.com\fR. If there are, the update request fails. If this name does not exist, a CNAME for it is added. This ensures that when the CNAME is added, it cannot conflict with the long\-standing rule in RFC 1034 that a name must not exist as any other record type if it exists as a CNAME. (The rule has been updated for DNSSEC in RFC 2535 to allow CNAMEs to have RRSIG, DNSKEY and NSEC records.)
+\fBnickname\&.example\&.com\fR\&. If there are, the update request fails\&. If this name does not exist, a CNAME for it is added\&. This ensures that when the CNAME is added, it cannot conflict with the long\-standing rule in RFC 1034 that a name must not exist as any other record type if it exists as a CNAME\&. (The rule has been updated for DNSSEC in RFC 2535 to allow CNAMEs to have RRSIG, DNSKEY and NSEC records\&.)
.SH "FILES"
.PP
-\fB/etc/resolv.conf\fR
+\fB/etc/resolv\&.conf\fR
.RS 4
used to identify default name server
.RE
.PP
-\fB/var/run/named/session.key\fR
+\fB/var/run/named/session\&.key\fR
.RS 4
sets the default TSIG key for use in local\-only mode
.RE
.PP
-\fBK{name}.+157.+{random}.key\fR
+\fBK{name}\&.+157\&.+{random}\&.key\fR
.RS 4
base\-64 encoding of HMAC\-MD5 key created by
-\fBdnssec\-keygen\fR(8).
+\fBdnssec-keygen\fR(8)\&.
.RE
.PP
-\fBK{name}.+157.+{random}.private\fR
+\fBK{name}\&.+157\&.+{random}\&.private\fR
.RS 4
base\-64 encoding of HMAC\-MD5 key created by
-\fBdnssec\-keygen\fR(8).
+\fBdnssec-keygen\fR(8)\&.
.RE
.SH "SEE ALSO"
.PP
@@ -463,13 +483,17 @@ RFC 1034,
RFC 2535,
RFC 2931,
\fBnamed\fR(8),
-\fBddns\-confgen\fR(8),
-\fBdnssec\-keygen\fR(8).
+\fBddns-confgen\fR(8),
+\fBdnssec-keygen\fR(8)\&.
.SH "BUGS"
.PP
-The TSIG key is redundantly stored in two separate files. This is a consequence of nsupdate using the DST library for its cryptographic operations, and may change in future releases.
+The TSIG key is redundantly stored in two separate files\&. This is a consequence of nsupdate using the DST library for its cryptographic operations, and may change in future releases\&.
+.SH "AUTHOR"
+.PP
+\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
-Copyright \(co 2004\-2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.br
-Copyright \(co 2000\-2003 Internet Software Consortium.
+Copyright \(co 2004-2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000-2003 Internet Software Consortium.
.br
diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c
index bf907f1580fb..683e42b9be7b 100644
--- a/bin/nsupdate/nsupdate.c
+++ b/bin/nsupdate/nsupdate.c
@@ -219,6 +219,8 @@ typedef struct nsu_gssinfo {
} nsu_gssinfo_t;
static void
+failed_gssrequest();
+static void
start_gssrequest(dns_name_t *master);
static void
send_gssrequest(isc_sockaddr_t *destaddr, dns_message_t *msg,
@@ -640,6 +642,8 @@ read_sessionkey(isc_mem_t *mctx, isc_log_t *lctx) {
len = strlen(algorithm) + strlen(mykeyname) + strlen(secretstr) + 3;
keystr = isc_mem_allocate(mctx, len);
+ if (keystr == NULL)
+ fatal("out of memory");
snprintf(keystr, len, "%s:%s:%s", algorithm, mykeyname, secretstr);
setup_keystr();
@@ -2614,7 +2618,8 @@ get_ticket_realm(isc_mem_t *mctx) {
krb5_error_code rc;
krb5_ccache ccache;
krb5_principal princ;
- char *name, *ticket_realm;
+ char *name;
+ const char * ticket_realm;
rc = krb5_init_context(&ctx);
if (rc != 0)
@@ -2654,6 +2659,15 @@ get_ticket_realm(isc_mem_t *mctx) {
fprintf(stderr, "Found realm from ticket: %s\n", realm+1);
}
+static void
+failed_gssrequest() {
+ seenerror = ISC_TRUE;
+
+ dns_name_free(&tmpzonename, gmctx);
+ dns_name_free(&restart_master, gmctx);
+
+ done_update();
+}
static void
start_gssrequest(dns_name_t *master) {
@@ -2661,7 +2675,7 @@ start_gssrequest(dns_name_t *master) {
isc_buffer_t buf;
isc_result_t result;
isc_uint32_t val = 0;
- dns_message_t *rmsg;
+ dns_message_t *rmsg = NULL;
dns_request_t *request = NULL;
dns_name_t *servname;
dns_fixedname_t fname;
@@ -2741,14 +2755,24 @@ start_gssrequest(dns_name_t *master) {
result = dns_tkey_buildgssquery(rmsg, keyname, servname, NULL, 0,
&context, use_win2k_gsstsig,
gmctx, &err_message);
- if (result == ISC_R_FAILURE)
- fatal("tkey query failed: %s",
- err_message != NULL ? err_message : "unknown error");
+ if (result == ISC_R_FAILURE) {
+ fprintf(stderr, "tkey query failed: %s\n",
+ err_message != NULL ? err_message : "unknown error");
+ goto failure;
+ }
if (result != ISC_R_SUCCESS)
fatal("dns_tkey_buildgssquery failed: %s",
isc_result_totext(result));
send_gssrequest(kserver, rmsg, &request, context);
+ return;
+
+failure:
+ if (rmsg != NULL)
+ dns_message_destroy(&rmsg);
+ if (err_message != NULL)
+ isc_mem_free(gmctx, err_message);
+ failed_gssrequest();
}
static void
diff --git a/bin/nsupdate/nsupdate.docbook b/bin/nsupdate/nsupdate.docbook
index b973c1f693e9..f88144b27c4a 100644
--- a/bin/nsupdate/nsupdate.docbook
+++ b/bin/nsupdate/nsupdate.docbook
@@ -1,6 +1,3 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2004-2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
@@ -18,9 +15,14 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<refentry id="man.nsupdate">
+<!-- Converted by db4-upgrade version 1.0 -->
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.nsupdate">
+ <info>
+ <date>2014-04-18</date>
+ </info>
<refentryinfo>
- <date>April 18, 2014</date>
+ <corpname>ISC</corpname>
+ <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
</refentryinfo>
<refmeta>
<refentrytitle><application>nsupdate</application></refentrytitle>
@@ -57,30 +59,30 @@
</docinfo>
<refsynopsisdiv>
- <cmdsynopsis>
+ <cmdsynopsis sepchar=" ">
<command>nsupdate</command>
- <arg><option>-d</option></arg>
- <arg><option>-D</option></arg>
- <arg><option>-L <replaceable class="parameter">level</replaceable></option></arg>
- <group>
- <arg><option>-g</option></arg>
- <arg><option>-o</option></arg>
- <arg><option>-l</option></arg>
- <arg><option>-y <replaceable class="parameter"><optional>hmac:</optional>keyname:secret</replaceable></option></arg>
- <arg><option>-k <replaceable class="parameter">keyfile</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-d</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-D</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-L <replaceable class="parameter">level</replaceable></option></arg>
+ <group choice="opt" rep="norepeat">
+ <arg choice="opt" rep="norepeat"><option>-g</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-o</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-l</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-y <replaceable class="parameter"><optional>hmac:</optional>keyname:secret</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-k <replaceable class="parameter">keyfile</replaceable></option></arg>
</group>
- <arg><option>-t <replaceable class="parameter">timeout</replaceable></option></arg>
- <arg><option>-u <replaceable class="parameter">udptimeout</replaceable></option></arg>
- <arg><option>-r <replaceable class="parameter">udpretries</replaceable></option></arg>
- <arg><option>-R <replaceable class="parameter">randomdev</replaceable></option></arg>
- <arg><option>-v</option></arg>
- <arg><option>-V</option></arg>
- <arg>filename</arg>
+ <arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">timeout</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-u <replaceable class="parameter">udptimeout</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">udpretries</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-R <replaceable class="parameter">randomdev</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-v</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-V</option></arg>
+ <arg choice="opt" rep="norepeat">filename</arg>
</cmdsynopsis>
</refsynopsisdiv>
- <refsect1>
- <title>DESCRIPTION</title>
+ <refsection><info><title>DESCRIPTION</title></info>
+
<para><command>nsupdate</command>
is used to submit Dynamic DNS Update requests as defined in RFC 2136
to a name server.
@@ -136,10 +138,10 @@
non-standards-compliant variant of GSS-TSIG used by Windows
2000 can be switched on with the <option>-o</option> flag.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>OPTIONS</title></info>
- <refsect1>
- <title>OPTIONS</title>
<variablelist>
<varlistentry>
@@ -313,10 +315,10 @@
</varlistentry>
</variablelist>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>INPUT FORMAT</title></info>
- <refsect1>
- <title>INPUT FORMAT</title>
<para><command>nsupdate</command>
reads input from
<parameter>filename</parameter>
@@ -348,8 +350,8 @@
<varlistentry>
<term>
<command>server</command>
- <arg choice="req">servername</arg>
- <arg choice="opt">port</arg>
+ <arg choice="req" rep="norepeat">servername</arg>
+ <arg choice="opt" rep="norepeat">port</arg>
</term>
<listitem>
<para>
@@ -375,8 +377,8 @@
<varlistentry>
<term>
<command>local</command>
- <arg choice="req">address</arg>
- <arg choice="opt">port</arg>
+ <arg choice="req" rep="norepeat">address</arg>
+ <arg choice="opt" rep="norepeat">port</arg>
</term>
<listitem>
<para>
@@ -398,7 +400,7 @@
<varlistentry>
<term>
<command>zone</command>
- <arg choice="req">zonename</arg>
+ <arg choice="req" rep="norepeat">zonename</arg>
</term>
<listitem>
<para>
@@ -417,7 +419,7 @@
<varlistentry>
<term>
<command>class</command>
- <arg choice="req">classname</arg>
+ <arg choice="req" rep="norepeat">classname</arg>
</term>
<listitem>
<para>
@@ -432,7 +434,7 @@
<varlistentry>
<term>
<command>ttl</command>
- <arg choice="req">seconds</arg>
+ <arg choice="req" rep="norepeat">seconds</arg>
</term>
<listitem>
<para>
@@ -446,8 +448,8 @@
<varlistentry>
<term>
<command>key</command>
- <arg choice="opt">hmac:</arg><arg choice="req">keyname</arg>
- <arg choice="req">secret</arg>
+ <arg choice="opt" rep="norepeat">hmac:</arg><arg choice="req" rep="norepeat">keyname</arg>
+ <arg choice="req" rep="norepeat">secret</arg>
</term>
<listitem>
<para>
@@ -490,7 +492,7 @@
<varlistentry>
<term>
<command>realm</command>
- <arg choice="req"><optional>realm_name</optional></arg>
+ <arg choice="req" rep="norepeat"><optional>realm_name</optional></arg>
</term>
<listitem>
<para>
@@ -504,7 +506,7 @@
<varlistentry>
<term>
<command><optional>prereq</optional> nxdomain</command>
- <arg choice="req">domain-name</arg>
+ <arg choice="req" rep="norepeat">domain-name</arg>
</term>
<listitem>
<para>
@@ -518,7 +520,7 @@
<varlistentry>
<term>
<command><optional>prereq</optional> yxdomain</command>
- <arg choice="req">domain-name</arg>
+ <arg choice="req" rep="norepeat">domain-name</arg>
</term>
<listitem>
<para>
@@ -532,9 +534,9 @@
<varlistentry>
<term>
<command><optional>prereq</optional> nxrrset</command>
- <arg choice="req">domain-name</arg>
- <arg choice="opt">class</arg>
- <arg choice="req">type</arg>
+ <arg choice="req" rep="norepeat">domain-name</arg>
+ <arg choice="opt" rep="norepeat">class</arg>
+ <arg choice="req" rep="norepeat">type</arg>
</term>
<listitem>
<para>
@@ -554,9 +556,9 @@
<varlistentry>
<term>
<command><optional>prereq</optional> yxrrset</command>
- <arg choice="req">domain-name</arg>
- <arg choice="opt">class</arg>
- <arg choice="req">type</arg>
+ <arg choice="req" rep="norepeat">domain-name</arg>
+ <arg choice="opt" rep="norepeat">class</arg>
+ <arg choice="req" rep="norepeat">type</arg>
</term>
<listitem>
<para>
@@ -576,9 +578,9 @@
<varlistentry>
<term>
<command><optional>prereq</optional> yxrrset</command>
- <arg choice="req">domain-name</arg>
- <arg choice="opt">class</arg>
- <arg choice="req">type</arg>
+ <arg choice="req" rep="norepeat">domain-name</arg>
+ <arg choice="opt" rep="norepeat">class</arg>
+ <arg choice="req" rep="norepeat">type</arg>
<arg choice="req" rep="repeat">data</arg>
</term>
<listitem>
@@ -610,10 +612,10 @@
<varlistentry>
<term>
<command><optional>update</optional> del<optional>ete</optional></command>
- <arg choice="req">domain-name</arg>
- <arg choice="opt">ttl</arg>
- <arg choice="opt">class</arg>
- <arg choice="opt">type <arg choice="opt" rep="repeat">data</arg></arg>
+ <arg choice="req" rep="norepeat">domain-name</arg>
+ <arg choice="opt" rep="norepeat">ttl</arg>
+ <arg choice="opt" rep="norepeat">class</arg>
+ <arg choice="opt" rep="norepeat">type <arg choice="opt" rep="repeat">data</arg></arg>
</term>
<listitem>
<para>
@@ -636,10 +638,10 @@
<varlistentry>
<term>
<command><optional>update</optional> add</command>
- <arg choice="req">domain-name</arg>
- <arg choice="req">ttl</arg>
- <arg choice="opt">class</arg>
- <arg choice="req">type</arg>
+ <arg choice="req" rep="norepeat">domain-name</arg>
+ <arg choice="req" rep="norepeat">ttl</arg>
+ <arg choice="opt" rep="norepeat">class</arg>
+ <arg choice="req" rep="norepeat">type</arg>
<arg choice="req" rep="repeat">data</arg>
</term>
<listitem>
@@ -729,10 +731,10 @@
Lines beginning with a semicolon are comments and are ignored.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>EXAMPLES</title></info>
- <refsect1>
- <title>EXAMPLES</title>
<para>
The examples below show how
<command>nsupdate</command>
@@ -780,10 +782,10 @@
(The rule has been updated for DNSSEC in RFC 2535 to allow CNAMEs to have
RRSIG, DNSKEY and NSEC records.)
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>FILES</title></info>
- <refsect1>
- <title>FILES</title>
<variablelist>
<varlistentry>
@@ -829,10 +831,10 @@
</varlistentry>
</variablelist>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>SEE ALSO</title></info>
- <refsect1>
- <title>SEE ALSO</title>
<para>
<citetitle>RFC 2136</citetitle>,
<citetitle>RFC 3007</citetitle>,
@@ -851,19 +853,15 @@
<refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>BUGS</title></info>
- <refsect1>
- <title>BUGS</title>
<para>
The TSIG key is redundantly stored in two separate files.
This is a consequence of nsupdate using the DST library
for its cryptographic operations, and may change in future
releases.
</para>
- </refsect1>
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->
+ </refsection>
+</refentry>
diff --git a/bin/nsupdate/nsupdate.html b/bin/nsupdate/nsupdate.html
index 76c54db290d5..7f1c8c229410 100644
--- a/bin/nsupdate/nsupdate.html
+++ b/bin/nsupdate/nsupdate.html
@@ -14,14 +14,13 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>nsupdate</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
<a name="man.nsupdate"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -31,9 +30,9 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">nsupdate</code> [<code class="option">-d</code>] [<code class="option">-D</code>] [<code class="option">-L <em class="replaceable"><code>level</code></em></code>] [[<code class="option">-g</code>] | [<code class="option">-o</code>] | [<code class="option">-l</code>] | [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] | [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v</code>] [<code class="option">-V</code>] [filename]</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543491"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">nsupdate</strong></span>
+<div class="refsection">
+<a name="id-1.7"></a><h2>DESCRIPTION</h2>
+<p><span class="command"><strong>nsupdate</strong></span>
is used to submit Dynamic DNS Update requests as defined in RFC 2136
to a name server.
This allows resource records to be added or removed from a zone
@@ -44,14 +43,14 @@
</p>
<p>
Zones that are under dynamic control via
- <span><strong class="command">nsupdate</strong></span>
+ <span class="command"><strong>nsupdate</strong></span>
or a DHCP server should not be edited by hand.
Manual edits could
conflict with dynamic updates and cause data to be lost.
</p>
<p>
The resource records that are dynamically added or removed with
- <span><strong class="command">nsupdate</strong></span>
+ <span class="command"><strong>nsupdate</strong></span>
have to be in the same zone.
Requests are sent to the zone's master server.
This is identified by the MNAME field of the zone's SOA record.
@@ -65,15 +64,15 @@
<p>
TSIG relies on
a shared secret that should only be known to
- <span><strong class="command">nsupdate</strong></span> and the name server.
+ <span class="command"><strong>nsupdate</strong></span> and the name server.
For instance, suitable <span class="type">key</span> and
<span class="type">server</span> statements would be added to
<code class="filename">/etc/named.conf</code> so that the name server
can associate the appropriate secret key and algorithm with
the IP address of the client application that will be using
- TSIG authentication. You can use <span><strong class="command">ddns-confgen</strong></span>
+ TSIG authentication. You can use <span class="command"><strong>ddns-confgen</strong></span>
to generate suitable configuration fragments.
- <span><strong class="command">nsupdate</strong></span>
+ <span class="command"><strong>nsupdate</strong></span>
uses the <code class="option">-y</code> or <code class="option">-k</code> options
to provide the TSIG shared secret. These options are mutually exclusive.
</p>
@@ -89,9 +88,9 @@
2000 can be switched on with the <code class="option">-o</code> flag.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543564"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
+<div class="refsection">
+<a name="id-1.8"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-d</span></dt>
<dd><p>
Debug mode. This provides tracing information about the
@@ -106,12 +105,12 @@
<dd><p>
The file containing the TSIG authentication key.
Keyfiles may be in two formats: a single file containing
- a <code class="filename">named.conf</code>-format <span><strong class="command">key</strong></span>
+ a <code class="filename">named.conf</code>-format <span class="command"><strong>key</strong></span>
statement, which may be generated automatically by
- <span><strong class="command">ddns-confgen</strong></span>, or a pair of files whose names are
+ <span class="command"><strong>ddns-confgen</strong></span>, or a pair of files whose names are
of the format <code class="filename">K{name}.+157.+{random}.key</code> and
<code class="filename">K{name}.+157.+{random}.private</code>, which can be
- generated by <span><strong class="command">dnssec-keygen</strong></span>.
+ generated by <span class="command"><strong>dnssec-keygen</strong></span>.
The <code class="option">-k</code> may also be used to specify a SIG(0) key used
to authenticate Dynamic DNS update requests. In this case, the key
specified is not an HMAC-MD5 key.
@@ -119,12 +118,12 @@
<dt><span class="term">-l</span></dt>
<dd><p>
Local-host only mode. This sets the server address to
- localhost (disabling the <span><strong class="command">server</strong></span> so that the server
+ localhost (disabling the <span class="command"><strong>server</strong></span> so that the server
address cannot be overridden). Connections to the local server will
use a TSIG key found in <code class="filename">/var/run/named/session.key</code>,
- which is automatically generated by <span><strong class="command">named</strong></span> if any
- local master zone has set <span><strong class="command">update-policy</strong></span> to
- <span><strong class="command">local</strong></span>. The location of this key file can be
+ which is automatically generated by <span class="command"><strong>named</strong></span> if any
+ local master zone has set <span class="command"><strong>update-policy</strong></span> to
+ <span class="command"><strong>local</strong></span>. The location of this key file can be
overridden with the <code class="option">-k</code> option.
</p></dd>
<dt><span class="term">-L <em class="replaceable"><code>level</code></em></span></dt>
@@ -167,7 +166,7 @@
<dt><span class="term">-v</span></dt>
<dd><p>
Use TCP even for small update requests.
- By default, <span><strong class="command">nsupdate</strong></span>
+ By default, <span class="command"><strong>nsupdate</strong></span>
uses UDP to send update requests to the name server unless they are too
large to fit in a UDP request in which case TCP will be used.
TCP may be preferable when a batch of update requests is made.
@@ -199,9 +198,9 @@
</dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543963"></a><h2>INPUT FORMAT</h2>
-<p><span><strong class="command">nsupdate</strong></span>
+<div class="refsection">
+<a name="id-1.9"></a><h2>INPUT FORMAT</h2>
+<p><span class="command"><strong>nsupdate</strong></span>
reads input from
<em class="parameter"><code>filename</code></em>
or standard input.
@@ -220,7 +219,7 @@
and zero or more updates.
This allows a suitably authenticated update request to proceed if some
specified resource records are present or missing from the zone.
- A blank input line (or the <span><strong class="command">send</strong></span> command)
+ A blank input line (or the <span class="command"><strong>send</strong></span> command)
causes the
accumulated commands to be sent as one Dynamic DNS update request to the
name server.
@@ -228,9 +227,9 @@
<p>
The command formats and their meaning are as follows:
</p>
-<div class="variablelist"><dl>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">
- <span><strong class="command">server</strong></span>
+ <span class="command"><strong>server</strong></span>
{servername}
[port]
</span></dt>
@@ -238,7 +237,7 @@
Sends all dynamic update requests to the name server
<em class="parameter"><code>servername</code></em>.
When no server statement is provided,
- <span><strong class="command">nsupdate</strong></span>
+ <span class="command"><strong>nsupdate</strong></span>
will send updates to the master server of the correct zone.
The MNAME field of that zone's SOA record will identify the
master
@@ -252,7 +251,7 @@
used.
</p></dd>
<dt><span class="term">
- <span><strong class="command">local</strong></span>
+ <span class="command"><strong>local</strong></span>
{address}
[port]
</span></dt>
@@ -261,7 +260,7 @@
<em class="parameter"><code>address</code></em>.
When no local statement is provided,
- <span><strong class="command">nsupdate</strong></span>
+ <span class="command"><strong>nsupdate</strong></span>
will send updates using an address and port chosen by the
system.
<em class="parameter"><code>port</code></em>
@@ -270,7 +269,7 @@
If no port number is specified, the system will assign one.
</p></dd>
<dt><span class="term">
- <span><strong class="command">zone</strong></span>
+ <span class="command"><strong>zone</strong></span>
{zonename}
</span></dt>
<dd><p>
@@ -279,12 +278,12 @@
If no
<em class="parameter"><code>zone</code></em>
statement is provided,
- <span><strong class="command">nsupdate</strong></span>
+ <span class="command"><strong>nsupdate</strong></span>
will attempt determine the correct zone to update based on the
rest of the input.
</p></dd>
<dt><span class="term">
- <span><strong class="command">class</strong></span>
+ <span class="command"><strong>class</strong></span>
{classname}
</span></dt>
<dd><p>
@@ -294,7 +293,7 @@
<em class="parameter"><code>IN</code></em>.
</p></dd>
<dt><span class="term">
- <span><strong class="command">ttl</strong></span>
+ <span class="command"><strong>ttl</strong></span>
{seconds}
</span></dt>
<dd><p>
@@ -303,7 +302,7 @@
ttl.
</p></dd>
<dt><span class="term">
- <span><strong class="command">key</strong></span>
+ <span class="command"><strong>key</strong></span>
[hmac:] {keyname}
{secret}
</span></dt>
@@ -312,19 +311,19 @@
<em class="parameter"><code>keyname</code></em> <em class="parameter"><code>secret</code></em> pair.
If <em class="parameter"><code>hmac</code></em> is specified, then it sets the
signing algorithm in use; the default is
- <code class="literal">hmac-md5</code>. The <span><strong class="command">key</strong></span>
+ <code class="literal">hmac-md5</code>. The <span class="command"><strong>key</strong></span>
command overrides any key specified on the command line via
<code class="option">-y</code> or <code class="option">-k</code>.
</p></dd>
<dt><span class="term">
- <span><strong class="command">gsstsig</strong></span>
+ <span class="command"><strong>gsstsig</strong></span>
</span></dt>
<dd><p>
Use GSS-TSIG to sign the updated. This is equivalent to
specifying <code class="option">-g</code> on the commandline.
</p></dd>
<dt><span class="term">
- <span><strong class="command">oldgsstsig</strong></span>
+ <span class="command"><strong>oldgsstsig</strong></span>
</span></dt>
<dd><p>
Use the Windows 2000 version of GSS-TSIG to sign the updated.
@@ -332,7 +331,7 @@
commandline.
</p></dd>
<dt><span class="term">
- <span><strong class="command">realm</strong></span>
+ <span class="command"><strong>realm</strong></span>
{[<span class="optional">realm_name</span>]}
</span></dt>
<dd><p>
@@ -341,7 +340,7 @@
realm is specified the saved realm is cleared.
</p></dd>
<dt><span class="term">
- <span><strong class="command">[<span class="optional">prereq</span>] nxdomain</strong></span>
+ <span class="command"><strong>[<span class="optional">prereq</span>] nxdomain</strong></span>
{domain-name}
</span></dt>
<dd><p>
@@ -349,7 +348,7 @@
<em class="parameter"><code>domain-name</code></em>.
</p></dd>
<dt><span class="term">
- <span><strong class="command">[<span class="optional">prereq</span>] yxdomain</strong></span>
+ <span class="command"><strong>[<span class="optional">prereq</span>] yxdomain</strong></span>
{domain-name}
</span></dt>
<dd><p>
@@ -358,7 +357,7 @@
exists (has as at least one resource record, of any type).
</p></dd>
<dt><span class="term">
- <span><strong class="command">[<span class="optional">prereq</span>] nxrrset</strong></span>
+ <span class="command"><strong>[<span class="optional">prereq</span>] nxrrset</strong></span>
{domain-name}
[class]
{type}
@@ -374,7 +373,7 @@
is omitted, IN (internet) is assumed.
</p></dd>
<dt><span class="term">
- <span><strong class="command">[<span class="optional">prereq</span>] yxrrset</strong></span>
+ <span class="command"><strong>[<span class="optional">prereq</span>] yxrrset</strong></span>
{domain-name}
[class]
{type}
@@ -391,7 +390,7 @@
is omitted, IN (internet) is assumed.
</p></dd>
<dt><span class="term">
- <span><strong class="command">[<span class="optional">prereq</span>] yxrrset</strong></span>
+ <span class="command"><strong>[<span class="optional">prereq</span>] yxrrset</strong></span>
{domain-name}
[class]
{type}
@@ -420,7 +419,7 @@
RDATA.
</p></dd>
<dt><span class="term">
- <span><strong class="command">[<span class="optional">update</span>] del[<span class="optional">ete</span>]</strong></span>
+ <span class="command"><strong>[<span class="optional">update</span>] del[<span class="optional">ete</span>]</strong></span>
{domain-name}
[ttl]
[class]
@@ -441,7 +440,7 @@
is ignored, and is only allowed for compatibility.
</p></dd>
<dt><span class="term">
- <span><strong class="command">[<span class="optional">update</span>] add</strong></span>
+ <span class="command"><strong>[<span class="optional">update</span>] add</strong></span>
{domain-name}
{ttl}
[class]
@@ -456,7 +455,7 @@
<em class="parameter"><code>data</code></em>.
</p></dd>
<dt><span class="term">
- <span><strong class="command">show</strong></span>
+ <span class="command"><strong>show</strong></span>
</span></dt>
<dd><p>
Displays the current message, containing all of the
@@ -464,32 +463,32 @@
updates specified since the last send.
</p></dd>
<dt><span class="term">
- <span><strong class="command">send</strong></span>
+ <span class="command"><strong>send</strong></span>
</span></dt>
<dd><p>
Sends the current message. This is equivalent to entering a
blank line.
</p></dd>
<dt><span class="term">
- <span><strong class="command">answer</strong></span>
+ <span class="command"><strong>answer</strong></span>
</span></dt>
<dd><p>
Displays the answer.
</p></dd>
<dt><span class="term">
- <span><strong class="command">debug</strong></span>
+ <span class="command"><strong>debug</strong></span>
</span></dt>
<dd><p>
Turn on debugging.
</p></dd>
<dt><span class="term">
- <span><strong class="command">version</strong></span>
+ <span class="command"><strong>version</strong></span>
</span></dt>
<dd><p>
Print version number.
</p></dd>
<dt><span class="term">
- <span><strong class="command">help</strong></span>
+ <span class="command"><strong>help</strong></span>
</span></dt>
<dd><p>
Print a list of commands.
@@ -501,11 +500,11 @@
Lines beginning with a semicolon are comments and are ignored.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2545067"></a><h2>EXAMPLES</h2>
+<div class="refsection">
+<a name="id-1.10"></a><h2>EXAMPLES</h2>
<p>
The examples below show how
- <span><strong class="command">nsupdate</strong></span>
+ <span class="command"><strong>nsupdate</strong></span>
could be used to insert and delete resource records from the
<span class="type">example.com</span>
zone.
@@ -555,9 +554,9 @@
RRSIG, DNSKEY and NSEC records.)
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2545111"></a><h2>FILES</h2>
-<div class="variablelist"><dl>
+<div class="refsection">
+<a name="id-1.11"></a><h2>FILES</h2>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt>
<dd><p>
used to identify default name server
@@ -578,8 +577,8 @@
</p></dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2545197"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.12"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">RFC 2136</em>,
<em class="citetitle">RFC 3007</em>,
@@ -593,8 +592,8 @@
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2545255"></a><h2>BUGS</h2>
+<div class="refsection">
+<a name="id-1.13"></a><h2>BUGS</h2>
<p>
The TSIG key is redundantly stored in two separate files.
This is a consequence of nsupdate using the DST library
diff --git a/bin/rndc/Makefile.in b/bin/rndc/Makefile.in
index f6100df9e16c..a1a0ec3989ed 100644
--- a/bin/rndc/Makefile.in
+++ b/bin/rndc/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004, 2007, 2009, 2012 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2007, 2009, 2012, 2015 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2000-2002 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -19,7 +19,7 @@ srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
@BIND9_MAKE_INCLUDES@
diff --git a/bin/rndc/rndc.8 b/bin/rndc/rndc.8
index 503108e69216..bbdda2a97b21 100644
--- a/bin/rndc/rndc.8
+++ b/bin/rndc/rndc.8
@@ -13,51 +13,66 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id$
-.\"
.hy 0
.ad l
+'\" t
.\" Title: rndc
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: December 04, 2013
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 2013-12-04
.\" Manual: BIND9
-.\" Source: BIND9
+.\" Source: ISC
+.\" Language: English
.\"
-.TH "RNDC" "8" "December 04, 2013" "BIND9" "BIND9"
+.TH "RNDC" "8" "2013\-12\-04" "ISC" "BIND9"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
.SH "NAME"
rndc \- name server control utility
.SH "SYNOPSIS"
-.HP 5
+.HP \w'\fBrndc\fR\ 'u
\fBrndc\fR [\fB\-b\ \fR\fB\fIsource\-address\fR\fR] [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-k\ \fR\fB\fIkey\-file\fR\fR] [\fB\-s\ \fR\fB\fIserver\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-V\fR] [\fB\-y\ \fR\fB\fIkey_id\fR\fR] {command}
.SH "DESCRIPTION"
.PP
\fBrndc\fR
-controls the operation of a name server. It supersedes the
+controls the operation of a name server\&. It supersedes the
\fBndc\fR
-utility that was provided in old BIND releases. If
+utility that was provided in old BIND releases\&. If
\fBrndc\fR
-is invoked with no command line options or arguments, it prints a short summary of the supported commands and the available options and their arguments.
+is invoked with no command line options or arguments, it prints a short summary of the supported commands and the available options and their arguments\&.
.PP
\fBrndc\fR
-communicates with the name server over a TCP connection, sending commands authenticated with digital signatures. In the current versions of
+communicates with the name server over a TCP connection, sending commands authenticated with digital signatures\&. In the current versions of
\fBrndc\fR
and
-\fBnamed\fR, the only supported authentication algorithm is HMAC\-MD5, which uses a shared secret on each end of the connection. This provides TSIG\-style authentication for the command request and the name server's response. All commands sent over the channel must be signed by a key_id known to the server.
+\fBnamed\fR, the only supported authentication algorithm is HMAC\-MD5, which uses a shared secret on each end of the connection\&. This provides TSIG\-style authentication for the command request and the name server\*(Aqs response\&. All commands sent over the channel must be signed by a key_id known to the server\&.
.PP
\fBrndc\fR
-reads a configuration file to determine how to contact the name server and decide what algorithm and key it should use.
+reads a configuration file to determine how to contact the name server and decide what algorithm and key it should use\&.
.SH "OPTIONS"
.PP
\-b \fIsource\-address\fR
.RS 4
Use
\fIsource\-address\fR
-as the source address for the connection to the server. Multiple instances are permitted to allow setting of both the IPv4 and IPv6 source addresses.
+as the source address for the connection to the server\&. Multiple instances are permitted to allow setting of both the IPv4 and IPv6 source addresses\&.
.RE
.PP
\-c \fIconfig\-file\fR
@@ -65,7 +80,7 @@ as the source address for the connection to the server. Multiple instances are p
Use
\fIconfig\-file\fR
as the configuration file instead of the default,
-\fI/etc/rndc.conf\fR.
+/etc/rndc\&.conf\&.
.RE
.PP
\-k \fIkey\-file\fR
@@ -73,47 +88,47 @@ as the configuration file instead of the default,
Use
\fIkey\-file\fR
as the key file instead of the default,
-\fI/etc/rndc.key\fR. The key in
-\fI/etc/rndc.key\fR
+/etc/rndc\&.key\&. The key in
+/etc/rndc\&.key
will be used to authenticate commands sent to the server if the
\fIconfig\-file\fR
-does not exist.
+does not exist\&.
.RE
.PP
\-s \fIserver\fR
.RS 4
\fIserver\fR
is the name or address of the server which matches a server statement in the configuration file for
-\fBrndc\fR. If no server is supplied on the command line, the host named by the default\-server clause in the options statement of the
+\fBrndc\fR\&. If no server is supplied on the command line, the host named by the default\-server clause in the options statement of the
\fBrndc\fR
-configuration file will be used.
+configuration file will be used\&.
.RE
.PP
\-p \fIport\fR
.RS 4
Send commands to TCP port
\fIport\fR
-instead of BIND 9's default control channel port, 953.
+instead of BIND 9\*(Aqs default control channel port, 953\&.
.RE
.PP
\-V
.RS 4
-Enable verbose logging.
+Enable verbose logging\&.
.RE
.PP
\-y \fIkey_id\fR
.RS 4
Use the key
\fIkey_id\fR
-from the configuration file.
+from the configuration file\&.
\fIkey_id\fR
must be known by
\fBnamed\fR
-with the same algorithm and secret string in order for control message validation to succeed. If no
+with the same algorithm and secret string in order for control message validation to succeed\&. If no
\fIkey_id\fR
is specified,
\fBrndc\fR
-will first look for a key clause in the server statement of the server being used, or if no server statement is present for that host, then the default\-key clause of the options statement. Note that the configuration file contains shared secrets which are used to send authenticated control commands to name servers. It should therefore not have general read or write access.
+will first look for a key clause in the server statement of the server being used, or if no server statement is present for that host, then the default\-key clause of the options statement\&. Note that the configuration file contains shared secrets which are used to send authenticated control commands to name servers\&. It should therefore not have general read or write access\&.
.RE
.SH "COMMANDS"
.PP
@@ -121,338 +136,338 @@ A list of commands supported by
\fBrndc\fR
can be seen by running
\fBrndc\fR
-without arguments.
+without arguments\&.
.PP
Currently supported commands are:
.PP
\fBaddzone \fR\fB\fIzone\fR\fR\fB \fR\fB[\fIclass\fR [\fIview\fR]]\fR\fB \fR\fB\fIconfiguration\fR\fR\fB \fR
.RS 4
-Add a zone while the server is running. This command requires the
+Add a zone while the server is running\&. This command requires the
\fBallow\-new\-zones\fR
option to be set to
-\fByes\fR. The
+\fByes\fR\&. The
\fIconfiguration\fR
string specified on the command line is the zone configuration text that would ordinarily be placed in
-\fInamed.conf\fR.
+named\&.conf\&.
.sp
The configuration is saved in a file called
-\fI\fIhash\fR\fR\fI.nzf\fR, where
+\fIhash\fR\&.nzf, where
\fIhash\fR
-is a cryptographic hash generated from the name of the view. When
+is a cryptographic hash generated from the name of the view\&. When
\fBnamed\fR
-is restarted, the file will be loaded into the view configuration, so that zones that were added can persist after a restart.
+is restarted, the file will be loaded into the view configuration, so that zones that were added can persist after a restart\&.
.sp
This sample
\fBaddzone\fR
command would add the zone
-example.com
+example\&.com
to the default view:
.sp
-$\fBrndc addzone example.com '{ type master; file "example.com.db"; };'\fR
+$\fBrndc addzone example\&.com \*(Aq{ type master; file "example\&.com\&.db"; };\*(Aq\fR
.sp
-(Note the brackets and semi\-colon around the zone configuration text.)
+(Note the brackets and semi\-colon around the zone configuration text\&.)
.sp
See also
-\fBrndc delzone\fR.
+\fBrndc delzone\fR\&.
.RE
.PP
\fBdelzone \fR\fB\fIzone\fR\fR\fB \fR\fB[\fIclass\fR [\fIview\fR]]\fR\fB \fR
.RS 4
-Delete a zone while the server is running. Only zones that were originally added via
+Delete a zone while the server is running\&. Only zones that were originally added via
\fBrndc addzone\fR
-can be deleted in this manner.
+can be deleted in this manner\&.
.sp
See also
\fBrndc addzone\fR
.RE
.PP
-\fBdumpdb \fR\fB[\-all|\-cache|\-zone|\-adb|\-bad]\fR\fB \fR\fB[\fIview ...\fR]\fR
+\fBdumpdb \fR\fB[\-all|\-cache|\-zone|\-adb|\-bad]\fR\fB \fR\fB[\fIview \&.\&.\&.\fR]\fR
.RS 4
-Dump the server's caches (default) and/or zones to the dump file for the specified views. If no view is specified, all views are dumped. (See the
+Dump the server\*(Aqs caches (default) and/or zones to the dump file for the specified views\&. If no view is specified, all views are dumped\&. (See the
\fBdump\-file\fR
-option in the BIND 9 Administrator Reference Manual.)
+option in the BIND 9 Administrator Reference Manual\&.)
.RE
.PP
\fBflush\fR
.RS 4
-Flushes the server's cache.
+Flushes the server\*(Aqs cache\&.
.RE
.PP
\fBflushname\fR \fIname\fR [\fIview\fR]
.RS 4
-Flushes the given name from the view's DNS cache and, if applicable, from the view's nameserver address database or bad\-server cache.
+Flushes the given name from the view\*(Aqs DNS cache and, if applicable, from the view\*(Aqs nameserver address database or bad\-server cache\&.
.RE
.PP
\fBflushtree\fR \fIname\fR [\fIview\fR]
.RS 4
-Flushes the given name, and all of its subdomains, from the view's DNS cache. Note that this does
+Flushes the given name, and all of its subdomains, from the view\*(Aqs DNS cache\&. Note that this does
\fInot\fR
-affect he server's address database or bad\-server cache.
+affect he server\*(Aqs address database or bad\-server cache\&.
.RE
.PP
\fBfreeze \fR\fB[\fIzone\fR [\fIclass\fR [\fIview\fR]]]\fR
.RS 4
-Suspend updates to a dynamic zone. If no zone is specified, then all zones are suspended. This allows manual edits to be made to a zone normally updated by dynamic update. It also causes changes in the journal file to be synced into the master file. All dynamic update attempts will be refused while the zone is frozen.
+Suspend updates to a dynamic zone\&. If no zone is specified, then all zones are suspended\&. This allows manual edits to be made to a zone normally updated by dynamic update\&. It also causes changes in the journal file to be synced into the master file\&. All dynamic update attempts will be refused while the zone is frozen\&.
.sp
See also
-\fBrndc thaw\fR.
+\fBrndc thaw\fR\&.
.RE
.PP
\fBhalt \fR\fB[\-p]\fR
.RS 4
-Stop the server immediately. Recent changes made through dynamic update or IXFR are not saved to the master files, but will be rolled forward from the journal files when the server is restarted. If
+Stop the server immediately\&. Recent changes made through dynamic update or IXFR are not saved to the master files, but will be rolled forward from the journal files when the server is restarted\&. If
\fB\-p\fR
is specified
-\fBnamed\fR's process id is returned. This allows an external process to determine when
+\fBnamed\fR\*(Aqs process id is returned\&. This allows an external process to determine when
\fBnamed\fR
-had completed halting.
+had completed halting\&.
.sp
See also
-\fBrndc stop\fR.
+\fBrndc stop\fR\&.
.RE
.PP
\fBloadkeys \fR\fB\fIzone\fR\fR\fB \fR\fB[\fIclass\fR [\fIview\fR]]\fR
.RS 4
-Fetch all DNSSEC keys for the given zone from the key directory. If they are within their publication period, merge them into the zone's DNSKEY RRset. Unlike
-\fBrndc sign\fR, however, the zone is not immediately re\-signed by the new keys, but is allowed to incrementally re\-sign over time.
+Fetch all DNSSEC keys for the given zone from the key directory\&. If they are within their publication period, merge them into the zone\*(Aqs DNSKEY RRset\&. Unlike
+\fBrndc sign\fR, however, the zone is not immediately re\-signed by the new keys, but is allowed to incrementally re\-sign over time\&.
.sp
This command requires that the
\fBauto\-dnssec\fR
zone option be set to
-maintain, and also requires the zone to be configured to allow dynamic DNS. (See "Dynamic Update Policies" in the Administrator Reference Manual for more details.)
+maintain, and also requires the zone to be configured to allow dynamic DNS\&. (See "Dynamic Update Policies" in the Administrator Reference Manual for more details\&.)
.RE
.PP
\fBnotify \fR\fB\fIzone\fR\fR\fB \fR\fB[\fIclass\fR [\fIview\fR]]\fR
.RS 4
-Resend NOTIFY messages for the zone.
+Resend NOTIFY messages for the zone\&.
.RE
.PP
\fBnotrace\fR
.RS 4
-Sets the server's debugging level to 0.
+Sets the server\*(Aqs debugging level to 0\&.
.sp
See also
-\fBrndc trace\fR.
+\fBrndc trace\fR\&.
.RE
.PP
\fBquerylog\fR [on|off]
.RS 4
-Enable or disable query logging. (For backward compatibility, this command can also be used without an argument to toggle query logging on and off.)
+Enable or disable query logging\&. (For backward compatibility, this command can also be used without an argument to toggle query logging on and off\&.)
.sp
Query logging can also be enabled by explicitly directing the
-\fBqueries\fR
-\fBcategory\fR
+\fBqueries\fR\fBcategory\fR
to a
\fBchannel\fR
in the
\fBlogging\fR
section of
-\fInamed.conf\fR
+named\&.conf
or by specifying
\fBquerylog yes;\fR
in the
\fBoptions\fR
section of
-\fInamed.conf\fR.
+named\&.conf\&.
.RE
.PP
\fBreconfig\fR
.RS 4
-Reload the configuration file and load new zones, but do not reload existing zone files even if they have changed. This is faster than a full
+Reload the configuration file and load new zones, but do not reload existing zone files even if they have changed\&. This is faster than a full
\fBreload\fR
-when there is a large number of zones because it avoids the need to examine the modification times of the zones files.
+when there is a large number of zones because it avoids the need to examine the modification times of the zones files\&.
.RE
.PP
\fBrecursing\fR
.RS 4
Dump the list of queries
\fBnamed\fR
-is currently recursing on, and the list of domains to which iterative queries are currently being sent. (The second list includes the number of fetches currently active for the given domain, and how many have been passed or dropped because of the
+is currently recursing on, and the list of domains to which iterative queries are currently being sent\&. (The second list includes the number of fetches currently active for the given domain, and how many have been passed or dropped because of the
\fBfetches\-per\-zone\fR
-option.)
+option\&.)
.RE
.PP
\fBrefresh \fR\fB\fIzone\fR\fR\fB \fR\fB[\fIclass\fR [\fIview\fR]]\fR
.RS 4
-Schedule zone maintenance for the given zone.
+Schedule zone maintenance for the given zone\&.
.RE
.PP
\fBreload\fR
.RS 4
-Reload configuration file and zones.
+Reload configuration file and zones\&.
.RE
.PP
\fBreload \fR\fB\fIzone\fR\fR\fB \fR\fB[\fIclass\fR [\fIview\fR]]\fR
.RS 4
-Reload the given zone.
+Reload the given zone\&.
.RE
.PP
\fBretransfer \fR\fB\fIzone\fR\fR\fB \fR\fB[\fIclass\fR [\fIview\fR]]\fR
.RS 4
-Retransfer the given slave zone from the master server.
+Retransfer the given slave zone from the master server\&.
.sp
If the zone is configured to use
-\fBinline\-signing\fR, the signed version of the zone is discarded; after the retransfer of the unsigned version is complete, the signed version will be regenerated with all new signatures.
+\fBinline\-signing\fR, the signed version of the zone is discarded; after the retransfer of the unsigned version is complete, the signed version will be regenerated with all new signatures\&.
.RE
.PP
-\fBsecroots \fR\fB[\fIview ...\fR]\fR
+\fBsecroots \fR\fB[\fIview \&.\&.\&.\fR]\fR
.RS 4
-Dump the server's security roots to the secroots file for the specified views. If no view is specified, security roots for all views are dumped.
+Dump the server\*(Aqs security roots to the secroots file for the specified views\&. If no view is specified, security roots for all views are dumped\&.
.RE
.PP
\fBsign \fR\fB\fIzone\fR\fR\fB \fR\fB[\fIclass\fR [\fIview\fR]]\fR
.RS 4
Fetch all DNSSEC keys for the given zone from the key directory (see the
\fBkey\-directory\fR
-option in the BIND 9 Administrator Reference Manual). If they are within their publication period, merge them into the zone's DNSKEY RRset. If the DNSKEY RRset is changed, then the zone is automatically re\-signed with the new key set.
+option in the BIND 9 Administrator Reference Manual)\&. If they are within their publication period, merge them into the zone\*(Aqs DNSKEY RRset\&. If the DNSKEY RRset is changed, then the zone is automatically re\-signed with the new key set\&.
.sp
This command requires that the
\fBauto\-dnssec\fR
zone option be set to
allow
or
-maintain, and also requires the zone to be configured to allow dynamic DNS. (See "Dynamic Update Policies" in the Administrator Reference Manual for more details.)
+maintain, and also requires the zone to be configured to allow dynamic DNS\&. (See "Dynamic Update Policies" in the Administrator Reference Manual for more details\&.)
.sp
See also
-\fBrndc loadkeys\fR.
+\fBrndc loadkeys\fR\&.
.RE
.PP
\fBsigning \fR\fB[( \-list | \-clear \fIkeyid/algorithm\fR | \-clear all | \-nsec3param ( \fIparameters\fR | none ) ) ]\fR\fB \fR\fB\fIzone\fR\fR\fB \fR\fB[\fIclass\fR [\fIview\fR]]\fR\fB \fR
.RS 4
-List, edit, or remove the DNSSEC signing state records for the specified zone. The status of ongoing DNSSEC operations (such as signing or generating NSEC3 chains) is stored in the zone in the form of DNS resource records of type
-\fBsig\-signing\-type\fR.
+List, edit, or remove the DNSSEC signing state records for the specified zone\&. The status of ongoing DNSSEC operations (such as signing or generating NSEC3 chains) is stored in the zone in the form of DNS resource records of type
+\fBsig\-signing\-type\fR\&.
\fBrndc signing \-list\fR
-converts these records into a human\-readable form, indicating which keys are currently signing or have finished signing the zone, and which NSEC3 chains are being created or removed.
+converts these records into a human\-readable form, indicating which keys are currently signing or have finished signing the zone, and which NSEC3 chains are being created or removed\&.
.sp
\fBrndc signing \-clear\fR
can remove a single key (specified in the same format that
\fBrndc signing \-list\fR
-uses to display it), or all keys. In either case, only completed keys are removed; any record indicating that a key has not yet finished signing the zone will be retained.
+uses to display it), or all keys\&. In either case, only completed keys are removed; any record indicating that a key has not yet finished signing the zone will be retained\&.
.sp
\fBrndc signing \-nsec3param\fR
-sets the NSEC3 parameters for a zone. This is the only supported mechanism for using NSEC3 with
+sets the NSEC3 parameters for a zone\&. This is the only supported mechanism for using NSEC3 with
\fBinline\-signing\fR
-zones. Parameters are specified in the same format as an NSEC3PARAM resource record: hash algorithm, flags, iterations, and salt, in that order.
+zones\&. Parameters are specified in the same format as an NSEC3PARAM resource record: hash algorithm, flags, iterations, and salt, in that order\&.
.sp
Currently, the only defined value for hash algorithm is
-1, representing SHA\-1. The
+1, representing SHA\-1\&. The
\fBflags\fR
may be set to
0
or
-1, depending on whether you wish to set the opt\-out bit in the NSEC3 chain.
+1, depending on whether you wish to set the opt\-out bit in the NSEC3 chain\&.
\fBiterations\fR
-defines the number of additional times to apply the algorithm when generating an NSEC3 hash. The
+defines the number of additional times to apply the algorithm when generating an NSEC3 hash\&. The
\fBsalt\fR
-is a string of data expressed in hexadecimal, or a hyphen (`\-') if no salt is to be used.
+is a string of data expressed in hexadecimal, or a hyphen (`\-\*(Aq) if no salt is to be used\&.
.sp
So, for example, to create an NSEC3 chain using the SHA\-1 hash algorithm, no opt\-out flag, 10 iterations, and a salt value of "FFFF", use:
-\fBrndc signing \-nsec3param 1 0 10 FFFF \fR\fB\fIzone\fR\fR. To set the opt\-out flag, 15 iterations, and no salt, use:
-\fBrndc signing \-nsec3param 1 1 15 \- \fR\fB\fIzone\fR\fR.
+\fBrndc signing \-nsec3param 1 0 10 FFFF \fR\fB\fIzone\fR\fR\&. To set the opt\-out flag, 15 iterations, and no salt, use:
+\fBrndc signing \-nsec3param 1 1 15 \- \fR\fB\fIzone\fR\fR\&.
.sp
\fBrndc signing \-nsec3param none\fR
-removes an existing NSEC3 chain and replaces it with NSEC.
+removes an existing NSEC3 chain and replaces it with NSEC\&.
.RE
.PP
\fBstats\fR
.RS 4
-Write server statistics to the statistics file. (See the
+Write server statistics to the statistics file\&. (See the
\fBstatistics\-file\fR
-option in the BIND 9 Administrator Reference Manual.)
+option in the BIND 9 Administrator Reference Manual\&.)
.RE
.PP
\fBstatus\fR
.RS 4
-Display status of the server. Note that the number of zones includes the internal
+Display status of the server\&. Note that the number of zones includes the internal
\fBbind/CH\fR
zone and the default
-\fB./IN\fR
-hint zone if there is not an explicit root zone configured.
+\fB\&./IN\fR
+hint zone if there is not an explicit root zone configured\&.
.RE
.PP
\fBstop \fR\fB[\-p]\fR
.RS 4
-Stop the server, making sure any recent changes made through dynamic update or IXFR are first saved to the master files of the updated zones. If
+Stop the server, making sure any recent changes made through dynamic update or IXFR are first saved to the master files of the updated zones\&. If
\fB\-p\fR
is specified
-\fBnamed\fR's process id is returned. This allows an external process to determine when
+\fBnamed\fR\*(Aqs process id is returned\&. This allows an external process to determine when
\fBnamed\fR
-had completed stopping.
+had completed stopping\&.
.sp
See also
-\fBrndc halt\fR.
+\fBrndc halt\fR\&.
.RE
.PP
\fBsync \fR\fB[\-clean]\fR\fB \fR\fB[\fIzone\fR [\fIclass\fR [\fIview\fR]]]\fR
.RS 4
-Sync changes in the journal file for a dynamic zone to the master file. If the "\-clean" option is specified, the journal file is also removed. If no zone is specified, then all zones are synced.
+Sync changes in the journal file for a dynamic zone to the master file\&. If the "\-clean" option is specified, the journal file is also removed\&. If no zone is specified, then all zones are synced\&.
.RE
.PP
\fBthaw \fR\fB[\fIzone\fR [\fIclass\fR [\fIview\fR]]]\fR
.RS 4
-Enable updates to a frozen dynamic zone. If no zone is specified, then all frozen zones are enabled. This causes the server to reload the zone from disk, and re\-enables dynamic updates after the load has completed. After a zone is thawed, dynamic updates will no longer be refused. If the zone has changed and the
+Enable updates to a frozen dynamic zone\&. If no zone is specified, then all frozen zones are enabled\&. This causes the server to reload the zone from disk, and re\-enables dynamic updates after the load has completed\&. After a zone is thawed, dynamic updates will no longer be refused\&. If the zone has changed and the
\fBixfr\-from\-differences\fR
-option is in use, then the journal file will be updated to reflect changes in the zone. Otherwise, if the zone has changed, any existing journal file will be removed.
+option is in use, then the journal file will be updated to reflect changes in the zone\&. Otherwise, if the zone has changed, any existing journal file will be removed\&.
.sp
See also
-\fBrndc freeze\fR.
+\fBrndc freeze\fR\&.
.RE
.PP
\fBtrace\fR
.RS 4
-Increment the servers debugging level by one.
+Increment the servers debugging level by one\&.
.RE
.PP
\fBtrace \fR\fB\fIlevel\fR\fR
.RS 4
-Sets the server's debugging level to an explicit value.
+Sets the server\*(Aqs debugging level to an explicit value\&.
.sp
See also
-\fBrndc notrace\fR.
+\fBrndc notrace\fR\&.
.RE
.PP
\fBtsig\-delete\fR \fIkeyname\fR [\fIview\fR]
.RS 4
-Delete a given TKEY\-negotiated key from the server. (This does not apply to statically configured TSIG keys.)
+Delete a given TKEY\-negotiated key from the server\&. (This does not apply to statically configured TSIG keys\&.)
.RE
.PP
\fBtsig\-list\fR
.RS 4
List the names of all TSIG keys currently configured for use by
\fBnamed\fR
-in each view. The list both statically configured keys and dynamic TKEY\-negotiated keys.
+in each view\&. The list both statically configured keys and dynamic TKEY\-negotiated keys\&.
.RE
.PP
-\fBvalidation ( on | off | check ) \fR\fB[\fIview ...\fR]\fR\fB \fR
+\fBvalidation ( on | off | check ) \fR\fB[\fIview \&.\&.\&.\fR]\fR\fB \fR
.RS 4
-Enable, disable, or check the current status of DNSSEC validation. Note
+Enable, disable, or check the current status of DNSSEC validation\&. Note
\fBdnssec\-enable\fR
also needs to be set to
\fByes\fR
or
\fBauto\fR
-to be effective. It defaults to enabled.
+to be effective\&. It defaults to enabled\&.
.RE
.SH "LIMITATIONS"
.PP
There is currently no way to provide the shared secret for a
\fBkey_id\fR
-without using the configuration file.
+without using the configuration file\&.
.PP
-Several error messages could be clearer.
+Several error messages could be clearer\&.
.SH "SEE ALSO"
.PP
\fBrndc.conf\fR(5),
-\fBrndc\-confgen\fR(8),
+\fBrndc-confgen\fR(8),
\fBnamed\fR(8),
\fBnamed.conf\fR(5),
\fBndc\fR(8),
-BIND 9 Administrator Reference Manual.
+BIND 9 Administrator Reference Manual\&.
.SH "AUTHOR"
.PP
-Internet Systems Consortium
+\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007, 2013\-2015 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2004, 2005, 2007, 2013-2015 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001 Internet Software Consortium.
.br
diff --git a/bin/rndc/rndc.conf.5 b/bin/rndc/rndc.conf.5
index ce7b09930e96..1bb0ab6a8cf0 100644
--- a/bin/rndc/rndc.conf.5
+++ b/bin/rndc/rndc.conf.5
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,33 +13,48 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id$
-.\"
.hy 0
.ad l
-.\" Title: \fIrndc.conf\fR
+'\" t
+.\" Title: rndc.conf
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: June 18, 2007
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 2007-06-18
.\" Manual: BIND9
-.\" Source: BIND9
+.\" Source: ISC
+.\" Language: English
.\"
-.TH "\fIRNDC.CONF\fR" "5" "June 18, 2007" "BIND9" "BIND9"
+.TH "RNDC\&.CONF" "5" "2007\-06\-18" "ISC" "BIND9"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
.SH "NAME"
rndc.conf \- rndc configuration file
.SH "SYNOPSIS"
-.HP 10
-\fBrndc.conf\fR
+.HP \w'\fBrndc\&.conf\fR\ 'u
+\fBrndc\&.conf\fR
.SH "DESCRIPTION"
.PP
-\fIrndc.conf\fR
+rndc\&.conf
is the configuration file for
-\fBrndc\fR, the BIND 9 name server control utility. This file has a similar structure and syntax to
-\fInamed.conf\fR. Statements are enclosed in braces and terminated with a semi\-colon. Clauses in the statements are also semi\-colon terminated. The usual comment styles are supported:
+\fBrndc\fR, the BIND 9 name server control utility\&. This file has a similar structure and syntax to
+named\&.conf\&. Statements are enclosed in braces and terminated with a semi\-colon\&. Clauses in the statements are also semi\-colon terminated\&. The usual comment styles are supported:
.PP
C style: /* */
.PP
@@ -47,129 +62,144 @@ C++ style: // to end of line
.PP
Unix style: # to end of line
.PP
-\fIrndc.conf\fR
+rndc\&.conf
is much simpler than
-\fInamed.conf\fR. The file uses three statements: an options statement, a server statement and a key statement.
+named\&.conf\&. The file uses three statements: an options statement, a server statement and a key statement\&.
.PP
The
\fBoptions\fR
-statement contains five clauses. The
+statement contains five clauses\&. The
\fBdefault\-server\fR
-clause is followed by the name or address of a name server. This host will be used when no name server is given as an argument to
-\fBrndc\fR. The
+clause is followed by the name or address of a name server\&. This host will be used when no name server is given as an argument to
+\fBrndc\fR\&. The
\fBdefault\-key\fR
clause is followed by the name of a key which is identified by a
\fBkey\fR
-statement. If no
+statement\&. If no
\fBkeyid\fR
is provided on the rndc command line, and no
\fBkey\fR
clause is found in a matching
\fBserver\fR
-statement, this default key will be used to authenticate the server's commands and responses. The
+statement, this default key will be used to authenticate the server\*(Aqs commands and responses\&. The
\fBdefault\-port\fR
-clause is followed by the port to connect to on the remote name server. If no
+clause is followed by the port to connect to on the remote name server\&. If no
\fBport\fR
option is provided on the rndc command line, and no
\fBport\fR
clause is found in a matching
\fBserver\fR
-statement, this default port will be used to connect. The
+statement, this default port will be used to connect\&. The
\fBdefault\-source\-address\fR
and
\fBdefault\-source\-address\-v6\fR
-clauses which can be used to set the IPv4 and IPv6 source addresses respectively.
+clauses which can be used to set the IPv4 and IPv6 source addresses respectively\&.
.PP
After the
\fBserver\fR
-keyword, the server statement includes a string which is the hostname or address for a name server. The statement has three possible clauses:
+keyword, the server statement includes a string which is the hostname or address for a name server\&. The statement has three possible clauses:
\fBkey\fR,
\fBport\fR
and
-\fBaddresses\fR. The key name must match the name of a key statement in the file. The port number specifies the port to connect to. If an
+\fBaddresses\fR\&. The key name must match the name of a key statement in the file\&. The port number specifies the port to connect to\&. If an
\fBaddresses\fR
-clause is supplied these addresses will be used instead of the server name. Each address can take an optional port. If an
+clause is supplied these addresses will be used instead of the server name\&. Each address can take an optional port\&. If an
\fBsource\-address\fR
or
\fBsource\-address\-v6\fR
-of supplied then these will be used to specify the IPv4 and IPv6 source addresses respectively.
+of supplied then these will be used to specify the IPv4 and IPv6 source addresses respectively\&.
.PP
The
\fBkey\fR
-statement begins with an identifying string, the name of the key. The statement has two clauses.
+statement begins with an identifying string, the name of the key\&. The statement has two clauses\&.
\fBalgorithm\fR
identifies the encryption algorithm for
\fBrndc\fR
-to use; currently only HMAC\-MD5 is supported. This is followed by a secret clause which contains the base\-64 encoding of the algorithm's encryption key. The base\-64 string is enclosed in double quotes.
+to use; currently only HMAC\-MD5 is supported\&. This is followed by a secret clause which contains the base\-64 encoding of the algorithm\*(Aqs encryption key\&. The base\-64 string is enclosed in double quotes\&.
.PP
-There are two common ways to generate the base\-64 string for the secret. The BIND 9 program
+There are two common ways to generate the base\-64 string for the secret\&. The BIND 9 program
\fBrndc\-confgen\fR
can be used to generate a random key, or the
\fBmmencode\fR
program, also known as
-\fBmimencode\fR, can be used to generate a base\-64 string from known input.
+\fBmimencode\fR, can be used to generate a base\-64 string from known input\&.
\fBmmencode\fR
-does not ship with BIND 9 but is available on many systems. See the EXAMPLE section for sample command lines for each.
+does not ship with BIND 9 but is available on many systems\&. See the EXAMPLE section for sample command lines for each\&.
.SH "EXAMPLE"
.PP
+.if n \{\
.RS 4
+.\}
.nf
options {
default\-server localhost;
default\-key samplekey;
};
.fi
+.if n \{\
.RE
-.sp
+.\}
.PP
+.if n \{\
.RS 4
+.\}
.nf
server localhost {
key samplekey;
};
.fi
+.if n \{\
.RE
-.sp
+.\}
.PP
+.if n \{\
.RS 4
+.\}
.nf
server testserver {
key testkey;
addresses { localhost port 5353; };
};
.fi
+.if n \{\
.RE
-.sp
+.\}
.PP
+.if n \{\
.RS 4
+.\}
.nf
key samplekey {
algorithm hmac\-md5;
secret "6FMfj43Osz4lyb24OIe2iGEz9lf1llJO+lz";
};
.fi
+.if n \{\
.RE
-.sp
+.\}
.PP
+.if n \{\
.RS 4
+.\}
.nf
key testkey {
algorithm hmac\-md5;
secret "R3HI8P6BKw9ZwXwN3VZKuQ==";
};
.fi
+.if n \{\
.RE
-.sp
+.\}
.PP
In the above example,
\fBrndc\fR
-will by default use the server at localhost (127.0.0.1) and the key called samplekey. Commands to the localhost server will use the samplekey key, which must also be defined in the server's configuration file with the same name and secret. The key statement indicates that samplekey uses the HMAC\-MD5 algorithm and its secret clause contains the base\-64 encoding of the HMAC\-MD5 secret enclosed in double quotes.
+will by default use the server at localhost (127\&.0\&.0\&.1) and the key called samplekey\&. Commands to the localhost server will use the samplekey key, which must also be defined in the server\*(Aqs configuration file with the same name and secret\&. The key statement indicates that samplekey uses the HMAC\-MD5 algorithm and its secret clause contains the base\-64 encoding of the HMAC\-MD5 secret enclosed in double quotes\&.
.PP
If
\fBrndc \-s testserver\fR
is used then
\fBrndc\fR
-will connect to server on localhost port 5353 using the key testkey.
+will connect to server on localhost port 5353 using the key testkey\&.
.PP
To generate a random secret with
\fBrndc\-confgen\fR:
@@ -177,14 +207,14 @@ To generate a random secret with
\fBrndc\-confgen\fR
.PP
A complete
-\fIrndc.conf\fR
-file, including the randomly generated key, will be written to the standard output. Commented\-out
+rndc\&.conf
+file, including the randomly generated key, will be written to the standard output\&. Commented\-out
\fBkey\fR
and
\fBcontrols\fR
statements for
-\fInamed.conf\fR
-are also printed.
+named\&.conf
+are also printed\&.
.PP
To generate a base\-64 secret with
\fBmmencode\fR:
@@ -193,22 +223,23 @@ To generate a base\-64 secret with
.SH "NAME SERVER CONFIGURATION"
.PP
The name server must be configured to accept rndc connections and to recognize the key specified in the
-\fIrndc.conf\fR
+rndc\&.conf
file, using the controls statement in
-\fInamed.conf\fR. See the sections on the
+named\&.conf\&. See the sections on the
\fBcontrols\fR
-statement in the BIND 9 Administrator Reference Manual for details.
+statement in the BIND 9 Administrator Reference Manual for details\&.
.SH "SEE ALSO"
.PP
\fBrndc\fR(8),
-\fBrndc\-confgen\fR(8),
+\fBrndc-confgen\fR(8),
\fBmmencode\fR(1),
-BIND 9 Administrator Reference Manual.
+BIND 9 Administrator Reference Manual\&.
.SH "AUTHOR"
.PP
-Internet Systems Consortium
+\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001 Internet Software Consortium.
.br
diff --git a/bin/rndc/rndc.conf.docbook b/bin/rndc/rndc.conf.docbook
index 8dcdef819718..4cb5d40b6f5a 100644
--- a/bin/rndc/rndc.conf.docbook
+++ b/bin/rndc/rndc.conf.docbook
@@ -1,8 +1,5 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,9 +15,14 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<refentry id="man.rndc.conf">
+<!-- Converted by db4-upgrade version 1.0 -->
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.rndc.conf">
+ <info>
+ <date>2007-06-18</date>
+ </info>
<refentryinfo>
- <date>June 18, 2007</date>
+ <corpname>ISC</corpname>
+ <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
</refentryinfo>
<refmeta>
@@ -40,6 +42,7 @@
<year>2005</year>
<year>2007</year>
<year>2014</year>
+ <year>2015</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -50,13 +53,13 @@
</docinfo>
<refsynopsisdiv>
- <cmdsynopsis>
+ <cmdsynopsis sepchar=" ">
<command>rndc.conf</command>
</cmdsynopsis>
</refsynopsisdiv>
- <refsect1>
- <title>DESCRIPTION</title>
+ <refsection><info><title>DESCRIPTION</title></info>
+
<para><filename>rndc.conf</filename> is the configuration file
for <command>rndc</command>, the BIND 9 name server control
utility. This file has a similar structure and syntax to
@@ -139,10 +142,10 @@
ship with BIND 9 but is available on many systems. See the
EXAMPLE section for sample command lines for each.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>EXAMPLE</title></info>
- <refsect1>
- <title>EXAMPLE</title>
<para><programlisting>
options {
@@ -211,10 +214,10 @@
</para>
<para><userinput>echo "known plaintext for a secret" | mmencode</userinput>
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>NAME SERVER CONFIGURATION</title></info>
- <refsect1>
- <title>NAME SERVER CONFIGURATION</title>
<para>
The name server must be configured to accept rndc connections and
to recognize the key specified in the <filename>rndc.conf</filename>
@@ -222,10 +225,10 @@
See the sections on the <option>controls</option> statement in the
BIND 9 Administrator Reference Manual for details.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>SEE ALSO</title></info>
- <refsect1>
- <title>SEE ALSO</title>
<para><citerefentry>
<refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
@@ -237,16 +240,6 @@
</citerefentry>,
<citetitle>BIND 9 Administrator Reference Manual</citetitle>.
</para>
- </refsect1>
+ </refsection>
- <refsect1>
- <title>AUTHOR</title>
- <para><corpauthor>Internet Systems Consortium</corpauthor>
- </para>
- </refsect1>
-
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->
+</refentry>
diff --git a/bin/rndc/rndc.conf.html b/bin/rndc/rndc.conf.html
index 5b33584b9848..46fab0855401 100644
--- a/bin/rndc/rndc.conf.html
+++ b/bin/rndc/rndc.conf.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,14 +14,13 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>rndc.conf</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
<a name="man.rndc.conf"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -31,10 +30,10 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">rndc.conf</code> </p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543364"></a><h2>DESCRIPTION</h2>
+<div class="refsection">
+<a name="id-1.7"></a><h2>DESCRIPTION</h2>
<p><code class="filename">rndc.conf</code> is the configuration file
- for <span><strong class="command">rndc</strong></span>, the BIND 9 name server control
+ for <span class="command"><strong>rndc</strong></span>, the BIND 9 name server control
utility. This file has a similar structure and syntax to
<code class="filename">named.conf</code>. Statements are enclosed
in braces and terminated with a semi-colon. Clauses in
@@ -60,7 +59,7 @@
The <code class="option">default-server</code> clause is followed by the
name or address of a name server. This host will be used when
no name server is given as an argument to
- <span><strong class="command">rndc</strong></span>. The <code class="option">default-key</code>
+ <span class="command"><strong>rndc</strong></span>. The <code class="option">default-key</code>
clause is followed by the name of a key which is identified by
a <code class="option">key</code> statement. If no
<code class="option">keyid</code> is provided on the rndc command line,
@@ -96,7 +95,7 @@
The <code class="option">key</code> statement begins with an identifying
string, the name of the key. The statement has two clauses.
<code class="option">algorithm</code> identifies the encryption algorithm
- for <span><strong class="command">rndc</strong></span> to use; currently only HMAC-MD5
+ for <span class="command"><strong>rndc</strong></span> to use; currently only HMAC-MD5
is
supported. This is followed by a secret clause which contains
the base-64 encoding of the algorithm's encryption key. The
@@ -104,20 +103,20 @@
</p>
<p>
There are two common ways to generate the base-64 string for the
- secret. The BIND 9 program <span><strong class="command">rndc-confgen</strong></span>
+ secret. The BIND 9 program <span class="command"><strong>rndc-confgen</strong></span>
can
be used to generate a random key, or the
- <span><strong class="command">mmencode</strong></span> program, also known as
- <span><strong class="command">mimencode</strong></span>, can be used to generate a
+ <span class="command"><strong>mmencode</strong></span> program, also known as
+ <span class="command"><strong>mimencode</strong></span>, can be used to generate a
base-64
- string from known input. <span><strong class="command">mmencode</strong></span> does
+ string from known input. <span class="command"><strong>mmencode</strong></span> does
not
ship with BIND 9 but is available on many systems. See the
EXAMPLE section for sample command lines for each.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543512"></a><h2>EXAMPLE</h2>
+<div class="refsection">
+<a name="id-1.8"></a><h2>EXAMPLE</h2>
<pre class="programlisting">
options {
default-server localhost;
@@ -158,7 +157,7 @@
<p>
</p>
<p>
- In the above example, <span><strong class="command">rndc</strong></span> will by
+ In the above example, <span class="command"><strong>rndc</strong></span> will by
default use
the server at localhost (127.0.0.1) and the key called samplekey.
Commands to the localhost server will use the samplekey key, which
@@ -168,11 +167,11 @@
base-64 encoding of the HMAC-MD5 secret enclosed in double quotes.
</p>
<p>
- If <span><strong class="command">rndc -s testserver</strong></span> is used then <span><strong class="command">rndc</strong></span> will
+ If <span class="command"><strong>rndc -s testserver</strong></span> is used then <span class="command"><strong>rndc</strong></span> will
connect to server on localhost port 5353 using the key testkey.
</p>
<p>
- To generate a random secret with <span><strong class="command">rndc-confgen</strong></span>:
+ To generate a random secret with <span class="command"><strong>rndc-confgen</strong></span>:
</p>
<p><strong class="userinput"><code>rndc-confgen</code></strong>
</p>
@@ -185,13 +184,13 @@
<code class="filename">named.conf</code> are also printed.
</p>
<p>
- To generate a base-64 secret with <span><strong class="command">mmencode</strong></span>:
+ To generate a base-64 secret with <span class="command"><strong>mmencode</strong></span>:
</p>
<p><strong class="userinput"><code>echo "known plaintext for a secret" | mmencode</code></strong>
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543604"></a><h2>NAME SERVER CONFIGURATION</h2>
+<div class="refsection">
+<a name="id-1.9"></a><h2>NAME SERVER CONFIGURATION</h2>
<p>
The name server must be configured to accept rndc connections and
to recognize the key specified in the <code class="filename">rndc.conf</code>
@@ -200,18 +199,13 @@
BIND 9 Administrator Reference Manual for details.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543625"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.10"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">mmencode</span>(1)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543664"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
- </p>
-</div>
</div></body>
</html>
diff --git a/bin/rndc/rndc.docbook b/bin/rndc/rndc.docbook
index 141ce5f37ca2..913e11b9d373 100644
--- a/bin/rndc/rndc.docbook
+++ b/bin/rndc/rndc.docbook
@@ -1,6 +1,3 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2004, 2005, 2007, 2013-2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
@@ -18,9 +15,14 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<refentry id="man.rndc">
+<!-- Converted by db4-upgrade version 1.0 -->
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.rndc">
+ <info>
+ <date>2013-12-04</date>
+ </info>
<refentryinfo>
- <date>December 04, 2013</date>
+ <corpname>ISC</corpname>
+ <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
</refentryinfo>
<refmeta>
@@ -52,21 +54,21 @@
</docinfo>
<refsynopsisdiv>
- <cmdsynopsis>
+ <cmdsynopsis sepchar=" ">
<command>rndc</command>
- <arg><option>-b <replaceable class="parameter">source-address</replaceable></option></arg>
- <arg><option>-c <replaceable class="parameter">config-file</replaceable></option></arg>
- <arg><option>-k <replaceable class="parameter">key-file</replaceable></option></arg>
- <arg><option>-s <replaceable class="parameter">server</replaceable></option></arg>
- <arg><option>-p <replaceable class="parameter">port</replaceable></option></arg>
- <arg><option>-V</option></arg>
- <arg><option>-y <replaceable class="parameter">key_id</replaceable></option></arg>
- <arg choice="req">command</arg>
+ <arg choice="opt" rep="norepeat"><option>-b <replaceable class="parameter">source-address</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">config-file</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-k <replaceable class="parameter">key-file</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-s <replaceable class="parameter">server</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-p <replaceable class="parameter">port</replaceable></option></arg>
+ <arg choice="opt" rep="norepeat"><option>-V</option></arg>
+ <arg choice="opt" rep="norepeat"><option>-y <replaceable class="parameter">key_id</replaceable></option></arg>
+ <arg choice="req" rep="norepeat">command</arg>
</cmdsynopsis>
</refsynopsisdiv>
- <refsect1>
- <title>DESCRIPTION</title>
+ <refsection><info><title>DESCRIPTION</title></info>
+
<para><command>rndc</command>
controls the operation of a name
server. It supersedes the <command>ndc</command> utility
@@ -93,10 +95,10 @@
determine how to contact the name server and decide what
algorithm and key it should use.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>OPTIONS</title></info>
- <refsect1>
- <title>OPTIONS</title>
<variablelist>
<varlistentry>
@@ -196,10 +198,10 @@
</varlistentry>
</variablelist>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>COMMANDS</title></info>
- <refsect1>
- <title>COMMANDS</title>
<para>
A list of commands supported by <command>rndc</command> can
be seen by running <command>rndc</command> without arguments.
@@ -258,7 +260,7 @@
Delete a zone while the server is running.
Only zones that were originally added via
<command>rndc addzone</command> can be deleted
- in this manner.
+ in this manner.
</para>
<para>
See also <command>rndc addzone</command>
@@ -506,7 +508,7 @@
<listitem>
<para>
Fetch all DNSSEC keys for the given zone
- from the key directory (see the
+ from the key directory (see the
<command>key-directory</command> option in
the BIND 9 Administrator Reference Manual). If they are within
their publication period, merge them into the
@@ -539,7 +541,7 @@
operations (such as signing or generating
NSEC3 chains) is stored in the zone in the form
of DNS resource records of type
- <command>sig-signing-type</command>.
+ <command>sig-signing-type</command>.
<command>rndc signing -list</command> converts
these records into a human-readable form,
indicating which keys are currently signing
@@ -565,7 +567,7 @@
flags, iterations, and salt, in that order.
</para>
<para>
- Currently, the only defined value for hash algorithm
+ Currently, the only defined value for hash algorithm
is <literal>1</literal>, representing SHA-1.
The <option>flags</option> may be set to
<literal>0</literal> or <literal>1</literal>,
@@ -726,10 +728,10 @@
</varlistentry>
</variablelist>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>LIMITATIONS</title></info>
- <refsect1>
- <title>LIMITATIONS</title>
<para>
There is currently no way to provide the shared secret for a
<option>key_id</option> without using the configuration file.
@@ -737,10 +739,10 @@
<para>
Several error messages could be clearer.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>SEE ALSO</title></info>
- <refsect1>
- <title>SEE ALSO</title>
<para><citerefentry>
<refentrytitle>rndc.conf</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
@@ -758,16 +760,6 @@
</citerefentry>,
<citetitle>BIND 9 Administrator Reference Manual</citetitle>.
</para>
- </refsect1>
-
- <refsect1>
- <title>AUTHOR</title>
- <para><corpauthor>Internet Systems Consortium</corpauthor>
- </para>
- </refsect1>
+ </refsection>
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->
+</refentry>
diff --git a/bin/rndc/rndc.html b/bin/rndc/rndc.html
index 0daea8a28549..7aa8f6cc9992 100644
--- a/bin/rndc/rndc.html
+++ b/bin/rndc/rndc.html
@@ -14,14 +14,13 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>rndc</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
<a name="man.rndc"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -31,22 +30,22 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">rndc</code> [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543431"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">rndc</strong></span>
+<div class="refsection">
+<a name="id-1.7"></a><h2>DESCRIPTION</h2>
+<p><span class="command"><strong>rndc</strong></span>
controls the operation of a name
- server. It supersedes the <span><strong class="command">ndc</strong></span> utility
+ server. It supersedes the <span class="command"><strong>ndc</strong></span> utility
that was provided in old BIND releases. If
- <span><strong class="command">rndc</strong></span> is invoked with no command line
+ <span class="command"><strong>rndc</strong></span> is invoked with no command line
options or arguments, it prints a short summary of the
supported commands and the available options and their
arguments.
</p>
-<p><span><strong class="command">rndc</strong></span>
+<p><span class="command"><strong>rndc</strong></span>
communicates with the name server
over a TCP connection, sending commands authenticated with
digital signatures. In the current versions of
- <span><strong class="command">rndc</strong></span> and <span><strong class="command">named</strong></span>,
+ <span class="command"><strong>rndc</strong></span> and <span class="command"><strong>named</strong></span>,
the only supported authentication algorithm is HMAC-MD5,
which uses a shared secret on each end of the connection.
This provides TSIG-style authentication for the command
@@ -54,15 +53,15 @@
over the channel must be signed by a key_id known to the
server.
</p>
-<p><span><strong class="command">rndc</strong></span>
+<p><span class="command"><strong>rndc</strong></span>
reads a configuration file to
determine how to contact the name server and decide what
algorithm and key it should use.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543466"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
+<div class="refsection">
+<a name="id-1.8"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt>
<dd><p>
Use <em class="replaceable"><code>source-address</code></em>
@@ -90,9 +89,9 @@
<dd><p><em class="replaceable"><code>server</code></em> is
the name or address of the server which matches a
server statement in the configuration file for
- <span><strong class="command">rndc</strong></span>. If no server is supplied on the
+ <span class="command"><strong>rndc</strong></span>. If no server is supplied on the
command line, the host named by the default-server clause
- in the options statement of the <span><strong class="command">rndc</strong></span>
+ in the options statement of the <span class="command"><strong>rndc</strong></span>
configuration file will be used.
</p></dd>
<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
@@ -112,10 +111,10 @@
from the configuration file.
<em class="replaceable"><code>key_id</code></em>
must be
- known by <span><strong class="command">named</strong></span> with the same algorithm and secret string
+ known by <span class="command"><strong>named</strong></span> with the same algorithm and secret string
in order for control message validation to succeed.
If no <em class="replaceable"><code>key_id</code></em>
- is specified, <span><strong class="command">rndc</strong></span> will first look
+ is specified, <span class="command"><strong>rndc</strong></span> will first look
for a key clause in the server statement of the server
being used, or if no server statement is present for that
host, then the default-key clause of the options statement.
@@ -126,22 +125,22 @@
</p></dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543667"></a><h2>COMMANDS</h2>
+<div class="refsection">
+<a name="id-1.9"></a><h2>COMMANDS</h2>
<p>
- A list of commands supported by <span><strong class="command">rndc</strong></span> can
- be seen by running <span><strong class="command">rndc</strong></span> without arguments.
+ A list of commands supported by <span class="command"><strong>rndc</strong></span> can
+ be seen by running <span class="command"><strong>rndc</strong></span> without arguments.
</p>
<p>
Currently supported commands are:
</p>
-<div class="variablelist"><dl>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term"><strong class="userinput"><code>addzone <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>] <em class="replaceable"><code>configuration</code></em> </code></strong></span></dt>
<dd>
<p>
Add a zone while the server is running. This
command requires the
- <span><strong class="command">allow-new-zones</strong></span> option to be set
+ <span class="command"><strong>allow-new-zones</strong></span> option to be set
to <strong class="userinput"><code>yes</code></strong>. The
<em class="replaceable"><code>configuration</code></em> string
specified on the command line is the zone
@@ -153,13 +152,13 @@
<code class="filename"><em class="replaceable"><code>hash</code></em>.nzf</code>,
where <em class="replaceable"><code>hash</code></em> is a
cryptographic hash generated from the name of
- the view. When <span><strong class="command">named</strong></span> is
+ the view. When <span class="command"><strong>named</strong></span> is
restarted, the file will be loaded into the view
configuration, so that zones that were added
can persist after a restart.
</p>
<p>
- This sample <span><strong class="command">addzone</strong></span> command
+ This sample <span class="command"><strong>addzone</strong></span> command
would add the zone <code class="literal">example.com</code>
to the default view:
</p>
@@ -171,7 +170,7 @@
configuration text.)
</p>
<p>
- See also <span><strong class="command">rndc delzone</strong></span>.
+ See also <span class="command"><strong>rndc delzone</strong></span>.
</p>
</dd>
<dt><span class="term"><strong class="userinput"><code>delzone <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>] </code></strong></span></dt>
@@ -179,11 +178,11 @@
<p>
Delete a zone while the server is running.
Only zones that were originally added via
- <span><strong class="command">rndc addzone</strong></span> can be deleted
- in this manner.
+ <span class="command"><strong>rndc addzone</strong></span> can be deleted
+ in this manner.
</p>
<p>
- See also <span><strong class="command">rndc addzone</strong></span>
+ See also <span class="command"><strong>rndc addzone</strong></span>
</p>
</dd>
<dt><span class="term"><strong class="userinput"><code>dumpdb [<span class="optional">-all|-cache|-zone|-adb|-bad</span>] [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt>
@@ -193,7 +192,7 @@
dump file for the specified views. If no view is
specified, all
views are dumped.
- (See the <span><strong class="command">dump-file</strong></span> option in
+ (See the <span class="command"><strong>dump-file</strong></span> option in
the BIND 9 Administrator Reference Manual.)
</p></dd>
<dt><span class="term"><strong class="userinput"><code>flush</code></strong></span></dt>
@@ -225,7 +224,7 @@
the zone is frozen.
</p>
<p>
- See also <span><strong class="command">rndc thaw</strong></span>.
+ See also <span class="command"><strong>rndc thaw</strong></span>.
</p>
</dd>
<dt><span class="term"><strong class="userinput"><code>halt [<span class="optional">-p</span>]</code></strong></span></dt>
@@ -235,12 +234,12 @@
made through dynamic update or IXFR are not saved to
the master files, but will be rolled forward from the
journal files when the server is restarted.
- If <code class="option">-p</code> is specified <span><strong class="command">named</strong></span>'s process id is returned.
- This allows an external process to determine when <span><strong class="command">named</strong></span>
+ If <code class="option">-p</code> is specified <span class="command"><strong>named</strong></span>'s process id is returned.
+ This allows an external process to determine when <span class="command"><strong>named</strong></span>
had completed halting.
</p>
<p>
- See also <span><strong class="command">rndc stop</strong></span>.
+ See also <span class="command"><strong>rndc stop</strong></span>.
</p>
</dd>
<dt><span class="term"><strong class="userinput"><code>loadkeys <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
@@ -249,14 +248,14 @@
Fetch all DNSSEC keys for the given zone
from the key directory. If they are within
their publication period, merge them into the
- zone's DNSKEY RRset. Unlike <span><strong class="command">rndc
+ zone's DNSKEY RRset. Unlike <span class="command"><strong>rndc
sign</strong></span>, however, the zone is not
immediately re-signed by the new keys, but is
allowed to incrementally re-sign over time.
</p>
<p>
This command requires that the
- <span><strong class="command">auto-dnssec</strong></span> zone option
+ <span class="command"><strong>auto-dnssec</strong></span> zone option
be set to <code class="literal">maintain</code>,
and also requires the zone to be configured to
allow dynamic DNS.
@@ -274,7 +273,7 @@
Sets the server's debugging level to 0.
</p>
<p>
- See also <span><strong class="command">rndc trace</strong></span>.
+ See also <span class="command"><strong>rndc trace</strong></span>.
</p>
</dd>
<dt><span class="term"><strong class="userinput"><code>querylog</code></strong> [<span class="optional">on|off</span>] </span></dt>
@@ -286,13 +285,13 @@
</p>
<p>
Query logging can also be enabled
- by explicitly directing the <span><strong class="command">queries</strong></span>
- <span><strong class="command">category</strong></span> to a
- <span><strong class="command">channel</strong></span> in the
- <span><strong class="command">logging</strong></span> section of
+ by explicitly directing the <span class="command"><strong>queries</strong></span>
+ <span class="command"><strong>category</strong></span> to a
+ <span class="command"><strong>channel</strong></span> in the
+ <span class="command"><strong>logging</strong></span> section of
<code class="filename">named.conf</code> or by specifying
- <span><strong class="command">querylog yes;</strong></span> in the
- <span><strong class="command">options</strong></span> section of
+ <span class="command"><strong>querylog yes;</strong></span> in the
+ <span class="command"><strong>options</strong></span> section of
<code class="filename">named.conf</code>.
</p>
</dd>
@@ -301,14 +300,14 @@
Reload the configuration file and load new zones,
but do not reload existing zone files even if they
have changed.
- This is faster than a full <span><strong class="command">reload</strong></span> when there
+ This is faster than a full <span class="command"><strong>reload</strong></span> when there
is a large number of zones because it avoids the need
to examine the
modification times of the zones files.
</p></dd>
<dt><span class="term"><strong class="userinput"><code>recursing</code></strong></span></dt>
<dd><p>
- Dump the list of queries <span><strong class="command">named</strong></span> is currently
+ Dump the list of queries <span class="command"><strong>named</strong></span> is currently
recursing on, and the list of domains to which iterative
queries are currently being sent. (The second list includes
the number of fetches currently active for the given domain,
@@ -334,7 +333,7 @@
</p>
<p>
If the zone is configured to use
- <span><strong class="command">inline-signing</strong></span>, the signed
+ <span class="command"><strong>inline-signing</strong></span>, the signed
version of the zone is discarded; after the
retransfer of the unsigned version is complete, the
signed version will be regenerated with all new
@@ -352,8 +351,8 @@
<dd>
<p>
Fetch all DNSSEC keys for the given zone
- from the key directory (see the
- <span><strong class="command">key-directory</strong></span> option in
+ from the key directory (see the
+ <span class="command"><strong>key-directory</strong></span> option in
the BIND 9 Administrator Reference Manual). If they are within
their publication period, merge them into the
zone's DNSKEY RRset. If the DNSKEY RRset
@@ -362,7 +361,7 @@
</p>
<p>
This command requires that the
- <span><strong class="command">auto-dnssec</strong></span> zone option be set
+ <span class="command"><strong>auto-dnssec</strong></span> zone option be set
to <code class="literal">allow</code> or
<code class="literal">maintain</code>,
and also requires the zone to be configured to
@@ -371,7 +370,7 @@
Reference Manual for more details.)
</p>
<p>
- See also <span><strong class="command">rndc loadkeys</strong></span>.
+ See also <span class="command"><strong>rndc loadkeys</strong></span>.
</p>
</dd>
<dt><span class="term"><strong class="userinput"><code>signing [<span class="optional">( -list | -clear <em class="replaceable"><code>keyid/algorithm</code></em> | -clear <code class="literal">all</code> | -nsec3param ( <em class="replaceable"><code>parameters</code></em> | <code class="literal">none</code> ) ) </span>] <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>] </code></strong></span></dt>
@@ -382,33 +381,33 @@
operations (such as signing or generating
NSEC3 chains) is stored in the zone in the form
of DNS resource records of type
- <span><strong class="command">sig-signing-type</strong></span>.
- <span><strong class="command">rndc signing -list</strong></span> converts
+ <span class="command"><strong>sig-signing-type</strong></span>.
+ <span class="command"><strong>rndc signing -list</strong></span> converts
these records into a human-readable form,
indicating which keys are currently signing
or have finished signing the zone, and which NSEC3
chains are being created or removed.
</p>
<p>
- <span><strong class="command">rndc signing -clear</strong></span> can remove
+ <span class="command"><strong>rndc signing -clear</strong></span> can remove
a single key (specified in the same format that
- <span><strong class="command">rndc signing -list</strong></span> uses to
+ <span class="command"><strong>rndc signing -list</strong></span> uses to
display it), or all keys. In either case, only
completed keys are removed; any record indicating
that a key has not yet finished signing the zone
will be retained.
</p>
<p>
- <span><strong class="command">rndc signing -nsec3param</strong></span> sets
+ <span class="command"><strong>rndc signing -nsec3param</strong></span> sets
the NSEC3 parameters for a zone. This is the
only supported mechanism for using NSEC3 with
- <span><strong class="command">inline-signing</strong></span> zones.
+ <span class="command"><strong>inline-signing</strong></span> zones.
Parameters are specified in the same format as
an NSEC3PARAM resource record: hash algorithm,
flags, iterations, and salt, in that order.
</p>
<p>
- Currently, the only defined value for hash algorithm
+ Currently, the only defined value for hash algorithm
is <code class="literal">1</code>, representing SHA-1.
The <code class="option">flags</code> may be set to
<code class="literal">0</code> or <code class="literal">1</code>,
@@ -424,13 +423,13 @@
So, for example, to create an NSEC3 chain using
the SHA-1 hash algorithm, no opt-out flag,
10 iterations, and a salt value of "FFFF", use:
- <span><strong class="command">rndc signing -nsec3param 1 0 10 FFFF <em class="replaceable"><code>zone</code></em></strong></span>.
+ <span class="command"><strong>rndc signing -nsec3param 1 0 10 FFFF <em class="replaceable"><code>zone</code></em></strong></span>.
To set the opt-out flag, 15 iterations, and no
salt, use:
- <span><strong class="command">rndc signing -nsec3param 1 1 15 - <em class="replaceable"><code>zone</code></em></strong></span>.
+ <span class="command"><strong>rndc signing -nsec3param 1 1 15 - <em class="replaceable"><code>zone</code></em></strong></span>.
</p>
<p>
- <span><strong class="command">rndc signing -nsec3param none</strong></span>
+ <span class="command"><strong>rndc signing -nsec3param none</strong></span>
removes an existing NSEC3 chain and replaces it
with NSEC.
</p>
@@ -438,14 +437,14 @@
<dt><span class="term"><strong class="userinput"><code>stats</code></strong></span></dt>
<dd><p>
Write server statistics to the statistics file.
- (See the <span><strong class="command">statistics-file</strong></span> option in
+ (See the <span class="command"><strong>statistics-file</strong></span> option in
the BIND 9 Administrator Reference Manual.)
</p></dd>
<dt><span class="term"><strong class="userinput"><code>status</code></strong></span></dt>
<dd><p>
Display status of the server.
- Note that the number of zones includes the internal <span><strong class="command">bind/CH</strong></span> zone
- and the default <span><strong class="command">./IN</strong></span>
+ Note that the number of zones includes the internal <span class="command"><strong>bind/CH</strong></span> zone
+ and the default <span class="command"><strong>./IN</strong></span>
hint zone if there is not an
explicit root zone configured.
</p></dd>
@@ -455,11 +454,11 @@
Stop the server, making sure any recent changes
made through dynamic update or IXFR are first saved to
the master files of the updated zones.
- If <code class="option">-p</code> is specified <span><strong class="command">named</strong></span>'s process id is returned.
- This allows an external process to determine when <span><strong class="command">named</strong></span>
+ If <code class="option">-p</code> is specified <span class="command"><strong>named</strong></span>'s process id is returned.
+ This allows an external process to determine when <span class="command"><strong>named</strong></span>
had completed stopping.
</p>
-<p>See also <span><strong class="command">rndc halt</strong></span>.</p>
+<p>See also <span class="command"><strong>rndc halt</strong></span>.</p>
</dd>
<dt><span class="term"><strong class="userinput"><code>sync [<span class="optional">-clean</span>] [<span class="optional"><em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>
<dd><p>
@@ -478,13 +477,13 @@
load has completed. After a zone is thawed,
dynamic updates will no longer be refused. If
the zone has changed and the
- <span><strong class="command">ixfr-from-differences</strong></span> option is
+ <span class="command"><strong>ixfr-from-differences</strong></span> option is
in use, then the journal file will be updated to
reflect changes in the zone. Otherwise, if the
zone has changed, any existing journal file will be
removed.
</p>
-<p>See also <span><strong class="command">rndc freeze</strong></span>.</p>
+<p>See also <span class="command"><strong>rndc freeze</strong></span>.</p>
</dd>
<dt><span class="term"><strong class="userinput"><code>trace</code></strong></span></dt>
<dd><p>
@@ -497,7 +496,7 @@
value.
</p>
<p>
- See also <span><strong class="command">rndc notrace</strong></span>.
+ See also <span class="command"><strong>rndc notrace</strong></span>.
</p>
</dd>
<dt><span class="term"><strong class="userinput"><code>tsig-delete</code></strong> <em class="replaceable"><code>keyname</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span></dt>
@@ -509,7 +508,7 @@
<dt><span class="term"><strong class="userinput"><code>tsig-list</code></strong></span></dt>
<dd><p>
List the names of all TSIG keys currently configured
- for use by <span><strong class="command">named</strong></span> in each view. The
+ for use by <span class="command"><strong>named</strong></span> in each view. The
list both statically configured keys and dynamic
TKEY-negotiated keys.
</p></dd>
@@ -517,15 +516,15 @@
<dd><p>
Enable, disable, or check the current status of
DNSSEC validation.
- Note <span><strong class="command">dnssec-enable</strong></span> also needs to be
+ Note <span class="command"><strong>dnssec-enable</strong></span> also needs to be
set to <strong class="userinput"><code>yes</code></strong> or
<strong class="userinput"><code>auto</code></strong> to be effective.
It defaults to enabled.
</p></dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2544994"></a><h2>LIMITATIONS</h2>
+<div class="refsection">
+<a name="id-1.10"></a><h2>LIMITATIONS</h2>
<p>
There is currently no way to provide the shared secret for a
<code class="option">key_id</code> without using the configuration file.
@@ -534,8 +533,8 @@
Several error messages could be clearer.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2545012"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.11"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
@@ -544,10 +543,5 @@
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2545067"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
- </p>
-</div>
</div></body>
</html>
diff --git a/bin/tools/Makefile.in b/bin/tools/Makefile.in
index a3960051c252..0255a6240519 100644
--- a/bin/tools/Makefile.in
+++ b/bin/tools/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2009, 2010, 2012 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2009, 2010, 2012, 2015 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@@ -12,8 +12,6 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.13 2010/01/07 23:48:53 tbox Exp $
-
srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
@@ -40,7 +38,7 @@ LWRESDEPLIBS = ../../lib/lwres/liblwres.@A@
LIBS = ${ISCLIBS} @LIBS@
NOSYMLIBS = ${ISCNOSYMLIBS} @LIBS@
-SUBDIRS =
+SUBDIRS =
TARGETS = arpaname@EXEEXT@ named-journalprint@EXEEXT@ nsec3hash@EXEEXT@ \
genrandom@EXEEXT@ isc-hmac-fixup@EXEEXT@
diff --git a/bin/tools/arpaname.1 b/bin/tools/arpaname.1
index d8a43171f502..d5bb1b5af75a 100644
--- a/bin/tools/arpaname.1
+++ b/bin/tools/arpaname.1
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -12,37 +12,53 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id$
-.\"
.hy 0
.ad l
+'\" t
.\" Title: arpaname
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: March 03, 2009
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 2009-03-03
.\" Manual: BIND9
-.\" Source: BIND9
+.\" Source: ISC
+.\" Language: English
.\"
-.TH "ARPANAME" "1" "March 03, 2009" "BIND9" "BIND9"
+.TH "ARPANAME" "1" "2009\-03\-03" "ISC" "BIND9"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
.SH "NAME"
arpaname \- translate IP addresses to the corresponding ARPA names
.SH "SYNOPSIS"
-.HP 9
+.HP \w'\fBarpaname\fR\ 'u
\fBarpaname\fR {\fIipaddress\ \fR...}
.SH "DESCRIPTION"
.PP
\fBarpaname\fR
-translates IP addresses (IPv4 and IPv6) to the corresponding IN\-ADDR.ARPA or IP6.ARPA names.
+translates IP addresses (IPv4 and IPv6) to the corresponding IN\-ADDR\&.ARPA or IP6\&.ARPA names\&.
.SH "SEE ALSO"
.PP
-BIND 9 Administrator Reference Manual.
+BIND 9 Administrator Reference Manual\&.
.SH "AUTHOR"
.PP
-Internet Systems Consortium
+\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
-Copyright \(co 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.br
diff --git a/bin/tools/arpaname.docbook b/bin/tools/arpaname.docbook
index 04fd54aec593..a0651f3e424b 100644
--- a/bin/tools/arpaname.docbook
+++ b/bin/tools/arpaname.docbook
@@ -1,8 +1,5 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -17,11 +14,15 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<refentry id="man.arpaname">
+<!-- Converted by db4-upgrade version 1.0 -->
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.arpaname">
+ <info>
+ <date>2009-03-03</date>
+ </info>
<refentryinfo>
- <date>March 03, 2009</date>
+ <corpname>ISC</corpname>
+ <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
</refentryinfo>
-
<refmeta>
<refentrytitle><application>arpaname</application></refentrytitle>
<manvolnum>1</manvolnum>
@@ -37,40 +38,31 @@
<copyright>
<year>2009</year>
<year>2014</year>
+ <year>2015</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
<refsynopsisdiv>
- <cmdsynopsis>
+ <cmdsynopsis sepchar=" ">
<command>arpaname</command>
<arg choice="req" rep="repeat"><replaceable class="parameter">ipaddress </replaceable></arg>
</cmdsynopsis>
</refsynopsisdiv>
- <refsect1>
- <title>DESCRIPTION</title>
+ <refsection><info><title>DESCRIPTION</title></info>
+
<para>
<command>arpaname</command> translates IP addresses (IPv4 and
IPv6) to the corresponding IN-ADDR.ARPA or IP6.ARPA names.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>SEE ALSO</title></info>
- <refsect1>
- <title>SEE ALSO</title>
<para>
<citetitle>BIND 9 Administrator Reference Manual</citetitle>.
</para>
- </refsect1>
+ </refsection>
- <refsect1>
- <title>AUTHOR</title>
- <para><corpauthor>Internet Systems Consortium</corpauthor>
- </para>
- </refsect1>
-
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->
+</refentry>
diff --git a/bin/tools/arpaname.html b/bin/tools/arpaname.html
index 29ea03b51399..b54ddd1614b1 100644
--- a/bin/tools/arpaname.html
+++ b/bin/tools/arpaname.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -13,14 +13,13 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>arpaname</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
<a name="man.arpaname"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -30,23 +29,18 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">arpaname</code> {<em class="replaceable"><code>ipaddress </code></em>...}</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543356"></a><h2>DESCRIPTION</h2>
+<div class="refsection">
+<a name="id-1.7"></a><h2>DESCRIPTION</h2>
<p>
- <span><strong class="command">arpaname</strong></span> translates IP addresses (IPv4 and
+ <span class="command"><strong>arpaname</strong></span> translates IP addresses (IPv4 and
IPv6) to the corresponding IN-ADDR.ARPA or IP6.ARPA names.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543369"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.8"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543383"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
- </p>
-</div>
</div></body>
</html>
diff --git a/bin/tools/genrandom.8 b/bin/tools/genrandom.8
index 30d50d7eaabc..d51956b3269c 100644
--- a/bin/tools/genrandom.8
+++ b/bin/tools/genrandom.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2009-2011, 2014 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009-2011, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -12,31 +12,46 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id$
-.\"
.hy 0
.ad l
+'\" t
.\" Title: genrandom
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: August 08, 2011
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 2011-08-08
.\" Manual: BIND9
-.\" Source: BIND9
+.\" Source: ISC
+.\" Language: English
.\"
-.TH "GENRANDOM" "8" "August 08, 2011" "BIND9" "BIND9"
+.TH "GENRANDOM" "8" "2011\-08\-08" "ISC" "BIND9"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
.SH "NAME"
genrandom \- generate a file containing random data
.SH "SYNOPSIS"
-.HP 10
+.HP \w'\fBgenrandom\fR\ 'u
\fBgenrandom\fR [\fB\-n\ \fR\fB\fInumber\fR\fR] {\fIsize\fR} {\fIfilename\fR}
.SH "DESCRIPTION"
.PP
\fBgenrandom\fR
-generates a file or a set of files containing a specified quantity of pseudo\-random data, which can be used as a source of entropy for other commands on systems with no random device.
+generates a file or a set of files containing a specified quantity of pseudo\-random data, which can be used as a source of entropy for other commands on systems with no random device\&.
.SH "ARGUMENTS"
.PP
\-n \fInumber\fR
@@ -45,17 +60,17 @@ In place of generating one file, generates
\fBnumber\fR
(from 2 to 9) files, appending
\fBnumber\fR
-to the name.
+to the name\&.
.RE
.PP
size
.RS 4
-The size of the file, in kilobytes, to generate.
+The size of the file, in kilobytes, to generate\&.
.RE
.PP
filename
.RS 4
-The file name into which random data should be written.
+The file name into which random data should be written\&.
.RE
.SH "SEE ALSO"
.PP
@@ -63,7 +78,8 @@ The file name into which random data should be written.
\fBarc4random\fR(3)
.SH "AUTHOR"
.PP
-Internet Systems Consortium
+\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
-Copyright \(co 2009\-2011, 2014 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2009-2011, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.br
diff --git a/bin/tools/genrandom.docbook b/bin/tools/genrandom.docbook
index ecc206a5496c..a79926c827e7 100644
--- a/bin/tools/genrandom.docbook
+++ b/bin/tools/genrandom.docbook
@@ -1,8 +1,5 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2009-2011, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009-2011, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -17,9 +14,14 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<refentry id="man.genrandom">
+<!-- Converted by db4-upgrade version 1.0 -->
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.genrandom">
+ <info>
+ <date>2011-08-08</date>
+ </info>
<refentryinfo>
- <date>August 08, 2011</date>
+ <corpname>ISC</corpname>
+ <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
</refentryinfo>
<refmeta>
@@ -39,31 +41,32 @@
<year>2010</year>
<year>2011</year>
<year>2014</year>
+ <year>2015</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
<refsynopsisdiv>
- <cmdsynopsis>
+ <cmdsynopsis sepchar=" ">
<command>genrandom</command>
- <arg><option>-n <replaceable class="parameter">number</replaceable></option></arg>
- <arg choice="req"><replaceable class="parameter">size</replaceable></arg>
- <arg choice="req"><replaceable class="parameter">filename</replaceable></arg>
+ <arg choice="opt" rep="norepeat"><option>-n <replaceable class="parameter">number</replaceable></option></arg>
+ <arg choice="req" rep="norepeat"><replaceable class="parameter">size</replaceable></arg>
+ <arg choice="req" rep="norepeat"><replaceable class="parameter">filename</replaceable></arg>
</cmdsynopsis>
</refsynopsisdiv>
- <refsect1>
- <title>DESCRIPTION</title>
+ <refsection><info><title>DESCRIPTION</title></info>
+
<para>
<command>genrandom</command>
generates a file or a set of files containing a specified quantity
of pseudo-random data, which can be used as a source of entropy for
other commands on systems with no random device.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>ARGUMENTS</title></info>
- <refsect1>
- <title>ARGUMENTS</title>
<variablelist>
<varlistentry>
<term>-n <replaceable class="parameter">number</replaceable></term>
@@ -93,10 +96,10 @@
</listitem>
</varlistentry>
</variablelist>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>SEE ALSO</title></info>
- <refsect1>
- <title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>rand</refentrytitle><manvolnum>3</manvolnum>
@@ -105,16 +108,6 @@
<refentrytitle>arc4random</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>
</para>
- </refsect1>
+ </refsection>
- <refsect1>
- <title>AUTHOR</title>
- <para><corpauthor>Internet Systems Consortium</corpauthor>
- </para>
- </refsect1>
-
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->
+</refentry>
diff --git a/bin/tools/genrandom.html b/bin/tools/genrandom.html
index e125a0120889..f61f57a38fb8 100644
--- a/bin/tools/genrandom.html
+++ b/bin/tools/genrandom.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2009-2011, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009-2011, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -13,14 +13,13 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>genrandom</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
<a name="man.genrandom"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -30,18 +29,18 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">genrandom</code> [<code class="option">-n <em class="replaceable"><code>number</code></em></code>] {<em class="replaceable"><code>size</code></em>} {<em class="replaceable"><code>filename</code></em>}</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543378"></a><h2>DESCRIPTION</h2>
+<div class="refsection">
+<a name="id-1.7"></a><h2>DESCRIPTION</h2>
<p>
- <span><strong class="command">genrandom</strong></span>
+ <span class="command"><strong>genrandom</strong></span>
generates a file or a set of files containing a specified quantity
of pseudo-random data, which can be used as a source of entropy for
other commands on systems with no random device.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543390"></a><h2>ARGUMENTS</h2>
-<div class="variablelist"><dl>
+<div class="refsection">
+<a name="id-1.8"></a><h2>ARGUMENTS</h2>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-n <em class="replaceable"><code>number</code></em></span></dt>
<dd><p>
In place of generating one file, generates <code class="option">number</code>
@@ -57,17 +56,12 @@
</p></dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543451"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.9"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">rand</span>(3)</span>,
<span class="citerefentry"><span class="refentrytitle">arc4random</span>(3)</span>
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543478"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
- </p>
-</div>
</div></body>
</html>
diff --git a/bin/tools/isc-hmac-fixup.8 b/bin/tools/isc-hmac-fixup.8
index 1b842fbd00b7..0f60791043c7 100644
--- a/bin/tools/isc-hmac-fixup.8
+++ b/bin/tools/isc-hmac-fixup.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2010, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2010, 2013-2015 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -12,50 +12,66 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id$
-.\"
.hy 0
.ad l
-.\" Title: isc\-hmac\-fixup
+'\" t
+.\" Title: isc-hmac-fixup
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: April 28, 2013
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 2013-04-28
.\" Manual: BIND9
-.\" Source: BIND9
+.\" Source: ISC
+.\" Language: English
.\"
-.TH "ISC\-HMAC\-FIXUP" "8" "April 28, 2013" "BIND9" "BIND9"
+.TH "ISC\-HMAC\-FIXUP" "8" "2013\-04\-28" "ISC" "BIND9"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
.SH "NAME"
-isc\-hmac\-fixup \- fixes HMAC keys generated by older versions of BIND
+isc-hmac-fixup \- fixes HMAC keys generated by older versions of BIND
.SH "SYNOPSIS"
-.HP 15
+.HP \w'\fBisc\-hmac\-fixup\fR\ 'u
\fBisc\-hmac\-fixup\fR {\fIalgorithm\fR} {\fIsecret\fR}
.SH "DESCRIPTION"
.PP
-Versions of BIND 9 up to and including BIND 9.6 had a bug causing HMAC\-SHA* TSIG keys which were longer than the digest length of the hash algorithm (i.e., SHA1 keys longer than 160 bits, SHA256 keys longer than 256 bits, etc) to be used incorrectly, generating a message authentication code that was incompatible with other DNS implementations.
+Versions of BIND 9 up to and including BIND 9\&.6 had a bug causing HMAC\-SHA* TSIG keys which were longer than the digest length of the hash algorithm (i\&.e\&., SHA1 keys longer than 160 bits, SHA256 keys longer than 256 bits, etc) to be used incorrectly, generating a message authentication code that was incompatible with other DNS implementations\&.
.PP
-This bug has been fixed in BIND 9.7. However, the fix may cause incompatibility between older and newer versions of BIND, when using long keys.
+This bug has been fixed in BIND 9\&.7\&. However, the fix may cause incompatibility between older and newer versions of BIND, when using long keys\&.
\fBisc\-hmac\-fixup\fR
-modifies those keys to restore compatibility.
+modifies those keys to restore compatibility\&.
.PP
To modify a key, run
\fBisc\-hmac\-fixup\fR
-and specify the key's algorithm and secret on the command line. If the secret is longer than the digest length of the algorithm (64 bytes for SHA1 through SHA256, or 128 bytes for SHA384 and SHA512), then a new secret will be generated consisting of a hash digest of the old secret. (If the secret did not require conversion, then it will be printed without modification.)
+and specify the key\*(Aqs algorithm and secret on the command line\&. If the secret is longer than the digest length of the algorithm (64 bytes for SHA1 through SHA256, or 128 bytes for SHA384 and SHA512), then a new secret will be generated consisting of a hash digest of the old secret\&. (If the secret did not require conversion, then it will be printed without modification\&.)
.SH "SECURITY CONSIDERATIONS"
.PP
Secrets that have been converted by
\fBisc\-hmac\-fixup\fR
-are shortened, but as this is how the HMAC protocol works in operation anyway, it does not affect security. RFC 2104 notes, "Keys longer than [the digest length] are acceptable but the extra length would not significantly increase the function strength."
+are shortened, but as this is how the HMAC protocol works in operation anyway, it does not affect security\&. RFC 2104 notes, "Keys longer than [the digest length] are acceptable but the extra length would not significantly increase the function strength\&."
.SH "SEE ALSO"
.PP
BIND 9 Administrator Reference Manual,
-RFC 2104.
+RFC 2104\&.
.SH "AUTHOR"
.PP
-Internet Systems Consortium
+\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
-Copyright \(co 2010, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2010, 2013-2015 Internet Systems Consortium, Inc. ("ISC")
.br
diff --git a/bin/tools/isc-hmac-fixup.docbook b/bin/tools/isc-hmac-fixup.docbook
index 986c30b8551c..931086348a9c 100644
--- a/bin/tools/isc-hmac-fixup.docbook
+++ b/bin/tools/isc-hmac-fixup.docbook
@@ -1,8 +1,5 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2010, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2010, 2013-2015 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -17,9 +14,14 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<refentry id="man.isc-hmac-fixup">
+<!-- Converted by db4-upgrade version 1.0 -->
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.isc-hmac-fixup">
+ <info>
+ <date>2013-04-28</date>
+ </info>
<refentryinfo>
- <date>April 28, 2013</date>
+ <corpname>ISC</corpname>
+ <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
</refentryinfo>
<refmeta>
@@ -38,20 +40,21 @@
<year>2010</year>
<year>2013</year>
<year>2014</year>
+ <year>2015</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
<refsynopsisdiv>
- <cmdsynopsis>
+ <cmdsynopsis sepchar=" ">
<command>isc-hmac-fixup</command>
- <arg choice="req"><replaceable class="parameter">algorithm</replaceable></arg>
- <arg choice="req"><replaceable class="parameter">secret</replaceable></arg>
+ <arg choice="req" rep="norepeat"><replaceable class="parameter">algorithm</replaceable></arg>
+ <arg choice="req" rep="norepeat"><replaceable class="parameter">secret</replaceable></arg>
</cmdsynopsis>
</refsynopsisdiv>
- <refsect1>
- <title>DESCRIPTION</title>
+ <refsection><info><title>DESCRIPTION</title></info>
+
<para>
Versions of BIND 9 up to and including BIND 9.6 had a bug causing
HMAC-SHA* TSIG keys which were longer than the digest length of the
@@ -75,10 +78,10 @@
secret. (If the secret did not require conversion, then it will be
printed without modification.)
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>SECURITY CONSIDERATIONS</title></info>
- <refsect1>
- <title>SECURITY CONSIDERATIONS</title>
<para>
Secrets that have been converted by <command>isc-hmac-fixup</command>
are shortened, but as this is how the HMAC protocol works in
@@ -87,24 +90,14 @@
extra length would not significantly increase the function
strength."
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>SEE ALSO</title></info>
- <refsect1>
- <title>SEE ALSO</title>
<para>
<citetitle>BIND 9 Administrator Reference Manual</citetitle>,
<citetitle>RFC 2104</citetitle>.
</para>
- </refsect1>
+ </refsection>
- <refsect1>
- <title>AUTHOR</title>
- <para><corpauthor>Internet Systems Consortium</corpauthor>
- </para>
- </refsect1>
-
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->
+</refentry>
diff --git a/bin/tools/isc-hmac-fixup.html b/bin/tools/isc-hmac-fixup.html
index cb975589c25e..5bd25586feca 100644
--- a/bin/tools/isc-hmac-fixup.html
+++ b/bin/tools/isc-hmac-fixup.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2010, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2010, 2013-2015 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -13,14 +13,13 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>isc-hmac-fixup</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
<a name="man.isc-hmac-fixup"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -30,8 +29,8 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">isc-hmac-fixup</code> {<em class="replaceable"><code>algorithm</code></em>} {<em class="replaceable"><code>secret</code></em>}</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543366"></a><h2>DESCRIPTION</h2>
+<div class="refsection">
+<a name="id-1.7"></a><h2>DESCRIPTION</h2>
<p>
Versions of BIND 9 up to and including BIND 9.6 had a bug causing
HMAC-SHA* TSIG keys which were longer than the digest length of the
@@ -43,11 +42,11 @@
<p>
This bug has been fixed in BIND 9.7. However, the fix may
cause incompatibility between older and newer versions of
- BIND, when using long keys. <span><strong class="command">isc-hmac-fixup</strong></span>
+ BIND, when using long keys. <span class="command"><strong>isc-hmac-fixup</strong></span>
modifies those keys to restore compatibility.
</p>
<p>
- To modify a key, run <span><strong class="command">isc-hmac-fixup</strong></span> and
+ To modify a key, run <span class="command"><strong>isc-hmac-fixup</strong></span> and
specify the key's algorithm and secret on the command line. If the
secret is longer than the digest length of the algorithm (64 bytes
for SHA1 through SHA256, or 128 bytes for SHA384 and SHA512), then a
@@ -56,10 +55,10 @@
printed without modification.)
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543389"></a><h2>SECURITY CONSIDERATIONS</h2>
+<div class="refsection">
+<a name="id-1.8"></a><h2>SECURITY CONSIDERATIONS</h2>
<p>
- Secrets that have been converted by <span><strong class="command">isc-hmac-fixup</strong></span>
+ Secrets that have been converted by <span class="command"><strong>isc-hmac-fixup</strong></span>
are shortened, but as this is how the HMAC protocol works in
operation anyway, it does not affect security. RFC 2104 notes,
"Keys longer than [the digest length] are acceptable but the
@@ -67,17 +66,12 @@
strength."
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543403"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.9"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 2104</em>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543489"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
- </p>
-</div>
</div></body>
</html>
diff --git a/bin/tools/named-journalprint.8 b/bin/tools/named-journalprint.8
index ec91eb273494..8363739c0126 100644
--- a/bin/tools/named-journalprint.8
+++ b/bin/tools/named-journalprint.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -12,49 +12,65 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id$
-.\"
.hy 0
.ad l
-.\" Title: named\-journalprint
+'\" t
+.\" Title: named-journalprint
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: December 04, 2009
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 2009-12-04
.\" Manual: BIND9
-.\" Source: BIND9
+.\" Source: ISC
+.\" Language: English
.\"
-.TH "NAMED\-JOURNALPRINT" "8" "December 04, 2009" "BIND9" "BIND9"
+.TH "NAMED\-JOURNALPRINT" "8" "2009\-12\-04" "ISC" "BIND9"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
.SH "NAME"
-named\-journalprint \- print zone journal in human\-readable form
+named-journalprint \- print zone journal in human\-readable form
.SH "SYNOPSIS"
-.HP 19
+.HP \w'\fBnamed\-journalprint\fR\ 'u
\fBnamed\-journalprint\fR {\fIjournal\fR}
.SH "DESCRIPTION"
.PP
\fBnamed\-journalprint\fR
-prints the contents of a zone journal file in a human\-readable form.
+prints the contents of a zone journal file in a human\-readable form\&.
.PP
Journal files are automatically created by
\fBnamed\fR
-when changes are made to dynamic zones (e.g., by
-\fBnsupdate\fR). They record each addition or deletion of a resource record, in binary format, allowing the changes to be re\-applied to the zone when the server is restarted after a shutdown or crash. By default, the name of the journal file is formed by appending the extension
-\fI.jnl\fR
-to the name of the corresponding zone file.
+when changes are made to dynamic zones (e\&.g\&., by
+\fBnsupdate\fR)\&. They record each addition or deletion of a resource record, in binary format, allowing the changes to be re\-applied to the zone when the server is restarted after a shutdown or crash\&. By default, the name of the journal file is formed by appending the extension
+\&.jnl
+to the name of the corresponding zone file\&.
.PP
\fBnamed\-journalprint\fR
-converts the contents of a given journal file into a human\-readable text format. Each line begins with "add" or "del", to indicate whether the record was added or deleted, and continues with the resource record in master\-file format.
+converts the contents of a given journal file into a human\-readable text format\&. Each line begins with "add" or "del", to indicate whether the record was added or deleted, and continues with the resource record in master\-file format\&.
.SH "SEE ALSO"
.PP
\fBnamed\fR(8),
\fBnsupdate\fR(8),
-BIND 9 Administrator Reference Manual.
+BIND 9 Administrator Reference Manual\&.
.SH "AUTHOR"
.PP
-Internet Systems Consortium
+\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
-Copyright \(co 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.br
diff --git a/bin/tools/named-journalprint.docbook b/bin/tools/named-journalprint.docbook
index 8d65c8e30093..4fd019f28bfa 100644
--- a/bin/tools/named-journalprint.docbook
+++ b/bin/tools/named-journalprint.docbook
@@ -1,8 +1,5 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -17,9 +14,14 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<refentry id="man.named-journalprint">
+<!-- Converted by db4-upgrade version 1.0 -->
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.named-journalprint">
+ <info>
+ <date>2009-12-04</date>
+ </info>
<refentryinfo>
- <date>December 04, 2009</date>
+ <corpname>ISC</corpname>
+ <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
</refentryinfo>
<refmeta>
@@ -37,26 +39,27 @@
<copyright>
<year>2009</year>
<year>2014</year>
+ <year>2015</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
<refsynopsisdiv>
- <cmdsynopsis>
+ <cmdsynopsis sepchar=" ">
<command>named-journalprint</command>
- <arg choice="req"><replaceable class="parameter">journal</replaceable></arg>
+ <arg choice="req" rep="norepeat"><replaceable class="parameter">journal</replaceable></arg>
</cmdsynopsis>
</refsynopsisdiv>
- <refsect1>
- <title>DESCRIPTION</title>
+ <refsection><info><title>DESCRIPTION</title></info>
+
<para>
<command>named-journalprint</command>
prints the contents of a zone journal file in a human-readable
- form.
+ form.
</para>
<para>
- Journal files are automatically created by <command>named</command>
+ Journal files are automatically created by <command>named</command>
when changes are made to dynamic zones (e.g., by
<command>nsupdate</command>). They record each addition
or deletion of a resource record, in binary format, allowing the
@@ -73,10 +76,10 @@
deleted, and continues with the resource record in master-file
format.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>SEE ALSO</title></info>
- <refsect1>
- <title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
@@ -86,16 +89,6 @@
</citerefentry>,
<citetitle>BIND 9 Administrator Reference Manual</citetitle>.
</para>
- </refsect1>
+ </refsection>
- <refsect1>
- <title>AUTHOR</title>
- <para><corpauthor>Internet Systems Consortium</corpauthor>
- </para>
- </refsect1>
-
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->
+</refentry>
diff --git a/bin/tools/named-journalprint.html b/bin/tools/named-journalprint.html
index 3e5e19f239f2..66b91a7441d6 100644
--- a/bin/tools/named-journalprint.html
+++ b/bin/tools/named-journalprint.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -13,14 +13,13 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>named-journalprint</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
<a name="man.named-journalprint"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -30,17 +29,17 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">named-journalprint</code> {<em class="replaceable"><code>journal</code></em>}</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543354"></a><h2>DESCRIPTION</h2>
+<div class="refsection">
+<a name="id-1.7"></a><h2>DESCRIPTION</h2>
<p>
- <span><strong class="command">named-journalprint</strong></span>
+ <span class="command"><strong>named-journalprint</strong></span>
prints the contents of a zone journal file in a human-readable
- form.
+ form.
</p>
<p>
- Journal files are automatically created by <span><strong class="command">named</strong></span>
+ Journal files are automatically created by <span class="command"><strong>named</strong></span>
when changes are made to dynamic zones (e.g., by
- <span><strong class="command">nsupdate</strong></span>). They record each addition
+ <span class="command"><strong>nsupdate</strong></span>). They record each addition
or deletion of a resource record, in binary format, allowing the
changes to be re-applied to the zone when the server is
restarted after a shutdown or crash. By default, the name of
@@ -49,25 +48,20 @@
zone file.
</p>
<p>
- <span><strong class="command">named-journalprint</strong></span> converts the contents of a given
+ <span class="command"><strong>named-journalprint</strong></span> converts the contents of a given
journal file into a human-readable text format. Each line begins
with "add" or "del", to indicate whether the record was added or
deleted, and continues with the resource record in master-file
format.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543389"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.8"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">nsupdate</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543420"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
- </p>
-</div>
</div></body>
</html>
diff --git a/bin/tools/nsec3hash.8 b/bin/tools/nsec3hash.8
index d4444ce8e2c3..39ff3b48f4d1 100644
--- a/bin/tools/nsec3hash.8
+++ b/bin/tools/nsec3hash.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -12,59 +12,75 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id$
-.\"
.hy 0
.ad l
+'\" t
.\" Title: nsec3hash
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: March 02, 2009
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 2009-03-02
.\" Manual: BIND9
-.\" Source: BIND9
+.\" Source: ISC
+.\" Language: English
.\"
-.TH "NSEC3HASH" "8" "March 02, 2009" "BIND9" "BIND9"
+.TH "NSEC3HASH" "8" "2009\-03\-02" "ISC" "BIND9"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
.SH "NAME"
nsec3hash \- generate NSEC3 hash
.SH "SYNOPSIS"
-.HP 10
+.HP \w'\fBnsec3hash\fR\ 'u
\fBnsec3hash\fR {\fIsalt\fR} {\fIalgorithm\fR} {\fIiterations\fR} {\fIdomain\fR}
.SH "DESCRIPTION"
.PP
\fBnsec3hash\fR
-generates an NSEC3 hash based on a set of NSEC3 parameters. This can be used to check the validity of NSEC3 records in a signed zone.
+generates an NSEC3 hash based on a set of NSEC3 parameters\&. This can be used to check the validity of NSEC3 records in a signed zone\&.
.SH "ARGUMENTS"
.PP
salt
.RS 4
-The salt provided to the hash algorithm.
+The salt provided to the hash algorithm\&.
.RE
.PP
algorithm
.RS 4
-A number indicating the hash algorithm. Currently the only supported hash algorithm for NSEC3 is SHA\-1, which is indicated by the number 1; consequently "1" is the only useful value for this argument.
+A number indicating the hash algorithm\&. Currently the only supported hash algorithm for NSEC3 is SHA\-1, which is indicated by the number 1; consequently "1" is the only useful value for this argument\&.
.RE
.PP
iterations
.RS 4
-The number of additional times the hash should be performed.
+The number of additional times the hash should be performed\&.
.RE
.PP
domain
.RS 4
-The domain name to be hashed.
+The domain name to be hashed\&.
.RE
.SH "SEE ALSO"
.PP
BIND 9 Administrator Reference Manual,
-RFC 5155.
+RFC 5155\&.
.SH "AUTHOR"
.PP
-Internet Systems Consortium
+\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
-Copyright \(co 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.br
diff --git a/bin/tools/nsec3hash.docbook b/bin/tools/nsec3hash.docbook
index 618e53a1aae7..2750d2218dbc 100644
--- a/bin/tools/nsec3hash.docbook
+++ b/bin/tools/nsec3hash.docbook
@@ -1,8 +1,5 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -17,9 +14,14 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<refentry id="man.nsec3hash">
+<!-- Converted by db4-upgrade version 1.0 -->
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.nsec3hash">
+ <info>
+ <date>2009-03-02</date>
+ </info>
<refentryinfo>
- <date>March 02, 2009</date>
+ <corpname>ISC</corpname>
+ <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
</refentryinfo>
<refmeta>
@@ -37,31 +39,32 @@
<copyright>
<year>2009</year>
<year>2014</year>
+ <year>2015</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
<refsynopsisdiv>
- <cmdsynopsis>
+ <cmdsynopsis sepchar=" ">
<command>nsec3hash</command>
- <arg choice="req"><replaceable class="parameter">salt</replaceable></arg>
- <arg choice="req"><replaceable class="parameter">algorithm</replaceable></arg>
- <arg choice="req"><replaceable class="parameter">iterations</replaceable></arg>
- <arg choice="req"><replaceable class="parameter">domain</replaceable></arg>
+ <arg choice="req" rep="norepeat"><replaceable class="parameter">salt</replaceable></arg>
+ <arg choice="req" rep="norepeat"><replaceable class="parameter">algorithm</replaceable></arg>
+ <arg choice="req" rep="norepeat"><replaceable class="parameter">iterations</replaceable></arg>
+ <arg choice="req" rep="norepeat"><replaceable class="parameter">domain</replaceable></arg>
</cmdsynopsis>
</refsynopsisdiv>
- <refsect1>
- <title>DESCRIPTION</title>
+ <refsection><info><title>DESCRIPTION</title></info>
+
<para>
<command>nsec3hash</command> generates an NSEC3 hash based on
a set of NSEC3 parameters. This can be used to check the validity
of NSEC3 records in a signed zone.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>ARGUMENTS</title></info>
- <refsect1>
- <title>ARGUMENTS</title>
<variablelist>
<varlistentry>
<term>salt</term>
@@ -102,24 +105,14 @@
</listitem>
</varlistentry>
</variablelist>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>SEE ALSO</title></info>
- <refsect1>
- <title>SEE ALSO</title>
<para>
<citetitle>BIND 9 Administrator Reference Manual</citetitle>,
<citetitle>RFC 5155</citetitle>.
</para>
- </refsect1>
+ </refsection>
- <refsect1>
- <title>AUTHOR</title>
- <para><corpauthor>Internet Systems Consortium</corpauthor>
- </para>
- </refsect1>
-
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->
+</refentry>
diff --git a/bin/tools/nsec3hash.html b/bin/tools/nsec3hash.html
index acb83e6ee152..e5de8fca9a47 100644
--- a/bin/tools/nsec3hash.html
+++ b/bin/tools/nsec3hash.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -13,14 +13,13 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>nsec3hash</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
<a name="man.nsec3hash"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -30,17 +29,17 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">nsec3hash</code> {<em class="replaceable"><code>salt</code></em>} {<em class="replaceable"><code>algorithm</code></em>} {<em class="replaceable"><code>iterations</code></em>} {<em class="replaceable"><code>domain</code></em>}</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543379"></a><h2>DESCRIPTION</h2>
+<div class="refsection">
+<a name="id-1.7"></a><h2>DESCRIPTION</h2>
<p>
- <span><strong class="command">nsec3hash</strong></span> generates an NSEC3 hash based on
+ <span class="command"><strong>nsec3hash</strong></span> generates an NSEC3 hash based on
a set of NSEC3 parameters. This can be used to check the validity
of NSEC3 records in a signed zone.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543392"></a><h2>ARGUMENTS</h2>
-<div class="variablelist"><dl>
+<div class="refsection">
+<a name="id-1.8"></a><h2>ARGUMENTS</h2>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">salt</span></dt>
<dd><p>
The salt provided to the hash algorithm.
@@ -62,17 +61,12 @@
</p></dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543453"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.9"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 5155</em>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543470"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
- </p>
-</div>
</div></body>
</html>
diff --git a/config.h.in b/config.h.in
index c336ba349d38..3ba4094ebf20 100644
--- a/config.h.in
+++ b/config.h.in
@@ -1,6 +1,6 @@
/* config.h.in. Generated from configure.in by autoheader. */
/*
- * Copyright (C) 2004, 2005, 2007, 2008, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2008, 2012, 2014, 2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -150,6 +150,9 @@ int sigwait(const unsigned int *set, int *sig);
/* Define if threads need PTHREAD_SCOPE_SYSTEM */
#undef NEED_PTHREAD_SCOPE_SYSTEM
+/* Define to 1 if you have the uname library function. */
+#undef HAVE_UNAME
+
/* Define if building universal (internal helper macro) */
#undef AC_APPLE_UNIVERSAL_BUILD
@@ -191,6 +194,9 @@ int sigwait(const unsigned int *set, int *sig);
MSVC and with C++ compilers. */
#undef FLEXIBLE_ARRAY_MEMBER
+/* Define to 1 if the compiler supports __builtin_expect. */
+#undef HAVE_BUILTIN_EXPECT
+
/* Define to 1 if you have the `chroot' function. */
#undef HAVE_CHROOT
diff --git a/configure.in b/configure.in
index d89bd6e54386..18d985f989b5 100644
--- a/configure.in
+++ b/configure.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2003 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -465,6 +465,25 @@ AC_TRY_COMPILE([],[long long i = 0; return (0);],
AC_SUBST(ISC_PLATFORM_HAVELONGLONG)
#
+# check for uname library routine
+#
+AC_MSG_CHECKING(for uname)
+AC_TRY_COMPILE([
+#include <sys/utsname.h>
+#include <stdio.h>
+],
+[
+struct utsname uts;
+uname(&uts);
+printf("running on %s %s %s for %s\n",
+ uts.sysname, uts.release, uts.version, uts.machine);
+],
+ [AC_MSG_RESULT(yes)
+ AC_DEFINE(HAVE_UNAME)],
+ [AC_MSG_RESULT(no)
+ AC_MSG_WARN([uname is not correctly supported])])
+
+#
# check for GCC noreturn attribute
#
AC_MSG_CHECKING(for GCC noreturn attribute)
@@ -2606,10 +2625,6 @@ yes|auto)
READLINE_LIB="$readline"
break
fi
- if test "X$readline" = "X"
- then
- continue
- fi
for lib in -lterminfo -ltermcap -lncurses -lcurses
do
AC_MSG_NOTICE(checking for readline with $readline $lib)
@@ -2622,6 +2637,10 @@ yes|auto)
break
fi
done
+ if test "$ac_cv_func_readline" = "yes"
+ then
+ break
+ fi
done
LIBS="$saved_LIBS"
;;
@@ -3093,7 +3112,6 @@ ISC_PLATFORM_USEGCCASM="#undef ISC_PLATFORM_USEGCCASM"
ISC_PLATFORM_USESTDASM="#undef ISC_PLATFORM_USESTDASM"
ISC_PLATFORM_USEMACASM="#undef ISC_PLATFORM_USEMACASM"
if test "$use_atomic" = "yes"; then
- AC_MSG_CHECKING([architecture type for atomic operations])
have_atomic=yes # set default
case "$host" in
[i[3456]86-*])
@@ -3133,6 +3151,7 @@ if test "$use_atomic" = "yes"; then
arch=noatomic
;;
esac
+ AC_MSG_CHECKING([architecture type for atomic operations])
AC_MSG_RESULT($arch)
fi
@@ -3214,20 +3233,24 @@ if test "$have_atomic" = "yes"; then
ISC_PLATFORM_HAVEATOMICSTORE="#define ISC_PLATFORM_HAVEATOMICSTORE 1"
if test "$have_xaddq" = "yes"; then
ISC_PLATFORM_HAVEXADDQ="#define ISC_PLATFORM_HAVEXADDQ 1"
+ ISC_PLATFORM_HAVEATOMICSTOREQ="#define ISC_PLATFORM_HAVEATOMICSTOREQ 1"
else
ISC_PLATFORM_HAVEXADDQ="#undef ISC_PLATFORM_HAVEXADDQ"
+ ISC_PLATFORM_HAVEATOMICSTOREQ="#undef ISC_PLATFORM_HAVEATOMICSTOREQ"
fi
else
ISC_PLATFORM_HAVEXADD="#undef ISC_PLATFORM_HAVEXADD"
ISC_PLATFORM_HAVECMPXCHG="#undef ISC_PLATFORM_HAVECMPXCHG"
ISC_PLATFORM_HAVEATOMICSTORE="#undef ISC_PLATFORM_HAVEATOMICSTORE"
ISC_PLATFORM_HAVEXADDQ="#undef ISC_PLATFORM_HAVEXADDQ"
+ ISC_PLATFORM_HAVEATOMICSTOREQ="#undef ISC_PLATFORM_HAVEATOMICSTOREQ"
fi
AC_SUBST(ISC_PLATFORM_HAVEXADD)
AC_SUBST(ISC_PLATFORM_HAVEXADDQ)
AC_SUBST(ISC_PLATFORM_HAVECMPXCHG)
AC_SUBST(ISC_PLATFORM_HAVEATOMICSTORE)
+AC_SUBST(ISC_PLATFORM_HAVEATOMICSTOREQ)
AC_SUBST(ISC_PLATFORM_USEGCCASM)
AC_SUBST(ISC_PLATFORM_USEOSFASM)
@@ -3238,6 +3261,23 @@ ISC_ARCH_DIR=$arch
AC_SUBST(ISC_ARCH_DIR)
#
+# Check for __builtin_expect
+#
+AC_MSG_CHECKING([compiler support for __builtin_expect])
+AC_TRY_LINK(, [
+ return (__builtin_expect(1, 1) ? 1 : 0);
+], [
+ have_builtin_expect=yes
+ AC_MSG_RESULT(yes)
+], [
+ have_builtin_expect=no
+ AC_MSG_RESULT(no)
+])
+if test "$have_builtin_expect" = "yes"; then
+ AC_DEFINE(HAVE_BUILTIN_EXPECT, 1, [Define to 1 if the compiler supports __builtin_expect.])
+fi
+
+#
# Activate "rrset-order fixed" or not?
#
AC_ARG_ENABLE(fixed-rrset,
@@ -3371,6 +3411,9 @@ AC_SUBST(LATEX)
AC_PATH_PROGS(PDFLATEX, pdflatex, pdflatex)
AC_SUBST(PDFLATEX)
+AC_PATH_PROGS(DBLATEX, dblatex, dblatex)
+AC_SUBST(DBLATEX)
+
#
# Look for w3m
#
@@ -3453,7 +3496,7 @@ AC_ARG_WITH(docbook-xsl,
case "$docbook_path" in
auto)
AC_MSG_RESULT(auto)
- docbook_xsl_trees="/usr/pkg/share/xsl/docbook /usr/local/share/xsl/docbook /usr/share/xsl/docbook /opt/local/share/xsl/docbook-xsl"
+ docbook_xsl_trees="/usr/pkg/share/xsl/docbook /usr/local/share/xsl/docbook-ns /usr/local/share/xsl/docbook /usr/share/xsl/docbook /opt/local/share/xsl/docbook-xsl /usr/share/xml/docbook/stylesheet/docbook-xsl"
;;
*)
docbook_xsl_trees="$withval"
@@ -3476,41 +3519,11 @@ NOM_PATH_FILE(XSLT_DOCBOOK_MAKETOC_HTML, html/maketoc.xsl, $docbook_xsl_trees)
NOM_PATH_FILE(XSLT_DOCBOOK_MAKETOC_XHTML, xhtml/maketoc.xsl, $docbook_xsl_trees)
#
-# Same dance for db2latex
-#
-# No idea where this lives except on FreeBSD.
-#
-
-db2latex_xsl_trees="/usr/local/share"
-
-#
-# Look for stylesheets we need.
+# Same dance for dblatex
#
-
-NOM_PATH_FILE(XSLT_DB2LATEX_STYLE, db2latex/xsl/docbook.xsl, $db2latex_xsl_trees)
-
-#
-# Look for "admonition" image directory. Can't use NOM_PATH_FILE()
-# because it's a directory, so just do the same things, inline.
-#
-
-AC_MSG_CHECKING(for db2latex/xsl/figures)
-for d in $db2latex_xsl_trees
-do
- dd=$d/db2latex/xsl/figures
- if test -d $dd
- then
- XSLT_DB2LATEX_ADMONITIONS=$dd
- AC_MSG_RESULT($dd)
- break
- fi
-done
-if test "X$XSLT_DB2LATEX_ADMONITIONS" = "X"
-then
- AC_MSG_RESULT(not found)
- XSLT_DB2LATEX_ADMONITIONS=db2latex/xsl/figures
-fi
-AC_SUBST(XSLT_DB2LATEX_ADMONITIONS)
+dblatex_xsl_trees="/usr/local/share/xml/docbook/stylesheet/dblatex /usr/pkg/share/xml/docbook/stylesheet/dblatex /usr/share/xml/docbook/stylesheet/dblatex"
+NOM_PATH_FILE(XSLT_DBLATEX_STYLE, xsl/docbook.xsl, $dblatex_xsl_trees)
+NOM_PATH_FILE(XSLT_DBLATEX_FASTBOOK, xsl/latex_book_fast.xsl, $dblatex_xsl_trees)
#
# IDN support
@@ -3634,6 +3647,7 @@ AC_ARG_ENABLE(querytrace,
[ --enable-querytrace enable very verbose query trace logging [[default=no]]],
want_querytrace="$enableval", want_querytrace="no")
+AC_MSG_CHECKING([whether to enable query trace logging])
case "$want_querytrace" in
yes)
AC_MSG_RESULT(yes)
@@ -3686,12 +3700,14 @@ BIND9_PRODUCT="PRODUCT=\"${PRODUCT}\""
AC_SUBST(BIND9_PRODUCT)
BIND9_DESCRIPTION="DESCRIPTION=\"${DESCRIPTION}\""
AC_SUBST(BIND9_DESCRIPTION)
-BIND9_VERSION="VERSION=${MAJORVER}.${MINORVER}${PATCHVER:+.}${PATCHVER}${RELEASETYPE}${RELEASEVER}${EXTENSIONS}"
+BIND9_VERSION="${MAJORVER}.${MINORVER}${PATCHVER:+.}${PATCHVER}${RELEASETYPE}${RELEASEVER}${EXTENSIONS}"
AC_SUBST(BIND9_VERSION)
BIND9_MAJOR="MAJOR=${MAJORVER}.${MINORVER}"
AC_SUBST(BIND9_MAJOR)
BIND9_VERSIONSTRING="${PRODUCT} ${MAJORVER}.${MINORVER}${PATCHVER:+.}${PATCHVER}${RELEASETYPE}${RELEASEVER}${EXTENSIONS}${DESCRIPTION:+ }${DESCRIPTION}"
AC_SUBST(BIND9_VERSIONSTRING)
+BIND9_VERSIONSHORT="${PRODUCT} ${MAJORVER}.${MINORVER}${PATCHVER:+.}${PATCHVER}${RELEASETYPE}${RELEASEVER}${EXTENSIONS}"
+AC_SUBST(BIND9_VERSIONSHORT)
BIND9_SRCID="SRCID=unset"
if test -f "${srcdir}/srcid"; then
@@ -3804,7 +3820,18 @@ if test "$dlopen" = "yes"; then
SO_LD="ld"
fi
;;
- *-freebsd*|*-openbsd*|*-netbsd*)
+ *-freebsd*|*-openbsd*)
+ SO_CFLAGS="-fpic"
+ elf=`${CC} -dM -E - < /dev/null | grep __ELF__`
+ if test "$use_libtool" = "yes"; then
+ SO_LDFLAGS="-Xcompiler -shared"
+ SO_LD="${CC}"
+ else
+ SO_LDFLAGS="-shared"
+ SO_LD="${CC}"
+ fi
+ ;;
+ *-netbsd*)
SO_CFLAGS="-fpic"
SO_LDFLAGS="-Bshareable -x"
SO_LD="ld"
@@ -4070,17 +4097,20 @@ AC_CONFIG_FILES([
contrib/zone-edit.sh
doc/Makefile
doc/arm/Makefile
+ doc/arm/noteversion.xml
+ doc/arm/pkgversion.xml
+ doc/arm/releaseinfo.xml
doc/doxygen/Doxyfile
doc/doxygen/Makefile
doc/doxygen/doxygen-input-filter
doc/misc/Makefile
+ doc/tex/Makefile
+ doc/tex/armstyle.sty
doc/xsl/Makefile
doc/xsl/isc-docbook-chunk.xsl
doc/xsl/isc-docbook-html.xsl
- doc/xsl/isc-docbook-latex.xsl
doc/xsl/isc-manpage.xsl
doc/xsl/isc-notes-html.xsl
- doc/xsl/isc-notes-latex.xsl
isc-config.sh
lib/Makefile
lib/bind9/Makefile
@@ -4171,7 +4201,10 @@ AC_ARG_WITH(make-clean,
make_clean="$withval", make_clean="yes")
case "$make_clean" in
yes)
- make clean
+ if test "$no_create" != "yes"
+ then
+ make clean
+ fi
;;
esac
@@ -4270,6 +4303,10 @@ if test "X$ac_unrecognized_opts" != "X"; then
echo "Unrecognized options:"
echo " $ac_unrecognized_opts"
fi
+if test "$enable_full_report" != "yes"; then
+ echo "------------------------------------------------------------------------"
+ echo "For more detail, use --enable-full-report."
+fi
echo "========================================================================"
if test "X$USE_OPENSSL" = "X"; then
diff --git a/doc/Makefile.in b/doc/Makefile.in
index 29074b53fb1c..df28cbe80b87 100644
--- a/doc/Makefile.in
+++ b/doc/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004-2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2007, 2012, 2015 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2000, 2001 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -13,8 +13,6 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.11 2007/06/19 23:47:13 tbox Exp $
-
# This Makefile is a placeholder. It exists merely to make
# sure that its directory gets created in the object directory
# tree when doing a build using separate object directories.
@@ -23,7 +21,7 @@ srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
-SUBDIRS = arm misc xsl doxygen
+SUBDIRS = arm misc xsl doxygen tex
TARGETS =
@BIND9_MAKE_RULES@
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index d46710ff4342..fe479b029fa3 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -1,8 +1,5 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,10 +15,10 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<book xmlns:xi="http://www.w3.org/2001/XInclude">
- <title>BIND 9 Administrator Reference Manual</title>
-
- <bookinfo>
+<!-- Converted by db4-upgrade version 1.0 -->
+<book xmlns="http://docbook.org/ns/docbook" version="5.0">
+ <info>
+ <title>BIND 9 Administrator Reference Manual</title>
<copyright>
<year>2004</year>
<year>2005</year>
@@ -44,11 +41,11 @@
<year>2003</year>
<holder>Internet Software Consortium.</holder>
</copyright>
- <xi:include href="releaseinfo.xml"/>
- </bookinfo>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="releaseinfo.xml"/>
+ </info>
+
+ <chapter xml:id="Bv9ARM.ch01"><info><title>Introduction</title></info>
- <chapter id="Bv9ARM.ch01">
- <title>Introduction</title>
<para>
The Internet Domain Name System (<acronym>DNS</acronym>)
consists of the syntax
@@ -60,8 +57,7 @@
hierarchical databases.
</para>
- <sect1>
- <title>Scope of Document</title>
+ <section xml:id="doc_scope"><info><title>Scope of Document</title></info>
<para>
The Berkeley Internet Name Domain
@@ -72,11 +68,11 @@
<acronym>BIND</acronym> version 9 software package for
system administrators.
</para>
- <xi:include href="pkgversion.xml"/>
- </sect1>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pkgversion.xml"/>
+ </section>
+
+ <section xml:id="organization"><info><title>Organization of This Document</title></info>
- <sect1>
- <title>Organization of This Document</title>
<para>
In this document, <emphasis>Chapter 1</emphasis> introduces
the basic <acronym>DNS</acronym> and <acronym>BIND</acronym> concepts. <emphasis>Chapter 2</emphasis>
@@ -102,9 +98,8 @@
and the Domain Name
System.
</para>
- </sect1>
- <sect1>
- <title>Conventions Used in This Document</title>
+ </section>
+ <section xml:id="conventions"><info><title>Conventions Used in This Document</title></info>
<para>
In this document, we use the following general typographic
@@ -229,9 +224,9 @@
</tgroup>
</informaltable>
</para>
- </sect1>
- <sect1>
- <title>The Domain Name System (<acronym>DNS</acronym>)</title>
+ </section>
+ <section xml:id="dns_overview"><info><title>The Domain Name System (<acronym>DNS</acronym>)</title></info>
+
<para>
The purpose of this document is to explain the installation
and upkeep of the <acronym>BIND</acronym> (Berkeley Internet
@@ -240,8 +235,7 @@
(<acronym>DNS</acronym>) as they relate to <acronym>BIND</acronym>.
</para>
- <sect2>
- <title>DNS Fundamentals</title>
+ <section xml:id="dns_fundamentals"><info><title>DNS Fundamentals</title></info>
<para>
The Domain Name System (DNS) is a hierarchical, distributed
@@ -263,8 +257,8 @@
from ISC as a separate download.
</para>
- </sect2><sect2>
- <title>Domains and Domain Names</title>
+ </section>
+ <section xml:id="domain_names"><info><title>Domains and Domain Names</title></info>
<para>
The data stored in the DNS is identified by <emphasis>domain names</emphasis> that are organized as a tree according to
@@ -312,10 +306,10 @@
the DNS protocol, please refer to the standards documents listed in
<xref linkend="rfcs"/>.
</para>
- </sect2>
+ </section>
+
+ <section xml:id="zones"><info><title>Zones</title></info>
- <sect2>
- <title>Zones</title>
<para>
To properly operate a name server, it is important to understand
the difference between a <emphasis>zone</emphasis>
@@ -368,10 +362,9 @@
be a slave server for your <emphasis>domain</emphasis>, you are
actually asking for slave service for some collection of zones.
</para>
- </sect2>
+ </section>
- <sect2>
- <title>Authoritative Name Servers</title>
+ <section xml:id="auth_servers"><info><title>Authoritative Name Servers</title></info>
<para>
Each zone is served by at least
@@ -389,8 +382,7 @@
<command>dig</command> (<xref linkend="diagnostic_tools"/>).
</para>
- <sect3>
- <title>The Primary Master</title>
+ <section xml:id="primary_master"><info><title>The Primary Master</title></info>
<para>
The authoritative server where the master copy of the zone
@@ -409,10 +401,10 @@
by humans at all, but may instead be the result of
<emphasis>dynamic update</emphasis> operations.
</para>
- </sect3>
+ </section>
+
+ <section xml:id="slave_server"><info><title>Slave Servers</title></info>
- <sect3>
- <title>Slave Servers</title>
<para>
The other authoritative servers, the <emphasis>slave</emphasis>
servers (also known as <emphasis>secondary</emphasis> servers)
@@ -425,10 +417,9 @@
to transfer it from another slave. In other words, a slave server
may itself act as a master to a subordinate slave server.
</para>
- </sect3>
+ </section>
- <sect3>
- <title>Stealth Servers</title>
+ <section xml:id="stealth_server"><info><title>Stealth Servers</title></info>
<para>
Usually all of the zone's authoritative servers are listed in
@@ -463,12 +454,10 @@
with the outside world.
</para>
- </sect3>
+ </section>
- </sect2>
- <sect2>
-
- <title>Caching Name Servers</title>
+ </section>
+ <section xml:id="cache_servers"><info><title>Caching Name Servers</title></info>
<!--
- Terminology here is inconsistent. Probably ought to
@@ -503,8 +492,7 @@
Time To Live (TTL) field associated with each resource record.
</para>
- <sect3>
- <title>Forwarding</title>
+ <section xml:id="forwarder"><info><title>Forwarding</title></info>
<para>
Even a caching name server does not necessarily perform
@@ -529,12 +517,11 @@
that can do it, and that server would query the Internet <acronym>DNS</acronym> servers
on the internal server's behalf.
</para>
- </sect3>
+ </section>
- </sect2>
+ </section>
- <sect2>
- <title>Name Servers in Multiple Roles</title>
+ <section xml:id="multi_role"><info><title>Name Servers in Multiple Roles</title></info>
<para>
The <acronym>BIND</acronym> name server can
@@ -559,17 +546,14 @@
be placed inside a firewall.
</para>
- </sect2>
- </sect1>
+ </section>
+ </section>
</chapter>
- <chapter id="Bv9ARM.ch02">
- <title><acronym>BIND</acronym> Resource Requirements</title>
-
- <sect1>
- <title>Hardware requirements</title>
+ <chapter xml:id="Bv9ARM.ch02"><info><title><acronym>BIND</acronym> Resource Requirements</title></info>
+ <section xml:id="hw_req"><info><title>Hardware requirements</title></info>
<para>
<acronym>DNS</acronym> hardware requirements have
traditionally been quite modest.
@@ -585,9 +569,8 @@
full utilization of
multiprocessor systems for installations that need it.
</para>
- </sect1>
- <sect1>
- <title>CPU Requirements</title>
+ </section>
+ <section xml:id="cpu_req"><info><title>CPU Requirements</title></info>
<para>
CPU requirements for <acronym>BIND</acronym> 9 range from
i486-class machines
@@ -595,10 +578,8 @@
machines if you intend to process many dynamic updates and DNSSEC
signed zones, serving many thousands of queries per second.
</para>
- </sect1>
-
- <sect1>
- <title>Memory Requirements</title>
+ </section>
+ <section xml:id="mem_req"><info><title>Memory Requirements</title></info>
<para>
The memory of the server has to be large enough to fit the
cache and zones loaded off disk. The <command>max-cache-size</command>
@@ -611,7 +592,7 @@
limit the amount
of memory used by the mechanism.
It is still good practice to have enough memory to load
- all zone and cache data into memory &mdash; unfortunately, the best
+ all zone and cache data into memory — unfortunately, the best
way
to determine this for a given installation is to watch the name server
in operation. After a few weeks the server process should reach
@@ -622,10 +603,10 @@
- Add something here about leaving overhead for attacks?
- How much overhead? Percentage?
-->
- </sect1>
+ </section>
+
+ <section xml:id="intensive_env"><info><title>Name Server Intensive Environment Issues</title></info>
- <sect1>
- <title>Name Server Intensive Environment Issues</title>
<para>
For name server intensive environments, there are two alternative
configurations that may be used. The first is where clients and
@@ -639,10 +620,10 @@
this has the disadvantage of making many more external queries,
as none of the name servers share their cached data.
</para>
- </sect1>
+ </section>
+
+ <section xml:id="supported_os"><info><title>Supported Operating Systems</title></info>
- <sect1>
- <title>Supported Operating Systems</title>
<para>
ISC <acronym>BIND</acronym> 9 compiles and runs on a large
number
@@ -653,21 +634,21 @@
directory
of the BIND 9 source distribution.
</para>
- </sect1>
+ </section>
</chapter>
- <chapter id="Bv9ARM.ch03">
- <title>Name Server Configuration</title>
+ <chapter xml:id="Bv9ARM.ch03"><info><title>Name Server Configuration</title></info>
+
<para>
In this chapter we provide some suggested configurations along
with guidelines for their use. We suggest reasonable values for
certain option settings.
</para>
- <sect1 id="sample_configuration">
- <title>Sample Configurations</title>
- <sect2>
- <title>A Caching-only Name Server</title>
+ <section xml:id="sample_configuration"><info><title>Sample Configurations</title></info>
+
+ <section xml:id="cache_only_sample"><info><title>A Caching-only Name Server</title></info>
+
<para>
The following sample configuration is appropriate for a caching-only
name server for use by clients internal to a corporation. All
@@ -696,10 +677,10 @@ zone "0.0.127.in-addr.arpa" {
};
</programlisting>
- </sect2>
+ </section>
+
+ <section xml:id="auth_only_sample"><info><title>An Authoritative-only Name Server</title></info>
- <sect2>
- <title>An Authoritative-only Name Server</title>
<para>
This sample configuration is for an authoritative-only server
that is the master server for "<filename>example.com</filename>"
@@ -745,11 +726,11 @@ zone "eng.example.com" {
};
</programlisting>
- </sect2>
- </sect1>
+ </section>
+ </section>
+
+ <section xml:id="load_balancing"><info><title>Load Balancing</title></info>
- <sect1>
- <title>Load Balancing</title>
<!--
- Add explanation of why load balancing is fragile at best
- and completely pointless in the general case.
@@ -897,21 +878,18 @@ zone "eng.example.com" {
<xref endterm="rrset_ordering_title" linkend="rrset_ordering"/>.
</para>
- </sect1>
+ </section>
- <sect1>
- <title>Name Server Operations</title>
+ <section xml:id="ns_operations"><info><title>Name Server Operations</title></info>
- <sect2>
- <title>Tools for Use With the Name Server Daemon</title>
+ <section xml:id="tools"><info><title>Tools for Use With the Name Server Daemon</title></info>
<para>
This section describes several indispensable diagnostic,
administrative and monitoring tools available to the system
administrator for controlling and debugging the name server
daemon.
</para>
- <sect3 id="diagnostic_tools">
- <title>Diagnostic Tools</title>
+ <section xml:id="diagnostic_tools"><info><title>Diagnostic Tools</title></info>
<para>
The <command>dig</command>, <command>host</command>, and
<command>nslookup</command> programs are all command
@@ -922,7 +900,7 @@ zone "eng.example.com" {
<variablelist>
<varlistentry>
- <term id="dig"><command>dig</command></term>
+ <term xml:id="dig"><command>dig</command></term>
<listitem>
<para>
The domain information groper (<command>dig</command>)
@@ -934,15 +912,15 @@ zone "eng.example.com" {
accessible
from the command line.
</para>
- <cmdsynopsis label="Usage">
+ <cmdsynopsis label="Usage" sepchar=" ">
<command>dig</command>
- <arg>@<replaceable>server</replaceable></arg>
- <arg choice="plain"><replaceable>domain</replaceable></arg>
- <arg><replaceable>query-type</replaceable></arg>
- <arg><replaceable>query-class</replaceable></arg>
- <arg>+<replaceable>query-option</replaceable></arg>
- <arg>-<replaceable>dig-option</replaceable></arg>
- <arg>%<replaceable>comment</replaceable></arg>
+ <arg choice="opt" rep="norepeat">@<replaceable>server</replaceable></arg>
+ <arg choice="plain" rep="norepeat"><replaceable>domain</replaceable></arg>
+ <arg choice="opt" rep="norepeat"><replaceable>query-type</replaceable></arg>
+ <arg choice="opt" rep="norepeat"><replaceable>query-class</replaceable></arg>
+ <arg choice="opt" rep="norepeat">+<replaceable>query-option</replaceable></arg>
+ <arg choice="opt" rep="norepeat">-<replaceable>dig-option</replaceable></arg>
+ <arg choice="opt" rep="norepeat">%<replaceable>comment</replaceable></arg>
</cmdsynopsis>
<para>
The usual simple use of <command>dig</command> will take the form
@@ -969,19 +947,19 @@ zone "eng.example.com" {
functionality
can be extended with the use of options.
</para>
- <cmdsynopsis label="Usage">
+ <cmdsynopsis label="Usage" sepchar=" ">
<command>host</command>
- <arg>-aCdlnrsTwv</arg>
- <arg>-c <replaceable>class</replaceable></arg>
- <arg>-N <replaceable>ndots</replaceable></arg>
- <arg>-t <replaceable>type</replaceable></arg>
- <arg>-W <replaceable>timeout</replaceable></arg>
- <arg>-R <replaceable>retries</replaceable></arg>
- <arg>-m <replaceable>flag</replaceable></arg>
- <arg>-4</arg>
- <arg>-6</arg>
- <arg choice="plain"><replaceable>hostname</replaceable></arg>
- <arg><replaceable>server</replaceable></arg>
+ <arg choice="opt" rep="norepeat">-aCdlnrsTwv</arg>
+ <arg choice="opt" rep="norepeat">-c <replaceable>class</replaceable></arg>
+ <arg choice="opt" rep="norepeat">-N <replaceable>ndots</replaceable></arg>
+ <arg choice="opt" rep="norepeat">-t <replaceable>type</replaceable></arg>
+ <arg choice="opt" rep="norepeat">-W <replaceable>timeout</replaceable></arg>
+ <arg choice="opt" rep="norepeat">-R <replaceable>retries</replaceable></arg>
+ <arg choice="opt" rep="norepeat">-m <replaceable>flag</replaceable></arg>
+ <arg choice="opt" rep="norepeat">-4</arg>
+ <arg choice="opt" rep="norepeat">-6</arg>
+ <arg choice="plain" rep="norepeat"><replaceable>hostname</replaceable></arg>
+ <arg choice="opt" rep="norepeat"><replaceable>server</replaceable></arg>
</cmdsynopsis>
<para>
For more information and a list of available commands and
@@ -1003,12 +981,12 @@ zone "eng.example.com" {
the name and requested information for a host or
domain.
</para>
- <cmdsynopsis label="Usage">
+ <cmdsynopsis label="Usage" sepchar=" ">
<command>nslookup</command>
- <arg rep="repeat">-option</arg>
- <group>
- <arg><replaceable>host-to-find</replaceable></arg>
- <arg>- <arg>server</arg></arg>
+ <arg rep="repeat" choice="opt">-option</arg>
+ <group choice="opt" rep="norepeat">
+ <arg choice="opt" rep="norepeat"><replaceable>host-to-find</replaceable></arg>
+ <arg choice="opt" rep="norepeat">- <arg choice="opt" rep="norepeat">server</arg></arg>
</group>
</cmdsynopsis>
<para>
@@ -1036,16 +1014,15 @@ zone "eng.example.com" {
</varlistentry>
</variablelist>
- </sect3>
+ </section>
- <sect3 id="admin_tools">
- <title>Administrative Tools</title>
+ <section xml:id="admin_tools"><info><title>Administrative Tools</title></info>
<para>
Administrative tools play an integral part in the management
of a server.
</para>
<variablelist>
- <varlistentry id="named-checkconf" xreflabel="Named Configuration Checking application">
+ <varlistentry xml:id="named-checkconf" xreflabel="Named Configuration Checking application">
<term><command>named-checkconf</command></term>
<listitem>
@@ -1053,15 +1030,15 @@ zone "eng.example.com" {
The <command>named-checkconf</command> program
checks the syntax of a <filename>named.conf</filename> file.
</para>
- <cmdsynopsis label="Usage">
+ <cmdsynopsis label="Usage" sepchar=" ">
<command>named-checkconf</command>
- <arg>-jvz</arg>
- <arg>-t <replaceable>directory</replaceable></arg>
- <arg><replaceable>filename</replaceable></arg>
+ <arg choice="opt" rep="norepeat">-jvz</arg>
+ <arg choice="opt" rep="norepeat">-t <replaceable>directory</replaceable></arg>
+ <arg choice="opt" rep="norepeat"><replaceable>filename</replaceable></arg>
</cmdsynopsis>
</listitem>
</varlistentry>
- <varlistentry id="named-checkzone" xreflabel="Zone Checking application">
+ <varlistentry xml:id="named-checkzone" xreflabel="Zone Checking application">
<term><command>named-checkzone</command></term>
<listitem>
@@ -1070,22 +1047,22 @@ zone "eng.example.com" {
checks a master file for
syntax and consistency.
</para>
- <cmdsynopsis label="Usage">
+ <cmdsynopsis label="Usage" sepchar=" ">
<command>named-checkzone</command>
- <arg>-djqvD</arg>
- <arg>-c <replaceable>class</replaceable></arg>
- <arg>-o <replaceable>output</replaceable></arg>
- <arg>-t <replaceable>directory</replaceable></arg>
- <arg>-w <replaceable>directory</replaceable></arg>
- <arg>-k <replaceable>(ignore|warn|fail)</replaceable></arg>
- <arg>-n <replaceable>(ignore|warn|fail)</replaceable></arg>
- <arg>-W <replaceable>(ignore|warn)</replaceable></arg>
- <arg choice="plain"><replaceable>zone</replaceable></arg>
- <arg><replaceable>filename</replaceable></arg>
+ <arg choice="opt" rep="norepeat">-djqvD</arg>
+ <arg choice="opt" rep="norepeat">-c <replaceable>class</replaceable></arg>
+ <arg choice="opt" rep="norepeat">-o <replaceable>output</replaceable></arg>
+ <arg choice="opt" rep="norepeat">-t <replaceable>directory</replaceable></arg>
+ <arg choice="opt" rep="norepeat">-w <replaceable>directory</replaceable></arg>
+ <arg choice="opt" rep="norepeat">-k <replaceable>(ignore|warn|fail)</replaceable></arg>
+ <arg choice="opt" rep="norepeat">-n <replaceable>(ignore|warn|fail)</replaceable></arg>
+ <arg choice="opt" rep="norepeat">-W <replaceable>(ignore|warn)</replaceable></arg>
+ <arg choice="plain" rep="norepeat"><replaceable>zone</replaceable></arg>
+ <arg choice="opt" rep="norepeat"><replaceable>filename</replaceable></arg>
</cmdsynopsis>
</listitem>
</varlistentry>
- <varlistentry id="named-compilezone" xreflabel="Zone Compilation application">
+ <varlistentry xml:id="named-compilezone" xreflabel="Zone Compilation application">
<term><command>named-compilezone</command></term>
<listitem>
<para>
@@ -1095,7 +1072,7 @@ zone "eng.example.com" {
</para>
</listitem>
</varlistentry>
- <varlistentry id="rndc" xreflabel="Remote Name Daemon Control application">
+ <varlistentry xml:id="rndc" xreflabel="Remote Name Daemon Control application">
<term><command>rndc</command></term>
<listitem>
@@ -1114,14 +1091,14 @@ zone "eng.example.com" {
options
it will display a usage message as follows:
</para>
- <cmdsynopsis label="Usage">
+ <cmdsynopsis label="Usage" sepchar=" ">
<command>rndc</command>
- <arg>-c <replaceable>config</replaceable></arg>
- <arg>-s <replaceable>server</replaceable></arg>
- <arg>-p <replaceable>port</replaceable></arg>
- <arg>-y <replaceable>key</replaceable></arg>
- <arg choice="plain"><replaceable>command</replaceable></arg>
- <arg rep="repeat"><replaceable>command</replaceable></arg>
+ <arg choice="opt" rep="norepeat">-c <replaceable>config</replaceable></arg>
+ <arg choice="opt" rep="norepeat">-s <replaceable>server</replaceable></arg>
+ <arg choice="opt" rep="norepeat">-p <replaceable>port</replaceable></arg>
+ <arg choice="opt" rep="norepeat">-y <replaceable>key</replaceable></arg>
+ <arg choice="plain" rep="norepeat"><replaceable>command</replaceable></arg>
+ <arg rep="repeat" choice="opt"><replaceable>command</replaceable></arg>
</cmdsynopsis>
<para>See <xref linkend="man.rndc"/> for details of
@@ -1289,11 +1266,10 @@ controls {
</varlistentry>
</variablelist>
- </sect3>
- </sect2>
- <sect2>
+ </section>
+ </section>
- <title>Signals</title>
+ <section xml:id="signals"><info><title>Signals</title></info>
<para>
Certain UNIX signals cause the name server to take specific
actions, as described in the following table. These signals can
@@ -1338,16 +1314,13 @@ controls {
</tbody>
</tgroup>
</informaltable>
- </sect2>
- </sect1>
+ </section>
+ </section>
</chapter>
- <chapter id="Bv9ARM.ch04">
- <title>Advanced DNS Features</title>
+ <chapter xml:id="Bv9ARM.ch04"><info><title>Advanced DNS Features</title></info>
- <sect1 id="notify">
-
- <title>Notify</title>
+ <section xml:id="notify"><info><title>Notify</title></info>
<para>
<acronym>DNS</acronym> NOTIFY is a mechanism that allows master
servers to notify their slave servers of changes to a zone's data. In
@@ -1365,18 +1338,17 @@ controls {
protocol is specified in RFC 1996.
</para>
- <note>
+ <note><simpara>
As a slave zone can also be a master to other slaves, <command>named</command>,
by default, sends <command>NOTIFY</command> messages for every zone
it loads. Specifying <command>notify master-only;</command> will
cause <command>named</command> to only send <command>NOTIFY</command> for master
zones that it loads.
- </note>
+ </simpara></note>
- </sect1>
+ </section>
- <sect1 id="dynamic_update">
- <title>Dynamic Update</title>
+ <section xml:id="dynamic_update"><info><title>Dynamic Update</title></info>
<para>
Dynamic Update is a method for adding, replacing or deleting
@@ -1418,8 +1390,7 @@ controls {
signatures and an explicit server policy.
</para>
- <sect2 id="journal">
- <title>The journal file</title>
+ <section xml:id="journal"><info><title>The journal file</title></info>
<para>
All changes made to a zone using dynamic update are stored
@@ -1462,7 +1433,7 @@ controls {
<para>
The zone files of dynamic zones cannot normally be edited by
hand because they are not guaranteed to contain the most recent
- dynamic changes &mdash; those are only in the journal file.
+ dynamic changes — those are only in the journal file.
The only way to ensure that the zone file of a dynamic zone
is up to date is to run <command>rndc stop</command>.
</para>
@@ -1488,12 +1459,11 @@ controls {
<command>rndc sync -clean</command>.
</para>
- </sect2>
+ </section>
- </sect1>
+ </section>
- <sect1 id="incremental_zone_transfers">
- <title>Incremental Zone Transfers (IXFR)</title>
+ <section xml:id="incremental_zone_transfers"><info><title>Incremental Zone Transfers (IXFR)</title></info>
<para>
The incremental zone transfer (IXFR) protocol is a way for
@@ -1521,10 +1491,10 @@ controls {
IXFR, see the description of the <command>request-ixfr</command> clause
of the <command>server</command> statement.
</para>
- </sect1>
+ </section>
+
+ <section xml:id="split_dns"><info><title>Split DNS</title></info>
- <sect1>
- <title>Split DNS</title>
<para>
Setting up different views, or visibility, of the DNS space to
internal and external resolvers is usually referred to as a
@@ -1552,139 +1522,138 @@ controls {
on the Internet. Split DNS can also be used to allow mail from outside
back in to the internal network.
</para>
- <sect2>
- <title>Example split DNS setup</title>
- <para>
- Let's say a company named <emphasis>Example, Inc.</emphasis>
- (<literal>example.com</literal>)
- has several corporate sites that have an internal network with
- reserved
- Internet Protocol (IP) space and an external demilitarized zone (DMZ),
- or "outside" section of a network, that is available to the public.
- </para>
- <para>
- <emphasis>Example, Inc.</emphasis> wants its internal clients
- to be able to resolve external hostnames and to exchange mail with
- people on the outside. The company also wants its internal resolvers
- to have access to certain internal-only zones that are not available
- at all outside of the internal network.
- </para>
- <para>
- In order to accomplish this, the company will set up two sets
- of name servers. One set will be on the inside network (in the
- reserved
- IP space) and the other set will be on bastion hosts, which are
- "proxy"
- hosts that can talk to both sides of its network, in the DMZ.
- </para>
- <para>
- The internal servers will be configured to forward all queries,
- except queries for <filename>site1.internal</filename>, <filename>site2.internal</filename>, <filename>site1.example.com</filename>,
- and <filename>site2.example.com</filename>, to the servers
- in the
- DMZ. These internal servers will have complete sets of information
- for <filename>site1.example.com</filename>, <filename>site2.example.com</filename>, <filename>site1.internal</filename>,
- and <filename>site2.internal</filename>.
- </para>
- <para>
- To protect the <filename>site1.internal</filename> and <filename>site2.internal</filename> domains,
- the internal name servers must be configured to disallow all queries
- to these domains from any external hosts, including the bastion
- hosts.
- </para>
- <para>
- The external servers, which are on the bastion hosts, will
- be configured to serve the "public" version of the <filename>site1</filename> and <filename>site2.example.com</filename> zones.
- This could include things such as the host records for public servers
- (<filename>www.example.com</filename> and <filename>ftp.example.com</filename>),
- and mail exchange (MX) records (<filename>a.mx.example.com</filename> and <filename>b.mx.example.com</filename>).
- </para>
- <para>
- In addition, the public <filename>site1</filename> and <filename>site2.example.com</filename> zones
- should have special MX records that contain wildcard (`*') records
- pointing to the bastion hosts. This is needed because external mail
- servers do not have any other way of looking up how to deliver mail
- to those internal hosts. With the wildcard records, the mail will
- be delivered to the bastion host, which can then forward it on to
- internal hosts.
- </para>
- <para>
- Here's an example of a wildcard MX record:
- </para>
- <programlisting>* IN MX 10 external1.example.com.</programlisting>
- <para>
- Now that they accept mail on behalf of anything in the internal
- network, the bastion hosts will need to know how to deliver mail
- to internal hosts. In order for this to work properly, the resolvers
- on
- the bastion hosts will need to be configured to point to the internal
- name servers for DNS resolution.
- </para>
- <para>
- Queries for internal hostnames will be answered by the internal
- servers, and queries for external hostnames will be forwarded back
- out to the DNS servers on the bastion hosts.
- </para>
- <para>
- In order for all this to work properly, internal clients will
- need to be configured to query <emphasis>only</emphasis> the internal
- name servers for DNS queries. This could also be enforced via
- selective
- filtering on the network.
- </para>
- <para>
- If everything has been set properly, <emphasis>Example, Inc.</emphasis>'s
- internal clients will now be able to:
- </para>
- <itemizedlist>
- <listitem>
- <simpara>
- Look up any hostnames in the <literal>site1</literal>
- and
- <literal>site2.example.com</literal> zones.
- </simpara>
- </listitem>
- <listitem>
- <simpara>
- Look up any hostnames in the <literal>site1.internal</literal> and
- <literal>site2.internal</literal> domains.
- </simpara>
- </listitem>
- <listitem>
- <simpara>Look up any hostnames on the Internet.</simpara>
- </listitem>
- <listitem>
- <simpara>Exchange mail with both internal and external people.</simpara>
- </listitem>
- </itemizedlist>
- <para>
- Hosts on the Internet will be able to:
- </para>
- <itemizedlist>
- <listitem>
- <simpara>
- Look up any hostnames in the <literal>site1</literal>
- and
- <literal>site2.example.com</literal> zones.
- </simpara>
- </listitem>
- <listitem>
- <simpara>
- Exchange mail with anyone in the <literal>site1</literal> and
- <literal>site2.example.com</literal> zones.
- </simpara>
- </listitem>
- </itemizedlist>
+ <section xml:id="split_dns_sample"><info><title>Example split DNS setup</title></info>
+ <para>
+ Let's say a company named <emphasis>Example, Inc.</emphasis>
+ (<literal>example.com</literal>)
+ has several corporate sites that have an internal network with
+ reserved
+ Internet Protocol (IP) space and an external demilitarized zone (DMZ),
+ or "outside" section of a network, that is available to the public.
+ </para>
+ <para>
+ <emphasis>Example, Inc.</emphasis> wants its internal clients
+ to be able to resolve external hostnames and to exchange mail with
+ people on the outside. The company also wants its internal resolvers
+ to have access to certain internal-only zones that are not available
+ at all outside of the internal network.
+ </para>
+ <para>
+ In order to accomplish this, the company will set up two sets
+ of name servers. One set will be on the inside network (in the
+ reserved
+ IP space) and the other set will be on bastion hosts, which are
+ "proxy"
+ hosts that can talk to both sides of its network, in the DMZ.
+ </para>
+ <para>
+ The internal servers will be configured to forward all queries,
+ except queries for <filename>site1.internal</filename>, <filename>site2.internal</filename>, <filename>site1.example.com</filename>,
+ and <filename>site2.example.com</filename>, to the servers
+ in the
+ DMZ. These internal servers will have complete sets of information
+ for <filename>site1.example.com</filename>, <filename>site2.example.com</filename>, <filename>site1.internal</filename>,
+ and <filename>site2.internal</filename>.
+ </para>
+ <para>
+ To protect the <filename>site1.internal</filename> and <filename>site2.internal</filename> domains,
+ the internal name servers must be configured to disallow all queries
+ to these domains from any external hosts, including the bastion
+ hosts.
+ </para>
+ <para>
+ The external servers, which are on the bastion hosts, will
+ be configured to serve the "public" version of the <filename>site1</filename> and <filename>site2.example.com</filename> zones.
+ This could include things such as the host records for public servers
+ (<filename>www.example.com</filename> and <filename>ftp.example.com</filename>),
+ and mail exchange (MX) records (<filename>a.mx.example.com</filename> and <filename>b.mx.example.com</filename>).
+ </para>
+ <para>
+ In addition, the public <filename>site1</filename> and <filename>site2.example.com</filename> zones
+ should have special MX records that contain wildcard (`*') records
+ pointing to the bastion hosts. This is needed because external mail
+ servers do not have any other way of looking up how to deliver mail
+ to those internal hosts. With the wildcard records, the mail will
+ be delivered to the bastion host, which can then forward it on to
+ internal hosts.
+ </para>
+ <para>
+ Here's an example of a wildcard MX record:
+ </para>
+ <programlisting>* IN MX 10 external1.example.com.</programlisting>
+ <para>
+ Now that they accept mail on behalf of anything in the internal
+ network, the bastion hosts will need to know how to deliver mail
+ to internal hosts. In order for this to work properly, the resolvers
+ on
+ the bastion hosts will need to be configured to point to the internal
+ name servers for DNS resolution.
+ </para>
+ <para>
+ Queries for internal hostnames will be answered by the internal
+ servers, and queries for external hostnames will be forwarded back
+ out to the DNS servers on the bastion hosts.
+ </para>
+ <para>
+ In order for all this to work properly, internal clients will
+ need to be configured to query <emphasis>only</emphasis> the internal
+ name servers for DNS queries. This could also be enforced via
+ selective
+ filtering on the network.
+ </para>
+ <para>
+ If everything has been set properly, <emphasis>Example, Inc.</emphasis>'s
+ internal clients will now be able to:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <simpara>
+ Look up any hostnames in the <literal>site1</literal>
+ and
+ <literal>site2.example.com</literal> zones.
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>
+ Look up any hostnames in the <literal>site1.internal</literal> and
+ <literal>site2.internal</literal> domains.
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>Look up any hostnames on the Internet.</simpara>
+ </listitem>
+ <listitem>
+ <simpara>Exchange mail with both internal and external people.</simpara>
+ </listitem>
+ </itemizedlist>
+ <para>
+ Hosts on the Internet will be able to:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <simpara>
+ Look up any hostnames in the <literal>site1</literal>
+ and
+ <literal>site2.example.com</literal> zones.
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>
+ Exchange mail with anyone in the <literal>site1</literal> and
+ <literal>site2.example.com</literal> zones.
+ </simpara>
+ </listitem>
+ </itemizedlist>
- <para>
- Here is an example configuration for the setup we just
- described above. Note that this is only configuration information;
- for information on how to configure your zone files, see <xref linkend="sample_configuration"/>.
- </para>
+ <para>
+ Here is an example configuration for the setup we just
+ described above. Note that this is only configuration information;
+ for information on how to configure your zone files, see <xref linkend="sample_configuration"/>.
+ </para>
- <para>
- Internal DNS server config:
- </para>
+ <para>
+ Internal DNS server config:
+ </para>
<programlisting>
@@ -1748,9 +1717,9 @@ zone "site2.internal" {
};
</programlisting>
- <para>
- External (bastion host) DNS server config:
- </para>
+ <para>
+ External (bastion host) DNS server config:
+ </para>
<programlisting>
acl internals { 172.16.72.0/24; 192.168.1.0/24; };
@@ -1787,10 +1756,10 @@ zone "site2.example.com" {
};
</programlisting>
- <para>
- In the <filename>resolv.conf</filename> (or equivalent) on
- the bastion host(s):
- </para>
+ <para>
+ In the <filename>resolv.conf</filename> (or equivalent) on
+ the bastion host(s):
+ </para>
<programlisting>
search ...
@@ -1799,277 +1768,279 @@ nameserver 172.16.72.3
nameserver 172.16.72.4
</programlisting>
- </sect2>
- </sect1>
- <sect1 id="tsig">
- <title>TSIG</title>
+ </section>
+ </section>
+ <section xml:id="tsig"><info><title>TSIG</title></info>
+
<para>
- This is a short guide to setting up Transaction SIGnatures
- (TSIG) based transaction security in <acronym>BIND</acronym>. It describes changes
- to the configuration file as well as what changes are required for
- different features, including the process of creating transaction
- keys and using transaction signatures with <acronym>BIND</acronym>.
+ TSIG (Transaction SIGnatures) is a mechanism for authenticating DNS
+ messages, originally specified in RFC 2845. It allows DNS messages
+ to be cryptographically signed using a shared secret. TSIG can
+ be used in any DNS transaction, as a way to restrict access to
+ certain server functions (e.g., recursive queries) to authorized
+ clients when IP-based access control is insufficient or needs to
+ be overridden, or as a way to ensure message authenticity when it
+ is critical to the integrity of the server, such as with dynamic
+ UPDATE messages or zone transfers from a master to a slave server.
</para>
<para>
- <acronym>BIND</acronym> primarily supports TSIG for server
- to server communication.
- This includes zone transfer, notify, and recursive query messages.
- Resolvers based on newer versions of <acronym>BIND</acronym> 8 have limited support
- for TSIG.
+ This is a guide to setting up TSIG in <acronym>BIND</acronym>.
+ It describes the configuration syntax and the process of creating
+ TSIG keys.
</para>
-
<para>
- TSIG can also be useful for dynamic update. A primary
- server for a dynamic zone should control access to the dynamic
- update service, but IP-based access control is insufficient.
- The cryptographic access control provided by TSIG
- is far superior. The <command>nsupdate</command>
- program supports TSIG via the <option>-k</option> and
- <option>-y</option> command line options or inline by use
- of the <command>key</command>.
+ <command>named</command> supports TSIG for server-to-server
+ communication, and some of the tools included with
+ <acronym>BIND</acronym> support it for sending messages to
+ <command>named</command>:
+ <itemizedlist>
+ <listitem>
+ <xref linkend="man.nsupdate"/> supports TSIG via the
+ <option>-k</option>, <option>-l</option> and
+ <option>-y</option> command line options, or via
+ the <command>key</command> command when running
+ interactively.
+ </listitem>
+ <listitem>
+ <xref linkend="man.dig"/> supports TSIG via the
+ <option>-k</option> and <option>-y</option> command
+ line options.
+ </listitem>
+ </itemizedlist>
</para>
- <sect2>
- <title>Generate Shared Keys for Each Pair of Hosts</title>
+ <section><info><title>Generating a Shared Key</title></info>
<para>
- A shared secret is generated to be shared between <emphasis>host1</emphasis> and <emphasis>host2</emphasis>.
- An arbitrary key name is chosen: "host1-host2.". The key name must
- be the same on both hosts.
+ TSIG keys can be generated using the <command>ddns-confgen</command>
+ command; the output of the command is a <command>key</command> directive
+ suitable for inclusion in <filename>named.conf</filename>. The
+ key name and algorithm can be specified by command line parameters;
+ the defaults are "ddns-key" and HMAC-SHA256, respectively. By
+ default, the output of <command>ddns-confgen</command> also includes
+ additional configuration text for setting up dynamic DNS in
+ <command>named</command>; the <option>-q</option> suppresses
+ this. See <xref linkend="man.ddns-confgen"/> for further details.
</para>
- <sect3>
- <title>Automatic Generation</title>
- <para>
- The following command will generate a 128-bit (16 byte) HMAC-SHA256
- key as described above. Longer keys are better, but shorter keys
- are easier to read. Note that the maximum key length is the digest
- length, here 256 bits.
- </para>
- <para>
- <userinput>dnssec-keygen -a hmac-sha256 -b 128 -n HOST host1-host2.</userinput>
- </para>
- <para>
- The key is in the file <filename>Khost1-host2.+163+00000.private</filename>.
- Nothing directly uses this file, but the base-64 encoded string
- following "<literal>Key:</literal>"
- can be extracted from the file and used as a shared secret:
- </para>
- <programlisting>Key: La/E5CjG9O+os1jq0a2jdA==</programlisting>
- <para>
- The string "<literal>La/E5CjG9O+os1jq0a2jdA==</literal>" can
- be used as the shared secret.
- </para>
- </sect3>
- <sect3>
- <title>Manual Generation</title>
- <para>
- The shared secret is simply a random sequence of bits, encoded
- in base-64. Most ASCII strings are valid base-64 strings (assuming
- the length is a multiple of 4 and only valid characters are used),
- so the shared secret can be manually generated.
- </para>
- <para>
- Also, a known string can be run through <command>mmencode</command> or
- a similar program to generate base-64 encoded data.
- </para>
- </sect3>
- </sect2>
- <sect2>
- <title>Copying the Shared Secret to Both Machines</title>
<para>
- This is beyond the scope of DNS. A secure transport mechanism
- should be used. This could be secure FTP, ssh, telephone, etc.
+ Any string which is a valid DNS name can be used as a key name.
+ For example, a key to be shared between servers called
+ <emphasis>host1</emphasis> and <emphasis>host2</emphasis> could
+ be called "host1-host2.", and this key could be generated using:
</para>
- </sect2>
- <sect2>
- <title>Informing the Servers of the Key's Existence</title>
+<programlisting>
+ $ ddns-confgen -q -k host1-host2. > host1-host2.key
+</programlisting>
<para>
- Imagine <emphasis>host1</emphasis> and <emphasis>host 2</emphasis>
- are
- both servers. The following is added to each server's <filename>named.conf</filename> file:
+ This key may then be copied to both hosts. The key name and secret
+ must be identical on both hosts.
+ (Note: copying a shared secret from one server to another is beyond
+ the scope of the DNS. A secure transport mechanism should be used:
+ secure FTP, SSL, ssh, telephone, encrypted email, etc.)
</para>
+ </section>
+ <section><info><title>Loading A New Key</title></info>
+ <para>
+ For a key shared between servers called
+ <emphasis>host1</emphasis> and <emphasis>host2</emphasis>,
+ the following could be added to each server's
+ <filename>named.conf</filename> file:
+ </para>
<programlisting>
-key host1-host2. {
- algorithm hmac-sha256;
- secret "La/E5CjG9O+os1jq0a2jdA==";
+key "host1-host2." {
+ algorithm hmac-sha256;
+ secret "DAopyf1mhCbFVZw7pgmNPBoLUq8wEUT7UuPoLENP2HY=";
};
</programlisting>
-
<para>
- The secret is the one generated above. Since this is a secret, it
- is recommended that either <filename>named.conf</filename> be
- non-world readable, or the key directive be added to a non-world
- readable file that is included by <filename>named.conf</filename>.
+ (This is the same key generated above using
+ <command>ddns-confgen</command>.)
</para>
<para>
- At this point, the key is recognized. This means that if the
- server receives a message signed by this key, it can verify the
- signature. If the signature is successfully verified, the
- response is signed by the same key.
+ Since this text contains a secret, it
+ is recommended that either <filename>named.conf</filename> not be
+ world-readable, or that the <command>key</command> directive
+ be stored in a file which is not world-readable, and which is
+ included in <filename>named.conf</filename> via the
+ <command>include</command> directive.
+ </para>
+ <para>
+ Once a key has been added to <filename>named.conf</filename> and the
+ server has been restarted or reconfigured, the server can recognize
+ the key. If the server receives a message signed by the
+ key, it will be able to verify the signature. If the signature
+ is valid, the response will be signed using the same key.
</para>
- </sect2>
-
- <sect2>
- <title>Instructing the Server to Use the Key</title>
<para>
- Since keys are shared between two hosts only, the server must
- be told when keys are to be used. The following is added to the <filename>named.conf</filename> file
- for <emphasis>host1</emphasis>, if the IP address of <emphasis>host2</emphasis> is
- 10.1.2.3:
+ TSIG keys that are known to a server can be listed using the
+ command <command>rndc tsig-list</command>.
</para>
+ </section>
+ <section><info><title>Instructing the Server to Use a Key</title></info>
+ <para>
+ A server sending a request to another server must be told whether
+ to use a key, and if so, which key to use.
+ </para>
+ <para>
+ For example, a key may be specified for each server in the
+ <command>masters</command> statement in the definition of a
+ slave zone; in this case, all SOA QUERY messages, NOTIFY
+ messages, and zone transfer requests (AXFR or IXFR) will be
+ signed using the specified key. Keys may also be specified
+ in the <command>also-notify</command> statement of a master
+ or slave zone, causing NOTIFY messages to be signed using
+ the specified key.
+ </para>
+ <para>
+ Keys can also be specified in a <command>server</command>
+ directive. Adding the following on <emphasis>host1</emphasis>,
+ if the IP address of <emphasis>host2</emphasis> is 10.1.2.3, would
+ cause <emphasis>all</emphasis> requests from <emphasis>host1</emphasis>
+ to <emphasis>host2</emphasis>, including normal DNS queries, to be
+ signed using the <command>host1-host2.</command> key:
+ </para>
<programlisting>
server 10.1.2.3 {
- keys { host1-host2. ;};
+ keys { host1-host2. ;};
};
</programlisting>
-
<para>
- Multiple keys may be present, but only the first is used.
- This directive does not contain any secrets, so it may be in a
- world-readable
- file.
+ Multiple keys may be present in the <command>keys</command>
+ statement, but only the first one is used. As this directive does
+ not contain secrets, it can be used in a world-readable file.
</para>
<para>
- If <emphasis>host1</emphasis> sends a message that is a request
- to that address, the message will be signed with the specified key. <emphasis>host1</emphasis> will
- expect any responses to signed messages to be signed with the same
- key.
+ Requests sent by <emphasis>host2</emphasis> to <emphasis>host1</emphasis>
+ would <emphasis>not</emphasis> be signed, unless a similar
+ <command>server</command> directive were in <emphasis>host2</emphasis>'s
+ configuration file.
</para>
<para>
- A similar statement must be present in <emphasis>host2</emphasis>'s
- configuration file (with <emphasis>host1</emphasis>'s address) for <emphasis>host2</emphasis> to
- sign request messages to <emphasis>host1</emphasis>.
+ Whenever any server sends a TSIG-signed DNS request, it will expect
+ the response to be signed with the same key. If a response is not
+ signed, or if the signature is not valid, the response will be
+ rejected.
</para>
- </sect2>
- <sect2>
- <title>TSIG Key Based Access Control</title>
+ </section>
+
+ <section><info><title>TSIG-Based Access Control</title></info>
<para>
- <acronym>BIND</acronym> allows IP addresses and ranges
- to be specified in ACL
- definitions and
- <command>allow-{ query | transfer | update }</command>
- directives.
- This has been extended to allow TSIG keys also. The above key would
- be denoted <command>key host1-host2.</command>
+ TSIG keys may be specified in ACL definitions and ACL directives
+ such as <command>allow-query</command>, <command>allow-transfer</command>
+ and <command>allow-update</command>.
+ The above key would be denoted in an ACL element as
+ <command>key host1-host2.</command>
</para>
<para>
- An example of an <command>allow-update</command> directive would be:
+ An example of an <command>allow-update</command> directive using
+ a TSIG key:
</para>
-
<programlisting>
-allow-update { key host1-host2. ;};
+allow-update { !{ !localnets; any; }; key host1-host2. ;};
</programlisting>
-
<para>
- This allows dynamic updates to succeed only if the request
- was signed by a key named "<command>host1-host2.</command>".
+ This allows dynamic updates to succeed only if the UPDATE
+ request comes from an address in <command>localnets</command>,
+ <emphasis>and</emphasis> if it is signed using the
+ <command>host1-host2.</command> key.
</para>
-
<para>
See <xref linkend="dynamic_update_policies"/> for a discussion of
the more flexible <command>update-policy</command> statement.
</para>
+ </section>
- </sect2>
- <sect2>
- <title>Errors</title>
-
+ <section><info><title>Errors</title></info>
<para>
- The processing of TSIG signed messages can result in
- several errors. If a signed message is sent to a non-TSIG aware
- server, a FORMERR (format error) will be returned, since the server will not
- understand the record. This is a result of misconfiguration,
- since the server must be explicitly configured to send a TSIG
- signed message to a specific server.
+ Processing of TSIG-signed messages can result in several errors:
+ <itemizedlist>
+ <listitem>
+ If a TSIG-aware server receives a message signed by an
+ unknown key, the response will be unsigned, with the TSIG
+ extended error code set to BADKEY.
+ </listitem>
+ <listitem>
+ If a TSIG-aware server receives a message from a known key
+ but with an invalid signature, the response will be unsigned,
+ with the TSIG extended error code set to BADSIG.
+ </listitem>
+ <listitem>
+ If a TSIG-aware server receives a message with a time
+ outside of the allowed range, the response will be signed, with
+ the TSIG extended error code set to BADTIME, and the time values
+ will be adjusted so that the response can be successfully
+ verified.
+ </listitem>
+ </itemizedlist>
+ In all of the above cases, the server will return a response code
+ of NOTAUTH (not authenticated).
</para>
+ </section>
+ </section>
- <para>
- If a TSIG aware server receives a message signed by an
- unknown key, the response will be unsigned with the TSIG
- extended error code set to BADKEY. If a TSIG aware server
- receives a message with a signature that does not validate, the
- response will be unsigned with the TSIG extended error code set
- to BADSIG. If a TSIG aware server receives a message with a time
- outside of the allowed range, the response will be signed with
- the TSIG extended error code set to BADTIME, and the time values
- will be adjusted so that the response can be successfully
- verified. In any of these cases, the message's rcode (response code) is set to
- NOTAUTH (not authenticated).
- </para>
+ <section xml:id="tkey"><info><title>TKEY</title></info>
- </sect2>
- </sect1>
- <sect1>
- <title>TKEY</title>
-
- <para><command>TKEY</command>
- is a mechanism for automatically generating a shared secret
- between two hosts. There are several "modes" of
- <command>TKEY</command> that specify how the key is generated
- or assigned. <acronym>BIND</acronym> 9 implements only one of
- these modes, the Diffie-Hellman key exchange. Both hosts are
- required to have a Diffie-Hellman KEY record (although this
- record is not required to be present in a zone). The
- <command>TKEY</command> process must use signed messages,
- signed either by TSIG or SIG(0). The result of
- <command>TKEY</command> is a shared secret that can be used to
- sign messages with TSIG. <command>TKEY</command> can also be
- used to delete shared secrets that it had previously
- generated.
+ <para>
+ TKEY (Transaction KEY) is a mechanism for automatically negotiating
+ a shared secret between two hosts, originally specified in RFC 2930.
</para>
-
<para>
- The <command>TKEY</command> process is initiated by a
- client
- or server by sending a signed <command>TKEY</command>
- query
- (including any appropriate KEYs) to a TKEY-aware server. The
- server response, if it indicates success, will contain a
- <command>TKEY</command> record and any appropriate keys.
- After
- this exchange, both participants have enough information to
- determine the shared secret; the exact process depends on the
- <command>TKEY</command> mode. When using the
- Diffie-Hellman
- <command>TKEY</command> mode, Diffie-Hellman keys are
- exchanged,
- and the shared secret is derived by both participants.
+ There are several TKEY "modes" that specify how a key is to be
+ generated or assigned. <acronym>BIND</acronym> 9 implements only
+ one of these modes: Diffie-Hellman key exchange. Both hosts are
+ required to have a KEY record with algorithm DH (though this
+ record is not required to be present in a zone).
+ </para>
+ <para>
+ The TKEY process is initiated by a client or server by sending
+ a query of type TKEY to a TKEY-aware server. The query must include
+ an appropriate KEY record in the additional section, and
+ must be signed using either TSIG or SIG(0) with a previously
+ established key. The server's response, if successful, will
+ contain a TKEY record in its answer section. After this transaction,
+ both participants will have enough information to calculate a
+ shared secret using Diffie-Hellman key exchange. The shared secret
+ can then be used by to sign subsequent transactions between the
+ two servers.
+ </para>
+ <para>
+ TSIG keys known by the server, including TKEY-negotiated keys, can
+ be listed using <command>rndc tsig-list</command>.
+ </para>
+ <para>
+ TKEY-negotiated keys can be deleted from a server using
+ <command>rndc tsig-delete</command>. This can also be done via
+ the TKEY protocol itself, by sending an authenticated TKEY query
+ specifying the "key deletion" mode.
</para>
- </sect1>
- <sect1>
- <title>SIG(0)</title>
+ </section>
+ <section xml:id="sig0"><info><title>SIG(0)</title></info>
<para>
- <acronym>BIND</acronym> 9 partially supports DNSSEC SIG(0)
- transaction signatures as specified in RFC 2535 and RFC 2931.
- SIG(0)
- uses public/private keys to authenticate messages. Access control
+ <acronym>BIND</acronym> partially supports DNSSEC SIG(0)
+ transaction signatures as specified in RFC 2535 and RFC 2931.
+ SIG(0) uses public/private keys to authenticate messages. Access control
is performed in the same manner as TSIG keys; privileges can be
- granted or denied based on the key name.
+ granted or denied in ACL directives based on the key name.
</para>
-
<para>
When a SIG(0) signed message is received, it will only be
- verified if the key is known and trusted by the server; the server
- will not attempt to locate and/or validate the key.
+ verified if the key is known and trusted by the server. The
+ server will not attempt to recursively fetch or validate the
+ key.
</para>
-
<para>
- SIG(0) signing of multiple-message TCP streams is not
- supported.
+ SIG(0) signing of multiple-message TCP streams is not supported.
</para>
-
<para>
The only tool shipped with <acronym>BIND</acronym> 9 that
generates SIG(0) signed messages is <command>nsupdate</command>.
</para>
+ </section>
- </sect1>
- <sect1 id="DNSSEC">
- <title>DNSSEC</title>
-
+ <section xml:id="DNSSEC"><info><title>DNSSEC</title></info>
<para>
Cryptographic authentication of DNS information is possible
through the DNS Security (<emphasis>DNSSEC-bis</emphasis>) extensions,
@@ -2107,8 +2078,7 @@ allow-update { key host1-host2. ;};
zone key of another zone above this one in the DNS tree.
</para>
- <sect2>
- <title>Generating Keys</title>
+ <section xml:id="dnssec_keys"><info><title>Generating Keys</title></info>
<para>
The <command>dnssec-keygen</command> program is used to
@@ -2170,9 +2140,8 @@ allow-update { key host1-host2. ;};
<command>$INCLUDE</command> statements.
</para>
- </sect2>
- <sect2>
- <title>Signing the Zone</title>
+ </section>
+ <section xml:id="dnssec_signing"><info><title>Signing the Zone</title></info>
<para>
The <command>dnssec-signzone</command> program is used
@@ -2218,10 +2187,9 @@ allow-update { key host1-host2. ;};
secure entry point to the zone.
</para>
- </sect2>
+ </section>
- <sect2>
- <title>Configuring Servers</title>
+ <section xml:id="dnssec_config"><info><title>Configuring Servers</title></info>
<para>
To enable <command>named</command> to respond appropriately
@@ -2343,10 +2311,10 @@ options {
};
</programlisting>
- <note>
+ <note><simpara>
None of the keys listed in this example are valid. In particular,
the root key is not valid.
- </note>
+ </simpara></note>
<para>
When DNSSEC validation is enabled and properly configured,
@@ -2383,19 +2351,17 @@ options {
This referred to the zone, not the response.)
</para>
</note>
- </sect2>
-
- </sect1>
+ </section>
- <xi:include href="dnssec.xml"/>
+ </section>
- <xi:include href="managed-keys.xml"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="dnssec.xml"/>
- <xi:include href="pkcs11.xml"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="managed-keys.xml"/>
- <sect1>
- <title>IPv6 Support in <acronym>BIND</acronym> 9</title>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pkcs11.xml"/>
+ <section xml:id="ipv6"><info><title>IPv6 Support in <acronym>BIND</acronym> 9</title></info>
<para>
<acronym>BIND</acronym> 9 fully supports all currently
defined forms of IPv6 name to address and address to name
@@ -2435,8 +2401,7 @@ options {
see <xref linkend="ipv6addresses"/>.
</para>
- <sect2>
- <title>Address Lookups Using AAAA Records</title>
+ <section><info><title>Address Lookups Using AAAA Records</title></info>
<para>
The IPv6 AAAA record is a parallel to the IPv4 A record,
@@ -2455,9 +2420,8 @@ host 3600 IN AAAA 2001:db8::1
a AAAA, with <literal>::ffff:192.168.42.1</literal> as
the address.
</para>
- </sect2>
- <sect2>
- <title>Address to Name Lookups Using Nibble Format</title>
+ </section>
+ <section><info><title>Address to Name Lookups Using Nibble Format</title></info>
<para>
When looking up an address in nibble format, the address
@@ -2475,14 +2439,14 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
host.example.com. )
</programlisting>
- </sect2>
- </sect1>
+ </section>
+ </section>
</chapter>
- <chapter id="Bv9ARM.ch05">
- <title>The <acronym>BIND</acronym> 9 Lightweight Resolver</title>
- <sect1>
- <title>The Lightweight Resolver Library</title>
+ <chapter xml:id="Bv9ARM.ch05"><info><title>The <acronym>BIND</acronym> 9 Lightweight Resolver</title></info>
+
+ <section xml:id="lightweight_resolver"><info><title>The Lightweight Resolver Library</title></info>
+
<para>
Traditionally applications have been linked with a stub resolver
library that sends recursive DNS queries to a local caching name
@@ -2503,9 +2467,8 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
a simple UDP-based protocol, the "lightweight resolver protocol"
that is distinct from and simpler than the full DNS protocol.
</para>
- </sect1>
- <sect1 id="lwresd">
- <title>Running a Resolver Daemon</title>
+ </section>
+ <section xml:id="lwresd"><info><title>Running a Resolver Daemon</title></info>
<para>
To use the lightweight resolver interface, the system must
@@ -2555,11 +2518,10 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
<command>lwres</command> statement in <filename>named.conf</filename>.
</para>
- </sect1>
+ </section>
</chapter>
- <chapter id="Bv9ARM.ch06">
- <title><acronym>BIND</acronym> 9 Configuration Reference</title>
+ <chapter xml:id="Bv9ARM.ch06"><info><title><acronym>BIND</acronym> 9 Configuration Reference</title></info>
<para>
<acronym>BIND</acronym> 9 configuration is broadly similar
@@ -2578,8 +2540,8 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
using the shell script
<filename>contrib/named-bootconf/named-bootconf.sh</filename>.
</para>
- <sect1 id="configuration_file_elements">
- <title>Configuration File Elements</title>
+ <section xml:id="configuration_file_elements"><info><title>Configuration File Elements</title></info>
+
<para>
Following is a list of elements used throughout the <acronym>BIND</acronym> configuration
file documentation:
@@ -2943,10 +2905,9 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
</tbody>
</tgroup>
</informaltable>
- <sect2 id="address_match_lists">
- <title>Address Match Lists</title>
- <sect3>
- <title>Syntax</title>
+ <section xml:id="address_match_lists"><info><title>Address Match Lists</title></info>
+
+ <section><info><title>Syntax</title></info>
<programlisting><varname>address_match_list</varname> = address_match_list_element ;
<optional> address_match_list_element; ... </optional>
@@ -2954,9 +2915,9 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
key key_id | acl_name | { address_match_list } )
</programlisting>
- </sect3>
- <sect3>
- <title>Definition and Usage</title>
+ </section>
+ <section><info><title>Definition and Usage</title></info>
+
<para>
Address match lists are primarily used to determine access
control for various server operations. They are also used in
@@ -3052,11 +3013,10 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
that problem by having 1.2.3.13 blocked by the negation, but
all other 1.2.3.* hosts fall through.
</para>
- </sect3>
- </sect2>
+ </section>
+ </section>
- <sect2>
- <title>Comment Syntax</title>
+ <section xml:id="comment_syntax"><info><title>Comment Syntax</title></info>
<para>
The <acronym>BIND</acronym> 9 comment syntax allows for
@@ -3066,8 +3026,7 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
in the C, C++, or shell/perl style.
</para>
- <sect3>
- <title>Syntax</title>
+ <section><info><title>Syntax</title></info>
<para>
<programlisting>/* This is a <acronym>BIND</acronym> comment as in C */</programlisting>
@@ -3075,9 +3034,9 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
<programlisting># This is a <acronym>BIND</acronym> comment as in common UNIX shells
# and perl</programlisting>
</para>
- </sect3>
- <sect3>
- <title>Definition and Usage</title>
+ </section>
+ <section><info><title>Definition and Usage</title></info>
+
<para>
Comments may appear anywhere that whitespace may appear in
a <acronym>BIND</acronym> configuration file.
@@ -3142,12 +3101,11 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
statement.
</para>
</warning>
- </sect3>
- </sect2>
- </sect1>
+ </section>
+ </section>
+ </section>
- <sect1 id="Configuration_File_Grammar">
- <title>Configuration File Grammar</title>
+ <section xml:id="Configuration_File_Grammar"><info><title>Configuration File Grammar</title></info>
<para>
A <acronym>BIND</acronym> 9 configuration consists of
@@ -3330,18 +3288,16 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
configuration.
</para>
- <sect2>
- <title><command>acl</command> Statement Grammar</title>
+ <section xml:id="acl_grammar"><info><title><command>acl</command> Statement Grammar</title></info>
<programlisting><command>acl</command> acl-name {
address_match_list
};
</programlisting>
- </sect2>
- <sect2 id="acl">
- <title><command>acl</command> Statement Definition and
- Usage</title>
+ </section>
+ <section xml:id="acl"><info><title><command>acl</command> Statement Definition and
+ Usage</title></info>
<para>
The <command>acl</command> statement assigns a symbolic
@@ -3415,9 +3371,8 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
</tgroup>
</informaltable>
- </sect2>
- <sect2>
- <title><command>controls</command> Statement Grammar</title>
+ </section>
+ <section xml:id="controls_grammar"><info><title><command>controls</command> Statement Grammar</title></info>
<programlisting><command>controls</command> {
[ inet ( ip_addr | * ) [ port ip_port ]
@@ -3430,11 +3385,10 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
};
</programlisting>
- </sect2>
+ </section>
- <sect2 id="controls_statement_definition_and_usage">
- <title><command>controls</command> Statement Definition and
- Usage</title>
+ <section xml:id="controls_statement_definition_and_usage"><info><title><command>controls</command> Statement Definition and
+ Usage</title></info>
<para>
The <command>controls</command> statement declares control
@@ -3551,14 +3505,12 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
<command>controls { };</command>.
</para>
- </sect2>
- <sect2>
- <title><command>include</command> Statement Grammar</title>
+ </section>
+ <section xml:id="include_grammar"><info><title><command>include</command> Statement Grammar</title></info>
+
<programlisting><command>include</command> <replaceable>filename</replaceable>;</programlisting>
- </sect2>
- <sect2>
- <title><command>include</command> Statement Definition and
- Usage</title>
+ </section>
+ <section xml:id="include_statement"><info><title><command>include</command> Statement Definition and Usage</title></info>
<para>
The <command>include</command> statement inserts the
@@ -3571,9 +3523,8 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
that are readable only by the name server.
</para>
- </sect2>
- <sect2>
- <title><command>key</command> Statement Grammar</title>
+ </section>
+ <section xml:id="key_grammar"><info><title><command>key</command> Statement Grammar</title></info>
<programlisting><command>key</command> <replaceable>key_id</replaceable> {
algorithm <replaceable>algorithm_id</replaceable>;
@@ -3581,10 +3532,9 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
};
</programlisting>
- </sect2>
+ </section>
- <sect2>
- <title><command>key</command> Statement Definition and Usage</title>
+ <section xml:id="key_statement"><info><title><command>key</command> Statement Definition and Usage</title></info>
<para>
The <command>key</command> statement defines a shared
@@ -3629,9 +3579,8 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
encoded string.
</para>
- </sect2>
- <sect2>
- <title><command>logging</command> Statement Grammar</title>
+ </section>
+ <section xml:id="logging_grammar"><info><title><command>logging</command> Statement Grammar</title></info>
<programlisting><command>logging</command> {
[ <command>channel</command> <replaceable>channel_name</replaceable> {
@@ -3654,11 +3603,9 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
};
</programlisting>
- </sect2>
+ </section>
- <sect2>
- <title><command>logging</command> Statement Definition and
- Usage</title>
+ <section xml:id="logging_statement"><info><title><command>logging</command> Statement Definition and Usage</title></info>
<para>
The <command>logging</command> statement configures a
@@ -3693,8 +3640,7 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
was specified.
</para>
- <sect3>
- <title>The <command>channel</command> Phrase</title>
+ <section xml:id="channel"><info><title>The <command>channel</command> Phrase</title></info>
<para>
All log output goes to one or more <emphasis>channels</emphasis>;
@@ -3950,10 +3896,9 @@ channel null {
the default logging by pointing categories at channels you have
defined.
</para>
- </sect3>
+ </section>
- <sect3 id="the_category_phrase">
- <title>The <command>category</command> Phrase</title>
+ <section xml:id="the_category_phrase"><info><title>The <command>category</command> Phrase</title></info>
<para>
There are many categories, so you can send the logs you want
@@ -3997,358 +3942,10 @@ category notify { null; };
of the types of log information they contain. More
categories may be added in future <acronym>BIND</acronym> releases.
</para>
- <informaltable colsep="0" rowsep="0">
- <tgroup cols="2" colsep="0" rowsep="0" tgroupstyle="4Level-table">
- <colspec colname="1" colnum="1" colsep="0" colwidth="1.150in"/>
- <colspec colname="2" colnum="2" colsep="0" colwidth="3.350in"/>
- <tbody>
- <row rowsep="0">
- <entry colname="1">
- <para><command>default</command></para>
- </entry>
- <entry colname="2">
- <para>
- The default category defines the logging
- options for those categories where no specific
- configuration has been
- defined.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>general</command></para>
- </entry>
- <entry colname="2">
- <para>
- The catch-all. Many things still aren't
- classified into categories, and they all end up here.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>database</command></para>
- </entry>
- <entry colname="2">
- <para>
- Messages relating to the databases used
- internally by the name server to store zone and cache
- data.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>security</command></para>
- </entry>
- <entry colname="2">
- <para>
- Approval and denial of requests.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>config</command></para>
- </entry>
- <entry colname="2">
- <para>
- Configuration file parsing and processing.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>resolver</command></para>
- </entry>
- <entry colname="2">
- <para>
- DNS resolution, such as the recursive
- lookups performed on behalf of clients by a caching name
- server.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>xfer-in</command></para>
- </entry>
- <entry colname="2">
- <para>
- Zone transfers the server is receiving.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>xfer-out</command></para>
- </entry>
- <entry colname="2">
- <para>
- Zone transfers the server is sending.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>notify</command></para>
- </entry>
- <entry colname="2">
- <para>
- The NOTIFY protocol.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>client</command></para>
- </entry>
- <entry colname="2">
- <para>
- Processing of client requests.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>unmatched</command></para>
- </entry>
- <entry colname="2">
- <para>
- Messages that <command>named</command> was unable to determine the
- class of or for which there was no matching <command>view</command>.
- A one line summary is also logged to the <command>client</command> category.
- This category is best sent to a file or stderr, by
- default it is sent to
- the <command>null</command> channel.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>network</command></para>
- </entry>
- <entry colname="2">
- <para>
- Network operations.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>update</command></para>
- </entry>
- <entry colname="2">
- <para>
- Dynamic updates.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>update-security</command></para>
- </entry>
- <entry colname="2">
- <para>
- Approval and denial of update requests.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>queries</command></para>
- </entry>
- <entry colname="2">
- <para>
- Specify where queries should be logged to.
- </para>
- <para>
- At startup, specifying the category <command>queries</command> will also
- enable query logging unless <command>querylog</command> option has been
- specified.
- </para>
-
- <para>
- The query log entry reports the client's IP
- address and port number, and the query name,
- class and type. Next it reports whether the
- Recursion Desired flag was set (+ if set, -
- if not set), if the query was signed (S),
- EDNS was in use (E), if TCP was used (T), if
- DO (DNSSEC Ok) was set (D), or if CD (Checking
- Disabled) was set (C). After this the
- destination address the query was sent to is
- reported.
- </para>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="logging-categories.xml"/>
+ </section>
+ <section xml:id="query_errors"><info><title>The <command>query-errors</command> Category</title></info>
- <para>
- <computeroutput>client 127.0.0.1#62536 (www.example.com): query: www.example.com IN AAAA +SE</computeroutput>
- </para>
- <para>
- <computeroutput>client ::1#62537 (www.example.net): query: www.example.net IN AAAA -SE</computeroutput>
- </para>
- <para>
- (The first part of this log message, showing the
- client address/port number and query name, is
- repeated in all subsequent log messages related
- to the same query.)
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>query-errors</command></para>
- </entry>
- <entry colname="2">
- <para>
- Information about queries that resulted in some
- failure.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>dispatch</command></para>
- </entry>
- <entry colname="2">
- <para>
- Dispatching of incoming packets to the
- server modules where they are to be processed.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>dnssec</command></para>
- </entry>
- <entry colname="2">
- <para>
- DNSSEC and TSIG protocol processing.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>lame-servers</command></para>
- </entry>
- <entry colname="2">
- <para>
- Lame servers. These are misconfigurations
- in remote servers, discovered by BIND 9 when trying to
- query those servers during resolution.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>delegation-only</command></para>
- </entry>
- <entry colname="2">
- <para>
- Delegation only. Logs queries that have been
- forced to NXDOMAIN as the result of a
- delegation-only zone or a
- <command>delegation-only</command> in a
- forward, hint or stub zone declaration.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>edns-disabled</command></para>
- </entry>
- <entry colname="2">
- <para>
- Log queries that have been forced to use plain
- DNS due to timeouts. This is often due to
- the remote servers not being RFC 1034 compliant
- (not always returning FORMERR or similar to
- EDNS queries and other extensions to the DNS
- when they are not understood). In other words, this is
- targeted at servers that fail to respond to
- DNS queries that they don't understand.
- </para>
- <para>
- Note: the log message can also be due to
- packet loss. Before reporting servers for
- non-RFC 1034 compliance they should be re-tested
- to determine the nature of the non-compliance.
- This testing should prevent or reduce the
- number of false-positive reports.
- </para>
- <para>
- Note: eventually <command>named</command> will have to stop
- treating such timeouts as due to RFC 1034 non
- compliance and start treating it as plain
- packet loss. Falsely classifying packet
- loss as due to RFC 1034 non compliance impacts
- on DNSSEC validation which requires EDNS for
- the DNSSEC records to be returned.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>RPZ</command></para>
- </entry>
- <entry colname="2">
- <para>
- Information about errors in response policy zone files,
- rewritten responses, and at the highest
- <command>debug</command> levels, mere rewriting
- attempts.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>rate-limit</command></para>
- </entry>
- <entry colname="2">
- <para>
- (Only available when <acronym>BIND</acronym> 9 is
- configured with the <userinput>--enable-rrl</userinput>
- option at compile time.)
- </para>
- <para>
- The start, periodic, and final notices of the
- rate limiting of a stream of responses are logged at
- <command>info</command> severity in this category.
- These messages include a hash value of the domain name
- of the response and the name itself,
- except when there is insufficient memory to record
- the name for the final notice
- The final notice is normally delayed until about one
- minute after rate limit stops.
- A lack of memory can hurry the final notice,
- in which case it starts with an asterisk (*).
- Various internal events are logged at debug 1 level
- and higher.
- </para>
- <para>
- Rate limiting of individual requests
- is logged in the <command>query-errors</command> category.
- </para>
- </entry>
- </row>
- <row rowsep="0">
- <entry colname="1">
- <para><command>cname</command></para>
- </entry>
- <entry colname="2">
- <para>
- Logs nameservers that are skipped due to them being
- a CNAME rather than A / AAAA records.
- </para>
- </entry>
- </row>
- </tbody>
- </tgroup>
- </informaltable>
- </sect3>
- <sect3>
- <title>The <command>query-errors</command> Category</title>
<para>
The <command>query-errors</command> category is
specifically intended for debugging purposes: To identify
@@ -4572,11 +4169,10 @@ badresp:1,adberr:0,findfail:0,valfail:0]
This is because any unexpected results can be difficult to
debug in the recursion case.
</para>
- </sect3>
- </sect2>
+ </section>
+ </section>
- <sect2>
- <title><command>lwres</command> Statement Grammar</title>
+ <section xml:id="lwres_grammar"><info><title><command>lwres</command> Statement Grammar</title></info>
<para>
This is the grammar of the <command>lwres</command>
@@ -4592,9 +4188,8 @@ badresp:1,adberr:0,findfail:0,valfail:0]
};
</programlisting>
- </sect2>
- <sect2>
- <title><command>lwres</command> Statement Definition and Usage</title>
+ </section>
+ <section xml:id="lwres_statement"><info><title><command>lwres</command> Statement Definition and Usage</title></info>
<para>
The <command>lwres</command> statement configures the
@@ -4647,29 +4242,27 @@ badresp:1,adberr:0,findfail:0,valfail:0]
number of dots in a relative domain name that should result in an
exact match lookup before search path elements are appended.
</para>
- </sect2>
- <sect2>
- <title><command>masters</command> Statement Grammar</title>
+ </section>
+ <section xml:id="masters_grammar"><info><title><command>masters</command> Statement Grammar</title></info>
<programlisting>
<command>masters</command> <replaceable>name</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> { ( <replaceable>masters_list</replaceable> |
<replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> <optional>key <replaceable>key</replaceable></optional> ) ; <optional>...</optional> };
</programlisting>
- </sect2>
+ </section>
+
+ <section xml:id="masters_statement"><info><title><command>masters</command> Statement Definition and
+ Usage</title></info>
- <sect2>
- <title><command>masters</command> Statement Definition and
- Usage</title>
<para><command>masters</command>
lists allow for a common set of masters to be easily used by
multiple stub and slave zones in their <command>masters</command>
or <command>also-notify</command> lists.
</para>
- </sect2>
+ </section>
- <sect2>
- <title><command>options</command> Statement Grammar</title>
+ <section xml:id="options_grammar"><info><title><command>options</command> Statement Grammar</title></info>
<para>
This is the grammar of the <command>options</command>
@@ -4720,6 +4313,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
<optional> use-id-pool <replaceable>yes_or_no</replaceable>; </optional>
<optional> maintain-ixfr-base <replaceable>yes_or_no</replaceable>; </optional>
<optional> ixfr-from-differences (<replaceable>yes_or_no</replaceable> | <constant>master</constant> | <constant>slave</constant>); </optional>
+ <optional> auto-dnssec <constant>allow</constant>|<constant>maintain</constant>|<constant>off</constant>; </optional>
<optional> dnssec-enable <replaceable>yes_or_no</replaceable>; </optional>
<optional> dnssec-validation (<replaceable>yes_or_no</replaceable> | <constant>auto</constant>); </optional>
<optional> dnssec-lookaside ( <replaceable>auto</replaceable> |
@@ -4791,7 +4385,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
<optional> max-clients-per-query <replaceable>number</replaceable> ; </optional>
<optional> fetches-per-server <replaceable>number</replaceable> <optional><replaceable>(drop | fail)</replaceable></optional>; </optional>
<optional> fetch-quota-params <replaceable>number fixedpoint fixedpoint fixedpoint</replaceable> ; </optional>
- <optional> fetches-per-zone<replaceable>number</replaceable> <optional><replaceable>(drop | fail)</replaceable></optional>; </optional>
+ <optional> fetches-per-zone <replaceable>number</replaceable> <optional><replaceable>(drop | fail)</replaceable></optional>; </optional>
<optional> serial-query-rate <replaceable>number</replaceable>; </optional>
<optional> serial-queries <replaceable>number</replaceable>; </optional>
<optional> tcp-listen-queue <replaceable>number</replaceable>; </optional>
@@ -4809,9 +4403,9 @@ badresp:1,adberr:0,findfail:0,valfail:0]
<optional> notify-source (<replaceable>ip4_addr</replaceable> | <constant>*</constant>) <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
<optional> notify-source-v6 (<replaceable>ip6_addr</replaceable> | <constant>*</constant>) <optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
<optional> notify-to-soa <replaceable>yes_or_no</replaceable> ; </optional>
- <optional> also-notify { <replaceable>ip_addr</replaceable>
- <optional>port <replaceable>ip_port</replaceable></optional> <optional>key <replaceable>keyname</replaceable></optional> ;
- <optional> <replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> <optional>key <replaceable>keyname</replaceable></optional> ; ... </optional> }; </optional>
+ <optional> also-notify <optional>port <replaceable>ip_port</replaceable></optional> { ( <replaceable>masters_list</replaceable> | <replaceable>ip_addr</replaceable>
+ <optional>port <replaceable>ip_port</replaceable></optional>
+ <optional>key <replaceable>key</replaceable></optional> ) ; <optional>...</optional> }; </optional>
<optional> max-ixfr-log-size <replaceable>number</replaceable>; </optional>
<optional> max-journal-size <replaceable>size_spec</replaceable>; </optional>
<optional> coresize <replaceable>size_spec</replaceable> ; </optional>
@@ -4828,6 +4422,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
<optional> lame-ttl <replaceable>number</replaceable>; </optional>
<optional> max-ncache-ttl <replaceable>number</replaceable>; </optional>
<optional> max-cache-ttl <replaceable>number</replaceable>; </optional>
+ <optional> serial-update-method <constant>increment</constant>|<constant>unixtime</constant>|<constant>date</constant>; </optional>
<optional> sig-validity-interval <replaceable>number</replaceable> <optional><replaceable>number</replaceable></optional> ; </optional>
<optional> sig-signing-nodes <replaceable>number</replaceable> ; </optional>
<optional> sig-signing-signatures <replaceable>number</replaceable> ; </optional>
@@ -4853,7 +4448,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
<optional> clients { <replaceable>address_match_list</replaceable> }; </optional>
<optional> mapped { <replaceable>address_match_list</replaceable> }; </optional>
<optional> exclude { <replaceable>address_match_list</replaceable> }; </optional>
- <optional> suffix IPv6-address; </optional>
+ <optional> suffix <replaceable>IPv6-address</replaceable>; </optional>
<optional> recursive-only <replaceable>yes_or_no</replaceable>; </optional>
<optional> break-dnssec <replaceable>yes_or_no</replaceable>; </optional>
}; </optional>;
@@ -4912,11 +4507,10 @@ badresp:1,adberr:0,findfail:0,valfail:0]
};
</programlisting>
- </sect2>
+ </section>
- <sect2 id="options">
- <title><command>options</command> Statement Definition and
- Usage</title>
+ <section xml:id="options"><info><title><command>options</command> Statement Definition and
+ Usage</title></info>
<para>
The <command>options</command> statement sets up global
@@ -5209,7 +4803,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
The PID file is used by programs that want to send signals to
the running
name server. Specifying <command>pid-file none</command> disables the
- use of a PID file &mdash; no file will be written and any
+ use of a PID file — no file will be written and any
existing one will be removed. Note that <command>none</command>
is a keyword, not a filename, and therefore is not enclosed
in
@@ -5356,12 +4950,14 @@ badresp:1,adberr:0,findfail:0,valfail:0]
If specified, the listed type (A or AAAA) will be emitted
before other glue
in the additional section of a query response.
- The default is not to prefer any type (NONE).
+ The default is to prefer A records when responding
+ to queries that arrived via IPv4 and AAAA when
+ responding to queries that arrived via IPv6.
</para>
</listitem>
</varlistentry>
- <varlistentry id="root_delegation_only">
+ <varlistentry xml:id="root_delegation_only">
<term><command>root-delegation-only</command></term>
<listitem>
<para>
@@ -5459,8 +5055,7 @@ options {
installed along with <acronym>BIND</acronym> 9, and is
current as of the release date. If the DLV key expires, a
new copy of <filename>bind.keys</filename> can be downloaded
- from <ulink url="https://www.isc.org/solutions/dlv/"
- >https://www.isc.org/solutions/dlv/</ulink>.
+ from <link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://www.isc.org/solutions/dlv/">https://www.isc.org/solutions/dlv/</link>.
</para>
<para>
(To prevent problems if <filename>bind.keys</filename> is
@@ -5581,6 +5176,26 @@ options {
</varlistentry>
<varlistentry>
+ <term><command>dnssec-loadkeys-interval</command></term>
+ <listitem>
+ <para>
+ When a zone is configured with <command>auto-dnssec
+ maintain;</command> its key repository must be checked
+ periodically to see if any new keys have been added
+ or any existing keys' timing metadata has been updated
+ (see <xref linkend="man.dnssec-keygen"/> and
+ <xref linkend="man.dnssec-settime"/>). The
+ <command>dnssec-loadkeys-interval</command> option
+ sets the frequency of automatic repository checks, in
+ minutes. The default is <literal>60</literal> (1 hour),
+ the minimum is <literal>1</literal> (1 minute), and the
+ maximum is <literal>1440</literal> (24 hours); any higher
+ value is silently reduced.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term><command>dnssec-update-mode</command></term>
<listitem>
<para>
@@ -5615,6 +5230,31 @@ options {
</varlistentry>
<varlistentry>
+ <term><command>serial-update-method</command></term>
+ <listitem>
+ <para>
+ Zones configured for dynamic DNS may use this
+ option to set the update method that will be used for
+ the zone serial number in the SOA record.
+ </para>
+ <para>
+ With the default setting of
+ <command>serial-update-method increment;</command>, the
+ SOA serial number will be incremented by one each time
+ the zone is updated.
+ </para>
+ <para>
+ When set to
+ <command>serial-update-method unixtime;</command>, the
+ SOA serial number will be set to the number of seconds
+ since the UNIX epoch, unless the serial number is
+ already greater than or equal to that value, in which
+ case it is simply incremented by one.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term><command>zone-statistics</command></term>
<listitem>
<para>
@@ -5649,8 +5289,7 @@ options {
</varlistentry>
</variablelist>
- <sect3 id="boolean_options">
- <title>Boolean Options</title>
+ <section xml:id="boolean_options"><info><title>Boolean Options</title></info>
<variablelist>
@@ -6110,7 +5749,6 @@ options {
queries.
Caching may still occur as an effect the server's internal
operation, such as NOTIFY address lookups.
- See also <command>fetch-glue</command> above.
</para>
</listitem>
</varlistentry>
@@ -6430,6 +6068,49 @@ options {
</varlistentry>
<varlistentry>
+ <term><command>auto-dnssec</command></term>
+ <listitem>
+ <para>
+ Zones configured for dynamic DNS may use this
+ option to allow varying levels of automatic DNSSEC key
+ management. There are three possible settings:
+ </para>
+ <para>
+ <command>auto-dnssec allow;</command> permits
+ keys to be updated and the zone fully re-signed
+ whenever the user issues the command <command>rndc sign
+ <replaceable>zonename</replaceable></command>.
+ </para>
+ <para>
+ <command>auto-dnssec maintain;</command> includes the
+ above, but also automatically adjusts the zone's DNSSEC
+ keys on schedule, according to the keys' timing metadata
+ (see <xref linkend="man.dnssec-keygen"/> and
+ <xref linkend="man.dnssec-settime"/>). The command
+ <command>rndc sign
+ <replaceable>zonename</replaceable></command> causes
+ <command>named</command> to load keys from the key
+ repository and sign the zone with all keys that are
+ active.
+ <command>rndc loadkeys
+ <replaceable>zonename</replaceable></command> causes
+ <command>named</command> to load keys from the key
+ repository and schedule key maintenance events to occur
+ in the future, but it does not sign the full zone
+ immediately. Note: once keys have been loaded for a
+ zone the first time, the repository will be searched
+ for changes periodically, regardless of whether
+ <command>rndc loadkeys</command> is used. The recheck
+ interval is defined by
+ <command>dnssec-loadkeys-interval</command>.)
+ </para>
+ <para>
+ The default setting is <command>auto-dnssec off</command>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term><command>dnssec-enable</command></term>
<listitem>
<para>
@@ -6717,26 +6398,6 @@ options {
</varlistentry>
<varlistentry>
- <term><command>dnssec-loadkeys-interval</command></term>
- <listitem>
- <para>
- When a zone is configured with <command>auto-dnssec
- maintain;</command> its key repository must be checked
- periodically to see if any new keys have been added
- or any existing keys' timing metadata has been updated
- (see <xref linkend="man.dnssec-keygen"/> and
- <xref linkend="man.dnssec-settime"/>). The
- <command>dnssec-loadkeys-interval</command> option
- sets the frequency of automatic repository checks, in
- minutes. The default is <literal>60</literal> (1 hour),
- the minimum is <literal>1</literal> (1 minute), and the
- maximum is <literal>1440</literal> (24 hours); any higher
- value is silently reduced.
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
<term><command>try-tcp-refresh</command></term>
<listitem>
<para>
@@ -6777,10 +6438,10 @@ options {
</variablelist>
- </sect3>
+ </section>
+
+ <section xml:id="forwarding"><info><title>Forwarding</title></info>
- <sect3>
- <title>Forwarding</title>
<para>
The forwarding facility can be used to create a large site-wide
cache on a few servers, reducing traffic over links to external
@@ -6800,7 +6461,7 @@ options {
This option is only meaningful if the
forwarders list is not empty. A value of <varname>first</varname>,
the default, causes the server to query the forwarders
- first &mdash; and
+ first — and
if that doesn't answer the question, the server will then
look for
the answer itself. If <varname>only</varname> is
@@ -6831,10 +6492,10 @@ options {
or have a different <command>forward only/first</command> behavior,
or not forward at all, see <xref linkend="zone_statement_grammar"/>.
</para>
- </sect3>
+ </section>
+
+ <section xml:id="dual_stack"><info><title>Dual-stack Servers</title></info>
- <sect3>
- <title>Dual-stack Servers</title>
<para>
Dual-stack servers are used as servers of last resort to work
around
@@ -6860,10 +6521,10 @@ options {
</listitem>
</varlistentry>
</variablelist>
- </sect3>
+ </section>
+
+ <section xml:id="access_control"><info><title>Access Control</title></info>
- <sect3 id="access_control">
- <title>Access Control</title>
<para>
Access to the server can be restricted based on the IP address
@@ -7171,10 +6832,10 @@ options {
</varlistentry>
</variablelist>
- </sect3>
+ </section>
+
+ <section xml:id="interfaces"><info><title>Interfaces</title></info>
- <sect3>
- <title>Interfaces</title>
<para>
The interfaces and ports that the server will answer queries
from may be specified using the <command>listen-on</command> option. <command>listen-on</command> takes
@@ -7267,10 +6928,10 @@ listen-on-v6 port 1234 { !2001:db8::/32; any; };
invoked. If <command>-6</command> is specified then
<command>named</command> will listen on port 53 on all IPv6 interfaces by default.
</para>
- </sect3>
+ </section>
+
+ <section xml:id="query_address"><info><title>Query Address</title></info>
- <sect3 id="query_address">
- <title>Query Address</title>
<para>
If the server doesn't know the answer to a question, it will
query other name servers. <command>query-source</command> specifies
@@ -7420,10 +7081,10 @@ avoid-v6-udp-ports {};
<command>notify-source</command>.
</para>
</note>
- </sect3>
+ </section>
+
+ <section xml:id="zone_transfers"><info><title>Zone Transfers</title></info>
- <sect3 id="zone_transfers">
- <title>Zone Transfers</title>
<para>
<acronym>BIND</acronym> has mechanisms in place to
facilitate zone transfers
@@ -7686,14 +7347,14 @@ avoid-v6-udp-ports {};
<command>use-alt-transfer-source</command> is
set.
</para>
- <note>
+ <note><simpara>
If you do not wish the alternate transfer source
to be used, you should set
<command>use-alt-transfer-source</command>
appropriately and you should not depend upon
getting an answer back to the first refresh
query.
- </note>
+ </simpara></note>
</listitem>
</varlistentry>
@@ -7760,10 +7421,10 @@ avoid-v6-udp-ports {};
</variablelist>
- </sect3>
+ </section>
+
+ <section xml:id="port_lists"><info><title>UDP Port Lists</title></info>
- <sect3>
- <title>UDP Port Lists</title>
<para>
<command>use-v4-udp-ports</command>,
<command>avoid-v4-udp-ports</command>,
@@ -7805,10 +7466,9 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
sense; they are provided for backward compatibility and
to possibly simplify the port specification.
</para>
- </sect3>
+ </section>
- <sect3>
- <title>Operating System Resource Limits</title>
+ <section xml:id="resource_limits"><info><title>Operating System Resource Limits</title></info>
<para>
The server's usage of many system resources can be limited.
@@ -7889,10 +7549,9 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</variablelist>
- </sect3>
+ </section>
- <sect3 id="server_resource_limits">
- <title>Server Resource Limits</title>
+ <section xml:id="server_resource_limits"><info><title>Server Resource Limits</title></info>
<para>
The following options set limits on the server's
@@ -7988,8 +7647,8 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</listitem>
</varlistentry>
- <varlistentry id="clients-per-query">
- <term><command>clients-per-query</command></term>
+ <varlistentry xml:id="clients-per-query">
+ <term xml:id="cpq_term"><command>clients-per-query</command></term>
<term><command>max-clients-per-query</command></term>
<listitem>
<para>These set the
@@ -8023,7 +7682,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</listitem>
</varlistentry>
- <varlistentry id="fetches-per-zone">
+ <varlistentry xml:id="fetches-per-zone">
<term><command>fetches-per-zone</command></term>
<listitem>
<para>
@@ -8081,7 +7740,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</listitem>
</varlistentry>
- <varlistentry id="fetches-per-server">
+ <varlistentry xml:id="fetches-per-server">
<term><command>fetches-per-server</command></term>
<listitem>
<para>
@@ -8234,10 +7893,9 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</variablelist>
- </sect3>
+ </section>
- <sect3>
- <title>Periodic Task Intervals</title>
+ <section xml:id="intervals"><info><title>Periodic Task Intervals</title></info>
<variablelist>
@@ -8312,10 +7970,9 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</variablelist>
- </sect3>
+ </section>
- <sect3 id="topology">
- <title>Topology</title>
+ <section xml:id="topology"><info><title>Topology</title></info>
<para>
All other things being equal, when the server chooses a name
@@ -8360,11 +8017,9 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
is not implemented in <acronym>BIND</acronym> 9.
</simpara>
</note>
- </sect3>
-
- <sect3 id="the_sortlist_statement">
+ </section>
- <title>The <command>sortlist</command> Statement</title>
+ <section xml:id="the_sortlist_statement"><info><title>The <command>sortlist</command> Statement</title></info>
<para>
The response to a DNS query may consist of multiple resource
@@ -8476,9 +8131,9 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
};
</programlisting>
- </sect3>
- <sect3 id="rrset_ordering">
- <title id="rrset_ordering_title">RRset Ordering</title>
+ </section>
+ <section xml:id="rrset_ordering"><info><title xml:id="rrset_ordering_title">RRset Ordering</title></info>
+
<para>
When multiple records are returned in an answer it may be
useful to configure the order of the records placed into the
@@ -8571,7 +8226,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</para>
<para>
If multiple <command>rrset-order</command> statements
- appear, they are not combined &mdash; the last one applies.
+ appear, they are not combined — the last one applies.
</para>
<para>
By default, all records are returned in random order.
@@ -8586,10 +8241,9 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
the "configure" command line.
</simpara>
</note>
- </sect3>
+ </section>
- <sect3 id="tuning">
- <title>Tuning</title>
+ <section xml:id="tuning"><info><title>Tuning</title></info>
<variablelist>
@@ -8670,8 +8324,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
<para>
Specifies the number of days into the future when
DNSSEC signatures automatically generated as a
- result of dynamic updates (<xref
- linkend="dynamic_update"/>) will expire. There
+ result of dynamic updates (<xref linkend="dynamic_update"/>) will expire. There
is an optional second field which specifies how
long before expiry that the signatures will be
regenerated. If not specified, the signatures will
@@ -8869,7 +8522,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</listitem>
</varlistentry>
- <varlistentry id="max-recursion-depth">
+ <varlistentry xml:id="max-recursion-depth">
<term><command>max-recursion-depth</command></term>
<listitem>
<para>
@@ -8885,7 +8538,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</listitem>
</varlistentry>
- <varlistentry id="max-recursion-queries">
+ <varlistentry xml:id="max-recursion-queries">
<term><command>max-recursion-queries</command></term>
<listitem>
<para>
@@ -8927,10 +8580,9 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</varlistentry>
</variablelist>
- </sect3>
+ </section>
- <sect3 id="builtin">
- <title>Built-in server information zones</title>
+ <section xml:id="builtin"><info><title>Built-in server information zones</title></info>
<para>
The server provides some helpful diagnostic information
@@ -9012,10 +8664,10 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</variablelist>
- </sect3>
+ </section>
+
+ <section xml:id="empty"><info><title>Built-in Empty Zones</title></info>
- <sect3 id="empty">
- <title>Built-in Empty Zones</title>
<para>
Named has some built-in empty zones (SOA and NS records only).
These are for zones that should normally be answered locally
@@ -9154,12 +8806,12 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
to be deployed to channel the query load away from the
infrastructure servers.
</para>
- <note>
+ <note><simpara>
The real parent servers for these zones should disable all
empty zone under the parent zone they serve. For the real
root servers, this is all built-in empty zones. This will
enable them to return referrals to deeper in the tree.
- </note>
+ </simpara></note>
<variablelist>
<varlistentry>
<term><command>empty-server</command></term>
@@ -9203,10 +8855,10 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</listitem>
</varlistentry>
</variablelist>
- </sect3>
+ </section>
+
+ <section xml:id="acache"><info><title>Additional Section Caching</title></info>
- <sect3 id="acache">
- <title>Additional Section Caching</title>
<para>
The additional section cache, also called <command>acache</command>,
@@ -9318,10 +8970,10 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</variablelist>
- </sect3>
+ </section>
+
+ <section xml:id="content_filtering"><info><title>Content Filtering</title></info>
- <sect3>
- <title>Content Filtering</title>
<para>
<acronym>BIND</acronym> 9 provides the ability to filter
out DNS responses from external DNS servers containing
@@ -9378,9 +9030,9 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
to get access to an internal node of your local network
that couldn't be externally accessed otherwise.
See the paper available at
- <ulink url="http://portal.acm.org/citation.cfm?id=1315245.1315298">
+ <link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="http://portal.acm.org/citation.cfm?id=1315245.1315298">
http://portal.acm.org/citation.cfm?id=1315245.1315298
- </ulink>
+ </link>
for more details about the attacks.
</para>
@@ -9455,10 +9107,10 @@ deny-answer-aliases { "example.net"; };
Filtering out DNS records containing this address
spuriously can break such applications.
</para>
- </sect3>
+ </section>
+
+ <section xml:id="rpz"><info><title>Response Policy Zone (RPZ) Rewriting</title></info>
- <sect3>
- <title>Response Policy Zone (RPZ) Rewriting</title>
<para>
<acronym>BIND</acronym> 9 includes a limited
mechanism to modify DNS responses for requests
@@ -9723,10 +9375,10 @@ ns.domain.com.rpz-nsdname CNAME .
Responses rewritten by RPZ are counted in the
<command>RPZRewrites</command> statistics.
</para>
- </sect3>
+ </section>
+
+ <section xml:id="rrl"><info><title>Response Rate Limiting</title></info>
- <sect3>
- <title>Response Rate Limiting</title>
<para>
This feature is only available when <acronym>BIND</acronym> 9
is compiled with the <userinput>--enable-rrl</userinput>
@@ -9963,11 +9615,10 @@ ns.domain.com.rpz-nsdname CNAME .
Responses that truncated by rate limits are included in
<command>RateSlipped</command> and <command>RespTruncated</command>.
</para>
- </sect3>
- </sect2>
+ </section>
+ </section>
- <sect2 id="server_statement_grammar">
- <title><command>server</command> Statement Grammar</title>
+ <section xml:id="server_statement_grammar"><info><title><command>server</command> Statement Grammar</title></info>
<programlisting><command>server</command> <replaceable>ip_addr[/prefixlen]</replaceable> {
<optional> bogus <replaceable>yes_or_no</replaceable> ; </optional>
@@ -9994,11 +9645,10 @@ ns.domain.com.rpz-nsdname CNAME .
};
</programlisting>
- </sect2>
+ </section>
- <sect2 id="server_statement_definition_and_usage">
- <title><command>server</command> Statement Definition and
- Usage</title>
+ <section xml:id="server_statement_definition_and_usage"><info><title><command>server</command> Statement Definition and
+ Usage</title></info>
<para>
The <command>server</command> statement defines
@@ -10183,10 +9833,9 @@ ns.domain.com.rpz-nsdname CNAME .
<command>request-nsid</command> set at the view or
option level.
</para>
- </sect2>
+ </section>
- <sect2 id="statschannels">
- <title><command>statistics-channels</command> Statement Grammar</title>
+ <section xml:id="statschannels"><info><title><command>statistics-channels</command> Statement Grammar</title></info>
<programlisting><command>statistics-channels</command> {
[ inet ( ip_addr | * ) [ port ip_port ]
@@ -10194,11 +9843,10 @@ ns.domain.com.rpz-nsdname CNAME .
[ inet ...; ]
};
</programlisting>
- </sect2>
+ </section>
- <sect2>
- <title><command>statistics-channels</command> Statement Definition and
- Usage</title>
+ <section xml:id="statistics_channels"><info><title><command>statistics-channels</command> Statement Definition and
+ Usage</title></info>
<para>
The <command>statistics-channels</command> statement
@@ -10255,10 +9903,8 @@ ns.domain.com.rpz-nsdname CNAME .
<para>
If the statistics channel is configured to listen on 127.0.0.1
port 8888, then the statistics are accessible in XML format at
- <ulink url="http://127.0.0.1:8888/"
- >http://127.0.0.1:8888/</ulink> or
- <ulink url="http://127.0.0.1:8888/xml"
- >http://127.0.0.1:8888/xml</ulink>. A CSS file is
+ <link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="http://127.0.0.1:8888/">http://127.0.0.1:8888/</link> or
+ <link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="http://127.0.0.1:8888/xml">http://127.0.0.1:8888/xml</link>. A CSS file is
included which can format the XML statistics into tables
when viewed with a stylesheet-capable browser. When
<acronym>BIND</acronym> 9 is configured with --enable-newstats,
@@ -10272,19 +9918,16 @@ ns.domain.com.rpz-nsdname CNAME .
<para>
Applications that depend on a particular XML schema
can request
- <ulink url="http://127.0.0.1:8888/xml/v2"
- >http://127.0.0.1:8888/xml/v2</ulink> for version 2
+ <link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="http://127.0.0.1:8888/xml/v2">http://127.0.0.1:8888/xml/v2</link> for version 2
of the statistics XML schema or
- <ulink url="http://127.0.0.1:8888/xml/v3"
- >http://127.0.0.1:8888/xml/v3</ulink> for version 3.
+ <link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="http://127.0.0.1:8888/xml/v3">http://127.0.0.1:8888/xml/v3</link> for version 3.
If the requested schema is supported by the server, then
it will respond; if not, it will return a "page not found"
error.
</para>
- </sect2>
+ </section>
- <sect2 id="trusted-keys">
- <title><command>trusted-keys</command> Statement Grammar</title>
+ <section xml:id="trusted-keys"><info><title><command>trusted-keys</command> Statement Grammar</title></info>
<programlisting><command>trusted-keys</command> {
<replaceable>string</replaceable> <replaceable>number</replaceable> <replaceable>number</replaceable> <replaceable>number</replaceable> <replaceable>string</replaceable> ;
@@ -10292,14 +9935,13 @@ ns.domain.com.rpz-nsdname CNAME .
};
</programlisting>
- </sect2>
- <sect2>
- <title><command>trusted-keys</command> Statement Definition
- and Usage</title>
+ </section>
+ <section xml:id="trusted_keys"><info><title><command>trusted-keys</command> Statement Definition
+ and Usage</title></info>
+
<para>
The <command>trusted-keys</command> statement defines
- DNSSEC security roots. DNSSEC is described in <xref
- linkend="DNSSEC"/>. A security root is defined when the
+ DNSSEC security roots. DNSSEC is described in <xref linkend="DNSSEC"/>. A security root is defined when the
public key for a non-authoritative zone is known, but
cannot be securely obtained through DNS, either because
it is the DNS root zone or because its parent zone is
@@ -10332,10 +9974,9 @@ ns.domain.com.rpz-nsdname CNAME .
level are inherited by all views, but keys defined in a view
are only used within that view.
</para>
- </sect2>
+ </section>
- <sect2>
- <title><command>managed-keys</command> Statement Grammar</title>
+ <section xml:id="managed_keys"><info><title><command>managed-keys</command> Statement Grammar</title></info>
<programlisting><command>managed-keys</command> {
<replaceable>name</replaceable> initial-key <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key-data</replaceable> ;
@@ -10343,10 +9984,10 @@ ns.domain.com.rpz-nsdname CNAME .
};
</programlisting>
- </sect2>
- <sect2 id="managed-keys">
- <title><command>managed-keys</command> Statement Definition
- and Usage</title>
+ </section>
+ <section xml:id="managed-keys"><info><title><command>managed-keys</command> Statement Definition
+ and Usage</title></info>
+
<para>
The <command>managed-keys</command> statement, like
<command>trusted-keys</command>, defines DNSSEC
@@ -10458,10 +10099,9 @@ ns.domain.com.rpz-nsdname CNAME .
maintenance process is built into <command>named</command>,
and can be overridden from <command>bindkeys-file</command>.
</para>
- </sect2>
+ </section>
- <sect2 id="view_statement_grammar">
- <title><command>view</command> Statement Grammar</title>
+ <section xml:id="view_statement_grammar"><info><title><command>view</command> Statement Grammar</title></info>
<programlisting><command>view</command> <replaceable>view_name</replaceable>
<optional><replaceable>class</replaceable></optional> {
@@ -10473,9 +10113,8 @@ ns.domain.com.rpz-nsdname CNAME .
};
</programlisting>
- </sect2>
- <sect2>
- <title><command>view</command> Statement Definition and Usage</title>
+ </section>
+ <section xml:id="view_statement"><info><title><command>view</command> Statement Definition and Usage</title></info>
<para>
The <command>view</command> statement is a powerful
@@ -10511,7 +10150,7 @@ ns.domain.com.rpz-nsdname CNAME .
means that only recursive
requests from matching clients will match that view.
The order of the <command>view</command> statements is
- significant &mdash;
+ significant —
a client request will be resolved in the context of the first
<command>view</command> that it matches.
</para>
@@ -10601,10 +10240,9 @@ view "external" {
};
</programlisting>
- </sect2>
- <sect2 id="zone_statement_grammar">
- <title><command>zone</command>
- Statement Grammar</title>
+ </section>
+ <section xml:id="zone_statement_grammar"><info><title><command>zone</command>
+ Statement Grammar</title></info>
<programlisting><command>zone</command> <replaceable>zone_name</replaceable> <optional><replaceable>class</replaceable></optional> {
type master;
@@ -10616,8 +10254,6 @@ view "external" {
<optional> dnssec-dnskey-kskonly <replaceable>yes_or_no</replaceable>; </optional>
<optional> dnssec-loadkeys-interval <replaceable>number</replaceable>; </optional>
<optional> update-policy <replaceable>local</replaceable> | { <replaceable>update_policy_rule</replaceable> <optional>...</optional> }; </optional>
- <optional> also-notify { <replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> ;
- <optional> <replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> ; ... </optional> }; </optional>
<optional> check-names (<constant>warn</constant>|<constant>fail</constant>|<constant>ignore</constant>) ; </optional>
<optional> check-mx (<constant>warn</constant>|<constant>fail</constant>|<constant>ignore</constant>) ; </optional>
<optional> check-wildcard <replaceable>yes_or_no</replaceable>; </optional>
@@ -10757,7 +10393,7 @@ zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replacea
<optional> alt-transfer-source-v6 (<replaceable>ip6_addr</replaceable> | <constant>*</constant>)
<optional>port <replaceable>ip_port</replaceable></optional> ; </optional>
<optional> use-alt-transfer-source <replaceable>yes_or_no</replaceable>; </optional>
- <optional> zone-statistics <replaceable>yes_or_no</replaceable> ; </optional>
+ <optional> zone-statistics <replaceable>full</replaceable> | <replaceable>terse</replaceable> | <replaceable>none</replaceable>; </optional>
<optional> database <replaceable>string</replaceable> ; </optional>
<optional> min-refresh-time <replaceable>number</replaceable> ; </optional>
<optional> max-refresh-time <replaceable>number</replaceable> ; </optional>
@@ -10771,7 +10407,7 @@ zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replacea
<optional> allow-query { <replaceable>address_match_list</replaceable> }; </optional>
<optional> server-addresses { <optional> <replaceable>ip_addr</replaceable> ; ... </optional> }; </optional>
<optional> server-names { <optional> <replaceable>namelist</replaceable> </optional> }; </optional>
- <optional> zone-statistics <replaceable>yes_or_no</replaceable> ; </optional>
+ <optional> zone-statistics <replaceable>full</replaceable> | <replaceable>terse</replaceable> | <replaceable>none</replaceable>; </optional>
};
zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replaceable></optional> {
@@ -10794,11 +10430,21 @@ zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replacea
</programlisting>
- </sect2>
- <sect2>
- <title><command>zone</command> Statement Definition and Usage</title>
- <sect3>
- <title>Zone Types</title>
+ </section>
+ <section xml:id="zone_statement"><info><title><command>zone</command> Statement Definition and Usage</title></info>
+
+ <section xml:id="zone_types"><info><title>Zone Types</title></info>
+
+ <para>
+ The <command>type</command> keyword is required
+ for the <command>zone</command> configuration. Its
+ acceptable values include: <varname>delegation-only</varname>,
+ <varname>forward</varname>, <varname>hint</varname>,
+ <varname>master</varname>, <varname>redirect</varname>,
+ <varname>slave</varname>, <varname>static-stub</varname>,
+ and <varname>stub</varname>.
+ </para>
+
<informaltable colsep="0" rowsep="0">
<tgroup cols="2" colsep="0" rowsep="0" tgroupstyle="3Level-table">
<!--colspec colname="1" colnum="1" colsep="0" colwidth="1.108in"/-->
@@ -11115,10 +10761,10 @@ zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replacea
</tbody>
</tgroup>
</informaltable>
- </sect3>
+ </section>
+
+ <section xml:id="class"><info><title>Class</title></info>
- <sect3>
- <title>Class</title>
<para>
The zone's name may optionally be followed by a class. If
a class is not specified, class <literal>IN</literal> (for <varname>Internet</varname>),
@@ -11137,10 +10783,9 @@ zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replacea
Another MIT development is Chaosnet, a LAN protocol created
in the mid-1970s. Zone data for it can be specified with the <literal>CHAOS</literal> class.
</para>
- </sect3>
- <sect3>
+ </section>
- <title>Zone Options</title>
+ <section xml:id="zone_options"><info><title>Zone Options</title></info>
<variablelist>
@@ -11328,6 +10973,16 @@ zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replacea
</varlistentry>
<varlistentry>
+ <term><command>dnssec-loadkeys-interval</command></term>
+ <listitem>
+ <para>
+ See the description of
+ <command>dnssec-loadkeys-interval</command> in <xref linkend="options"/>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term><command>dnssec-update-mode</command></term>
<listitem>
<para>
@@ -11573,11 +11228,9 @@ zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replacea
<term><command>zone-statistics</command></term>
<listitem>
<para>
- If <userinput>yes</userinput>, the server will keep
- statistical
- information for this zone, which can be dumped to the
- <command>statistics-file</command> defined in
- the server options.
+ See the description of
+ <command>zone-statistics</command> in
+ <xref linkend="options"/>.
</para>
</listitem>
</varlistentry>
@@ -11811,41 +11464,9 @@ example.com. NS ns2.example.net.
<term><command>auto-dnssec</command></term>
<listitem>
<para>
- Zones configured for dynamic DNS may also use this
- option to allow varying levels of automatic DNSSEC key
- management. There are three possible settings:
- </para>
- <para>
- <command>auto-dnssec allow;</command> permits
- keys to be updated and the zone fully re-signed
- whenever the user issues the command <command>rndc sign
- <replaceable>zonename</replaceable></command>.
- </para>
- <para>
- <command>auto-dnssec maintain;</command> includes the
- above, but also automatically adjusts the zone's DNSSEC
- keys on schedule, according to the keys' timing metadata
- (see <xref linkend="man.dnssec-keygen"/> and
- <xref linkend="man.dnssec-settime"/>). The command
- <command>rndc sign
- <replaceable>zonename</replaceable></command> causes
- <command>named</command> to load keys from the key
- repository and sign the zone with all keys that are
- active.
- <command>rndc loadkeys
- <replaceable>zonename</replaceable></command> causes
- <command>named</command> to load keys from the key
- repository and schedule key maintenance events to occur
- in the future, but it does not sign the full zone
- immediately. Note: once keys have been loaded for a
- zone the first time, the repository will be searched
- for changes periodically, regardless of whether
- <command>rndc loadkeys</command> is used. The recheck
- interval is defined by
- <command>dnssec-loadkeys-interval</command>.)
- </para>
- <para>
- The default setting is <command>auto-dnssec off</command>.
+ See the description of
+ <command>auto-dnssec</command> in
+ <xref linkend="options"/>.
</para>
</listitem>
</varlistentry>
@@ -11854,23 +11475,9 @@ example.com. NS ns2.example.net.
<term><command>serial-update-method</command></term>
<listitem>
<para>
- Zones configured for dynamic DNS may use this
- option to set the update method that will be used for
- the zone serial number in the SOA record.
- </para>
- <para>
- With the default setting of
- <command>serial-update-method increment;</command>, the
- SOA serial number will be incremented by one each time
- the zone is updated.
- </para>
- <para>
- When set to
- <command>serial-update-method unixtime;</command>, the
- SOA serial number will be set to the number of seconds
- since the UNIX epoch, unless the serial number is
- already greater than or equal to that value, in which
- case it is simply incremented by one.
+ See the description of
+ <command>serial-update-method</command> in
+ <xref linkend="options"/>.
</para>
</listitem>
</varlistentry>
@@ -11921,9 +11528,9 @@ example.com. NS ns2.example.net.
</variablelist>
- </sect3>
- <sect3 id="dynamic_update_policies">
- <title>Dynamic Update Policies</title>
+ </section>
+ <section xml:id="dynamic_update_policies"><info><title>Dynamic Update Policies</title></info>
+
<para><acronym>BIND</acronym> 9 supports two alternative
methods of granting clients the right to perform
dynamic updates to a zone, configured by the
@@ -12111,7 +11718,7 @@ example.com. NS ns2.example.net.
The <replaceable>name</replaceable> field
is subject to DNS wildcard expansion, and
this rule matches when the name being updated
- name is a valid expansion of the wildcard.
+ is a valid expansion of the wildcard.
</para>
</entry>
</row>
@@ -12327,13 +11934,13 @@ example.com. NS ns2.example.net.
all records associated with a name, the rules are
checked for each existing record type.
</para>
- </sect3>
- </sect2>
- </sect1>
- <sect1>
- <title>Zone File</title>
- <sect2 id="types_of_resource_records_and_when_to_use_them">
- <title>Types of Resource Records and When to Use Them</title>
+ </section>
+ </section>
+ </section>
+ <section xml:id="zone_file"><info><title>Zone File</title></info>
+
+ <section xml:id="types_of_resource_records_and_when_to_use_them"><info><title>Types of Resource Records and When to Use Them</title></info>
+
<para>
This section, largely borrowed from RFC 1034, describes the
concept of a Resource Record (RR) and explains when each is used.
@@ -12341,8 +11948,7 @@ example.com. NS ns2.example.net.
identified
and implemented in the DNS. These are also included.
</para>
- <sect3>
- <title>Resource Records</title>
+ <section><info><title>Resource Records</title></info>
<para>
A domain name identifies a node. Each node has a set of
@@ -12524,6 +12130,18 @@ example.com. NS ns2.example.net.
<row rowsep="0">
<entry colname="1">
<para>
+ AVC
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Application Visibility and Control record.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
CAA
</para>
</entry>
@@ -12590,6 +12208,19 @@ example.com. NS ns2.example.net.
<row rowsep="0">
<entry colname="1">
<para>
+ CSYNC
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Child-to-Parent Synchronization in DNS as described
+ in RFC 7477.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
DHCID
</para>
</entry>
@@ -12968,6 +12599,18 @@ example.com. NS ns2.example.net.
<row rowsep="0">
<entry colname="1">
<para>
+ NINFO
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Contains zone status information.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
NIMLOC
</para>
</entry>
@@ -13138,6 +12781,18 @@ example.com. NS ns2.example.net.
<row rowsep="0">
<entry colname="1">
<para>
+ RKEY
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Resource key.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
RP
</para>
</entry>
@@ -13194,6 +12849,30 @@ example.com. NS ns2.example.net.
<row rowsep="0">
<entry colname="1">
<para>
+ SINK
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ The kitchen sink record.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ SMIMEA
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ The S/MIME Security Certificate Association.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
SOA
</para>
</entry>
@@ -13246,6 +12925,30 @@ example.com. NS ns2.example.net.
<row rowsep="0">
<entry colname="1">
<para>
+ TA
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Trust Anchor. Experimental.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ TALINK
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Trust Anchor Link. Experimental.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
TLSA
</para>
</entry>
@@ -13445,9 +13148,9 @@ example.com. NS ns2.example.net.
frequently
used as "pointers" to other data in the DNS.
</para>
- </sect3>
- <sect3>
- <title>Textual expression of RRs</title>
+ </section>
+ <section xml:id="rr_text"><info><title>Textual expression of RRs</title></info>
+
<para>
RRs are represented in binary form in the packets of the DNS
protocol, and are usually represented in highly encoded form
@@ -13644,11 +13347,10 @@ example.com. NS ns2.example.net.
This example shows two addresses for
<literal>XX.LCS.MIT.EDU</literal>, each of a different class.
</para>
- </sect3>
- </sect2>
+ </section>
+ </section>
- <sect2>
- <title>Discussion of MX Records</title>
+ <section xml:id="mx_records"><info><title>Discussion of MX Records</title></info>
<para>
As described above, domain servers store information as a
@@ -13669,13 +13371,13 @@ example.com. NS ns2.example.net.
chosen randomly. If no servers at a given priority are responding,
the mail transport agent will fall back to the next largest
priority.
- Priority numbers do not have any absolute meaning &mdash; they are
+ Priority numbers do not have any absolute meaning — they are
relevant
only respective to other MX records for that domain name. The
domain
name given is the machine to which the mail will be delivered.
It <emphasis>must</emphasis> have an associated address record
- (A or AAAA) &mdash; CNAME is not sufficient.
+ (A or AAAA) — CNAME is not sufficient.
</para>
<para>
For a given domain, if there is both a CNAME record and an
@@ -13829,9 +13531,9 @@ example.com. NS ns2.example.net.
any order), and if neither of those succeed, delivery to <literal>mail.backup.org</literal> will
be attempted.
</para>
- </sect2>
- <sect2 id="Setting_TTLs">
- <title>Setting TTLs</title>
+ </section>
+ <section xml:id="Setting_TTLs"><info><title>Setting TTLs</title></info>
+
<para>
The time-to-live of the RR field is a 32-bit integer represented
in units of seconds, and is primarily used by resolvers when they
@@ -13900,9 +13602,9 @@ example.com. NS ns2.example.net.
All of these TTLs default to units of seconds, though units
can be explicitly specified, for example, <literal>1h30m</literal>.
</para>
- </sect2>
- <sect2>
- <title>Inverse Mapping in IPv4</title>
+ </section>
+ <section xml:id="ipv4_reverse"><info><title>Inverse Mapping in IPv4</title></info>
+
<para>
Reverse name resolution (that is, translation from IP address
to name) is achieved by means of the <emphasis>in-addr.arpa</emphasis> domain
@@ -13953,15 +13655,15 @@ example.com. NS ns2.example.net.
<note>
<para>
The <command>$ORIGIN</command> lines in the examples
- are for providing context to the examples only &mdash; they do not
+ are for providing context to the examples only — they do not
necessarily
appear in the actual usage. They are only used here to indicate
that the example is relative to the listed origin.
</para>
</note>
- </sect2>
- <sect2>
- <title>Other Zone File Directives</title>
+ </section>
+ <section xml:id="zone_directives"><info><title>Other Zone File Directives</title></info>
+
<para>
The Master File Format was initially defined in RFC 1035 and
has subsequently been extended. While the Master File Format
@@ -13974,8 +13676,8 @@ example.com. NS ns2.example.net.
Master File Directives include <command>$ORIGIN</command>, <command>$INCLUDE</command>,
and <command>$TTL.</command>
</para>
- <sect3>
- <title>The <command>@</command> (at-sign)</title>
+ <section xml:id="atsign"><info><title>The <command>@</command> (at-sign)</title></info>
+
<para>
When used in the label (or name) field, the asperand or
at-sign (@) symbol represents the current origin.
@@ -13983,9 +13685,9 @@ example.com. NS ns2.example.net.
&lt;<varname>zone_name</varname>&gt; (followed by
trailing dot).
</para>
- </sect3>
- <sect3>
- <title>The <command>$ORIGIN</command> Directive</title>
+ </section>
+ <section xml:id="origin_directive"><info><title>The <command>$ORIGIN</command> Directive</title></info>
+
<para>
Syntax: <command>$ORIGIN</command>
<replaceable>domain-name</replaceable>
@@ -14015,9 +13717,9 @@ WWW CNAME MAIN-SERVER
WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
</programlisting>
- </sect3>
- <sect3>
- <title>The <command>$INCLUDE</command> Directive</title>
+ </section>
+ <section xml:id="include_directive"><info><title>The <command>$INCLUDE</command> Directive</title></info>
+
<para>
Syntax: <command>$INCLUDE</command>
<replaceable>filename</replaceable>
@@ -14049,9 +13751,9 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
feature, or both.
</para>
</note>
- </sect3>
- <sect3>
- <title>The <command>$TTL</command> Directive</title>
+ </section>
+ <section xml:id="ttl_directive"><info><title>The <command>$TTL</command> Directive</title></info>
+
<para>
Syntax: <command>$TTL</command>
<replaceable>default-ttl</replaceable>
@@ -14066,10 +13768,10 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
<para><command>$TTL</command>
is defined in RFC 2308.
</para>
- </sect3>
- </sect2>
- <sect2>
- <title><acronym>BIND</acronym> Master File Extension: the <command>$GENERATE</command> Directive</title>
+ </section>
+ </section>
+ <section xml:id="generate_directive"><info><title><acronym>BIND</acronym> Master File Extension: the <command>$GENERATE</command> Directive</title></info>
+
<para>
Syntax: <command>$GENERATE</command>
<replaceable>range</replaceable>
@@ -14267,10 +13969,10 @@ HOST-127.EXAMPLE. MX 0 .
<para>
BIND 8 does not support the optional TTL and CLASS fields.
</para>
- </sect2>
+ </section>
+
+ <section xml:id="zonefile_format"><info><title>Additional File Formats</title></info>
- <sect2 id="zonefile_format">
- <title>Additional File Formats</title>
<para>
In addition to the standard textual format, BIND 9
supports the ability to read or dump to zone files in
@@ -14309,11 +14011,11 @@ HOST-127.EXAMPLE. MX 0 .
portable backup of the file, it is recommended to
convert the file to the standard textual representation.
</para>
- </sect2>
- </sect1>
+ </section>
+ </section>
+
+ <section xml:id="statistics"><info><title>BIND9 Statistics</title></info>
- <sect1 id="statistics">
- <title>BIND9 Statistics</title>
<para>
<acronym>BIND</acronym> 9 maintains lots of statistics
information and provides several interfaces for users to
@@ -14442,13 +14144,18 @@ HOST-127.EXAMPLE. MX 0 .
A subset of Name Server Statistics is collected and shown
per zone for which the server has the authority when
<command>zone-statistics</command> is set to
- <userinput>yes</userinput>.
- These statistics counters are shown with their zone and view
- names.
- In some cases the view names are omitted for the default view.
+ <userinput>full</userinput> (or <userinput>yes</userinput>
+ for backward compatibility. See the description of
+ <command>zone-statistics</command> in <xref linkend="options"/>
+ for further details.
</para>
<para>
+ These statistics counters are shown with their zone and
+ view names. The view name is omitted when the server is
+ not configured with explicit views.</para>
+
+ <para>
There are currently two user interfaces to get access to the
statistics.
One is in the plain text format dumped to the file specified
@@ -14459,8 +14166,8 @@ HOST-127.EXAMPLE. MX 0 .
(see <xref linkend="statschannels"/>.)
</para>
- <sect3 id="statsfile">
- <title>The Statistics File</title>
+ <section xml:id="statsfile"><info><title>The Statistics File</title></info>
+
<para>
The text format statistics dump begins with a line, like:
</para>
@@ -14496,10 +14203,10 @@ HOST-127.EXAMPLE. MX 0 .
<para>
<command>--- Statistics Dump --- (973798949)</command>
</para>
- </sect3>
+ </section>
+
+ <section xml:id="statistics_counters"><info><title>Statistics Counters</title></info>
- <sect2 id="statistics_counters">
- <title>Statistics Counters</title>
<para>
The following tables summarize statistics counters that
<acronym>BIND</acronym> 9 provides.
@@ -14517,8 +14224,7 @@ HOST-127.EXAMPLE. MX 0 .
<acronym>BIND</acronym> 8 statistics, if applicable.
</para>
- <sect3>
- <title>Name Server Statistics Counters</title>
+ <section xml:id="stats_counters"><info><title>Name Server Statistics Counters</title></info>
<informaltable colsep="0" rowsep="0">
<tgroup cols="3" colsep="0" rowsep="0" tgroupstyle="4Level-table">
@@ -14577,7 +14283,7 @@ HOST-127.EXAMPLE. MX 0 .
<para><command>ReqEdns0</command></para>
</entry>
<entry colname="2">
- <para><command></command></para>
+ <para><command/></para>
</entry>
<entry colname="3">
<para>
@@ -14590,7 +14296,7 @@ HOST-127.EXAMPLE. MX 0 .
<para><command>ReqBadEDNSVer</command></para>
</entry>
<entry colname="2">
- <para><command></command></para>
+ <para><command/></para>
</entry>
<entry colname="3">
<para>
@@ -14603,7 +14309,7 @@ HOST-127.EXAMPLE. MX 0 .
<para><command>ReqTSIG</command></para>
</entry>
<entry colname="2">
- <para><command></command></para>
+ <para><command/></para>
</entry>
<entry colname="3">
<para>
@@ -14616,7 +14322,7 @@ HOST-127.EXAMPLE. MX 0 .
<para><command>ReqSIG0</command></para>
</entry>
<entry colname="2">
- <para><command></command></para>
+ <para><command/></para>
</entry>
<entry colname="3">
<para>
@@ -14629,7 +14335,7 @@ HOST-127.EXAMPLE. MX 0 .
<para><command>ReqBadSIG</command></para>
</entry>
<entry colname="2">
- <para><command></command></para>
+ <para><command/></para>
</entry>
<entry colname="3">
<para>
@@ -14720,7 +14426,7 @@ HOST-127.EXAMPLE. MX 0 .
<para><command>RespTruncated</command></para>
</entry>
<entry colname="2">
- <para><command></command></para>
+ <para><command/></para>
</entry>
<entry colname="3">
<para>
@@ -14733,7 +14439,7 @@ HOST-127.EXAMPLE. MX 0 .
<para><command>RespEDNS0</command></para>
</entry>
<entry colname="2">
- <para><command></command></para>
+ <para><command/></para>
</entry>
<entry colname="3">
<para>
@@ -14746,7 +14452,7 @@ HOST-127.EXAMPLE. MX 0 .
<para><command>RespTSIG</command></para>
</entry>
<entry colname="2">
- <para><command></command></para>
+ <para><command/></para>
</entry>
<entry colname="3">
<para>
@@ -14759,7 +14465,7 @@ HOST-127.EXAMPLE. MX 0 .
<para><command>RespSIG0</command></para>
</entry>
<entry colname="2">
- <para><command></command></para>
+ <para><command/></para>
</entry>
<entry colname="3">
<para>
@@ -14772,7 +14478,7 @@ HOST-127.EXAMPLE. MX 0 .
<para><command>QrySuccess</command></para>
</entry>
<entry colname="2">
- <para><command></command></para>
+ <para><command/></para>
</entry>
<entry colname="3">
<para>
@@ -14791,7 +14497,7 @@ HOST-127.EXAMPLE. MX 0 .
<para><command>QryAuthAns</command></para>
</entry>
<entry colname="2">
- <para><command></command></para>
+ <para><command/></para>
</entry>
<entry colname="3">
<para>
@@ -14817,7 +14523,7 @@ HOST-127.EXAMPLE. MX 0 .
<para><command>QryReferral</command></para>
</entry>
<entry colname="2">
- <para><command></command></para>
+ <para><command/></para>
</entry>
<entry colname="3">
<para>
@@ -14834,7 +14540,7 @@ HOST-127.EXAMPLE. MX 0 .
<para><command>QryNxrrset</command></para>
</entry>
<entry colname="2">
- <para><command></command></para>
+ <para><command/></para>
</entry>
<entry colname="3">
<para>
@@ -14932,7 +14638,7 @@ HOST-127.EXAMPLE. MX 0 .
<para><command>QryDropped</command></para>
</entry>
<entry colname="2">
- <para><command></command></para>
+ <para><command/></para>
</entry>
<entry colname="3">
<para>
@@ -14947,7 +14653,7 @@ HOST-127.EXAMPLE. MX 0 .
<command>max-clients-per-query</command>
options
(see the description about
- <xref linkend="clients-per-query"/>.)
+ <xref endterm="cpq_term" linkend="clients-per-query"/>.)
This corresponds to the
<command>dropped</command> counter
of previous versions of
@@ -14960,7 +14666,7 @@ HOST-127.EXAMPLE. MX 0 .
<para><command>QryFailure</command></para>
</entry>
<entry colname="2">
- <para><command></command></para>
+ <para><command/></para>
</entry>
<entry colname="3">
<para>
@@ -14985,7 +14691,7 @@ HOST-127.EXAMPLE. MX 0 .
<para><command>XfrReqDone</command></para>
</entry>
<entry colname="2">
- <para><command></command></para>
+ <para><command/></para>
</entry>
<entry colname="3">
<para>
@@ -14998,7 +14704,7 @@ HOST-127.EXAMPLE. MX 0 .
<para><command>UpdateReqFwd</command></para>
</entry>
<entry colname="2">
- <para><command></command></para>
+ <para><command/></para>
</entry>
<entry colname="3">
<para>
@@ -15011,7 +14717,7 @@ HOST-127.EXAMPLE. MX 0 .
<para><command>UpdateRespFwd</command></para>
</entry>
<entry colname="2">
- <para><command></command></para>
+ <para><command/></para>
</entry>
<entry colname="3">
<para>
@@ -15024,7 +14730,7 @@ HOST-127.EXAMPLE. MX 0 .
<para><command>UpdateFwdFail</command></para>
</entry>
<entry colname="2">
- <para><command></command></para>
+ <para><command/></para>
</entry>
<entry colname="3">
<para>
@@ -15037,7 +14743,7 @@ HOST-127.EXAMPLE. MX 0 .
<para><command>UpdateDone</command></para>
</entry>
<entry colname="2">
- <para><command></command></para>
+ <para><command/></para>
</entry>
<entry colname="3">
<para>
@@ -15050,7 +14756,7 @@ HOST-127.EXAMPLE. MX 0 .
<para><command>UpdateFail</command></para>
</entry>
<entry colname="2">
- <para><command></command></para>
+ <para><command/></para>
</entry>
<entry colname="3">
<para>
@@ -15063,7 +14769,7 @@ HOST-127.EXAMPLE. MX 0 .
<para><command>UpdateBadPrereq</command></para>
</entry>
<entry colname="2">
- <para><command></command></para>
+ <para><command/></para>
</entry>
<entry colname="3">
<para>
@@ -15076,7 +14782,7 @@ HOST-127.EXAMPLE. MX 0 .
<para><command>RPZRewrites</command></para>
</entry>
<entry colname="2">
- <para><command></command></para>
+ <para><command/></para>
</entry>
<entry colname="3">
<para>
@@ -15089,7 +14795,7 @@ HOST-127.EXAMPLE. MX 0 .
<para><command>RateDropped</command></para>
</entry>
<entry colname="2">
- <para><command></command></para>
+ <para><command/></para>
</entry>
<entry colname="3">
<para>
@@ -15102,7 +14808,7 @@ HOST-127.EXAMPLE. MX 0 .
<para><command>RateSlipped</command></para>
</entry>
<entry colname="2">
- <para><command></command></para>
+ <para><command/></para>
</entry>
<entry colname="3">
<para>
@@ -15113,10 +14819,9 @@ HOST-127.EXAMPLE. MX 0 .
</tbody>
</tgroup>
</informaltable>
- </sect3>
+ </section>
- <sect3>
- <title>Zone Maintenance Statistics Counters</title>
+ <section xml:id="zone_stats"><info><title>Zone Maintenance Statistics Counters</title></info>
<informaltable colsep="0" rowsep="0">
<tgroup cols="2" colsep="0" rowsep="0" tgroupstyle="4Level-table">
@@ -15269,10 +14974,9 @@ HOST-127.EXAMPLE. MX 0 .
</tbody>
</tgroup>
</informaltable>
- </sect3>
+ </section>
- <sect3>
- <title>Resolver Statistics Counters</title>
+ <section xml:id="resolver_stats"><info><title>Resolver Statistics Counters</title></info>
<informaltable colsep="0" rowsep="0">
<tgroup cols="3" colsep="0" rowsep="0" tgroupstyle="4Level-table">
@@ -15407,7 +15111,7 @@ HOST-127.EXAMPLE. MX 0 .
<para><command>EDNS0Fail</command></para>
</entry>
<entry colname="2">
- <para><command></command></para>
+ <para><command/></para>
</entry>
<entry colname="3">
<para>
@@ -15440,7 +15144,7 @@ HOST-127.EXAMPLE. MX 0 .
<para><command>Truncated</command></para>
</entry>
<entry colname="2">
- <para><command></command></para>
+ <para><command/></para>
</entry>
<entry colname="3">
<para>
@@ -15479,7 +15183,7 @@ HOST-127.EXAMPLE. MX 0 .
<para><command>QueryAbort</command></para>
</entry>
<entry colname="2">
- <para><command></command></para>
+ <para><command/></para>
</entry>
<entry colname="3">
<para>
@@ -15492,7 +15196,7 @@ HOST-127.EXAMPLE. MX 0 .
<para><command>QuerySockFail</command></para>
</entry>
<entry colname="2">
- <para><command></command></para>
+ <para><command/></para>
</entry>
<entry colname="3">
<para>
@@ -15508,7 +15212,7 @@ HOST-127.EXAMPLE. MX 0 .
<para><command>QueryTimeout</command></para>
</entry>
<entry colname="2">
- <para><command></command></para>
+ <para><command/></para>
</entry>
<entry colname="3">
<para>
@@ -15547,7 +15251,7 @@ HOST-127.EXAMPLE. MX 0 .
<para><command>GlueFetchv4Fail</command></para>
</entry>
<entry colname="2">
- <para><command></command></para>
+ <para><command/></para>
</entry>
<entry colname="3">
<para>
@@ -15560,7 +15264,7 @@ HOST-127.EXAMPLE. MX 0 .
<para><command>GlueFetchv6Fail</command></para>
</entry>
<entry colname="2">
- <para><command></command></para>
+ <para><command/></para>
</entry>
<entry colname="3">
<para>
@@ -15573,7 +15277,7 @@ HOST-127.EXAMPLE. MX 0 .
<para><command>ValAttempt</command></para>
</entry>
<entry colname="2">
- <para><command></command></para>
+ <para><command/></para>
</entry>
<entry colname="3">
<para>
@@ -15586,7 +15290,7 @@ HOST-127.EXAMPLE. MX 0 .
<para><command>ValOk</command></para>
</entry>
<entry colname="2">
- <para><command></command></para>
+ <para><command/></para>
</entry>
<entry colname="3">
<para>
@@ -15599,7 +15303,7 @@ HOST-127.EXAMPLE. MX 0 .
<para><command>ValNegOk</command></para>
</entry>
<entry colname="2">
- <para><command></command></para>
+ <para><command/></para>
</entry>
<entry colname="3">
<para>
@@ -15612,7 +15316,7 @@ HOST-127.EXAMPLE. MX 0 .
<para><command>ValFail</command></para>
</entry>
<entry colname="2">
- <para><command></command></para>
+ <para><command/></para>
</entry>
<entry colname="3">
<para>
@@ -15625,7 +15329,7 @@ HOST-127.EXAMPLE. MX 0 .
<para><command>QryRTTnn</command></para>
</entry>
<entry colname="2">
- <para><command></command></para>
+ <para><command/></para>
</entry>
<entry colname="3">
<para>
@@ -15655,10 +15359,9 @@ HOST-127.EXAMPLE. MX 0 .
</tgroup>
</informaltable>
- </sect3>
+ </section>
- <sect3>
- <title>Socket I/O Statistics Counters</title>
+ <section xml:id="socket_stats"><info><title>Socket I/O Statistics Counters</title></info>
<para>
Socket I/O statistics counters are defined per socket
@@ -15813,9 +15516,10 @@ HOST-127.EXAMPLE. MX 0 .
</tbody>
</tgroup>
</informaltable>
- </sect3>
- <sect3>
- <title>Compatibility with <emphasis>BIND</emphasis> 8 Counters</title>
+ </section>
+
+ <section xml:id="bind8_compatibility"><info><title>Compatibility with <emphasis>BIND</emphasis> 8 Counters</title></info>
+
<para>
Most statistics counters that were available
in <command>BIND</command> 8 are also supported in
@@ -15866,15 +15570,15 @@ HOST-127.EXAMPLE. MX 0 .
</listitem>
</varlistentry>
</variablelist>
- </sect3>
- </sect2>
- </sect1>
+ </section>
+ </section>
+ </section>
</chapter>
- <chapter id="Bv9ARM.ch07">
- <title><acronym>BIND</acronym> 9 Security Considerations</title>
- <sect1 id="Access_Control_Lists">
- <title>Access Control Lists</title>
+ <chapter xml:id="Bv9ARM.ch07"><info><title><acronym>BIND</acronym> 9 Security Considerations</title></info>
+
+ <section xml:id="Access_Control_Lists"><info><title>Access Control Lists</title></info>
+
<para>
Access Control Lists (ACLs) are address match lists that
you can set up and nickname for future use in <command>allow-notify</command>,
@@ -15931,9 +15635,9 @@ zone "example.com" {
This allows recursive queries of the server from the outside
unless recursion has been previously disabled.
</para>
- </sect1>
- <sect1>
- <title><command>Chroot</command> and <command>Setuid</command></title>
+ </section>
+ <section xml:id="chroot_and_setuid"><info><title><command>Chroot</command> and <command>Setuid</command></title></info>
+
<para>
On UNIX servers, it is possible to run <acronym>BIND</acronym>
in a <emphasis>chrooted</emphasis> environment (using
@@ -15957,8 +15661,7 @@ zone "example.com" {
<userinput>/usr/local/sbin/named -u 202 -t /var/named</userinput>
</para>
- <sect2>
- <title>The <command>chroot</command> Environment</title>
+ <section xml:id="chroot"><info><title>The <command>chroot</command> Environment</title></info>
<para>
In order for a <command>chroot</command> environment
@@ -15984,10 +15687,9 @@ zone "example.com" {
<filename>/dev/log</filename>, and
<filename>/etc/localtime</filename>.
</para>
- </sect2>
+ </section>
- <sect2>
- <title>Using the <command>setuid</command> Function</title>
+ <section xml:id="setuid"><info><title>Using the <command>setuid</command> Function</title></info>
<para>
Prior to running the <command>named</command> daemon,
@@ -16000,16 +15702,15 @@ zone "example.com" {
to which you want <acronym>BIND</acronym>
to write.
</para>
- <note>
- Note that if the <command>named</command> daemon is running as an
+ <note><simpara>
+ If the <command>named</command> daemon is running as an
unprivileged user, it will not be able to bind to new restricted
ports if the server is reloaded.
- </note>
- </sect2>
- </sect1>
+ </simpara></note>
+ </section>
+ </section>
- <sect1 id="dynamic_update_security">
- <title>Dynamic Update Security</title>
+ <section xml:id="dynamic_update_security"><info><title>Dynamic Update Security</title></info>
<para>
Access to the dynamic
@@ -16051,15 +15752,14 @@ zone "example.com" {
all.
</para>
- </sect1>
+ </section>
</chapter>
- <chapter id="Bv9ARM.ch08">
- <title>Troubleshooting</title>
- <sect1>
- <title>Common Problems</title>
- <sect2>
- <title>It's not working; how can I figure out what's wrong?</title>
+ <chapter xml:id="Bv9ARM.ch08"><info><title>Troubleshooting</title></info>
+
+ <section xml:id="common_problems"><info><title>Common Problems</title></info>
+
+ <section><info><title>It's not working; how can I figure out what's wrong?</title></info>
<para>
The best solution to solving installation and
@@ -16069,13 +15769,12 @@ zone "example.com" {
what went wrong and how to fix the problem.
</para>
- </sect2>
- </sect1>
- <sect1>
- <title>Incrementing and Changing the Serial Number</title>
+ </section>
+ </section>
+ <section><info><title>Incrementing and Changing the Serial Number</title></info>
<para>
- Zone serial numbers are just numbers &mdash; they aren't
+ Zone serial numbers are just numbers — they aren't
date related. A lot of people set them to a number that
represents a date, usually of the form YYYYMMDDRR.
Occasionally they will make a mistake and set them to a
@@ -16100,9 +15799,8 @@ zone "example.com" {
it to be, and reload the zone again.
</para>
- </sect1>
- <sect1>
- <title>Where Can I Get Help?</title>
+ </section>
+ <section xml:id="more_help"><info><title>Where Can I Get Help?</title></info>
<para>
The Internet Systems Consortium
@@ -16120,125 +15818,120 @@ zone "example.com" {
<para>
To discuss arrangements for support, contact
- <ulink url="mailto:info@isc.org">info@isc.org</ulink> or visit the
+ <link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="mailto:info@isc.org">info@isc.org</link> or visit the
<acronym>ISC</acronym> web page at
- <ulink url="http://www.isc.org/services/support/"
- >http://www.isc.org/services/support/</ulink>
+ <link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="http://www.isc.org/services/support/">http://www.isc.org/services/support/</link>
to read more.
</para>
- </sect1>
+ </section>
</chapter>
- <appendix id="Bv9ARM.ch09">
- <title>Release Notes</title>
- <xi:include href="notes.xml"/>
+ <appendix xml:id="Bv9ARM.ch09"><info><title>Release Notes</title></info>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="notes.xml"/>
</appendix>
- <appendix id="Bv9ARM.ch10">
- <title>A Brief History of the <acronym>DNS</acronym> and <acronym>BIND</acronym></title>
- <sect1 id="historical_dns_information">
- <para>
- Although the "official" beginning of the Domain Name
- System occurred in 1984 with the publication of RFC 920, the
- core of the new system was described in 1983 in RFCs 882 and
- 883. From 1984 to 1987, the ARPAnet (the precursor to today's
- Internet) became a testbed of experimentation for developing the
- new naming/addressing scheme in a rapidly expanding,
- operational network environment. New RFCs were written and
- published in 1987 that modified the original documents to
- incorporate improvements based on the working model. RFC 1034,
- "Domain Names-Concepts and Facilities", and RFC 1035, "Domain
- Names-Implementation and Specification" were published and
- became the standards upon which all <acronym>DNS</acronym> implementations are
- built.
- </para>
+ <appendix xml:id="Bv9ARM.ch10"><info><title>A Brief History of the <acronym>DNS</acronym> and <acronym>BIND</acronym></title></info>
+ <para xml:id="historical_dns_information">
+ Although the "official" beginning of the Domain Name
+ System occurred in 1984 with the publication of RFC 920, the
+ core of the new system was described in 1983 in RFCs 882 and
+ 883. From 1984 to 1987, the ARPAnet (the precursor to today's
+ Internet) became a testbed of experimentation for developing the
+ new naming/addressing scheme in a rapidly expanding,
+ operational network environment. New RFCs were written and
+ published in 1987 that modified the original documents to
+ incorporate improvements based on the working model. RFC 1034,
+ "Domain Names-Concepts and Facilities", and RFC 1035, "Domain
+ Names-Implementation and Specification" were published and
+ became the standards upon which all <acronym>DNS</acronym> implementations are
+ built.
+ </para>
- <para>
- The first working domain name server, called "Jeeves", was
- written in 1983-84 by Paul Mockapetris for operation on DEC
- Tops-20
- machines located at the University of Southern California's
- Information
- Sciences Institute (USC-ISI) and SRI International's Network
- Information
- Center (SRI-NIC). A <acronym>DNS</acronym> server for
- Unix machines, the Berkeley Internet
- Name Domain (<acronym>BIND</acronym>) package, was
- written soon after by a group of
- graduate students at the University of California at Berkeley
- under
- a grant from the US Defense Advanced Research Projects
- Administration
- (DARPA).
- </para>
- <para>
- Versions of <acronym>BIND</acronym> through
- 4.8.3 were maintained by the Computer
- Systems Research Group (CSRG) at UC Berkeley. Douglas Terry, Mark
- Painter, David Riggle and Songnian Zhou made up the initial <acronym>BIND</acronym>
- project team. After that, additional work on the software package
- was done by Ralph Campbell. Kevin Dunlap, a Digital Equipment
- Corporation
- employee on loan to the CSRG, worked on <acronym>BIND</acronym> for 2 years, from 1985
- to 1987. Many other people also contributed to <acronym>BIND</acronym> development
- during that time: Doug Kingston, Craig Partridge, Smoot
- Carl-Mitchell,
- Mike Muuss, Jim Bloom and Mike Schwartz. <acronym>BIND</acronym> maintenance was subsequently
- handled by Mike Karels and &#216;ivind Kure.
- </para>
- <para>
- <acronym>BIND</acronym> versions 4.9 and 4.9.1 were
- released by Digital Equipment
- Corporation (now Compaq Computer Corporation). Paul Vixie, then
- a DEC employee, became <acronym>BIND</acronym>'s
- primary caretaker. He was assisted
- by Phil Almquist, Robert Elz, Alan Barrett, Paul Albitz, Bryan
- Beecher, Andrew
- Partan, Andy Cherenson, Tom Limoncelli, Berthold Paffrath, Fuat
- Baran, Anant Kumar, Art Harkin, Win Treese, Don Lewis, Christophe
- Wolfhugel, and others.
- </para>
- <para>
- In 1994, <acronym>BIND</acronym> version 4.9.2 was sponsored by
- Vixie Enterprises. Paul
- Vixie became <acronym>BIND</acronym>'s principal
- architect/programmer.
- </para>
- <para>
- <acronym>BIND</acronym> versions from 4.9.3 onward
- have been developed and maintained
- by the Internet Systems Consortium and its predecessor,
- the Internet Software Consortium, with support being provided
- by ISC's sponsors.
- </para>
- <para>
- As co-architects/programmers, Bob Halley and
- Paul Vixie released the first production-ready version of
- <acronym>BIND</acronym> version 8 in May 1997.
- </para>
- <para>
- BIND version 9 was released in September 2000 and is a
- major rewrite of nearly all aspects of the underlying
- BIND architecture.
- </para>
- <para>
- BIND versions 4 and 8 are officially deprecated.
- No additional development is done
- on BIND version 4 or BIND version 8.
- </para>
- <para>
- <acronym>BIND</acronym> development work is made
- possible today by the sponsorship
- of several corporations, and by the tireless work efforts of
- numerous individuals.
- </para>
- </sect1>
+ <para>
+ The first working domain name server, called "Jeeves", was
+ written in 1983-84 by Paul Mockapetris for operation on DEC
+ Tops-20
+ machines located at the University of Southern California's
+ Information
+ Sciences Institute (USC-ISI) and SRI International's Network
+ Information
+ Center (SRI-NIC). A <acronym>DNS</acronym> server for
+ Unix machines, the Berkeley Internet
+ Name Domain (<acronym>BIND</acronym>) package, was
+ written soon after by a group of
+ graduate students at the University of California at Berkeley
+ under
+ a grant from the US Defense Advanced Research Projects
+ Administration
+ (DARPA).
+ </para>
+ <para>
+ Versions of <acronym>BIND</acronym> through
+ 4.8.3 were maintained by the Computer
+ Systems Research Group (CSRG) at UC Berkeley. Douglas Terry, Mark
+ Painter, David Riggle and Songnian Zhou made up the initial <acronym>BIND</acronym>
+ project team. After that, additional work on the software package
+ was done by Ralph Campbell. Kevin Dunlap, a Digital Equipment
+ Corporation
+ employee on loan to the CSRG, worked on <acronym>BIND</acronym> for 2 years, from 1985
+ to 1987. Many other people also contributed to <acronym>BIND</acronym> development
+ during that time: Doug Kingston, Craig Partridge, Smoot
+ Carl-Mitchell,
+ Mike Muuss, Jim Bloom and Mike Schwartz. <acronym>BIND</acronym> maintenance was subsequently
+ handled by Mike Karels and Øivind Kure.
+ </para>
+ <para>
+ <acronym>BIND</acronym> versions 4.9 and 4.9.1 were
+ released by Digital Equipment
+ Corporation (now Compaq Computer Corporation). Paul Vixie, then
+ a DEC employee, became <acronym>BIND</acronym>'s
+ primary caretaker. He was assisted
+ by Phil Almquist, Robert Elz, Alan Barrett, Paul Albitz, Bryan
+ Beecher, Andrew
+ Partan, Andy Cherenson, Tom Limoncelli, Berthold Paffrath, Fuat
+ Baran, Anant Kumar, Art Harkin, Win Treese, Don Lewis, Christophe
+ Wolfhugel, and others.
+ </para>
+ <para>
+ In 1994, <acronym>BIND</acronym> version 4.9.2 was sponsored by
+ Vixie Enterprises. Paul
+ Vixie became <acronym>BIND</acronym>'s principal
+ architect/programmer.
+ </para>
+ <para>
+ <acronym>BIND</acronym> versions from 4.9.3 onward
+ have been developed and maintained
+ by the Internet Systems Consortium and its predecessor,
+ the Internet Software Consortium, with support being provided
+ by ISC's sponsors.
+ </para>
+ <para>
+ As co-architects/programmers, Bob Halley and
+ Paul Vixie released the first production-ready version of
+ <acronym>BIND</acronym> version 8 in May 1997.
+ </para>
+ <para>
+ BIND version 9 was released in September 2000 and is a
+ major rewrite of nearly all aspects of the underlying
+ BIND architecture.
+ </para>
+ <para>
+ BIND versions 4 and 8 are officially deprecated.
+ No additional development is done
+ on BIND version 4 or BIND version 8.
+ </para>
+ <para>
+ <acronym>BIND</acronym> development work is made
+ possible today by the sponsorship
+ of several corporations, and by the tireless work efforts of
+ numerous individuals.
+ </para>
</appendix>
- <appendix id="Bv9ARM.ch11">
- <title>General <acronym>DNS</acronym> Reference Information</title>
- <sect1 id="ipv6addresses">
- <title>IPv6 addresses (AAAA)</title>
+ <appendix xml:id="Bv9ARM.ch11"><info><title>General <acronym>DNS</acronym> Reference Information</title></info>
+
+ <section xml:id="ipv6addresses"><info><title>IPv6 addresses (AAAA)</title></info>
+
<para>
IPv6 addresses are 128-bit identifiers for interfaces and
sets of interfaces which were introduced in the <acronym>DNS</acronym> to facilitate
@@ -16293,11 +15986,11 @@ zone "example.com" {
string
of zeros that can fit, and can be used only once in an address.
</para>
- </sect1>
- <sect1 id="bibliography">
- <title>Bibliography (and Suggested Reading)</title>
- <sect2 id="rfcs">
- <title>Request for Comments (RFCs)</title>
+ </section>
+ <section xml:id="bibliography"><info><title>Bibliography (and Suggested Reading)</title></info>
+
+ <section xml:id="rfcs"><info><title>Request for Comments (RFCs)</title></info>
+
<para>
Specification documents for the Internet protocol suite, including
the <acronym>DNS</acronym>, are published as part of
@@ -16307,886 +16000,537 @@ zone "example.com" {
Engineering Steering Group (IESG). RFCs can be obtained online via FTP at:
</para>
<para>
- <ulink url="ftp://www.isi.edu/in-notes/">
+ <link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="ftp://www.isi.edu/in-notes/">
ftp://www.isi.edu/in-notes/RFC<replaceable>xxxx</replaceable>.txt
- </ulink>
+ </link>
</para>
<para>
(where <replaceable>xxxx</replaceable> is
the number of the RFC). RFCs are also available via the Web at:
</para>
<para>
- <ulink url="http://www.ietf.org/rfc/"
- >http://www.ietf.org/rfc/</ulink>.
+ <link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="http://www.ietf.org/rfc/">http://www.ietf.org/rfc/</link>.
</para>
<bibliography>
- <bibliodiv>
+ <bibliodiv><info><title>Standards</title></info>
<!-- one of (BIBLIOENTRY BIBLIOMIXED) -->
- <title>Standards</title>
+
<biblioentry>
<abbrev>RFC974</abbrev>
- <author>
- <surname>Partridge</surname>
- <firstname>C.</firstname>
- </author>
- <title>Mail Routing and the Domain System</title>
+ <author><personname><surname>Partridge</surname><firstname>C.</firstname></personname></author>
+ <citetitle>Mail Routing and the Domain System</citetitle>
<pubdate>January 1986</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC1034</abbrev>
- <author>
- <surname>Mockapetris</surname>
- <firstname>P.V.</firstname>
- </author>
- <title>Domain Names &mdash; Concepts and Facilities</title>
+ <author><personname><surname>Mockapetris</surname><firstname>P.V.</firstname></personname></author>
+ <citetitle>Domain Names — Concepts and Facilities</citetitle>
<pubdate>November 1987</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC1035</abbrev>
- <author>
- <surname>Mockapetris</surname>
- <firstname>P. V.</firstname>
- </author> <title>Domain Names &mdash; Implementation and
- Specification</title>
+ <author><personname><surname>Mockapetris</surname><firstname>P. V.</firstname></personname></author> <citetitle>Domain Names — Implementation and
+ Specification</citetitle>
<pubdate>November 1987</pubdate>
</biblioentry>
</bibliodiv>
- <bibliodiv id="proposed_standards" xreflabel="Proposed Standards">
+ <bibliodiv xml:id="proposed_standards" xreflabel="Proposed Standards"><info><title>Proposed Standards</title></info>
- <title>Proposed Standards</title>
<!-- one of (BIBLIOENTRY BIBLIOMIXED) -->
<biblioentry>
<abbrev>RFC2181</abbrev>
- <author>
- <surname>Elz</surname>
- <firstname>R., R. Bush</firstname>
- </author>
- <title>Clarifications to the <acronym>DNS</acronym>
- Specification</title>
+ <author><personname><surname>Elz</surname><firstname>R., R. Bush</firstname></personname></author>
+ <citetitle>Clarifications to the <acronym>DNS</acronym>
+ Specification</citetitle>
<pubdate>July 1997</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC2308</abbrev>
- <author>
- <surname>Andrews</surname>
- <firstname>M.</firstname>
- </author>
- <title>Negative Caching of <acronym>DNS</acronym>
- Queries</title>
+ <author><personname><surname>Andrews</surname><firstname>M.</firstname></personname></author>
+ <citetitle>Negative Caching of <acronym>DNS</acronym>
+ Queries</citetitle>
<pubdate>March 1998</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC1995</abbrev>
- <author>
- <surname>Ohta</surname>
- <firstname>M.</firstname>
- </author>
- <title>Incremental Zone Transfer in <acronym>DNS</acronym></title>
+ <author><personname><surname>Ohta</surname><firstname>M.</firstname></personname></author>
+ <citetitle>Incremental Zone Transfer in <acronym>DNS</acronym></citetitle>
<pubdate>August 1996</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC1996</abbrev>
- <author>
- <surname>Vixie</surname>
- <firstname>P.</firstname>
- </author>
- <title>A Mechanism for Prompt Notification of Zone Changes</title>
+ <author><personname><surname>Vixie</surname><firstname>P.</firstname></personname></author>
+ <citetitle>A Mechanism for Prompt Notification of Zone Changes</citetitle>
<pubdate>August 1996</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC2136</abbrev>
<authorgroup>
- <author>
- <surname>Vixie</surname>
- <firstname>P.</firstname>
- </author>
- <author>
- <firstname>S.</firstname>
- <surname>Thomson</surname>
- </author>
- <author>
- <firstname>Y.</firstname>
- <surname>Rekhter</surname>
- </author>
- <author>
- <firstname>J.</firstname>
- <surname>Bound</surname>
- </author>
+ <author><personname><surname>Vixie</surname><firstname>P.</firstname></personname></author>
+ <author><personname><firstname>S.</firstname><surname>Thomson</surname></personname></author>
+ <author><personname><firstname>Y.</firstname><surname>Rekhter</surname></personname></author>
+ <author><personname><firstname>J.</firstname><surname>Bound</surname></personname></author>
</authorgroup>
- <title>Dynamic Updates in the Domain Name System</title>
+ <citetitle>Dynamic Updates in the Domain Name System</citetitle>
<pubdate>April 1997</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC2671</abbrev>
<authorgroup>
- <author>
- <firstname>P.</firstname>
- <surname>Vixie</surname>
- </author>
+ <author><personname><firstname>P.</firstname><surname>Vixie</surname></personname></author>
</authorgroup>
- <title>Extension Mechanisms for DNS (EDNS0)</title>
+ <citetitle>Extension Mechanisms for DNS (EDNS0)</citetitle>
<pubdate>August 1997</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC2672</abbrev>
<authorgroup>
- <author>
- <firstname>M.</firstname>
- <surname>Crawford</surname>
- </author>
+ <author><personname><firstname>M.</firstname><surname>Crawford</surname></personname></author>
</authorgroup>
- <title>Non-Terminal DNS Name Redirection</title>
+ <citetitle>Non-Terminal DNS Name Redirection</citetitle>
<pubdate>August 1999</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC2845</abbrev>
<authorgroup>
- <author>
- <surname>Vixie</surname>
- <firstname>P.</firstname>
- </author>
- <author>
- <firstname>O.</firstname>
- <surname>Gudmundsson</surname>
- </author>
- <author>
- <firstname>D.</firstname>
- <surname>Eastlake</surname>
- <lineage>3rd</lineage>
- </author>
- <author>
- <firstname>B.</firstname>
- <surname>Wellington</surname>
- </author>
+ <author><personname><surname>Vixie</surname><firstname>P.</firstname></personname></author>
+ <author><personname><firstname>O.</firstname><surname>Gudmundsson</surname></personname></author>
+ <author><personname><firstname>D.</firstname><surname>Eastlake</surname><lineage>3rd</lineage></personname></author>
+ <author><personname><firstname>B.</firstname><surname>Wellington</surname></personname></author>
</authorgroup>
- <title>Secret Key Transaction Authentication for <acronym>DNS</acronym> (TSIG)</title>
+ <citetitle>Secret Key Transaction Authentication for <acronym>DNS</acronym> (TSIG)</citetitle>
<pubdate>May 2000</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC2930</abbrev>
<authorgroup>
- <author>
- <firstname>D.</firstname>
- <surname>Eastlake</surname>
- <lineage>3rd</lineage>
- </author>
+ <author><personname><firstname>D.</firstname><surname>Eastlake</surname><lineage>3rd</lineage></personname></author>
</authorgroup>
- <title>Secret Key Establishment for DNS (TKEY RR)</title>
+ <citetitle>Secret Key Establishment for DNS (TKEY RR)</citetitle>
<pubdate>September 2000</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC2931</abbrev>
<authorgroup>
- <author>
- <firstname>D.</firstname>
- <surname>Eastlake</surname>
- <lineage>3rd</lineage>
- </author>
+ <author><personname><firstname>D.</firstname><surname>Eastlake</surname><lineage>3rd</lineage></personname></author>
</authorgroup>
- <title>DNS Request and Transaction Signatures (SIG(0)s)</title>
+ <citetitle>DNS Request and Transaction Signatures (SIG(0)s)</citetitle>
<pubdate>September 2000</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC3007</abbrev>
<authorgroup>
- <author>
- <firstname>B.</firstname>
- <surname>Wellington</surname>
- </author>
+ <author><personname><firstname>B.</firstname><surname>Wellington</surname></personname></author>
</authorgroup>
- <title>Secure Domain Name System (DNS) Dynamic Update</title>
+ <citetitle>Secure Domain Name System (DNS) Dynamic Update</citetitle>
<pubdate>November 2000</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC3645</abbrev>
<authorgroup>
- <author>
- <firstname>S.</firstname>
- <surname>Kwan</surname>
- </author>
- <author>
- <firstname>P.</firstname>
- <surname>Garg</surname>
- </author>
- <author>
- <firstname>J.</firstname>
- <surname>Gilroy</surname>
- </author>
- <author>
- <firstname>L.</firstname>
- <surname>Esibov</surname>
- </author>
- <author>
- <firstname>J.</firstname>
- <surname>Westhead</surname>
- </author>
- <author>
- <firstname>R.</firstname>
- <surname>Hall</surname>
- </author>
+ <author><personname><firstname>S.</firstname><surname>Kwan</surname></personname></author>
+ <author><personname><firstname>P.</firstname><surname>Garg</surname></personname></author>
+ <author><personname><firstname>J.</firstname><surname>Gilroy</surname></personname></author>
+ <author><personname><firstname>L.</firstname><surname>Esibov</surname></personname></author>
+ <author><personname><firstname>J.</firstname><surname>Westhead</surname></personname></author>
+ <author><personname><firstname>R.</firstname><surname>Hall</surname></personname></author>
</authorgroup>
- <title>Generic Security Service Algorithm for Secret
+ <citetitle>Generic Security Service Algorithm for Secret
Key Transaction Authentication for DNS
- (GSS-TSIG)</title>
+ (GSS-TSIG)</citetitle>
<pubdate>October 2003</pubdate>
</biblioentry>
</bibliodiv>
- <bibliodiv>
- <title><acronym>DNS</acronym> Security Proposed Standards</title>
+ <bibliodiv><info><title><acronym>DNS</acronym> Security Proposed Standards</title></info>
+
<biblioentry>
<abbrev>RFC3225</abbrev>
<authorgroup>
- <author>
- <firstname>D.</firstname>
- <surname>Conrad</surname>
- </author>
+ <author><personname><firstname>D.</firstname><surname>Conrad</surname></personname></author>
</authorgroup>
- <title>Indicating Resolver Support of DNSSEC</title>
+ <citetitle>Indicating Resolver Support of DNSSEC</citetitle>
<pubdate>December 2001</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC3833</abbrev>
<authorgroup>
- <author>
- <firstname>D.</firstname>
- <surname>Atkins</surname>
- </author>
- <author>
- <firstname>R.</firstname>
- <surname>Austein</surname>
- </author>
+ <author><personname><firstname>D.</firstname><surname>Atkins</surname></personname></author>
+ <author><personname><firstname>R.</firstname><surname>Austein</surname></personname></author>
</authorgroup>
- <title>Threat Analysis of the Domain Name System (DNS)</title>
+ <citetitle>Threat Analysis of the Domain Name System (DNS)</citetitle>
<pubdate>August 2004</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC4033</abbrev>
<authorgroup>
- <author>
- <firstname>R.</firstname>
- <surname>Arends</surname>
- </author>
- <author>
- <firstname>R.</firstname>
- <surname>Austein</surname>
- </author>
- <author>
- <firstname>M.</firstname>
- <surname>Larson</surname>
- </author>
- <author>
- <firstname>D.</firstname>
- <surname>Massey</surname>
- </author>
- <author>
- <firstname>S.</firstname>
- <surname>Rose</surname>
- </author>
+ <author><personname><firstname>R.</firstname><surname>Arends</surname></personname></author>
+ <author><personname><firstname>R.</firstname><surname>Austein</surname></personname></author>
+ <author><personname><firstname>M.</firstname><surname>Larson</surname></personname></author>
+ <author><personname><firstname>D.</firstname><surname>Massey</surname></personname></author>
+ <author><personname><firstname>S.</firstname><surname>Rose</surname></personname></author>
</authorgroup>
- <title>DNS Security Introduction and Requirements</title>
+ <citetitle>DNS Security Introduction and Requirements</citetitle>
<pubdate>March 2005</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC4034</abbrev>
<authorgroup>
- <author>
- <firstname>R.</firstname>
- <surname>Arends</surname>
- </author>
- <author>
- <firstname>R.</firstname>
- <surname>Austein</surname>
- </author>
- <author>
- <firstname>M.</firstname>
- <surname>Larson</surname>
- </author>
- <author>
- <firstname>D.</firstname>
- <surname>Massey</surname>
- </author>
- <author>
- <firstname>S.</firstname>
- <surname>Rose</surname>
- </author>
+ <author><personname><firstname>R.</firstname><surname>Arends</surname></personname></author>
+ <author><personname><firstname>R.</firstname><surname>Austein</surname></personname></author>
+ <author><personname><firstname>M.</firstname><surname>Larson</surname></personname></author>
+ <author><personname><firstname>D.</firstname><surname>Massey</surname></personname></author>
+ <author><personname><firstname>S.</firstname><surname>Rose</surname></personname></author>
</authorgroup>
- <title>Resource Records for the DNS Security Extensions</title>
+ <citetitle>Resource Records for the DNS Security Extensions</citetitle>
<pubdate>March 2005</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC4035</abbrev>
<authorgroup>
- <author>
- <firstname>R.</firstname>
- <surname>Arends</surname>
- </author>
- <author>
- <firstname>R.</firstname>
- <surname>Austein</surname>
- </author>
- <author>
- <firstname>M.</firstname>
- <surname>Larson</surname>
- </author>
- <author>
- <firstname>D.</firstname>
- <surname>Massey</surname>
- </author>
- <author>
- <firstname>S.</firstname>
- <surname>Rose</surname>
- </author>
+ <author><personname><firstname>R.</firstname><surname>Arends</surname></personname></author>
+ <author><personname><firstname>R.</firstname><surname>Austein</surname></personname></author>
+ <author><personname><firstname>M.</firstname><surname>Larson</surname></personname></author>
+ <author><personname><firstname>D.</firstname><surname>Massey</surname></personname></author>
+ <author><personname><firstname>S.</firstname><surname>Rose</surname></personname></author>
</authorgroup>
- <title>Protocol Modifications for the DNS
- Security Extensions</title>
+ <citetitle>Protocol Modifications for the DNS
+ Security Extensions</citetitle>
<pubdate>March 2005</pubdate>
</biblioentry>
</bibliodiv>
- <bibliodiv>
- <title>Other Important RFCs About <acronym>DNS</acronym>
- Implementation</title>
+ <bibliodiv><info><title>Other Important RFCs About <acronym>DNS</acronym>
+ Implementation</title></info>
+
<biblioentry>
<abbrev>RFC1535</abbrev>
- <author>
- <surname>Gavron</surname>
- <firstname>E.</firstname>
- </author>
- <title>A Security Problem and Proposed Correction With Widely
- Deployed <acronym>DNS</acronym> Software.</title>
+ <author><personname><surname>Gavron</surname><firstname>E.</firstname></personname></author>
+ <citetitle>A Security Problem and Proposed Correction With Widely
+ Deployed <acronym>DNS</acronym> Software.</citetitle>
<pubdate>October 1993</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC1536</abbrev>
<authorgroup>
- <author>
- <surname>Kumar</surname>
- <firstname>A.</firstname>
- </author>
- <author>
- <firstname>J.</firstname>
- <surname>Postel</surname>
- </author>
- <author>
- <firstname>C.</firstname>
- <surname>Neuman</surname>
- </author>
- <author>
- <firstname>P.</firstname>
- <surname>Danzig</surname>
- </author>
- <author>
- <firstname>S.</firstname>
- <surname>Miller</surname>
- </author>
+ <author><personname><surname>Kumar</surname><firstname>A.</firstname></personname></author>
+ <author><personname><firstname>J.</firstname><surname>Postel</surname></personname></author>
+ <author><personname><firstname>C.</firstname><surname>Neuman</surname></personname></author>
+ <author><personname><firstname>P.</firstname><surname>Danzig</surname></personname></author>
+ <author><personname><firstname>S.</firstname><surname>Miller</surname></personname></author>
</authorgroup>
- <title>Common <acronym>DNS</acronym> Implementation
- Errors and Suggested Fixes</title>
+ <citetitle>Common <acronym>DNS</acronym> Implementation
+ Errors and Suggested Fixes</citetitle>
<pubdate>October 1993</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC1982</abbrev>
<authorgroup>
- <author>
- <surname>Elz</surname>
- <firstname>R.</firstname>
- </author>
- <author>
- <firstname>R.</firstname>
- <surname>Bush</surname>
- </author>
+ <author><personname><surname>Elz</surname><firstname>R.</firstname></personname></author>
+ <author><personname><firstname>R.</firstname><surname>Bush</surname></personname></author>
</authorgroup>
- <title>Serial Number Arithmetic</title>
+ <citetitle>Serial Number Arithmetic</citetitle>
<pubdate>August 1996</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC4074</abbrev>
<authorgroup>
- <author>
- <surname>Morishita</surname>
- <firstname>Y.</firstname>
- </author>
- <author>
- <firstname>T.</firstname>
- <surname>Jinmei</surname>
- </author>
+ <author><personname><surname>Morishita</surname><firstname>Y.</firstname></personname></author>
+ <author><personname><firstname>T.</firstname><surname>Jinmei</surname></personname></author>
</authorgroup>
- <title>Common Misbehaviour Against <acronym>DNS</acronym>
- Queries for IPv6 Addresses</title>
+ <citetitle>Common Misbehaviour Against <acronym>DNS</acronym>
+ Queries for IPv6 Addresses</citetitle>
<pubdate>May 2005</pubdate>
</biblioentry>
</bibliodiv>
- <bibliodiv>
- <title>Resource Record Types</title>
+ <bibliodiv><info><title>Resource Record Types</title></info>
+
<biblioentry>
<abbrev>RFC1183</abbrev>
<authorgroup>
- <author>
- <surname>Everhart</surname>
- <firstname>C.F.</firstname>
- </author>
- <author>
- <firstname>L. A.</firstname>
- <surname>Mamakos</surname>
- </author>
- <author>
- <firstname>R.</firstname>
- <surname>Ullmann</surname>
- </author>
- <author>
- <firstname>P.</firstname>
- <surname>Mockapetris</surname>
- </author>
+ <author><personname><surname>Everhart</surname><firstname>C.F.</firstname></personname></author>
+ <author><personname><firstname>L. A.</firstname><surname>Mamakos</surname></personname></author>
+ <author><personname><firstname>R.</firstname><surname>Ullmann</surname></personname></author>
+ <author><personname><firstname>P.</firstname><surname>Mockapetris</surname></personname></author>
</authorgroup>
- <title>New <acronym>DNS</acronym> RR Definitions</title>
+ <citetitle>New <acronym>DNS</acronym> RR Definitions</citetitle>
<pubdate>October 1990</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC1706</abbrev>
<authorgroup>
- <author>
- <surname>Manning</surname>
- <firstname>B.</firstname>
- </author>
- <author>
- <firstname>R.</firstname>
- <surname>Colella</surname>
- </author>
+ <author><personname><surname>Manning</surname><firstname>B.</firstname></personname></author>
+ <author><personname><firstname>R.</firstname><surname>Colella</surname></personname></author>
</authorgroup>
- <title><acronym>DNS</acronym> NSAP Resource Records</title>
+ <citetitle><acronym>DNS</acronym> NSAP Resource Records</citetitle>
<pubdate>October 1994</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC2168</abbrev>
<authorgroup>
- <author>
- <surname>Daniel</surname>
- <firstname>R.</firstname>
- </author>
- <author>
- <firstname>M.</firstname>
- <surname>Mealling</surname>
- </author>
+ <author><personname><surname>Daniel</surname><firstname>R.</firstname></personname></author>
+ <author><personname><firstname>M.</firstname><surname>Mealling</surname></personname></author>
</authorgroup>
- <title>Resolution of Uniform Resource Identifiers using
- the Domain Name System</title>
+ <citetitle>Resolution of Uniform Resource Identifiers using
+ the Domain Name System</citetitle>
<pubdate>June 1997</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC1876</abbrev>
<authorgroup>
- <author>
- <surname>Davis</surname>
- <firstname>C.</firstname>
- </author>
- <author>
- <firstname>P.</firstname>
- <surname>Vixie</surname>
- </author>
- <author>
- <firstname>T.</firstname>
- <firstname>Goodwin</firstname>
- </author>
- <author>
- <firstname>I.</firstname>
- <surname>Dickinson</surname>
- </author>
+ <author><personname><surname>Davis</surname><firstname>C.</firstname></personname></author>
+ <author><personname><firstname>P.</firstname><surname>Vixie</surname></personname></author>
+ <author><personname><firstname>T.</firstname><firstname>Goodwin</firstname></personname></author>
+ <author><personname><firstname>I.</firstname><surname>Dickinson</surname></personname></author>
</authorgroup>
- <title>A Means for Expressing Location Information in the
+ <citetitle>A Means for Expressing Location Information in the
Domain
- Name System</title>
+ Name System</citetitle>
<pubdate>January 1996</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC2052</abbrev>
<authorgroup>
- <author>
- <surname>Gulbrandsen</surname>
- <firstname>A.</firstname>
- </author>
- <author>
- <firstname>P.</firstname>
- <surname>Vixie</surname>
- </author>
+ <author><personname><surname>Gulbrandsen</surname><firstname>A.</firstname></personname></author>
+ <author><personname><firstname>P.</firstname><surname>Vixie</surname></personname></author>
</authorgroup>
- <title>A <acronym>DNS</acronym> RR for Specifying the
+ <citetitle>A <acronym>DNS</acronym> RR for Specifying the
Location of
- Services.</title>
+ Services.</citetitle>
<pubdate>October 1996</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC2163</abbrev>
- <author>
- <surname>Allocchio</surname>
- <firstname>A.</firstname>
- </author>
- <title>Using the Internet <acronym>DNS</acronym> to
+ <author><personname><surname>Allocchio</surname><firstname>A.</firstname></personname></author>
+ <citetitle>Using the Internet <acronym>DNS</acronym> to
Distribute MIXER
- Conformant Global Address Mapping</title>
+ Conformant Global Address Mapping</citetitle>
<pubdate>January 1998</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC2230</abbrev>
- <author>
- <surname>Atkinson</surname>
- <firstname>R.</firstname>
- </author>
- <title>Key Exchange Delegation Record for the <acronym>DNS</acronym></title>
+ <author><personname><surname>Atkinson</surname><firstname>R.</firstname></personname></author>
+ <citetitle>Key Exchange Delegation Record for the <acronym>DNS</acronym></citetitle>
<pubdate>October 1997</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC2536</abbrev>
- <author>
- <surname>Eastlake</surname>
- <firstname>D.</firstname>
- <lineage>3rd</lineage>
- </author>
- <title>DSA KEYs and SIGs in the Domain Name System (DNS)</title>
+ <author><personname><surname>Eastlake</surname><firstname>D.</firstname><lineage>3rd</lineage></personname></author>
+ <citetitle>DSA KEYs and SIGs in the Domain Name System (DNS)</citetitle>
<pubdate>March 1999</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC2537</abbrev>
- <author>
- <surname>Eastlake</surname>
- <firstname>D.</firstname>
- <lineage>3rd</lineage>
- </author>
- <title>RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)</title>
+ <author><personname><surname>Eastlake</surname><firstname>D.</firstname><lineage>3rd</lineage></personname></author>
+ <citetitle>RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)</citetitle>
<pubdate>March 1999</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC2538</abbrev>
<authorgroup>
- <author>
- <surname>Eastlake</surname>
- <firstname>D.</firstname>
- <lineage>3rd</lineage>
- </author>
- <author>
- <surname>Gudmundsson</surname>
- <firstname>O.</firstname>
- </author>
+ <author><personname><surname>Eastlake</surname><firstname>D.</firstname><lineage>3rd</lineage></personname></author>
+ <author><personname><surname>Gudmundsson</surname><firstname>O.</firstname></personname></author>
</authorgroup>
- <title>Storing Certificates in the Domain Name System (DNS)</title>
+ <citetitle>Storing Certificates in the Domain Name System (DNS)</citetitle>
<pubdate>March 1999</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC2539</abbrev>
<authorgroup>
- <author>
- <surname>Eastlake</surname>
- <firstname>D.</firstname>
- <lineage>3rd</lineage>
- </author>
+ <author><personname><surname>Eastlake</surname><firstname>D.</firstname><lineage>3rd</lineage></personname></author>
</authorgroup>
- <title>Storage of Diffie-Hellman Keys in the Domain Name System (DNS)</title>
+ <citetitle>Storage of Diffie-Hellman Keys in the Domain Name System (DNS)</citetitle>
<pubdate>March 1999</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC2540</abbrev>
<authorgroup>
- <author>
- <surname>Eastlake</surname>
- <firstname>D.</firstname>
- <lineage>3rd</lineage>
- </author>
+ <author><personname><surname>Eastlake</surname><firstname>D.</firstname><lineage>3rd</lineage></personname></author>
</authorgroup>
- <title>Detached Domain Name System (DNS) Information</title>
+ <citetitle>Detached Domain Name System (DNS) Information</citetitle>
<pubdate>March 1999</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC2782</abbrev>
- <author>
- <surname>Gulbrandsen</surname>
- <firstname>A.</firstname>
- </author>
- <author>
- <surname>Vixie</surname>
- <firstname>P.</firstname>
- </author>
- <author>
- <surname>Esibov</surname>
- <firstname>L.</firstname>
- </author>
- <title>A DNS RR for specifying the location of services (DNS SRV)</title>
+ <author><personname><surname>Gulbrandsen</surname><firstname>A.</firstname></personname></author>
+ <author><personname><surname>Vixie</surname><firstname>P.</firstname></personname></author>
+ <author><personname><surname>Esibov</surname><firstname>L.</firstname></personname></author>
+ <citetitle>A DNS RR for specifying the location of services (DNS SRV)</citetitle>
<pubdate>February 2000</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC2915</abbrev>
- <author>
- <surname>Mealling</surname>
- <firstname>M.</firstname>
- </author>
- <author>
- <surname>Daniel</surname>
- <firstname>R.</firstname>
- </author>
- <title>The Naming Authority Pointer (NAPTR) DNS Resource Record</title>
+ <author><personname><surname>Mealling</surname><firstname>M.</firstname></personname></author>
+ <author><personname><surname>Daniel</surname><firstname>R.</firstname></personname></author>
+ <citetitle>The Naming Authority Pointer (NAPTR) DNS Resource Record</citetitle>
<pubdate>September 2000</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC3110</abbrev>
- <author>
- <surname>Eastlake</surname>
- <firstname>D.</firstname>
- <lineage>3rd</lineage>
- </author>
- <title>RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)</title>
+ <author><personname><surname>Eastlake</surname><firstname>D.</firstname><lineage>3rd</lineage></personname></author>
+ <citetitle>RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)</citetitle>
<pubdate>May 2001</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC3123</abbrev>
- <author>
- <surname>Koch</surname>
- <firstname>P.</firstname>
- </author>
- <title>A DNS RR Type for Lists of Address Prefixes (APL RR)</title>
+ <author><personname><surname>Koch</surname><firstname>P.</firstname></personname></author>
+ <citetitle>A DNS RR Type for Lists of Address Prefixes (APL RR)</citetitle>
<pubdate>June 2001</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC3596</abbrev>
<authorgroup>
- <author>
- <surname>Thomson</surname>
- <firstname>S.</firstname>
- </author>
- <author>
- <firstname>C.</firstname>
- <surname>Huitema</surname>
- </author>
- <author>
- <firstname>V.</firstname>
- <surname>Ksinant</surname>
- </author>
- <author>
- <firstname>M.</firstname>
- <surname>Souissi</surname>
- </author>
+ <author><personname><surname>Thomson</surname><firstname>S.</firstname></personname></author>
+ <author><personname><firstname>C.</firstname><surname>Huitema</surname></personname></author>
+ <author><personname><firstname>V.</firstname><surname>Ksinant</surname></personname></author>
+ <author><personname><firstname>M.</firstname><surname>Souissi</surname></personname></author>
</authorgroup>
- <title><acronym>DNS</acronym> Extensions to support IP
- version 6</title>
+ <citetitle><acronym>DNS</acronym> Extensions to support IP
+ version 6</citetitle>
<pubdate>October 2003</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC3597</abbrev>
- <author>
- <surname>Gustafsson</surname>
- <firstname>A.</firstname>
- </author>
- <title>Handling of Unknown DNS Resource Record (RR) Types</title>
+ <author><personname><surname>Gustafsson</surname><firstname>A.</firstname></personname></author>
+ <citetitle>Handling of Unknown DNS Resource Record (RR) Types</citetitle>
<pubdate>September 2003</pubdate>
</biblioentry>
</bibliodiv>
- <bibliodiv>
- <title><acronym>DNS</acronym> and the Internet</title>
+ <bibliodiv><info><title><acronym>DNS</acronym> and the Internet</title></info>
+
<biblioentry>
<abbrev>RFC1101</abbrev>
- <author>
- <surname>Mockapetris</surname>
- <firstname>P. V.</firstname>
- </author>
- <title><acronym>DNS</acronym> Encoding of Network Names
- and Other Types</title>
+ <author><personname><surname>Mockapetris</surname><firstname>P. V.</firstname></personname></author>
+ <citetitle><acronym>DNS</acronym> Encoding of Network Names
+ and Other Types</citetitle>
<pubdate>April 1989</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC1123</abbrev>
- <author>
- <surname>Braden</surname>
- <surname>R.</surname>
- </author>
- <title>Requirements for Internet Hosts - Application and
- Support</title>
+ <author><personname><surname>Braden</surname><surname>R.</surname></personname></author>
+ <citetitle>Requirements for Internet Hosts - Application and
+ Support</citetitle>
<pubdate>October 1989</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC1591</abbrev>
- <author>
- <surname>Postel</surname>
- <firstname>J.</firstname>
- </author>
- <title>Domain Name System Structure and Delegation</title>
+ <author><personname><surname>Postel</surname><firstname>J.</firstname></personname></author>
+ <citetitle>Domain Name System Structure and Delegation</citetitle>
<pubdate>March 1994</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC2317</abbrev>
<authorgroup>
- <author>
- <surname>Eidnes</surname>
- <firstname>H.</firstname>
- </author>
- <author>
- <firstname>G.</firstname>
- <surname>de Groot</surname>
- </author>
- <author>
- <firstname>P.</firstname>
- <surname>Vixie</surname>
- </author>
+ <author><personname><surname>Eidnes</surname><firstname>H.</firstname></personname></author>
+ <author><personname><firstname>G.</firstname><surname>de Groot</surname></personname></author>
+ <author><personname><firstname>P.</firstname><surname>Vixie</surname></personname></author>
</authorgroup>
- <title>Classless IN-ADDR.ARPA Delegation</title>
+ <citetitle>Classless IN-ADDR.ARPA Delegation</citetitle>
<pubdate>March 1998</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC2826</abbrev>
<authorgroup>
- <author>
- <surname>Internet Architecture Board</surname>
- </author>
+ <author><personname><surname>Internet Architecture Board</surname></personname></author>
</authorgroup>
- <title>IAB Technical Comment on the Unique DNS Root</title>
+ <citetitle>IAB Technical Comment on the Unique DNS Root</citetitle>
<pubdate>May 2000</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC2929</abbrev>
<authorgroup>
- <author>
- <surname>Eastlake</surname>
- <firstname>D.</firstname>
- <lineage>3rd</lineage>
- </author>
- <author>
- <surname>Brunner-Williams</surname>
- <firstname>E.</firstname>
- </author>
- <author>
- <surname>Manning</surname>
- <firstname>B.</firstname>
- </author>
+ <author><personname><surname>Eastlake</surname><firstname>D.</firstname><lineage>3rd</lineage></personname></author>
+ <author><personname><surname>Brunner-Williams</surname><firstname>E.</firstname></personname></author>
+ <author><personname><surname>Manning</surname><firstname>B.</firstname></personname></author>
</authorgroup>
- <title>Domain Name System (DNS) IANA Considerations</title>
+ <citetitle>Domain Name System (DNS) IANA Considerations</citetitle>
<pubdate>September 2000</pubdate>
</biblioentry>
</bibliodiv>
- <bibliodiv>
- <title><acronym>DNS</acronym> Operations</title>
+ <bibliodiv><info><title><acronym>DNS</acronym> Operations</title></info>
+
<biblioentry>
<abbrev>RFC1033</abbrev>
- <author>
- <surname>Lottor</surname>
- <firstname>M.</firstname>
- </author>
- <title>Domain administrators operations guide.</title>
+ <author><personname><surname>Lottor</surname><firstname>M.</firstname></personname></author>
+ <citetitle>Domain administrators operations guide.</citetitle>
<pubdate>November 1987</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC1537</abbrev>
- <author>
- <surname>Beertema</surname>
- <firstname>P.</firstname>
- </author>
- <title>Common <acronym>DNS</acronym> Data File
- Configuration Errors</title>
+ <author><personname><surname>Beertema</surname><firstname>P.</firstname></personname></author>
+ <citetitle>Common <acronym>DNS</acronym> Data File
+ Configuration Errors</citetitle>
<pubdate>October 1993</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC1912</abbrev>
- <author>
- <surname>Barr</surname>
- <firstname>D.</firstname>
- </author>
- <title>Common <acronym>DNS</acronym> Operational and
- Configuration Errors</title>
+ <author><personname><surname>Barr</surname><firstname>D.</firstname></personname></author>
+ <citetitle>Common <acronym>DNS</acronym> Operational and
+ Configuration Errors</citetitle>
<pubdate>February 1996</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC2010</abbrev>
<authorgroup>
- <author>
- <surname>Manning</surname>
- <firstname>B.</firstname>
- </author>
- <author>
- <firstname>P.</firstname>
- <surname>Vixie</surname>
- </author>
+ <author><personname><surname>Manning</surname><firstname>B.</firstname></personname></author>
+ <author><personname><firstname>P.</firstname><surname>Vixie</surname></personname></author>
</authorgroup>
- <title>Operational Criteria for Root Name Servers.</title>
+ <citetitle>Operational Criteria for Root Name Servers.</citetitle>
<pubdate>October 1996</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC2219</abbrev>
<authorgroup>
- <author>
- <surname>Hamilton</surname>
- <firstname>M.</firstname>
- </author>
- <author>
- <firstname>R.</firstname>
- <surname>Wright</surname>
- </author>
+ <author><personname><surname>Hamilton</surname><firstname>M.</firstname></personname></author>
+ <author><personname><firstname>R.</firstname><surname>Wright</surname></personname></author>
</authorgroup>
- <title>Use of <acronym>DNS</acronym> Aliases for
- Network Services.</title>
+ <citetitle>Use of <acronym>DNS</acronym> Aliases for
+ Network Services.</citetitle>
<pubdate>October 1997</pubdate>
</biblioentry>
</bibliodiv>
- <bibliodiv>
- <title>Internationalized Domain Names</title>
+ <bibliodiv><info><title>Internationalized Domain Names</title></info>
+
<biblioentry>
<abbrev>RFC2825</abbrev>
<authorgroup>
- <author>
- <surname>IAB</surname>
- </author>
- <author>
- <surname>Daigle</surname>
- <firstname>R.</firstname>
- </author>
+ <author><personname><surname>IAB</surname></personname></author>
+ <author><personname><surname>Daigle</surname><firstname>R.</firstname></personname></author>
</authorgroup>
- <title>A Tangled Web: Issues of I18N, Domain Names,
- and the Other Internet protocols</title>
+ <citetitle>A Tangled Web: Issues of I18N, Domain Names,
+ and the Other Internet protocols</citetitle>
<pubdate>May 2000</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC3490</abbrev>
<authorgroup>
- <author>
- <surname>Faltstrom</surname>
- <firstname>P.</firstname>
- </author>
- <author>
- <surname>Hoffman</surname>
- <firstname>P.</firstname>
- </author>
- <author>
- <surname>Costello</surname>
- <firstname>A.</firstname>
- </author>
+ <author><personname><surname>Faltstrom</surname><firstname>P.</firstname></personname></author>
+ <author><personname><surname>Hoffman</surname><firstname>P.</firstname></personname></author>
+ <author><personname><surname>Costello</surname><firstname>A.</firstname></personname></author>
</authorgroup>
- <title>Internationalizing Domain Names in Applications (IDNA)</title>
+ <citetitle>Internationalizing Domain Names in Applications (IDNA)</citetitle>
<pubdate>March 2003</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC3491</abbrev>
<authorgroup>
- <author>
- <surname>Hoffman</surname>
- <firstname>P.</firstname>
- </author>
- <author>
- <surname>Blanchet</surname>
- <firstname>M.</firstname>
- </author>
+ <author><personname><surname>Hoffman</surname><firstname>P.</firstname></personname></author>
+ <author><personname><surname>Blanchet</surname><firstname>M.</firstname></personname></author>
</authorgroup>
- <title>Nameprep: A Stringprep Profile for Internationalized Domain Names</title>
+ <citetitle>Nameprep: A Stringprep Profile for Internationalized Domain Names</citetitle>
<pubdate>March 2003</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC3492</abbrev>
<authorgroup>
- <author>
- <surname>Costello</surname>
- <firstname>A.</firstname>
- </author>
+ <author><personname><surname>Costello</surname><firstname>A.</firstname></personname></author>
</authorgroup>
- <title>Punycode: A Bootstring encoding of Unicode
+ <citetitle>Punycode: A Bootstring encoding of Unicode
for Internationalized Domain Names in
- Applications (IDNA)</title>
+ Applications (IDNA)</citetitle>
<pubdate>March 2003</pubdate>
</biblioentry>
</bibliodiv>
- <bibliodiv>
- <title>Other <acronym>DNS</acronym>-related RFCs</title>
+ <bibliodiv><info><title>Other <acronym>DNS</acronym>-related RFCs</title></info>
+
<note>
<para>
Note: the following list of RFCs, although
@@ -17196,165 +16540,108 @@ zone "example.com" {
</note>
<biblioentry>
<abbrev>RFC1464</abbrev>
- <author>
- <surname>Rosenbaum</surname>
- <firstname>R.</firstname>
- </author>
- <title>Using the Domain Name System To Store Arbitrary String
- Attributes</title>
+ <author><personname><surname>Rosenbaum</surname><firstname>R.</firstname></personname></author>
+ <citetitle>Using the Domain Name System To Store Arbitrary String
+ Attributes</citetitle>
<pubdate>May 1993</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC1713</abbrev>
- <author>
- <surname>Romao</surname>
- <firstname>A.</firstname>
- </author>
- <title>Tools for <acronym>DNS</acronym> Debugging</title>
+ <author><personname><surname>Romao</surname><firstname>A.</firstname></personname></author>
+ <citetitle>Tools for <acronym>DNS</acronym> Debugging</citetitle>
<pubdate>November 1994</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC1794</abbrev>
- <author>
- <surname>Brisco</surname>
- <firstname>T.</firstname>
- </author>
- <title><acronym>DNS</acronym> Support for Load
- Balancing</title>
+ <author><personname><surname>Brisco</surname><firstname>T.</firstname></personname></author>
+ <citetitle><acronym>DNS</acronym> Support for Load
+ Balancing</citetitle>
<pubdate>April 1995</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC2240</abbrev>
- <author>
- <surname>Vaughan</surname>
- <firstname>O.</firstname>
- </author>
- <title>A Legal Basis for Domain Name Allocation</title>
+ <author><personname><surname>Vaughan</surname><firstname>O.</firstname></personname></author>
+ <citetitle>A Legal Basis for Domain Name Allocation</citetitle>
<pubdate>November 1997</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC2345</abbrev>
<authorgroup>
- <author>
- <surname>Klensin</surname>
- <firstname>J.</firstname>
- </author>
- <author>
- <firstname>T.</firstname>
- <surname>Wolf</surname>
- </author>
- <author>
- <firstname>G.</firstname>
- <surname>Oglesby</surname>
- </author>
+ <author><personname><surname>Klensin</surname><firstname>J.</firstname></personname></author>
+ <author><personname><firstname>T.</firstname><surname>Wolf</surname></personname></author>
+ <author><personname><firstname>G.</firstname><surname>Oglesby</surname></personname></author>
</authorgroup>
- <title>Domain Names and Company Name Retrieval</title>
+ <citetitle>Domain Names and Company Name Retrieval</citetitle>
<pubdate>May 1998</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC2352</abbrev>
- <author>
- <surname>Vaughan</surname>
- <firstname>O.</firstname>
- </author>
- <title>A Convention For Using Legal Names as Domain Names</title>
+ <author><personname><surname>Vaughan</surname><firstname>O.</firstname></personname></author>
+ <citetitle>A Convention For Using Legal Names as Domain Names</citetitle>
<pubdate>May 1998</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC3071</abbrev>
<authorgroup>
- <author>
- <surname>Klensin</surname>
- <firstname>J.</firstname>
- </author>
+ <author><personname><surname>Klensin</surname><firstname>J.</firstname></personname></author>
</authorgroup>
- <title>Reflections on the DNS, RFC 1591, and Categories of Domains</title>
+ <citetitle>Reflections on the DNS, RFC 1591, and Categories of Domains</citetitle>
<pubdate>February 2001</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC3258</abbrev>
<authorgroup>
- <author>
- <surname>Hardie</surname>
- <firstname>T.</firstname>
- </author>
+ <author><personname><surname>Hardie</surname><firstname>T.</firstname></personname></author>
</authorgroup>
- <title>Distributing Authoritative Name Servers via
- Shared Unicast Addresses</title>
+ <citetitle>Distributing Authoritative Name Servers via
+ Shared Unicast Addresses</citetitle>
<pubdate>April 2002</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC3901</abbrev>
<authorgroup>
- <author>
- <surname>Durand</surname>
- <firstname>A.</firstname>
- </author>
- <author>
- <firstname>J.</firstname>
- <surname>Ihren</surname>
- </author>
+ <author><personname><surname>Durand</surname><firstname>A.</firstname></personname></author>
+ <author><personname><firstname>J.</firstname><surname>Ihren</surname></personname></author>
</authorgroup>
- <title>DNS IPv6 Transport Operational Guidelines</title>
+ <citetitle>DNS IPv6 Transport Operational Guidelines</citetitle>
<pubdate>September 2004</pubdate>
</biblioentry>
</bibliodiv>
- <bibliodiv>
- <title>Obsolete and Unimplemented Experimental RFC</title>
+ <bibliodiv><info><title>Obsolete and Unimplemented Experimental RFC</title></info>
+
<biblioentry>
<abbrev>RFC1712</abbrev>
<authorgroup>
- <author>
- <surname>Farrell</surname>
- <firstname>C.</firstname>
- </author>
- <author>
- <firstname>M.</firstname>
- <surname>Schulze</surname>
- </author>
- <author>
- <firstname>S.</firstname>
- <surname>Pleitner</surname>
- </author>
- <author>
- <firstname>D.</firstname>
- <surname>Baldoni</surname>
- </author>
+ <author><personname><surname>Farrell</surname><firstname>C.</firstname></personname></author>
+ <author><personname><firstname>M.</firstname><surname>Schulze</surname></personname></author>
+ <author><personname><firstname>S.</firstname><surname>Pleitner</surname></personname></author>
+ <author><personname><firstname>D.</firstname><surname>Baldoni</surname></personname></author>
</authorgroup>
- <title><acronym>DNS</acronym> Encoding of Geographical
- Location</title>
+ <citetitle><acronym>DNS</acronym> Encoding of Geographical
+ Location</citetitle>
<pubdate>November 1994</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC2673</abbrev>
<authorgroup>
- <author>
- <surname>Crawford</surname>
- <firstname>M.</firstname>
- </author>
+ <author><personname><surname>Crawford</surname><firstname>M.</firstname></personname></author>
</authorgroup>
- <title>Binary Labels in the Domain Name System</title>
+ <citetitle>Binary Labels in the Domain Name System</citetitle>
<pubdate>August 1999</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC2874</abbrev>
<authorgroup>
- <author>
- <surname>Crawford</surname>
- <firstname>M.</firstname>
- </author>
- <author>
- <surname>Huitema</surname>
- <firstname>C.</firstname>
- </author>
+ <author><personname><surname>Crawford</surname><firstname>M.</firstname></personname></author>
+ <author><personname><surname>Huitema</surname><firstname>C.</firstname></personname></author>
</authorgroup>
- <title>DNS Extensions to Support IPv6 Address Aggregation
- and Renumbering</title>
+ <citetitle>DNS Extensions to Support IPv6 Address Aggregation
+ and Renumbering</citetitle>
<pubdate>July 2000</pubdate>
</biblioentry>
</bibliodiv>
- <bibliodiv>
- <title>Obsoleted DNS Security RFCs</title>
+ <bibliodiv><info><title>Obsoleted DNS Security RFCs</title></info>
+
<note>
<para>
Most of these have been consolidated into RFC4033,
@@ -17364,152 +16651,101 @@ zone "example.com" {
<biblioentry>
<abbrev>RFC2065</abbrev>
<authorgroup>
- <author>
- <surname>Eastlake</surname>
- <lineage>3rd</lineage>
- <firstname>D.</firstname>
- </author>
- <author>
- <firstname>C.</firstname>
- <surname>Kaufman</surname>
- </author>
+ <author><personname><surname>Eastlake</surname><lineage>3rd</lineage><firstname>D.</firstname></personname></author>
+ <author><personname><firstname>C.</firstname><surname>Kaufman</surname></personname></author>
</authorgroup>
- <title>Domain Name System Security Extensions</title>
+ <citetitle>Domain Name System Security Extensions</citetitle>
<pubdate>January 1997</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC2137</abbrev>
- <author>
- <surname>Eastlake</surname>
- <lineage>3rd</lineage>
- <firstname>D.</firstname>
- </author>
- <title>Secure Domain Name System Dynamic Update</title>
+ <author><personname><surname>Eastlake</surname><lineage>3rd</lineage><firstname>D.</firstname></personname></author>
+ <citetitle>Secure Domain Name System Dynamic Update</citetitle>
<pubdate>April 1997</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC2535</abbrev>
<authorgroup>
- <author>
- <surname>Eastlake</surname>
- <lineage>3rd</lineage>
- <firstname>D.</firstname>
- </author>
+ <author><personname><surname>Eastlake</surname><lineage>3rd</lineage><firstname>D.</firstname></personname></author>
</authorgroup>
- <title>Domain Name System Security Extensions</title>
+ <citetitle>Domain Name System Security Extensions</citetitle>
<pubdate>March 1999</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC3008</abbrev>
<authorgroup>
- <author>
- <surname>Wellington</surname>
- <firstname>B.</firstname>
- </author>
+ <author><personname><surname>Wellington</surname><firstname>B.</firstname></personname></author>
</authorgroup>
- <title>Domain Name System Security (DNSSEC)
- Signing Authority</title>
+ <citetitle>Domain Name System Security (DNSSEC)
+ Signing Authority</citetitle>
<pubdate>November 2000</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC3090</abbrev>
<authorgroup>
- <author>
- <surname>Lewis</surname>
- <firstname>E.</firstname>
- </author>
+ <author><personname><surname>Lewis</surname><firstname>E.</firstname></personname></author>
</authorgroup>
- <title>DNS Security Extension Clarification on Zone Status</title>
+ <citetitle>DNS Security Extension Clarification on Zone Status</citetitle>
<pubdate>March 2001</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC3445</abbrev>
<authorgroup>
- <author>
- <surname>Massey</surname>
- <firstname>D.</firstname>
- </author>
- <author>
- <surname>Rose</surname>
- <firstname>S.</firstname>
- </author>
+ <author><personname><surname>Massey</surname><firstname>D.</firstname></personname></author>
+ <author><personname><surname>Rose</surname><firstname>S.</firstname></personname></author>
</authorgroup>
- <title>Limiting the Scope of the KEY Resource Record (RR)</title>
+ <citetitle>Limiting the Scope of the KEY Resource Record (RR)</citetitle>
<pubdate>December 2002</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC3655</abbrev>
<authorgroup>
- <author>
- <surname>Wellington</surname>
- <firstname>B.</firstname>
- </author>
- <author>
- <surname>Gudmundsson</surname>
- <firstname>O.</firstname>
- </author>
+ <author><personname><surname>Wellington</surname><firstname>B.</firstname></personname></author>
+ <author><personname><surname>Gudmundsson</surname><firstname>O.</firstname></personname></author>
</authorgroup>
- <title>Redefinition of DNS Authenticated Data (AD) bit</title>
+ <citetitle>Redefinition of DNS Authenticated Data (AD) bit</citetitle>
<pubdate>November 2003</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC3658</abbrev>
<authorgroup>
- <author>
- <surname>Gudmundsson</surname>
- <firstname>O.</firstname>
- </author>
+ <author><personname><surname>Gudmundsson</surname><firstname>O.</firstname></personname></author>
</authorgroup>
- <title>Delegation Signer (DS) Resource Record (RR)</title>
+ <citetitle>Delegation Signer (DS) Resource Record (RR)</citetitle>
<pubdate>December 2003</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC3755</abbrev>
<authorgroup>
- <author>
- <surname>Weiler</surname>
- <firstname>S.</firstname>
- </author>
+ <author><personname><surname>Weiler</surname><firstname>S.</firstname></personname></author>
</authorgroup>
- <title>Legacy Resolver Compatibility for Delegation Signer (DS)</title>
+ <citetitle>Legacy Resolver Compatibility for Delegation Signer (DS)</citetitle>
<pubdate>May 2004</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC3757</abbrev>
<authorgroup>
- <author>
- <surname>Kolkman</surname>
- <firstname>O.</firstname>
- </author>
- <author>
- <surname>Schlyter</surname>
- <firstname>J.</firstname>
- </author>
- <author>
- <surname>Lewis</surname>
- <firstname>E.</firstname>
- </author>
+ <author><personname><surname>Kolkman</surname><firstname>O.</firstname></personname></author>
+ <author><personname><surname>Schlyter</surname><firstname>J.</firstname></personname></author>
+ <author><personname><surname>Lewis</surname><firstname>E.</firstname></personname></author>
</authorgroup>
- <title>Domain Name System KEY (DNSKEY) Resource Record
- (RR) Secure Entry Point (SEP) Flag</title>
+ <citetitle>Domain Name System KEY (DNSKEY) Resource Record
+ (RR) Secure Entry Point (SEP) Flag</citetitle>
<pubdate>April 2004</pubdate>
</biblioentry>
<biblioentry>
<abbrev>RFC3845</abbrev>
<authorgroup>
- <author>
- <surname>Schlyter</surname>
- <firstname>J.</firstname>
- </author>
+ <author><personname><surname>Schlyter</surname><firstname>J.</firstname></personname></author>
</authorgroup>
- <title>DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format</title>
+ <citetitle>DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format</citetitle>
<pubdate>August 2004</pubdate>
</biblioentry>
</bibliodiv>
</bibliography>
- </sect2>
- <sect2 id="internet_drafts">
- <title>Internet Drafts</title>
+ </section>
+ <section xml:id="internet_drafts"><info><title>Internet Drafts</title></info>
+
<para>
Internet Drafts (IDs) are rough-draft working documents of
the Internet Engineering Task Force. They are, in essence, RFCs
@@ -17520,71 +16756,59 @@ zone "example.com" {
they are "works in progress." IDs have a lifespan of six months
after which they are deleted unless updated by their authors.
</para>
- </sect2>
- <sect2>
- <title>Other Documents About <acronym>BIND</acronym></title>
+ </section>
+ <section xml:id="more_about_bind"><info><title>Other Documents About <acronym>BIND</acronym></title></info>
+
<para/>
<bibliography>
<biblioentry>
<authorgroup>
- <author>
- <surname>Albitz</surname>
- <firstname>Paul</firstname>
- </author>
- <author>
- <firstname>Cricket</firstname>
- <surname>Liu</surname>
- </author>
+ <author><personname><surname>Albitz</surname><firstname>Paul</firstname></personname></author>
+ <author><personname><firstname>Cricket</firstname><surname>Liu</surname></personname></author>
</authorgroup>
- <title><acronym>DNS</acronym> and <acronym>BIND</acronym></title>
+ <citetitle><acronym>DNS</acronym> and <acronym>BIND</acronym></citetitle>
<copyright>
<year>1998</year>
<holder>Sebastopol, CA: O'Reilly and Associates</holder>
</copyright>
</biblioentry>
</bibliography>
- </sect2>
- </sect1>
+ </section>
+ </section>
</appendix>
- <appendix id="Bv9ARM.ch12">
- <title>BIND 9 DNS Library Support</title>
- <xi:include href="libdns.xml"/>
+ <appendix xml:id="Bv9ARM.ch12"><info><title>BIND 9 DNS Library Support</title></info>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="libdns.xml"/>
</appendix>
- <reference id="Bv9ARM.ch13">
- <title>Manual pages</title>
- <xi:include href="../../bin/dig/dig.docbook"/>
- <xi:include href="../../bin/dig/host.docbook"/>
- <xi:include href="../../bin/python/dnssec-checkds.docbook"/>
- <xi:include href="../../bin/python/dnssec-coverage.docbook"/>
- <xi:include href="../../bin/dnssec/dnssec-dsfromkey.docbook"/>
- <xi:include href="../../bin/dnssec/dnssec-keyfromlabel.docbook"/>
- <xi:include href="../../bin/dnssec/dnssec-keygen.docbook"/>
- <xi:include href="../../bin/dnssec/dnssec-revoke.docbook"/>
- <xi:include href="../../bin/dnssec/dnssec-settime.docbook"/>
- <xi:include href="../../bin/dnssec/dnssec-signzone.docbook"/>
- <xi:include href="../../bin/dnssec/dnssec-verify.docbook"/>
- <xi:include href="../../bin/check/named-checkconf.docbook"/>
- <xi:include href="../../bin/check/named-checkzone.docbook"/>
- <xi:include href="../../bin/named/named.docbook"/>
- <xi:include href="../../bin/tools/named-journalprint.docbook"/>
- <!-- named.conf.docbook and others? -->
- <xi:include href="../../bin/nsupdate/nsupdate.docbook"/>
- <xi:include href="../../bin/rndc/rndc.docbook"/>
- <xi:include href="../../bin/rndc/rndc.conf.docbook"/>
- <xi:include href="../../bin/confgen/rndc-confgen.docbook"/>
- <xi:include href="../../bin/confgen/ddns-confgen.docbook"/>
- <xi:include href="../../bin/tools/arpaname.docbook"/>
- <xi:include href="../../bin/tools/genrandom.docbook"/>
- <xi:include href="../../bin/tools/isc-hmac-fixup.docbook"/>
- <xi:include href="../../bin/tools/nsec3hash.docbook"/>
+ <reference xml:id="Bv9ARM.ch13"><info><title>Manual pages</title></info>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../bin/dig/dig.docbook"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../bin/dig/host.docbook"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../bin/python/dnssec-checkds.docbook"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../bin/python/dnssec-coverage.docbook"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../bin/dnssec/dnssec-dsfromkey.docbook"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../bin/dnssec/dnssec-importkey.docbook"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../bin/dnssec/dnssec-keyfromlabel.docbook"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../bin/dnssec/dnssec-keygen.docbook"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../bin/dnssec/dnssec-revoke.docbook"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../bin/dnssec/dnssec-settime.docbook"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../bin/dnssec/dnssec-signzone.docbook"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../bin/dnssec/dnssec-verify.docbook"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../bin/check/named-checkconf.docbook"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../bin/check/named-checkzone.docbook"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../bin/named/named.docbook"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../bin/named/named.conf.docbook"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../bin/named/lwresd.docbook"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../bin/tools/named-journalprint.docbook"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../bin/nsupdate/nsupdate.docbook"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../bin/rndc/rndc.docbook"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../bin/rndc/rndc.conf.docbook"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../bin/confgen/rndc-confgen.docbook"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../bin/confgen/ddns-confgen.docbook"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../bin/tools/arpaname.docbook"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../bin/tools/genrandom.docbook"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../bin/tools/isc-hmac-fixup.docbook"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../bin/tools/nsec3hash.docbook"/>
</reference>
</book>
-
-<!--
- - Local variables:
- - mode: sgml
- - End:
- -->
diff --git a/doc/arm/Bv9ARM.ch01.html b/doc/arm/Bv9ARM.ch01.html
index 2d25f2702990..ea1407325e45 100644
--- a/doc/arm/Bv9ARM.ch01.html
+++ b/doc/arm/Bv9ARM.ch01.html
@@ -14,13 +14,12 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Chapter 1. Introduction</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
+<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="prev" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="next" href="Bv9ARM.ch02.html" title="Chapter 2. BIND Resource Requirements">
@@ -39,23 +38,23 @@
</table>
<hr>
</div>
-<div class="chapter" lang="en">
-<div class="titlepage"><div><div><h2 class="title">
-<a name="Bv9ARM.ch01"></a>Chapter 1. Introduction</h2></div></div></div>
+<div class="chapter">
+<div class="titlepage"><div><div><h1 class="title">
+<a name="Bv9ARM.ch01"></a>Chapter 1. Introduction</h1></div></div></div>
<div class="toc">
<p><b>Table of Contents</b></p>
-<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2563509">Scope of Document</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2563533">Organization of This Document</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564629">Conventions Used in This Document</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564810">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
+<dl class="toc">
+<dt><span class="section"><a href="Bv9ARM.ch01.html#doc_scope">Scope of Document</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch01.html#organization">Organization of This Document</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch01.html#conventions">Conventions Used in This Document</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch01.html#dns_overview">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564832">DNS Fundamentals</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564934">Domains and Domain Names</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567271">Zones</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567348">Authoritative Name Servers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567589">Caching Name Servers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567651">Name Servers in Multiple Roles</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch01.html#dns_fundamentals">DNS Fundamentals</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch01.html#domain_names">Domains and Domain Names</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch01.html#zones">Zones</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch01.html#auth_servers">Authoritative Name Servers</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch01.html#cache_servers">Caching Name Servers</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch01.html#multi_role">Name Servers in Multiple Roles</a></span></dt>
</dl></dd>
</dl>
</div>
@@ -69,9 +68,9 @@
group of distributed
hierarchical databases.
</p>
-<div class="sect1" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2563509"></a>Scope of Document</h2></div></div></div>
+<a name="doc_scope"></a>Scope of Document</h2></div></div></div>
<p>
The Berkeley Internet Name Domain
(<acronym class="acronym">BIND</acronym>) implements a
@@ -83,9 +82,9 @@
</p>
<p>This version of the manual corresponds to BIND version 9.9.</p>
</div>
-<div class="sect1" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2563533"></a>Organization of This Document</h2></div></div></div>
+<a name="organization"></a>Organization of This Document</h2></div></div></div>
<p>
In this document, <span class="emphasis"><em>Chapter 1</em></span> introduces
the basic <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym> concepts. <span class="emphasis"><em>Chapter 2</em></span>
@@ -112,17 +111,17 @@
System.
</p>
</div>
-<div class="sect1" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2564629"></a>Conventions Used in This Document</h2></div></div></div>
+<a name="conventions"></a>Conventions Used in This Document</h2></div></div></div>
<p>
In this document, we use the following general typographic
conventions:
</p>
<div class="informaltable"><table border="1">
<colgroup>
-<col>
-<col>
+<col width="3.000in" class="1">
+<col width="2.625in" class="2">
</colgroup>
<tbody>
<tr>
@@ -182,8 +181,8 @@
<acronym class="acronym">BIND</acronym> configuration file:</p>
<div class="informaltable"><table border="1">
<colgroup>
-<col>
-<col>
+<col width="3.000in" class="1">
+<col width="2.625in" class="2">
</colgroup>
<tbody>
<tr>
@@ -239,9 +238,9 @@
<p>
</p>
</div>
-<div class="sect1" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2564810"></a>The Domain Name System (<acronym class="acronym">DNS</acronym>)</h2></div></div></div>
+<a name="dns_overview"></a>The Domain Name System (<acronym class="acronym">DNS</acronym>)</h2></div></div></div>
<p>
The purpose of this document is to explain the installation
and upkeep of the <acronym class="acronym">BIND</acronym> (Berkeley Internet
@@ -249,9 +248,9 @@
begin by reviewing the fundamentals of the Domain Name System
(<acronym class="acronym">DNS</acronym>) as they relate to <acronym class="acronym">BIND</acronym>.
</p>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2564832"></a>DNS Fundamentals</h3></div></div></div>
+<a name="dns_fundamentals"></a>DNS Fundamentals</h3></div></div></div>
<p>
The Domain Name System (DNS) is a hierarchical, distributed
database. It stores information for mapping Internet host names to
@@ -265,15 +264,15 @@
more <span class="emphasis"><em>name servers</em></span> and interprets the responses.
The <acronym class="acronym">BIND</acronym> 9 software distribution
contains a
- name server, <span><strong class="command">named</strong></span>, and a resolver
- library, <span><strong class="command">liblwres</strong></span>. The older
- <span><strong class="command">libbind</strong></span> resolver library is also available
+ name server, <span class="command"><strong>named</strong></span>, and a resolver
+ library, <span class="command"><strong>liblwres</strong></span>. The older
+ <span class="command"><strong>libbind</strong></span> resolver library is also available
from ISC as a separate download.
</p>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2564934"></a>Domains and Domain Names</h3></div></div></div>
+<a name="domain_names"></a>Domains and Domain Names</h3></div></div></div>
<p>
The data stored in the DNS is identified by <span class="emphasis"><em>domain names</em></span> that are organized as a tree according to
organizational or administrative boundaries. Each node of the tree,
@@ -309,17 +308,17 @@
The data associated with each domain name is stored in the
form of <span class="emphasis"><em>resource records</em></span> (<acronym class="acronym">RR</acronym>s).
Some of the supported resource record types are described in
- <a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them" title="Types of Resource Records and When to Use Them">the section called &#8220;Types of Resource Records and When to Use Them&#8221;</a>.
+ <a class="xref" href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them" title="Types of Resource Records and When to Use Them">the section called &#8220;Types of Resource Records and When to Use Them&#8221;</a>.
</p>
<p>
For more detailed information about the design of the DNS and
the DNS protocol, please refer to the standards documents listed in
- <a href="Bv9ARM.ch11.html#rfcs" title="Request for Comments (RFCs)">the section called &#8220;Request for Comments (RFCs)&#8221;</a>.
+ <a class="xref" href="Bv9ARM.ch11.html#rfcs" title="Request for Comments (RFCs)">the section called &#8220;Request for Comments (RFCs)&#8221;</a>.
</p>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2567271"></a>Zones</h3></div></div></div>
+<a name="zones"></a>Zones</h3></div></div></div>
<p>
To properly operate a name server, it is important to understand
the difference between a <span class="emphasis"><em>zone</em></span>
@@ -370,9 +369,9 @@
actually asking for slave service for some collection of zones.
</p>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2567348"></a>Authoritative Name Servers</h3></div></div></div>
+<a name="auth_servers"></a>Authoritative Name Servers</h3></div></div></div>
<p>
Each zone is served by at least
one <span class="emphasis"><em>authoritative name server</em></span>,
@@ -385,11 +384,11 @@
Responses from authoritative servers have the "authoritative
answer" (AA) bit set in the response packets. This makes them
easy to identify when debugging DNS configurations using tools like
- <span><strong class="command">dig</strong></span> (<a href="Bv9ARM.ch03.html#diagnostic_tools" title="Diagnostic Tools">the section called &#8220;Diagnostic Tools&#8221;</a>).
+ <span class="command"><strong>dig</strong></span> (<a class="xref" href="Bv9ARM.ch03.html#diagnostic_tools" title="Diagnostic Tools">the section called &#8220;Diagnostic Tools&#8221;</a>).
</p>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2567371"></a>The Primary Master</h4></div></div></div>
+<a name="primary_master"></a>The Primary Master</h4></div></div></div>
<p>
The authoritative server where the master copy of the zone
data is maintained is called the
@@ -407,9 +406,9 @@
<span class="emphasis"><em>dynamic update</em></span> operations.
</p>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2567401"></a>Slave Servers</h4></div></div></div>
+<a name="slave_server"></a>Slave Servers</h4></div></div></div>
<p>
The other authoritative servers, the <span class="emphasis"><em>slave</em></span>
servers (also known as <span class="emphasis"><em>secondary</em></span> servers)
@@ -423,9 +422,9 @@
may itself act as a master to a subordinate slave server.
</p>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2567422"></a>Stealth Servers</h4></div></div></div>
+<a name="stealth_server"></a>Stealth Servers</h4></div></div></div>
<p>
Usually all of the zone's authoritative servers are listed in
NS records in the parent zone. These NS records constitute
@@ -458,9 +457,9 @@
</p>
</div>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2567589"></a>Caching Name Servers</h3></div></div></div>
+<a name="cache_servers"></a>Caching Name Servers</h3></div></div></div>
<p>
The resolver libraries provided by most operating systems are
<span class="emphasis"><em>stub resolvers</em></span>, meaning that they are not
@@ -485,9 +484,9 @@
the cache of a caching name server is controlled by the
Time To Live (TTL) field associated with each resource record.
</p>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2567624"></a>Forwarding</h4></div></div></div>
+<a name="forwarder"></a>Forwarding</h4></div></div></div>
<p>
Even a caching name server does not necessarily perform
the complete recursive lookup itself. Instead, it can
@@ -512,9 +511,9 @@
</p>
</div>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2567651"></a>Name Servers in Multiple Roles</h3></div></div></div>
+<a name="multi_role"></a>Name Servers in Multiple Roles</h3></div></div></div>
<p>
The <acronym class="acronym">BIND</acronym> name server can
simultaneously act as
@@ -556,6 +555,6 @@
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.9.8-P4 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/Bv9ARM.ch02.html b/doc/arm/Bv9ARM.ch02.html
index 3500ab4d6456..8f65b88b8e1c 100644
--- a/doc/arm/Bv9ARM.ch02.html
+++ b/doc/arm/Bv9ARM.ch02.html
@@ -14,13 +14,12 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Chapter 2. BIND Resource Requirements</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
+<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="prev" href="Bv9ARM.ch01.html" title="Chapter 1. Introduction">
<link rel="next" href="Bv9ARM.ch03.html" title="Chapter 3. Name Server Configuration">
@@ -39,22 +38,22 @@
</table>
<hr>
</div>
-<div class="chapter" lang="en">
-<div class="titlepage"><div><div><h2 class="title">
-<a name="Bv9ARM.ch02"></a>Chapter 2. <acronym class="acronym">BIND</acronym> Resource Requirements</h2></div></div></div>
+<div class="chapter">
+<div class="titlepage"><div><div><h1 class="title">
+<a name="Bv9ARM.ch02"></a>Chapter 2. <acronym class="acronym">BIND</acronym> Resource Requirements</h1></div></div></div>
<div class="toc">
<p><b>Table of Contents</b></p>
-<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567685">Hardware requirements</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567712">CPU Requirements</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567793">Memory Requirements</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567819">Name Server Intensive Environment Issues</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567830">Supported Operating Systems</a></span></dt>
+<dl class="toc">
+<dt><span class="section"><a href="Bv9ARM.ch02.html#hw_req">Hardware requirements</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch02.html#cpu_req">CPU Requirements</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch02.html#mem_req">Memory Requirements</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch02.html#intensive_env">Name Server Intensive Environment Issues</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch02.html#supported_os">Supported Operating Systems</a></span></dt>
</dl>
</div>
-<div class="sect1" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2567685"></a>Hardware requirements</h2></div></div></div>
+<a name="hw_req"></a>Hardware requirements</h2></div></div></div>
<p>
<acronym class="acronym">DNS</acronym> hardware requirements have
traditionally been quite modest.
@@ -71,9 +70,9 @@
multiprocessor systems for installations that need it.
</p>
</div>
-<div class="sect1" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2567712"></a>CPU Requirements</h2></div></div></div>
+<a name="cpu_req"></a>CPU Requirements</h2></div></div></div>
<p>
CPU requirements for <acronym class="acronym">BIND</acronym> 9 range from
i486-class machines
@@ -82,18 +81,18 @@
signed zones, serving many thousands of queries per second.
</p>
</div>
-<div class="sect1" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2567793"></a>Memory Requirements</h2></div></div></div>
+<a name="mem_req"></a>Memory Requirements</h2></div></div></div>
<p>
The memory of the server has to be large enough to fit the
- cache and zones loaded off disk. The <span><strong class="command">max-cache-size</strong></span>
+ cache and zones loaded off disk. The <span class="command"><strong>max-cache-size</strong></span>
option can be used to limit the amount of memory used by the cache,
at the expense of reducing cache hit rates and causing more <acronym class="acronym">DNS</acronym>
traffic.
Additionally, if additional section caching
- (<a href="Bv9ARM.ch06.html#acache" title="Additional Section Caching">the section called &#8220;Additional Section Caching&#8221;</a>) is enabled,
- the <span><strong class="command">max-acache-size</strong></span> option can be used to
+ (<a class="xref" href="Bv9ARM.ch06.html#acache" title="Additional Section Caching">the section called &#8220;Additional Section Caching&#8221;</a>) is enabled,
+ the <span class="command"><strong>max-acache-size</strong></span> option can be used to
limit the amount
of memory used by the mechanism.
It is still good practice to have enough memory to load
@@ -105,9 +104,9 @@
fast as they are being inserted.
</p>
</div>
-<div class="sect1" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2567819"></a>Name Server Intensive Environment Issues</h2></div></div></div>
+<a name="intensive_env"></a>Name Server Intensive Environment Issues</h2></div></div></div>
<p>
For name server intensive environments, there are two alternative
configurations that may be used. The first is where clients and
@@ -122,9 +121,9 @@
as none of the name servers share their cached data.
</p>
</div>
-<div class="sect1" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2567830"></a>Supported Operating Systems</h2></div></div></div>
+<a name="supported_os"></a>Supported Operating Systems</h2></div></div></div>
<p>
ISC <acronym class="acronym">BIND</acronym> 9 compiles and runs on a large
number
@@ -154,6 +153,6 @@
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.9.8-P4 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/Bv9ARM.ch03.html b/doc/arm/Bv9ARM.ch03.html
index 0131e301179e..fa809476210d 100644
--- a/doc/arm/Bv9ARM.ch03.html
+++ b/doc/arm/Bv9ARM.ch03.html
@@ -14,13 +14,12 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Chapter 3. Name Server Configuration</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
+<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="prev" href="Bv9ARM.ch02.html" title="Chapter 2. BIND Resource Requirements">
<link rel="next" href="Bv9ARM.ch04.html" title="Chapter 4. Advanced DNS Features">
@@ -39,22 +38,22 @@
</table>
<hr>
</div>
-<div class="chapter" lang="en">
-<div class="titlepage"><div><div><h2 class="title">
-<a name="Bv9ARM.ch03"></a>Chapter 3. Name Server Configuration</h2></div></div></div>
+<div class="chapter">
+<div class="titlepage"><div><div><h1 class="title">
+<a name="Bv9ARM.ch03"></a>Chapter 3. Name Server Configuration</h1></div></div></div>
<div class="toc">
<p><b>Table of Contents</b></p>
-<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch03.html#sample_configuration">Sample Configurations</a></span></dt>
+<dl class="toc">
+<dt><span class="section"><a href="Bv9ARM.ch03.html#sample_configuration">Sample Configurations</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567998">A Caching-only Name Server</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568014">An Authoritative-only Name Server</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch03.html#cache_only_sample">A Caching-only Name Server</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch03.html#auth_only_sample">An Authoritative-only Name Server</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568037">Load Balancing</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568391">Name Server Operations</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch03.html#load_balancing">Load Balancing</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch03.html#ns_operations">Name Server Operations</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568396">Tools for Use With the Name Server Daemon</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2569449">Signals</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch03.html#tools">Tools for Use With the Name Server Daemon</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch03.html#signals">Signals</a></span></dt>
</dl></dd>
</dl>
</div>
@@ -63,17 +62,17 @@
with guidelines for their use. We suggest reasonable values for
certain option settings.
</p>
-<div class="sect1" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="sample_configuration"></a>Sample Configurations</h2></div></div></div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2567998"></a>A Caching-only Name Server</h3></div></div></div>
+<a name="cache_only_sample"></a>A Caching-only Name Server</h3></div></div></div>
<p>
The following sample configuration is appropriate for a caching-only
name server for use by clients internal to a corporation. All
queries
- from outside clients are refused using the <span><strong class="command">allow-query</strong></span>
+ from outside clients are refused using the <span class="command"><strong>allow-query</strong></span>
option. Alternatively, the same effect could be achieved using
suitable
firewall rules.
@@ -96,9 +95,9 @@ zone "0.0.127.in-addr.arpa" {
};
</pre>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2568014"></a>An Authoritative-only Name Server</h3></div></div></div>
+<a name="auth_only_sample"></a>An Authoritative-only Name Server</h3></div></div></div>
<p>
This sample configuration is for an authoritative-only server
that is the master server for "<code class="filename">example.com</code>"
@@ -144,9 +143,9 @@ zone "eng.example.com" {
</pre>
</div>
</div>
-<div class="sect1" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2568037"></a>Load Balancing</h2></div></div></div>
+<a name="load_balancing"></a>Load Balancing</h2></div></div></div>
<p>
A primitive form of load balancing can be achieved in
the <acronym class="acronym">DNS</acronym> by using multiple records
@@ -160,11 +159,11 @@ zone "eng.example.com" {
</p>
<div class="informaltable"><table border="1">
<colgroup>
-<col>
-<col>
-<col>
-<col>
-<col>
+<col width="0.875in" class="1">
+<col width="0.500in" class="2">
+<col width="0.750in" class="3">
+<col width="0.750in" class="4">
+<col width="2.028in" class="5">
</colgroup>
<tbody>
<tr>
@@ -282,38 +281,38 @@ zone "eng.example.com" {
</p>
<p>
For more detail on ordering responses, check the
- <span><strong class="command">rrset-order</strong></span> sub-statement in the
- <span><strong class="command">options</strong></span> statement, see
- <a href="Bv9ARM.ch06.html#rrset_ordering">RRset Ordering</a>.
+ <span class="command"><strong>rrset-order</strong></span> sub-statement in the
+ <span class="command"><strong>options</strong></span> statement, see
+ <a class="xref" href="Bv9ARM.ch06.html#rrset_ordering" title="RRset Ordering">RRset Ordering</a>.
</p>
</div>
-<div class="sect1" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2568391"></a>Name Server Operations</h2></div></div></div>
-<div class="sect2" lang="en">
+<a name="ns_operations"></a>Name Server Operations</h2></div></div></div>
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2568396"></a>Tools for Use With the Name Server Daemon</h3></div></div></div>
+<a name="tools"></a>Tools for Use With the Name Server Daemon</h3></div></div></div>
<p>
This section describes several indispensable diagnostic,
administrative and monitoring tools available to the system
administrator for controlling and debugging the name server
daemon.
</p>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
<a name="diagnostic_tools"></a>Diagnostic Tools</h4></div></div></div>
<p>
- The <span><strong class="command">dig</strong></span>, <span><strong class="command">host</strong></span>, and
- <span><strong class="command">nslookup</strong></span> programs are all command
+ The <span class="command"><strong>dig</strong></span>, <span class="command"><strong>host</strong></span>, and
+ <span class="command"><strong>nslookup</strong></span> programs are all command
line tools
for manually querying name servers. They differ in style and
output format.
</p>
-<div class="variablelist"><dl>
-<dt><span class="term"><a name="dig"></a><span><strong class="command">dig</strong></span></span></dt>
+<div class="variablelist"><dl class="variablelist">
+<dt><span class="term"><a name="dig"></a><span class="command"><strong>dig</strong></span></span></dt>
<dd>
<p>
- The domain information groper (<span><strong class="command">dig</strong></span>)
+ The domain information groper (<span class="command"><strong>dig</strong></span>)
is the most versatile and complete of these lookup tools.
It has two modes: simple interactive
mode for a single query, and batch mode which executes a
@@ -324,21 +323,21 @@ zone "eng.example.com" {
</p>
<div class="cmdsynopsis"><p><code class="command">dig</code> [@<em class="replaceable"><code>server</code></em>] <em class="replaceable"><code>domain</code></em> [<em class="replaceable"><code>query-type</code></em>] [<em class="replaceable"><code>query-class</code></em>] [+<em class="replaceable"><code>query-option</code></em>] [-<em class="replaceable"><code>dig-option</code></em>] [%<em class="replaceable"><code>comment</code></em>]</p></div>
<p>
- The usual simple use of <span><strong class="command">dig</strong></span> will take the form
+ The usual simple use of <span class="command"><strong>dig</strong></span> will take the form
</p>
-<p>
- <span><strong class="command">dig @server domain query-type query-class</strong></span>
+<p class="simpara">
+ <span class="command"><strong>dig @server domain query-type query-class</strong></span>
</p>
<p>
For more information and a list of available commands and
- options, see the <span><strong class="command">dig</strong></span> man
+ options, see the <span class="command"><strong>dig</strong></span> man
page.
</p>
</dd>
-<dt><span class="term"><span><strong class="command">host</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>host</strong></span></span></dt>
<dd>
<p>
- The <span><strong class="command">host</strong></span> utility emphasizes
+ The <span class="command"><strong>host</strong></span> utility emphasizes
simplicity
and ease of use. By default, it converts
between host names and Internet addresses, but its
@@ -348,13 +347,13 @@ zone "eng.example.com" {
<div class="cmdsynopsis"><p><code class="command">host</code> [-aCdlnrsTwv] [-c <em class="replaceable"><code>class</code></em>] [-N <em class="replaceable"><code>ndots</code></em>] [-t <em class="replaceable"><code>type</code></em>] [-W <em class="replaceable"><code>timeout</code></em>] [-R <em class="replaceable"><code>retries</code></em>] [-m <em class="replaceable"><code>flag</code></em>] [-4] [-6] <em class="replaceable"><code>hostname</code></em> [<em class="replaceable"><code>server</code></em>]</p></div>
<p>
For more information and a list of available commands and
- options, see the <span><strong class="command">host</strong></span> man
+ options, see the <span class="command"><strong>host</strong></span> man
page.
</p>
</dd>
-<dt><span class="term"><span><strong class="command">nslookup</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>nslookup</strong></span></span></dt>
<dd>
-<p><span><strong class="command">nslookup</strong></span>
+<p><span class="command"><strong>nslookup</strong></span>
has two modes: interactive and
non-interactive. Interactive mode allows the user to
query name servers for information about various
@@ -382,144 +381,143 @@ zone "eng.example.com" {
</p>
<p>
Due to its arcane user interface and frequently inconsistent
- behavior, we do not recommend the use of <span><strong class="command">nslookup</strong></span>.
- Use <span><strong class="command">dig</strong></span> instead.
+ behavior, we do not recommend the use of <span class="command"><strong>nslookup</strong></span>.
+ Use <span class="command"><strong>dig</strong></span> instead.
</p>
</dd>
</dl></div>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
<a name="admin_tools"></a>Administrative Tools</h4></div></div></div>
<p>
Administrative tools play an integral part in the management
of a server.
</p>
-<div class="variablelist"><dl>
+<div class="variablelist"><dl class="variablelist">
<dt>
-<a name="named-checkconf"></a><span class="term"><span><strong class="command">named-checkconf</strong></span></span>
+<a name="named-checkconf"></a><span class="term"><span class="command"><strong>named-checkconf</strong></span></span>
</dt>
<dd>
<p>
- The <span><strong class="command">named-checkconf</strong></span> program
+ The <span class="command"><strong>named-checkconf</strong></span> program
checks the syntax of a <code class="filename">named.conf</code> file.
</p>
<div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [-jvz] [-t <em class="replaceable"><code>directory</code></em>] [<em class="replaceable"><code>filename</code></em>]</p></div>
</dd>
<dt>
-<a name="named-checkzone"></a><span class="term"><span><strong class="command">named-checkzone</strong></span></span>
+<a name="named-checkzone"></a><span class="term"><span class="command"><strong>named-checkzone</strong></span></span>
</dt>
<dd>
<p>
- The <span><strong class="command">named-checkzone</strong></span> program
+ The <span class="command"><strong>named-checkzone</strong></span> program
checks a master file for
syntax and consistency.
</p>
<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [-djqvD] [-c <em class="replaceable"><code>class</code></em>] [-o <em class="replaceable"><code>output</code></em>] [-t <em class="replaceable"><code>directory</code></em>] [-w <em class="replaceable"><code>directory</code></em>] [-k <em class="replaceable"><code>(ignore|warn|fail)</code></em>] [-n <em class="replaceable"><code>(ignore|warn|fail)</code></em>] [-W <em class="replaceable"><code>(ignore|warn)</code></em>] <em class="replaceable"><code>zone</code></em> [<em class="replaceable"><code>filename</code></em>]</p></div>
</dd>
<dt>
-<a name="named-compilezone"></a><span class="term"><span><strong class="command">named-compilezone</strong></span></span>
+<a name="named-compilezone"></a><span class="term"><span class="command"><strong>named-compilezone</strong></span></span>
</dt>
<dd><p>
- Similar to <span><strong class="command">named-checkzone,</strong></span> but
+ Similar to <span class="command"><strong>named-checkzone,</strong></span> but
it always dumps the zone content to a specified file
(typically in a different format).
</p></dd>
<dt>
-<a name="rndc"></a><span class="term"><span><strong class="command">rndc</strong></span></span>
+<a name="rndc"></a><span class="term"><span class="command"><strong>rndc</strong></span></span>
</dt>
<dd>
<p>
The remote name daemon control
- (<span><strong class="command">rndc</strong></span>) program allows the
+ (<span class="command"><strong>rndc</strong></span>) program allows the
system
administrator to control the operation of a name server.
- Since <acronym class="acronym">BIND</acronym> 9.2, <span><strong class="command">rndc</strong></span>
- supports all the commands of the BIND 8 <span><strong class="command">ndc</strong></span>
- utility except <span><strong class="command">ndc start</strong></span> and
- <span><strong class="command">ndc restart</strong></span>, which were also
- not supported in <span><strong class="command">ndc</strong></span>'s
+ Since <acronym class="acronym">BIND</acronym> 9.2, <span class="command"><strong>rndc</strong></span>
+ supports all the commands of the BIND 8 <span class="command"><strong>ndc</strong></span>
+ utility except <span class="command"><strong>ndc start</strong></span> and
+ <span class="command"><strong>ndc restart</strong></span>, which were also
+ not supported in <span class="command"><strong>ndc</strong></span>'s
channel mode.
- If you run <span><strong class="command">rndc</strong></span> without any
+ If you run <span class="command"><strong>rndc</strong></span> without any
options
it will display a usage message as follows:
</p>
<div class="cmdsynopsis"><p><code class="command">rndc</code> [-c <em class="replaceable"><code>config</code></em>] [-s <em class="replaceable"><code>server</code></em>] [-p <em class="replaceable"><code>port</code></em>] [-y <em class="replaceable"><code>key</code></em>] <em class="replaceable"><code>command</code></em> [<em class="replaceable"><code>command</code></em>...]</p></div>
-<p>See <a href="man.rndc.html" title="rndc"><span class="refentrytitle"><span class="application">rndc</span></span>(8)</a> for details of
- the available <span><strong class="command">rndc</strong></span> commands.
+<p>See <a class="xref" href="man.rndc.html" title="rndc"><span class="refentrytitle"><span class="application">rndc</span></span>(8)</a> for details of
+ the available <span class="command"><strong>rndc</strong></span> commands.
</p>
<p>
- <span><strong class="command">rndc</strong></span> requires a configuration file,
+ <span class="command"><strong>rndc</strong></span> requires a configuration file,
since all
communication with the server is authenticated with
digital signatures that rely on a shared secret, and
there is no way to provide that secret other than with a
configuration file. The default location for the
- <span><strong class="command">rndc</strong></span> configuration file is
+ <span class="command"><strong>rndc</strong></span> configuration file is
<code class="filename">/etc/rndc.conf</code>, but an
alternate
location can be specified with the <code class="option">-c</code>
option. If the configuration file is not found,
- <span><strong class="command">rndc</strong></span> will also look in
+ <span class="command"><strong>rndc</strong></span> will also look in
<code class="filename">/etc/rndc.key</code> (or whatever
<code class="varname">sysconfdir</code> was defined when
the <acronym class="acronym">BIND</acronym> build was
configured).
The <code class="filename">rndc.key</code> file is
generated by
- running <span><strong class="command">rndc-confgen -a</strong></span> as
+ running <span class="command"><strong>rndc-confgen -a</strong></span> as
described in
- <a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage" title="controls Statement Definition and
- Usage">the section called &#8220;<span><strong class="command">controls</strong></span> Statement Definition and
+ <a class="xref" href="Bv9ARM.ch06.html#controls_statement_definition_and_usage" title="controls Statement Definition and Usage">the section called &#8220;<span class="command"><strong>controls</strong></span> Statement Definition and
Usage&#8221;</a>.
</p>
<p>
The format of the configuration file is similar to
that of <code class="filename">named.conf</code>, but
limited to
- only four statements, the <span><strong class="command">options</strong></span>,
- <span><strong class="command">key</strong></span>, <span><strong class="command">server</strong></span> and
- <span><strong class="command">include</strong></span>
+ only four statements, the <span class="command"><strong>options</strong></span>,
+ <span class="command"><strong>key</strong></span>, <span class="command"><strong>server</strong></span> and
+ <span class="command"><strong>include</strong></span>
statements. These statements are what associate the
secret keys to the servers with which they are meant to
be shared. The order of statements is not
significant.
</p>
<p>
- The <span><strong class="command">options</strong></span> statement has
+ The <span class="command"><strong>options</strong></span> statement has
three clauses:
- <span><strong class="command">default-server</strong></span>, <span><strong class="command">default-key</strong></span>,
- and <span><strong class="command">default-port</strong></span>.
- <span><strong class="command">default-server</strong></span> takes a
+ <span class="command"><strong>default-server</strong></span>, <span class="command"><strong>default-key</strong></span>,
+ and <span class="command"><strong>default-port</strong></span>.
+ <span class="command"><strong>default-server</strong></span> takes a
host name or address argument and represents the server
that will
be contacted if no <code class="option">-s</code>
option is provided on the command line.
- <span><strong class="command">default-key</strong></span> takes
- the name of a key as its argument, as defined by a <span><strong class="command">key</strong></span> statement.
- <span><strong class="command">default-port</strong></span> specifies the
+ <span class="command"><strong>default-key</strong></span> takes
+ the name of a key as its argument, as defined by a <span class="command"><strong>key</strong></span> statement.
+ <span class="command"><strong>default-port</strong></span> specifies the
port to which
- <span><strong class="command">rndc</strong></span> should connect if no
+ <span class="command"><strong>rndc</strong></span> should connect if no
port is given on the command line or in a
- <span><strong class="command">server</strong></span> statement.
+ <span class="command"><strong>server</strong></span> statement.
</p>
<p>
- The <span><strong class="command">key</strong></span> statement defines a
+ The <span class="command"><strong>key</strong></span> statement defines a
key to be used
- by <span><strong class="command">rndc</strong></span> when authenticating
+ by <span class="command"><strong>rndc</strong></span> when authenticating
with
- <span><strong class="command">named</strong></span>. Its syntax is
+ <span class="command"><strong>named</strong></span>. Its syntax is
identical to the
- <span><strong class="command">key</strong></span> statement in <code class="filename">named.conf</code>.
+ <span class="command"><strong>key</strong></span> statement in <code class="filename">named.conf</code>.
The keyword <strong class="userinput"><code>key</code></strong> is
followed by a key name, which must be a valid
domain name, though it need not actually be hierarchical;
thus,
a string like "<strong class="userinput"><code>rndc_key</code></strong>" is a valid
name.
- The <span><strong class="command">key</strong></span> statement has two
+ The <span class="command"><strong>key</strong></span> statement has two
clauses:
- <span><strong class="command">algorithm</strong></span> and <span><strong class="command">secret</strong></span>.
+ <span class="command"><strong>algorithm</strong></span> and <span class="command"><strong>secret</strong></span>.
While the configuration parser will accept any string as the
argument
to algorithm, currently only the string "<strong class="userinput"><code>hmac-md5</code></strong>"
@@ -527,18 +525,18 @@ zone "eng.example.com" {
as specified in RFC 3548.
</p>
<p>
- The <span><strong class="command">server</strong></span> statement
+ The <span class="command"><strong>server</strong></span> statement
associates a key
- defined using the <span><strong class="command">key</strong></span>
+ defined using the <span class="command"><strong>key</strong></span>
statement with a server.
The keyword <strong class="userinput"><code>server</code></strong> is followed by a
- host name or address. The <span><strong class="command">server</strong></span> statement
- has two clauses: <span><strong class="command">key</strong></span> and <span><strong class="command">port</strong></span>.
- The <span><strong class="command">key</strong></span> clause specifies the
+ host name or address. The <span class="command"><strong>server</strong></span> statement
+ has two clauses: <span class="command"><strong>key</strong></span> and <span class="command"><strong>port</strong></span>.
+ The <span class="command"><strong>key</strong></span> clause specifies the
name of the key
to be used when communicating with this server, and the
- <span><strong class="command">port</strong></span> clause can be used to
- specify the port <span><strong class="command">rndc</strong></span> should
+ <span class="command"><strong>port</strong></span> clause can be used to
+ specify the port <span class="command"><strong>rndc</strong></span> should
connect
to on the server.
</p>
@@ -580,15 +578,15 @@ controls {
<code class="literal">rndc_key</code>.
</p>
<p>
- Running the <span><strong class="command">rndc-confgen</strong></span>
+ Running the <span class="command"><strong>rndc-confgen</strong></span>
program will
conveniently create a <code class="filename">rndc.conf</code>
file for you, and also display the
- corresponding <span><strong class="command">controls</strong></span>
+ corresponding <span class="command"><strong>controls</strong></span>
statement that you need to
add to <code class="filename">named.conf</code>.
Alternatively,
- you can run <span><strong class="command">rndc-confgen -a</strong></span>
+ you can run <span class="command"><strong>rndc-confgen -a</strong></span>
to set up
a <code class="filename">rndc.key</code> file and not
modify
@@ -598,23 +596,23 @@ controls {
</dl></div>
</div>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2569449"></a>Signals</h3></div></div></div>
+<a name="signals"></a>Signals</h3></div></div></div>
<p>
Certain UNIX signals cause the name server to take specific
actions, as described in the following table. These signals can
- be sent using the <span><strong class="command">kill</strong></span> command.
+ be sent using the <span class="command"><strong>kill</strong></span> command.
</p>
<div class="informaltable"><table border="1">
<colgroup>
-<col>
-<col>
+<col width="1.125in" class="1">
+<col width="4.000in" class="2">
</colgroup>
<tbody>
<tr>
<td>
- <p><span><strong class="command">SIGHUP</strong></span></p>
+ <p><span class="command"><strong>SIGHUP</strong></span></p>
</td>
<td>
<p>
@@ -625,7 +623,7 @@ controls {
</tr>
<tr>
<td>
- <p><span><strong class="command">SIGTERM</strong></span></p>
+ <p><span class="command"><strong>SIGTERM</strong></span></p>
</td>
<td>
<p>
@@ -635,7 +633,7 @@ controls {
</tr>
<tr>
<td>
- <p><span><strong class="command">SIGINT</strong></span></p>
+ <p><span class="command"><strong>SIGINT</strong></span></p>
</td>
<td>
<p>
@@ -665,6 +663,6 @@ controls {
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.9.8-P4 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/Bv9ARM.ch04.html b/doc/arm/Bv9ARM.ch04.html
index 429f7b59f3c3..fc56caf65b4b 100644
--- a/doc/arm/Bv9ARM.ch04.html
+++ b/doc/arm/Bv9ARM.ch04.html
@@ -14,13 +14,12 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Chapter 4. Advanced DNS Features</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
+<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="prev" href="Bv9ARM.ch03.html" title="Chapter 3. Name Server Configuration">
<link rel="next" href="Bv9ARM.ch05.html" title="Chapter 5. The BIND 9 Lightweight Resolver">
@@ -39,100 +38,101 @@
</table>
<hr>
</div>
-<div class="chapter" lang="en">
-<div class="titlepage"><div><div><h2 class="title">
-<a name="Bv9ARM.ch04"></a>Chapter 4. Advanced DNS Features</h2></div></div></div>
+<div class="chapter">
+<div class="titlepage"><div><div><h1 class="title">
+<a name="Bv9ARM.ch04"></a>Chapter 4. Advanced DNS Features</h1></div></div></div>
<div class="toc">
<p><b>Table of Contents</b></p>
-<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#notify">Notify</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dynamic_update">Dynamic Update</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#journal">The journal file</a></span></dt></dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#incremental_zone_transfers">Incremental Zone Transfers (IXFR)</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2564237">Split DNS</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564256">Example split DNS setup</a></span></dt></dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#tsig">TSIG</a></span></dt>
+<dl class="toc">
+<dt><span class="section"><a href="Bv9ARM.ch04.html#notify">Notify</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#dynamic_update">Dynamic Update</a></span></dt>
+<dd><dl><dt><span class="section"><a href="Bv9ARM.ch04.html#journal">The journal file</a></span></dt></dl></dd>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#incremental_zone_transfers">Incremental Zone Transfers (IXFR)</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#split_dns">Split DNS</a></span></dt>
+<dd><dl><dt><span class="section"><a href="Bv9ARM.ch04.html#split_dns_sample">Example split DNS setup</a></span></dt></dl></dd>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#tsig">TSIG</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570560">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570701">Copying the Shared Secret to Both Machines</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570712">Informing the Servers of the Key's Existence</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570748">Instructing the Server to Use the Key</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570806">TSIG Key Based Access Control</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570855">Errors</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.6.5">Generating a Shared Key</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.6.6">Loading A New Key</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.6.7">Instructing the Server to Use a Key</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.6.8">TSIG-Based Access Control</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.6.9">Errors</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570869">TKEY</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570918">SIG(0)</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#DNSSEC">DNSSEC</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#tkey">TKEY</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#sig0">SIG(0)</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#DNSSEC">DNSSEC</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571054">Generating Keys</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571270">Signing the Zone</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571351">Configuring Servers</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#dnssec_keys">Generating Keys</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#dnssec_signing">Signing the Zone</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#dnssec_config">Configuring Servers</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dnssec.dynamic.zones">DNSSEC, Dynamic Zones, and Automatic Signing</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#dnssec.dynamic.zones">DNSSEC, Dynamic Zones, and Automatic Signing</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2610615">Converting from insecure to secure</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2610652">Dynamic DNS update method</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563653">Fully automatic zone signing</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563900">Private-type records</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563938">DNSKEY rollovers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563950">Dynamic DNS update method</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564052">Automatic key rollovers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564078">NSEC3PARAM rollovers via UPDATE</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564088">Converting from NSEC to NSEC3</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2569832">Converting from NSEC3 to NSEC</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2569845">Converting from secure to insecure</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2569882">Periodic re-signing</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2569892">NSEC3 and OPTOUT</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.10.3">Converting from insecure to secure</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.10.8">Dynamic DNS update method</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.10.16">Fully automatic zone signing</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.10.25">Private-type records</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.10.32">DNSKEY rollovers</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.10.34">Dynamic DNS update method</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.10.39">Automatic key rollovers</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.10.41">NSEC3PARAM rollovers via UPDATE</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.10.43">Converting from NSEC to NSEC3</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.10.45">Converting from NSEC3 to NSEC</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.10.47">Converting from secure to insecure</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.10.51">Periodic re-signing</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.10.53">NSEC3 and OPTOUT</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#rfc5011.support">Dynamic Trust Anchor Management</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#rfc5011.support">Dynamic Trust Anchor Management</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2610129">Validating Resolver</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2610151">Authoritative Server</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.11.3">Validating Resolver</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.11.4">Authoritative Server</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#pkcs11">PKCS #11 (Cryptoki) support</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#pkcs11">PKCS #11 (Cryptoki) support</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2613326">Prerequisites</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2611166">Building BIND 9 with PKCS#11</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2613408">PKCS #11 Tools</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2613438">Using the HSM</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2637735">Specifying the engine on the command line</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2637781">Running named with automatic zone re-signing</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.12.4">Prerequisites</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.12.5">Building BIND 9 with PKCS#11</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.12.6">PKCS #11 Tools</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.12.7">Using the HSM</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.12.8">Specifying the engine on the command line</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.12.9">Running named with automatic zone re-signing</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571571">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#ipv6">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571837">Address Lookups Using AAAA Records</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571859">Address to Name Lookups Using Nibble Format</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.13.6">Address Lookups Using AAAA Records</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.13.7">Address to Name Lookups Using Nibble Format</a></span></dt>
</dl></dd>
</dl>
</div>
-<div class="sect1" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="notify"></a>Notify</h2></div></div></div>
<p>
<acronym class="acronym">DNS</acronym> NOTIFY is a mechanism that allows master
servers to notify their slave servers of changes to a zone's data. In
- response to a <span><strong class="command">NOTIFY</strong></span> from a master server, the
+ response to a <span class="command"><strong>NOTIFY</strong></span> from a master server, the
slave will check to see that its version of the zone is the
current version and, if not, initiate a zone transfer.
</p>
<p>
For more information about <acronym class="acronym">DNS</acronym>
- <span><strong class="command">NOTIFY</strong></span>, see the description of the
- <span><strong class="command">notify</strong></span> option in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called &#8220;Boolean Options&#8221;</a> and
- the description of the zone option <span><strong class="command">also-notify</strong></span> in
- <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called &#8220;Zone Transfers&#8221;</a>. The <span><strong class="command">NOTIFY</strong></span>
+ <span class="command"><strong>NOTIFY</strong></span>, see the description of the
+ <span class="command"><strong>notify</strong></span> option in <a class="xref" href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called &#8220;Boolean Options&#8221;</a> and
+ the description of the zone option <span class="command"><strong>also-notify</strong></span> in
+ <a class="xref" href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called &#8220;Zone Transfers&#8221;</a>. The <span class="command"><strong>NOTIFY</strong></span>
protocol is specified in RFC 1996.
</p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
- As a slave zone can also be a master to other slaves, <span><strong class="command">named</strong></span>,
- by default, sends <span><strong class="command">NOTIFY</strong></span> messages for every zone
- it loads. Specifying <span><strong class="command">notify master-only;</strong></span> will
- cause <span><strong class="command">named</strong></span> to only send <span><strong class="command">NOTIFY</strong></span> for master
+<p>
+ As a slave zone can also be a master to other slaves, <span class="command"><strong>named</strong></span>,
+ by default, sends <span class="command"><strong>NOTIFY</strong></span> messages for every zone
+ it loads. Specifying <span class="command"><strong>notify master-only;</strong></span> will
+ cause <span class="command"><strong>named</strong></span> to only send <span class="command"><strong>NOTIFY</strong></span> for master
zones that it loads.
- </div>
+ </p>
+</div>
</div>
-<div class="sect1" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="dynamic_update"></a>Dynamic Update</h2></div></div></div>
<p>
@@ -143,22 +143,22 @@
</p>
<p>
Dynamic update is enabled by including an
- <span><strong class="command">allow-update</strong></span> or an <span><strong class="command">update-policy</strong></span>
- clause in the <span><strong class="command">zone</strong></span> statement.
+ <span class="command"><strong>allow-update</strong></span> or an <span class="command"><strong>update-policy</strong></span>
+ clause in the <span class="command"><strong>zone</strong></span> statement.
</p>
<p>
- If the zone's <span><strong class="command">update-policy</strong></span> is set to
+ If the zone's <span class="command"><strong>update-policy</strong></span> is set to
<strong class="userinput"><code>local</code></strong>, updates to the zone
will be permitted for the key <code class="varname">local-ddns</code>,
- which will be generated by <span><strong class="command">named</strong></span> at startup.
- See <a href="Bv9ARM.ch06.html#dynamic_update_policies" title="Dynamic Update Policies">the section called &#8220;Dynamic Update Policies&#8221;</a> for more details.
+ which will be generated by <span class="command"><strong>named</strong></span> at startup.
+ See <a class="xref" href="Bv9ARM.ch06.html#dynamic_update_policies" title="Dynamic Update Policies">the section called &#8220;Dynamic Update Policies&#8221;</a> for more details.
</p>
<p>
Dynamic updates using Kerberos signed requests can be made
using the TKEY/GSS protocol by setting either the
- <span><strong class="command">tkey-gssapi-keytab</strong></span> option, or alternatively
- by setting both the <span><strong class="command">tkey-gssapi-credential</strong></span>
- and <span><strong class="command">tkey-domain</strong></span> options. Once enabled,
+ <span class="command"><strong>tkey-gssapi-keytab</strong></span> option, or alternatively
+ by setting both the <span class="command"><strong>tkey-gssapi-credential</strong></span>
+ and <span class="command"><strong>tkey-domain</strong></span> options. Once enabled,
Kerberos signed requests will be matched against the update
policies for the zone, using the Kerberos principal as the
signer for the request.
@@ -170,7 +170,7 @@
zone key. Update authorization is based on transaction
signatures and an explicit server policy.
</p>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="journal"></a>The journal file</h3></div></div></div>
<p>
@@ -212,37 +212,37 @@
hand because they are not guaranteed to contain the most recent
dynamic changes &#8212; those are only in the journal file.
The only way to ensure that the zone file of a dynamic zone
- is up to date is to run <span><strong class="command">rndc stop</strong></span>.
+ is up to date is to run <span class="command"><strong>rndc stop</strong></span>.
</p>
<p>
If you have to make changes to a dynamic zone
manually, the following procedure will work:
Disable dynamic updates to the zone using
- <span><strong class="command">rndc freeze <em class="replaceable"><code>zone</code></em></strong></span>.
+ <span class="command"><strong>rndc freeze <em class="replaceable"><code>zone</code></em></strong></span>.
This will update the zone's master file with the changes
stored in its <code class="filename">.jnl</code> file.
Edit the zone file. Run
- <span><strong class="command">rndc thaw <em class="replaceable"><code>zone</code></em></strong></span>
+ <span class="command"><strong>rndc thaw <em class="replaceable"><code>zone</code></em></strong></span>
to reload the changed zone and re-enable dynamic updates.
</p>
<p>
- <span><strong class="command">rndc sync <em class="replaceable"><code>zone</code></em></strong></span>
+ <span class="command"><strong>rndc sync <em class="replaceable"><code>zone</code></em></strong></span>
will update the zone file with changes from the journal file
without stopping dynamic updates; this may be useful for viewing
the current zone state. To remove the <code class="filename">.jnl</code>
file after updating the zone file, use
- <span><strong class="command">rndc sync -clean</strong></span>.
+ <span class="command"><strong>rndc sync -clean</strong></span>.
</p>
</div>
</div>
-<div class="sect1" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="incremental_zone_transfers"></a>Incremental Zone Transfers (IXFR)</h2></div></div></div>
<p>
The incremental zone transfer (IXFR) protocol is a way for
slave servers to transfer only changed data, instead of having to
transfer the entire zone. The IXFR protocol is specified in RFC
- 1995. See <a href="Bv9ARM.ch11.html#proposed_standards">Proposed Standards</a>.
+ 1995. See <a class="xref" href="Bv9ARM.ch11.html#proposed_standards" title="Proposed Standards">Proposed Standards</a>.
</p>
<p>
When acting as a master, <acronym class="acronym">BIND</acronym> 9
@@ -252,20 +252,20 @@
whose data was obtained by IXFR. For manually maintained master
zones, and for slave zones obtained by performing a full zone
transfer (AXFR), IXFR is supported only if the option
- <span><strong class="command">ixfr-from-differences</strong></span> is set
+ <span class="command"><strong>ixfr-from-differences</strong></span> is set
to <strong class="userinput"><code>yes</code></strong>.
</p>
<p>
When acting as a slave, <acronym class="acronym">BIND</acronym> 9 will
attempt to use IXFR unless
it is explicitly disabled. For more information about disabling
- IXFR, see the description of the <span><strong class="command">request-ixfr</strong></span> clause
- of the <span><strong class="command">server</strong></span> statement.
+ IXFR, see the description of the <span class="command"><strong>request-ixfr</strong></span> clause
+ of the <span class="command"><strong>server</strong></span> statement.
</p>
</div>
-<div class="sect1" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2564237"></a>Split DNS</h2></div></div></div>
+<a name="split_dns"></a>Split DNS</h2></div></div></div>
<p>
Setting up different views, or visibility, of the DNS space to
internal and external resolvers is usually referred to as a
@@ -293,126 +293,126 @@
on the Internet. Split DNS can also be used to allow mail from outside
back in to the internal network.
</p>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2564256"></a>Example split DNS setup</h3></div></div></div>
-<p>
- Let's say a company named <span class="emphasis"><em>Example, Inc.</em></span>
- (<code class="literal">example.com</code>)
- has several corporate sites that have an internal network with
- reserved
- Internet Protocol (IP) space and an external demilitarized zone (DMZ),
- or "outside" section of a network, that is available to the public.
- </p>
+<a name="split_dns_sample"></a>Example split DNS setup</h3></div></div></div>
+<p>
+ Let's say a company named <span class="emphasis"><em>Example, Inc.</em></span>
+ (<code class="literal">example.com</code>)
+ has several corporate sites that have an internal network with
+ reserved
+ Internet Protocol (IP) space and an external demilitarized zone (DMZ),
+ or "outside" section of a network, that is available to the public.
+ </p>
<p>
- <span class="emphasis"><em>Example, Inc.</em></span> wants its internal clients
- to be able to resolve external hostnames and to exchange mail with
- people on the outside. The company also wants its internal resolvers
- to have access to certain internal-only zones that are not available
- at all outside of the internal network.
- </p>
+ <span class="emphasis"><em>Example, Inc.</em></span> wants its internal clients
+ to be able to resolve external hostnames and to exchange mail with
+ people on the outside. The company also wants its internal resolvers
+ to have access to certain internal-only zones that are not available
+ at all outside of the internal network.
+ </p>
<p>
- In order to accomplish this, the company will set up two sets
- of name servers. One set will be on the inside network (in the
- reserved
- IP space) and the other set will be on bastion hosts, which are
- "proxy"
- hosts that can talk to both sides of its network, in the DMZ.
- </p>
+ In order to accomplish this, the company will set up two sets
+ of name servers. One set will be on the inside network (in the
+ reserved
+ IP space) and the other set will be on bastion hosts, which are
+ "proxy"
+ hosts that can talk to both sides of its network, in the DMZ.
+ </p>
<p>
- The internal servers will be configured to forward all queries,
- except queries for <code class="filename">site1.internal</code>, <code class="filename">site2.internal</code>, <code class="filename">site1.example.com</code>,
- and <code class="filename">site2.example.com</code>, to the servers
- in the
- DMZ. These internal servers will have complete sets of information
- for <code class="filename">site1.example.com</code>, <code class="filename">site2.example.com</code>, <code class="filename">site1.internal</code>,
- and <code class="filename">site2.internal</code>.
- </p>
+ The internal servers will be configured to forward all queries,
+ except queries for <code class="filename">site1.internal</code>, <code class="filename">site2.internal</code>, <code class="filename">site1.example.com</code>,
+ and <code class="filename">site2.example.com</code>, to the servers
+ in the
+ DMZ. These internal servers will have complete sets of information
+ for <code class="filename">site1.example.com</code>, <code class="filename">site2.example.com</code>, <code class="filename">site1.internal</code>,
+ and <code class="filename">site2.internal</code>.
+ </p>
<p>
- To protect the <code class="filename">site1.internal</code> and <code class="filename">site2.internal</code> domains,
- the internal name servers must be configured to disallow all queries
- to these domains from any external hosts, including the bastion
- hosts.
- </p>
+ To protect the <code class="filename">site1.internal</code> and <code class="filename">site2.internal</code> domains,
+ the internal name servers must be configured to disallow all queries
+ to these domains from any external hosts, including the bastion
+ hosts.
+ </p>
<p>
- The external servers, which are on the bastion hosts, will
- be configured to serve the "public" version of the <code class="filename">site1</code> and <code class="filename">site2.example.com</code> zones.
- This could include things such as the host records for public servers
- (<code class="filename">www.example.com</code> and <code class="filename">ftp.example.com</code>),
- and mail exchange (MX) records (<code class="filename">a.mx.example.com</code> and <code class="filename">b.mx.example.com</code>).
- </p>
+ The external servers, which are on the bastion hosts, will
+ be configured to serve the "public" version of the <code class="filename">site1</code> and <code class="filename">site2.example.com</code> zones.
+ This could include things such as the host records for public servers
+ (<code class="filename">www.example.com</code> and <code class="filename">ftp.example.com</code>),
+ and mail exchange (MX) records (<code class="filename">a.mx.example.com</code> and <code class="filename">b.mx.example.com</code>).
+ </p>
<p>
- In addition, the public <code class="filename">site1</code> and <code class="filename">site2.example.com</code> zones
- should have special MX records that contain wildcard (`*') records
- pointing to the bastion hosts. This is needed because external mail
- servers do not have any other way of looking up how to deliver mail
- to those internal hosts. With the wildcard records, the mail will
- be delivered to the bastion host, which can then forward it on to
- internal hosts.
- </p>
+ In addition, the public <code class="filename">site1</code> and <code class="filename">site2.example.com</code> zones
+ should have special MX records that contain wildcard (`*') records
+ pointing to the bastion hosts. This is needed because external mail
+ servers do not have any other way of looking up how to deliver mail
+ to those internal hosts. With the wildcard records, the mail will
+ be delivered to the bastion host, which can then forward it on to
+ internal hosts.
+ </p>
<p>
- Here's an example of a wildcard MX record:
- </p>
+ Here's an example of a wildcard MX record:
+ </p>
<pre class="programlisting">* IN MX 10 external1.example.com.</pre>
<p>
- Now that they accept mail on behalf of anything in the internal
- network, the bastion hosts will need to know how to deliver mail
- to internal hosts. In order for this to work properly, the resolvers
- on
- the bastion hosts will need to be configured to point to the internal
- name servers for DNS resolution.
- </p>
+ Now that they accept mail on behalf of anything in the internal
+ network, the bastion hosts will need to know how to deliver mail
+ to internal hosts. In order for this to work properly, the resolvers
+ on
+ the bastion hosts will need to be configured to point to the internal
+ name servers for DNS resolution.
+ </p>
<p>
- Queries for internal hostnames will be answered by the internal
- servers, and queries for external hostnames will be forwarded back
- out to the DNS servers on the bastion hosts.
- </p>
+ Queries for internal hostnames will be answered by the internal
+ servers, and queries for external hostnames will be forwarded back
+ out to the DNS servers on the bastion hosts.
+ </p>
<p>
- In order for all this to work properly, internal clients will
- need to be configured to query <span class="emphasis"><em>only</em></span> the internal
- name servers for DNS queries. This could also be enforced via
- selective
- filtering on the network.
- </p>
+ In order for all this to work properly, internal clients will
+ need to be configured to query <span class="emphasis"><em>only</em></span> the internal
+ name servers for DNS queries. This could also be enforced via
+ selective
+ filtering on the network.
+ </p>
<p>
- If everything has been set properly, <span class="emphasis"><em>Example, Inc.</em></span>'s
- internal clients will now be able to:
- </p>
-<div class="itemizedlist"><ul type="disc">
-<li>
- Look up any hostnames in the <code class="literal">site1</code>
- and
- <code class="literal">site2.example.com</code> zones.
- </li>
-<li>
- Look up any hostnames in the <code class="literal">site1.internal</code> and
- <code class="literal">site2.internal</code> domains.
- </li>
-<li>Look up any hostnames on the Internet.</li>
-<li>Exchange mail with both internal and external people.</li>
+ If everything has been set properly, <span class="emphasis"><em>Example, Inc.</em></span>'s
+ internal clients will now be able to:
+ </p>
+<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">
+ Look up any hostnames in the <code class="literal">site1</code>
+ and
+ <code class="literal">site2.example.com</code> zones.
+ </li>
+<li class="listitem">
+ Look up any hostnames in the <code class="literal">site1.internal</code> and
+ <code class="literal">site2.internal</code> domains.
+ </li>
+<li class="listitem">Look up any hostnames on the Internet.</li>
+<li class="listitem">Exchange mail with both internal and external people.</li>
</ul></div>
<p>
- Hosts on the Internet will be able to:
- </p>
-<div class="itemizedlist"><ul type="disc">
-<li>
- Look up any hostnames in the <code class="literal">site1</code>
- and
- <code class="literal">site2.example.com</code> zones.
- </li>
-<li>
- Exchange mail with anyone in the <code class="literal">site1</code> and
- <code class="literal">site2.example.com</code> zones.
- </li>
+ Hosts on the Internet will be able to:
+ </p>
+<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">
+ Look up any hostnames in the <code class="literal">site1</code>
+ and
+ <code class="literal">site2.example.com</code> zones.
+ </li>
+<li class="listitem">
+ Exchange mail with anyone in the <code class="literal">site1</code> and
+ <code class="literal">site2.example.com</code> zones.
+ </li>
</ul></div>
<p>
- Here is an example configuration for the setup we just
- described above. Note that this is only configuration information;
- for information on how to configure your zone files, see <a href="Bv9ARM.ch03.html#sample_configuration" title="Sample Configurations">the section called &#8220;Sample Configurations&#8221;</a>.
- </p>
+ Here is an example configuration for the setup we just
+ described above. Note that this is only configuration information;
+ for information on how to configure your zone files, see <a class="xref" href="Bv9ARM.ch03.html#sample_configuration" title="Sample Configurations">the section called &#8220;Sample Configurations&#8221;</a>.
+ </p>
<p>
- Internal DNS server config:
- </p>
+ Internal DNS server config:
+ </p>
<pre class="programlisting">
acl internals { 172.16.72.0/24; 192.168.1.0/24; };
@@ -475,8 +475,8 @@ zone "site2.internal" {
};
</pre>
<p>
- External (bastion host) DNS server config:
- </p>
+ External (bastion host) DNS server config:
+ </p>
<pre class="programlisting">
acl internals { 172.16.72.0/24; 192.168.1.0/24; };
@@ -512,9 +512,9 @@ zone "site2.example.com" {
};
</pre>
<p>
- In the <code class="filename">resolv.conf</code> (or equivalent) on
- the bastion host(s):
- </p>
+ In the <code class="filename">resolv.conf</code> (or equivalent) on
+ the bastion host(s):
+ </p>
<pre class="programlisting">
search ...
nameserver 172.16.72.2
@@ -523,262 +523,286 @@ nameserver 172.16.72.4
</pre>
</div>
</div>
-<div class="sect1" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="tsig"></a>TSIG</h2></div></div></div>
<p>
- This is a short guide to setting up Transaction SIGnatures
- (TSIG) based transaction security in <acronym class="acronym">BIND</acronym>. It describes changes
- to the configuration file as well as what changes are required for
- different features, including the process of creating transaction
- keys and using transaction signatures with <acronym class="acronym">BIND</acronym>.
+ TSIG (Transaction SIGnatures) is a mechanism for authenticating DNS
+ messages, originally specified in RFC 2845. It allows DNS messages
+ to be cryptographically signed using a shared secret. TSIG can
+ be used in any DNS transaction, as a way to restrict access to
+ certain server functions (e.g., recursive queries) to authorized
+ clients when IP-based access control is insufficient or needs to
+ be overridden, or as a way to ensure message authenticity when it
+ is critical to the integrity of the server, such as with dynamic
+ UPDATE messages or zone transfers from a master to a slave server.
</p>
<p>
- <acronym class="acronym">BIND</acronym> primarily supports TSIG for server
- to server communication.
- This includes zone transfer, notify, and recursive query messages.
- Resolvers based on newer versions of <acronym class="acronym">BIND</acronym> 8 have limited support
- for TSIG.
+ This is a guide to setting up TSIG in <acronym class="acronym">BIND</acronym>.
+ It describes the configuration syntax and the process of creating
+ TSIG keys.
</p>
<p>
- TSIG can also be useful for dynamic update. A primary
- server for a dynamic zone should control access to the dynamic
- update service, but IP-based access control is insufficient.
- The cryptographic access control provided by TSIG
- is far superior. The <span><strong class="command">nsupdate</strong></span>
- program supports TSIG via the <code class="option">-k</code> and
- <code class="option">-y</code> command line options or inline by use
- of the <span><strong class="command">key</strong></span>.
+ <span class="command"><strong>named</strong></span> supports TSIG for server-to-server
+ communication, and some of the tools included with
+ <acronym class="acronym">BIND</acronym> support it for sending messages to
+ <span class="command"><strong>named</strong></span>:
+ </p>
+<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">
+<a class="xref" href="man.nsupdate.html" title="nsupdate"><span class="refentrytitle"><span class="application">nsupdate</span></span>(1)</a> supports TSIG via the
+ <code class="option">-k</code>, <code class="option">-l</code> and
+ <code class="option">-y</code> command line options, or via
+ the <span class="command"><strong>key</strong></span> command when running
+ interactively.
+ </li>
+<li class="listitem">
+<a class="xref" href="man.dig.html" title="dig"><span class="refentrytitle">dig</span>(1)</a> supports TSIG via the
+ <code class="option">-k</code> and <code class="option">-y</code> command
+ line options.
+ </li>
+</ul></div>
+<p>
</p>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2570560"></a>Generate Shared Keys for Each Pair of Hosts</h3></div></div></div>
-<p>
- A shared secret is generated to be shared between <span class="emphasis"><em>host1</em></span> and <span class="emphasis"><em>host2</em></span>.
- An arbitrary key name is chosen: "host1-host2.". The key name must
- be the same on both hosts.
+<a name="id-1.5.6.5"></a>Generating a Shared Key</h3></div></div></div>
+<p>
+ TSIG keys can be generated using the <span class="command"><strong>ddns-confgen</strong></span>
+ command; the output of the command is a <span class="command"><strong>key</strong></span> directive
+ suitable for inclusion in <code class="filename">named.conf</code>. The
+ key name and algorithm can be specified by command line parameters;
+ the defaults are "ddns-key" and HMAC-SHA256, respectively. By
+ default, the output of <span class="command"><strong>ddns-confgen</strong></span> also includes
+ additional configuration text for setting up dynamic DNS in
+ <span class="command"><strong>named</strong></span>; the <code class="option">-q</code> suppresses
+ this. See <a class="xref" href="man.ddns-confgen.html" title="ddns-confgen"><span class="refentrytitle"><span class="application">ddns-confgen</span></span>(8)</a> for further details.
</p>
-<div class="sect3" lang="en">
-<div class="titlepage"><div><div><h4 class="title">
-<a name="id2570577"></a>Automatic Generation</h4></div></div></div>
-<p>
- The following command will generate a 128-bit (16 byte) HMAC-SHA256
- key as described above. Longer keys are better, but shorter keys
- are easier to read. Note that the maximum key length is the digest
- length, here 256 bits.
- </p>
-<p>
- <strong class="userinput"><code>dnssec-keygen -a hmac-sha256 -b 128 -n HOST host1-host2.</code></strong>
- </p>
-<p>
- The key is in the file <code class="filename">Khost1-host2.+163+00000.private</code>.
- Nothing directly uses this file, but the base-64 encoded string
- following "<code class="literal">Key:</code>"
- can be extracted from the file and used as a shared secret:
- </p>
-<pre class="programlisting">Key: La/E5CjG9O+os1jq0a2jdA==</pre>
-<p>
- The string "<code class="literal">La/E5CjG9O+os1jq0a2jdA==</code>" can
- be used as the shared secret.
- </p>
-</div>
-<div class="sect3" lang="en">
-<div class="titlepage"><div><div><h4 class="title">
-<a name="id2570683"></a>Manual Generation</h4></div></div></div>
<p>
- The shared secret is simply a random sequence of bits, encoded
- in base-64. Most ASCII strings are valid base-64 strings (assuming
- the length is a multiple of 4 and only valid characters are used),
- so the shared secret can be manually generated.
- </p>
-<p>
- Also, a known string can be run through <span><strong class="command">mmencode</strong></span> or
- a similar program to generate base-64 encoded data.
- </p>
-</div>
-</div>
-<div class="sect2" lang="en">
-<div class="titlepage"><div><div><h3 class="title">
-<a name="id2570701"></a>Copying the Shared Secret to Both Machines</h3></div></div></div>
+ Any string which is a valid DNS name can be used as a key name.
+ For example, a key to be shared between servers called
+ <span class="emphasis"><em>host1</em></span> and <span class="emphasis"><em>host2</em></span> could
+ be called "host1-host2.", and this key could be generated using:
+ </p>
+<pre class="programlisting">
+ $ ddns-confgen -q -k host1-host2. &gt; host1-host2.key
+</pre>
<p>
- This is beyond the scope of DNS. A secure transport mechanism
- should be used. This could be secure FTP, ssh, telephone, etc.
+ This key may then be copied to both hosts. The key name and secret
+ must be identical on both hosts.
+ (Note: copying a shared secret from one server to another is beyond
+ the scope of the DNS. A secure transport mechanism should be used:
+ secure FTP, SSL, ssh, telephone, encrypted email, etc.)
</p>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2570712"></a>Informing the Servers of the Key's Existence</h3></div></div></div>
+<a name="id-1.5.6.6"></a>Loading A New Key</h3></div></div></div>
<p>
- Imagine <span class="emphasis"><em>host1</em></span> and <span class="emphasis"><em>host 2</em></span>
- are
- both servers. The following is added to each server's <code class="filename">named.conf</code> file:
+ For a key shared between servers called
+ <span class="emphasis"><em>host1</em></span> and <span class="emphasis"><em>host2</em></span>,
+ the following could be added to each server's
+ <code class="filename">named.conf</code> file:
</p>
<pre class="programlisting">
-key host1-host2. {
- algorithm hmac-sha256;
- secret "La/E5CjG9O+os1jq0a2jdA==";
+key "host1-host2." {
+ algorithm hmac-sha256;
+ secret "DAopyf1mhCbFVZw7pgmNPBoLUq8wEUT7UuPoLENP2HY=";
};
</pre>
<p>
- The secret is the one generated above. Since this is a secret, it
- is recommended that either <code class="filename">named.conf</code> be
- non-world readable, or the key directive be added to a non-world
- readable file that is included by <code class="filename">named.conf</code>.
+ (This is the same key generated above using
+ <span class="command"><strong>ddns-confgen</strong></span>.)
+ </p>
+<p>
+ Since this text contains a secret, it
+ is recommended that either <code class="filename">named.conf</code> not be
+ world-readable, or that the <span class="command"><strong>key</strong></span> directive
+ be stored in a file which is not world-readable, and which is
+ included in <code class="filename">named.conf</code> via the
+ <span class="command"><strong>include</strong></span> directive.
</p>
<p>
- At this point, the key is recognized. This means that if the
- server receives a message signed by this key, it can verify the
- signature. If the signature is successfully verified, the
- response is signed by the same key.
+ Once a key has been added to <code class="filename">named.conf</code> and the
+ server has been restarted or reconfigured, the server can recognize
+ the key. If the server receives a message signed by the
+ key, it will be able to verify the signature. If the signature
+ is valid, the response will be signed using the same key.
+ </p>
+<p>
+ TSIG keys that are known to a server can be listed using the
+ command <span class="command"><strong>rndc tsig-list</strong></span>.
</p>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2570748"></a>Instructing the Server to Use the Key</h3></div></div></div>
+<a name="id-1.5.6.7"></a>Instructing the Server to Use a Key</h3></div></div></div>
+<p>
+ A server sending a request to another server must be told whether
+ to use a key, and if so, which key to use.
+ </p>
+<p>
+ For example, a key may be specified for each server in the
+ <span class="command"><strong>masters</strong></span> statement in the definition of a
+ slave zone; in this case, all SOA QUERY messages, NOTIFY
+ messages, and zone transfer requests (AXFR or IXFR) will be
+ signed using the specified key. Keys may also be specified
+ in the <span class="command"><strong>also-notify</strong></span> statement of a master
+ or slave zone, causing NOTIFY messages to be signed using
+ the specified key.
+ </p>
<p>
- Since keys are shared between two hosts only, the server must
- be told when keys are to be used. The following is added to the <code class="filename">named.conf</code> file
- for <span class="emphasis"><em>host1</em></span>, if the IP address of <span class="emphasis"><em>host2</em></span> is
- 10.1.2.3:
+ Keys can also be specified in a <span class="command"><strong>server</strong></span>
+ directive. Adding the following on <span class="emphasis"><em>host1</em></span>,
+ if the IP address of <span class="emphasis"><em>host2</em></span> is 10.1.2.3, would
+ cause <span class="emphasis"><em>all</em></span> requests from <span class="emphasis"><em>host1</em></span>
+ to <span class="emphasis"><em>host2</em></span>, including normal DNS queries, to be
+ signed using the <span class="command"><strong>host1-host2.</strong></span> key:
</p>
<pre class="programlisting">
server 10.1.2.3 {
- keys { host1-host2. ;};
+ keys { host1-host2. ;};
};
</pre>
<p>
- Multiple keys may be present, but only the first is used.
- This directive does not contain any secrets, so it may be in a
- world-readable
- file.
+ Multiple keys may be present in the <span class="command"><strong>keys</strong></span>
+ statement, but only the first one is used. As this directive does
+ not contain secrets, it can be used in a world-readable file.
</p>
<p>
- If <span class="emphasis"><em>host1</em></span> sends a message that is a request
- to that address, the message will be signed with the specified key. <span class="emphasis"><em>host1</em></span> will
- expect any responses to signed messages to be signed with the same
- key.
+ Requests sent by <span class="emphasis"><em>host2</em></span> to <span class="emphasis"><em>host1</em></span>
+ would <span class="emphasis"><em>not</em></span> be signed, unless a similar
+ <span class="command"><strong>server</strong></span> directive were in <span class="emphasis"><em>host2</em></span>'s
+ configuration file.
</p>
<p>
- A similar statement must be present in <span class="emphasis"><em>host2</em></span>'s
- configuration file (with <span class="emphasis"><em>host1</em></span>'s address) for <span class="emphasis"><em>host2</em></span> to
- sign request messages to <span class="emphasis"><em>host1</em></span>.
+ Whenever any server sends a TSIG-signed DNS request, it will expect
+ the response to be signed with the same key. If a response is not
+ signed, or if the signature is not valid, the response will be
+ rejected.
</p>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2570806"></a>TSIG Key Based Access Control</h3></div></div></div>
+<a name="id-1.5.6.8"></a>TSIG-Based Access Control</h3></div></div></div>
<p>
- <acronym class="acronym">BIND</acronym> allows IP addresses and ranges
- to be specified in ACL
- definitions and
- <span><strong class="command">allow-{ query | transfer | update }</strong></span>
- directives.
- This has been extended to allow TSIG keys also. The above key would
- be denoted <span><strong class="command">key host1-host2.</strong></span>
+ TSIG keys may be specified in ACL definitions and ACL directives
+ such as <span class="command"><strong>allow-query</strong></span>, <span class="command"><strong>allow-transfer</strong></span>
+ and <span class="command"><strong>allow-update</strong></span>.
+ The above key would be denoted in an ACL element as
+ <span class="command"><strong>key host1-host2.</strong></span>
</p>
<p>
- An example of an <span><strong class="command">allow-update</strong></span> directive would be:
+ An example of an <span class="command"><strong>allow-update</strong></span> directive using
+ a TSIG key:
</p>
<pre class="programlisting">
-allow-update { key host1-host2. ;};
+allow-update { !{ !localnets; any; }; key host1-host2. ;};
</pre>
<p>
- This allows dynamic updates to succeed only if the request
- was signed by a key named "<span><strong class="command">host1-host2.</strong></span>".
+ This allows dynamic updates to succeed only if the UPDATE
+ request comes from an address in <span class="command"><strong>localnets</strong></span>,
+ <span class="emphasis"><em>and</em></span> if it is signed using the
+ <span class="command"><strong>host1-host2.</strong></span> key.
</p>
<p>
- See <a href="Bv9ARM.ch06.html#dynamic_update_policies" title="Dynamic Update Policies">the section called &#8220;Dynamic Update Policies&#8221;</a> for a discussion of
- the more flexible <span><strong class="command">update-policy</strong></span> statement.
+ See <a class="xref" href="Bv9ARM.ch06.html#dynamic_update_policies" title="Dynamic Update Policies">the section called &#8220;Dynamic Update Policies&#8221;</a> for a discussion of
+ the more flexible <span class="command"><strong>update-policy</strong></span> statement.
</p>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2570855"></a>Errors</h3></div></div></div>
-<p>
- The processing of TSIG signed messages can result in
- several errors. If a signed message is sent to a non-TSIG aware
- server, a FORMERR (format error) will be returned, since the server will not
- understand the record. This is a result of misconfiguration,
- since the server must be explicitly configured to send a TSIG
- signed message to a specific server.
- </p>
-<p>
- If a TSIG aware server receives a message signed by an
- unknown key, the response will be unsigned with the TSIG
- extended error code set to BADKEY. If a TSIG aware server
- receives a message with a signature that does not validate, the
- response will be unsigned with the TSIG extended error code set
- to BADSIG. If a TSIG aware server receives a message with a time
- outside of the allowed range, the response will be signed with
- the TSIG extended error code set to BADTIME, and the time values
- will be adjusted so that the response can be successfully
- verified. In any of these cases, the message's rcode (response code) is set to
- NOTAUTH (not authenticated).
+<a name="id-1.5.6.9"></a>Errors</h3></div></div></div>
+<p>
+ Processing of TSIG-signed messages can result in several errors:
+ </p>
+<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">
+ If a TSIG-aware server receives a message signed by an
+ unknown key, the response will be unsigned, with the TSIG
+ extended error code set to BADKEY.
+ </li>
+<li class="listitem">
+ If a TSIG-aware server receives a message from a known key
+ but with an invalid signature, the response will be unsigned,
+ with the TSIG extended error code set to BADSIG.
+ </li>
+<li class="listitem">
+ If a TSIG-aware server receives a message with a time
+ outside of the allowed range, the response will be signed, with
+ the TSIG extended error code set to BADTIME, and the time values
+ will be adjusted so that the response can be successfully
+ verified.
+ </li>
+</ul></div>
+<p>
+ In all of the above cases, the server will return a response code
+ of NOTAUTH (not authenticated).
</p>
</div>
</div>
-<div class="sect1" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2570869"></a>TKEY</h2></div></div></div>
-<p><span><strong class="command">TKEY</strong></span>
- is a mechanism for automatically generating a shared secret
- between two hosts. There are several "modes" of
- <span><strong class="command">TKEY</strong></span> that specify how the key is generated
- or assigned. <acronym class="acronym">BIND</acronym> 9 implements only one of
- these modes, the Diffie-Hellman key exchange. Both hosts are
- required to have a Diffie-Hellman KEY record (although this
- record is not required to be present in a zone). The
- <span><strong class="command">TKEY</strong></span> process must use signed messages,
- signed either by TSIG or SIG(0). The result of
- <span><strong class="command">TKEY</strong></span> is a shared secret that can be used to
- sign messages with TSIG. <span><strong class="command">TKEY</strong></span> can also be
- used to delete shared secrets that it had previously
- generated.
+<a name="tkey"></a>TKEY</h2></div></div></div>
+<p>
+ TKEY (Transaction KEY) is a mechanism for automatically negotiating
+ a shared secret between two hosts, originally specified in RFC 2930.
+ </p>
+<p>
+ There are several TKEY "modes" that specify how a key is to be
+ generated or assigned. <acronym class="acronym">BIND</acronym> 9 implements only
+ one of these modes: Diffie-Hellman key exchange. Both hosts are
+ required to have a KEY record with algorithm DH (though this
+ record is not required to be present in a zone).
</p>
<p>
- The <span><strong class="command">TKEY</strong></span> process is initiated by a
- client
- or server by sending a signed <span><strong class="command">TKEY</strong></span>
- query
- (including any appropriate KEYs) to a TKEY-aware server. The
- server response, if it indicates success, will contain a
- <span><strong class="command">TKEY</strong></span> record and any appropriate keys.
- After
- this exchange, both participants have enough information to
- determine the shared secret; the exact process depends on the
- <span><strong class="command">TKEY</strong></span> mode. When using the
- Diffie-Hellman
- <span><strong class="command">TKEY</strong></span> mode, Diffie-Hellman keys are
- exchanged,
- and the shared secret is derived by both participants.
+ The TKEY process is initiated by a client or server by sending
+ a query of type TKEY to a TKEY-aware server. The query must include
+ an appropriate KEY record in the additional section, and
+ must be signed using either TSIG or SIG(0) with a previously
+ established key. The server's response, if successful, will
+ contain a TKEY record in its answer section. After this transaction,
+ both participants will have enough information to calculate a
+ shared secret using Diffie-Hellman key exchange. The shared secret
+ can then be used by to sign subsequent transactions between the
+ two servers.
+ </p>
+<p>
+ TSIG keys known by the server, including TKEY-negotiated keys, can
+ be listed using <span class="command"><strong>rndc tsig-list</strong></span>.
+ </p>
+<p>
+ TKEY-negotiated keys can be deleted from a server using
+ <span class="command"><strong>rndc tsig-delete</strong></span>. This can also be done via
+ the TKEY protocol itself, by sending an authenticated TKEY query
+ specifying the "key deletion" mode.
</p>
</div>
-<div class="sect1" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2570918"></a>SIG(0)</h2></div></div></div>
+<a name="sig0"></a>SIG(0)</h2></div></div></div>
<p>
- <acronym class="acronym">BIND</acronym> 9 partially supports DNSSEC SIG(0)
- transaction signatures as specified in RFC 2535 and RFC 2931.
- SIG(0)
- uses public/private keys to authenticate messages. Access control
+ <acronym class="acronym">BIND</acronym> partially supports DNSSEC SIG(0)
+ transaction signatures as specified in RFC 2535 and RFC 2931.
+ SIG(0) uses public/private keys to authenticate messages. Access control
is performed in the same manner as TSIG keys; privileges can be
- granted or denied based on the key name.
+ granted or denied in ACL directives based on the key name.
</p>
<p>
When a SIG(0) signed message is received, it will only be
- verified if the key is known and trusted by the server; the server
- will not attempt to locate and/or validate the key.
+ verified if the key is known and trusted by the server. The
+ server will not attempt to recursively fetch or validate the
+ key.
</p>
<p>
- SIG(0) signing of multiple-message TCP streams is not
- supported.
+ SIG(0) signing of multiple-message TCP streams is not supported.
</p>
<p>
The only tool shipped with <acronym class="acronym">BIND</acronym> 9 that
- generates SIG(0) signed messages is <span><strong class="command">nsupdate</strong></span>.
+ generates SIG(0) signed messages is <span class="command"><strong>nsupdate</strong></span>.
</p>
</div>
-<div class="sect1" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="DNSSEC"></a>DNSSEC</h2></div></div></div>
<p>
@@ -814,11 +838,11 @@ allow-update { key host1-host2. ;};
either be statically configured with this zone's zone key or the
zone key of another zone above this one in the DNS tree.
</p>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571054"></a>Generating Keys</h3></div></div></div>
+<a name="dnssec_keys"></a>Generating Keys</h3></div></div></div>
<p>
- The <span><strong class="command">dnssec-keygen</strong></span> program is used to
+ The <span class="command"><strong>dnssec-keygen</strong></span> program is used to
generate keys.
</p>
<p>
@@ -826,7 +850,7 @@ allow-update { key host1-host2. ;};
zone keys will sign all other records in the zone, as well as
the zone keys of any secure delegated zones. Zone keys must
have the same name as the zone, a name type of
- <span><strong class="command">ZONE</strong></span>, and must be usable for
+ <span class="command"><strong>ZONE</strong></span>, and must be usable for
authentication.
It is recommended that zone keys use a cryptographic algorithm
designated as "mandatory to implement" by the IETF; currently
@@ -860,21 +884,21 @@ allow-update { key host1-host2. ;};
a different key tag), repeat the above command.
</p>
<p>
- The <span><strong class="command">dnssec-keyfromlabel</strong></span> program is used
+ The <span class="command"><strong>dnssec-keyfromlabel</strong></span> program is used
to get a key pair from a crypto hardware and build the key
- files. Its usage is similar to <span><strong class="command">dnssec-keygen</strong></span>.
+ files. Its usage is similar to <span class="command"><strong>dnssec-keygen</strong></span>.
</p>
<p>
The public keys should be inserted into the zone file by
including the <code class="filename">.key</code> files using
- <span><strong class="command">$INCLUDE</strong></span> statements.
+ <span class="command"><strong>$INCLUDE</strong></span> statements.
</p>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571270"></a>Signing the Zone</h3></div></div></div>
+<a name="dnssec_signing"></a>Signing the Zone</h3></div></div></div>
<p>
- The <span><strong class="command">dnssec-signzone</strong></span> program is used
+ The <span class="command"><strong>dnssec-signzone</strong></span> program is used
to sign a zone.
</p>
<p>
@@ -904,7 +928,7 @@ allow-update { key host1-host2. ;};
as the
input file for the zone.
</p>
-<p><span><strong class="command">dnssec-signzone</strong></span>
+<p><span class="command"><strong>dnssec-signzone</strong></span>
will also produce a keyset and dsset files and optionally a
dlvset file. These are used to provide the parent zone
administrators with the <code class="literal">DNSKEYs</code> (or their
@@ -912,50 +936,50 @@ allow-update { key host1-host2. ;};
secure entry point to the zone.
</p>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571351"></a>Configuring Servers</h3></div></div></div>
+<a name="dnssec_config"></a>Configuring Servers</h3></div></div></div>
<p>
- To enable <span><strong class="command">named</strong></span> to respond appropriately
+ To enable <span class="command"><strong>named</strong></span> to respond appropriately
to DNS requests from DNSSEC aware clients,
- <span><strong class="command">dnssec-enable</strong></span> must be set to yes.
+ <span class="command"><strong>dnssec-enable</strong></span> must be set to yes.
(This is the default setting.)
</p>
<p>
- To enable <span><strong class="command">named</strong></span> to validate answers from
- other servers, the <span><strong class="command">dnssec-enable</strong></span> option
+ To enable <span class="command"><strong>named</strong></span> to validate answers from
+ other servers, the <span class="command"><strong>dnssec-enable</strong></span> option
must be set to <strong class="userinput"><code>yes</code></strong>, and the
- <span><strong class="command">dnssec-validation</strong></span> options must be set to
+ <span class="command"><strong>dnssec-validation</strong></span> options must be set to
<strong class="userinput"><code>yes</code></strong> or <strong class="userinput"><code>auto</code></strong>.
</p>
<p>
- If <span><strong class="command">dnssec-validation</strong></span> is set to
+ If <span class="command"><strong>dnssec-validation</strong></span> is set to
<strong class="userinput"><code>auto</code></strong>, then a default
trust anchor for the DNS root zone will be used.
If it is set to <strong class="userinput"><code>yes</code></strong>, however,
then at least one trust anchor must be configured
- with a <span><strong class="command">trusted-keys</strong></span> or
- <span><strong class="command">managed-keys</strong></span> statement in
+ with a <span class="command"><strong>trusted-keys</strong></span> or
+ <span class="command"><strong>managed-keys</strong></span> statement in
<code class="filename">named.conf</code>, or DNSSEC validation
will not occur. The default setting is
<strong class="userinput"><code>yes</code></strong>.
</p>
<p>
- <span><strong class="command">trusted-keys</strong></span> are copies of DNSKEY RRs
+ <span class="command"><strong>trusted-keys</strong></span> are copies of DNSKEY RRs
for zones that are used to form the first link in the
cryptographic chain of trust. All keys listed in
- <span><strong class="command">trusted-keys</strong></span> (and corresponding zones)
+ <span class="command"><strong>trusted-keys</strong></span> (and corresponding zones)
are deemed to exist and only the listed keys will be used
to validated the DNSKEY RRset that they are from.
</p>
<p>
- <span><strong class="command">managed-keys</strong></span> are trusted keys which are
+ <span class="command"><strong>managed-keys</strong></span> are trusted keys which are
automatically kept up to date via RFC 5011 trust anchor
maintenance.
</p>
<p>
- <span><strong class="command">trusted-keys</strong></span> and
- <span><strong class="command">managed-keys</strong></span> are described in more detail
+ <span class="command"><strong>trusted-keys</strong></span> and
+ <span class="command"><strong>managed-keys</strong></span> are described in more detail
later in this document.
</p>
<p>
@@ -970,7 +994,7 @@ allow-update { key host1-host2. ;};
more public keys for the root. This allows answers from
outside the organization to be validated. It will also
have several keys for parts of the namespace the organization
- controls. These are here to ensure that <span><strong class="command">named</strong></span>
+ controls. These are here to ensure that <span class="command"><strong>named</strong></span>
is immune to compromises in the DNSSEC components of the security
of parent zones.
</p>
@@ -1028,9 +1052,11 @@ options {
</pre>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
+<p>
None of the keys listed in this example are valid. In particular,
the root key is not valid.
- </div>
+ </p>
+</div>
<p>
When DNSSEC validation is enabled and properly configured,
the resolver will reject any answers from signed, secure zones
@@ -1067,24 +1093,24 @@ options {
</div>
</div>
</div>
-<div class="sect1" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="dnssec.dynamic.zones"></a>DNSSEC, Dynamic Zones, and Automatic Signing</h2></div></div></div>
<p>As of BIND 9.7.0 it is possible to change a dynamic zone
from insecure to signed and back again. A secure zone can use
either NSEC or NSEC3 chains.</p>
-<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2610615"></a>Converting from insecure to secure</h3></div></div></div></div>
+<div class="section"><div class="titlepage"><div><div><h3 class="title">
+<a name="id-1.5.10.3"></a>Converting from insecure to secure</h3></div></div></div></div>
<p>Changing a zone from insecure to secure can be done in two
- ways: using a dynamic DNS update, or the
- <span><strong class="command">auto-dnssec</strong></span> zone option.</p>
-<p>For either method, you need to configure
- <span><strong class="command">named</strong></span> so that it can see the
+ ways: using a dynamic DNS update, or the
+ <span class="command"><strong>auto-dnssec</strong></span> zone option.</p>
+<p>For either method, you need to configure
+ <span class="command"><strong>named</strong></span> so that it can see the
<code class="filename">K*</code> files which contain the public and private
parts of the keys that will be used to sign the zone. These files
- will have been generated by
- <span><strong class="command">dnssec-keygen</strong></span>. You can do this by placing them
- in the key-directory, as specified in
+ will have been generated by
+ <span class="command"><strong>dnssec-keygen</strong></span>. You can do this by placing them
+ in the key-directory, as specified in
<code class="filename">named.conf</code>:</p>
<pre class="programlisting">
zone example.net {
@@ -1099,8 +1125,8 @@ options {
with the ZSK, and the DNSKEY RRset to be signed with the KSK as
well. An NSEC chain will be generated as part of the initial
signing process.</p>
-<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2610652"></a>Dynamic DNS update method</h3></div></div></div></div>
+<div class="section"><div class="titlepage"><div><div><h3 class="title">
+<a name="id-1.5.10.8"></a>Dynamic DNS update method</h3></div></div></div></div>
<p>To insert the keys via dynamic update:</p>
<pre class="screen">
% nsupdate
@@ -1110,8 +1136,8 @@ options {
&gt; send
</pre>
<p>While the update request will complete almost immediately,
- the zone will not be completely signed until
- <span><strong class="command">named</strong></span> has had time to walk the zone and
+ the zone will not be completely signed until
+ <span class="command"><strong>named</strong></span> has had time to walk the zone and
generate the NSEC and RRSIG records. The NSEC record at the apex
will be added last, to signal that there is a complete NSEC
chain.</p>
@@ -1128,49 +1154,49 @@ options {
&gt; send
</pre>
<p>Again, this update request will complete almost
- immediately; however, the record won't show up until
- <span><strong class="command">named</strong></span> has had a chance to build/remove the
+ immediately; however, the record won't show up until
+ <span class="command"><strong>named</strong></span> has had a chance to build/remove the
relevant chain. A private type record will be created to record
the state of the operation (see below for more details), and will
be removed once the operation completes.</p>
<p>While the initial signing and NSEC/NSEC3 chain generation
is happening, other updates are possible as well.</p>
-<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563653"></a>Fully automatic zone signing</h3></div></div></div></div>
-<p>To enable automatic signing, add the
- <span><strong class="command">auto-dnssec</strong></span> option to the zone statement in
- <code class="filename">named.conf</code>.
- <span><strong class="command">auto-dnssec</strong></span> has two possible arguments:
- <code class="constant">allow</code> or
+<div class="section"><div class="titlepage"><div><div><h3 class="title">
+<a name="id-1.5.10.16"></a>Fully automatic zone signing</h3></div></div></div></div>
+<p>To enable automatic signing, add the
+ <span class="command"><strong>auto-dnssec</strong></span> option to the zone statement in
+ <code class="filename">named.conf</code>.
+ <span class="command"><strong>auto-dnssec</strong></span> has two possible arguments:
+ <code class="constant">allow</code> or
<code class="constant">maintain</code>.</p>
-<p>With
- <span><strong class="command">auto-dnssec allow</strong></span>,
- <span><strong class="command">named</strong></span> can search the key directory for keys
+<p>With
+ <span class="command"><strong>auto-dnssec allow</strong></span>,
+ <span class="command"><strong>named</strong></span> can search the key directory for keys
matching the zone, insert them into the zone, and use them to
- sign the zone. It will do so only when it receives an
- <span><strong class="command">rndc sign &lt;zonename&gt;</strong></span>.</p>
+ sign the zone. It will do so only when it receives an
+ <span class="command"><strong>rndc sign &lt;zonename&gt;</strong></span>.</p>
<p>
- <span><strong class="command">auto-dnssec maintain</strong></span> includes the above
+ <span class="command"><strong>auto-dnssec maintain</strong></span> includes the above
functionality, but will also automatically adjust the zone's
DNSKEY records on schedule according to the keys' timing metadata.
- (See <a href="man.dnssec-keygen.html" title="dnssec-keygen"><span class="refentrytitle"><span class="application">dnssec-keygen</span></span>(8)</a> and
- <a href="man.dnssec-settime.html" title="dnssec-settime"><span class="refentrytitle"><span class="application">dnssec-settime</span></span>(8)</a> for more information.)
+ (See <a class="xref" href="man.dnssec-keygen.html" title="dnssec-keygen"><span class="refentrytitle"><span class="application">dnssec-keygen</span></span>(8)</a> and
+ <a class="xref" href="man.dnssec-settime.html" title="dnssec-settime"><span class="refentrytitle"><span class="application">dnssec-settime</span></span>(8)</a> for more information.)
</p>
<p>
- <span><strong class="command">named</strong></span> will periodically search the key directory
+ <span class="command"><strong>named</strong></span> will periodically search the key directory
for keys matching the zone, and if the keys' metadata indicates
that any change should be made the zone, such as adding, removing,
or revoking a key, then that action will be carried out. By default,
the key directory is checked for changes every 60 minutes; this period
can be adjusted with the <code class="option">dnssec-loadkeys-interval</code>, up
- to a maximum of 24 hours. The <span><strong class="command">rndc loadkeys</strong></span> forces
- <span><strong class="command">named</strong></span> to check for key updates immediately.
+ to a maximum of 24 hours. The <span class="command"><strong>rndc loadkeys</strong></span> forces
+ <span class="command"><strong>named</strong></span> to check for key updates immediately.
</p>
<p>
If keys are present in the key directory the first time the zone
- is loaded, the zone will be signed immediately, without waiting for an
- <span><strong class="command">rndc sign</strong></span> or <span><strong class="command">rndc loadkeys</strong></span>
+ is loaded, the zone will be signed immediately, without waiting for an
+ <span class="command"><strong>rndc sign</strong></span> or <span class="command"><strong>rndc loadkeys</strong></span>
command. (Those commands can still be used when there are unscheduled
key changes, however.)
</p>
@@ -1178,7 +1204,7 @@ options {
When new keys are added to a zone, the TTL is set to match that
of any existing DNSKEY RRset. If there is no existing DNSKEY RRset,
then the TTL will be set to the TTL specified when the key was
- created (using the <span><strong class="command">dnssec-keygen -L</strong></span> option), if
+ created (using the <span class="command"><strong>dnssec-keygen -L</strong></span> option), if
any, or to the SOA TTL.
</p>
<p>
@@ -1191,15 +1217,15 @@ options {
the zone is signed and the NSEC3 chain is completed, the NSEC3PARAM
record will appear in the zone.
</p>
-<p>Using the
- <span><strong class="command">auto-dnssec</strong></span> option requires the zone to be
- configured to allow dynamic updates, by adding an
- <span><strong class="command">allow-update</strong></span> or
- <span><strong class="command">update-policy</strong></span> statement to the zone
+<p>Using the
+ <span class="command"><strong>auto-dnssec</strong></span> option requires the zone to be
+ configured to allow dynamic updates, by adding an
+ <span class="command"><strong>allow-update</strong></span> or
+ <span class="command"><strong>update-policy</strong></span> statement to the zone
configuration. If this has not been done, the configuration will
fail.</p>
-<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563900"></a>Private-type records</h3></div></div></div></div>
+<div class="section"><div class="titlepage"><div><div><h3 class="title">
+<a name="id-1.5.10.25"></a>Private-type records</h3></div></div></div></div>
<p>The state of the signing process is signaled by
private-type records (with a default type value of 65534). When
signing is complete, these records will have a nonzero value for
@@ -1239,18 +1265,18 @@ options {
</p></div>
<p>
</p>
-<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563938"></a>DNSKEY rollovers</h3></div></div></div></div>
+<div class="section"><div class="titlepage"><div><div><h3 class="title">
+<a name="id-1.5.10.32"></a>DNSKEY rollovers</h3></div></div></div></div>
<p>As with insecure-to-secure conversions, rolling DNSSEC
- keys can be done in two ways: using a dynamic DNS update, or the
- <span><strong class="command">auto-dnssec</strong></span> zone option.</p>
-<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563950"></a>Dynamic DNS update method</h3></div></div></div></div>
+ keys can be done in two ways: using a dynamic DNS update, or the
+ <span class="command"><strong>auto-dnssec</strong></span> zone option.</p>
+<div class="section"><div class="titlepage"><div><div><h3 class="title">
+<a name="id-1.5.10.34"></a>Dynamic DNS update method</h3></div></div></div></div>
<p> To perform key rollovers via dynamic update, you need to add
- the <code class="filename">K*</code> files for the new keys so that
- <span><strong class="command">named</strong></span> can find them. You can then add the new
- DNSKEY RRs via dynamic update.
- <span><strong class="command">named</strong></span> will then cause the zone to be signed
+ the <code class="filename">K*</code> files for the new keys so that
+ <span class="command"><strong>named</strong></span> can find them. You can then add the new
+ DNSKEY RRs via dynamic update.
+ <span class="command"><strong>named</strong></span> will then cause the zone to be signed
with the new keys. When the signing is complete the private type
records will be updated so that the last octet is non
zero.</p>
@@ -1263,15 +1289,15 @@ options {
be able to verify at least one signature when you remove the old
DNSKEY.</p>
<p>The old DNSKEY can be removed via UPDATE. Take care to
- specify the correct key.
- <span><strong class="command">named</strong></span> will clean out any signatures generated
+ specify the correct key.
+ <span class="command"><strong>named</strong></span> will clean out any signatures generated
by the old key after the update completes.</p>
-<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2564052"></a>Automatic key rollovers</h3></div></div></div></div>
+<div class="section"><div class="titlepage"><div><div><h3 class="title">
+<a name="id-1.5.10.39"></a>Automatic key rollovers</h3></div></div></div></div>
<p>When a new key reaches its activation date (as set by
- <span><strong class="command">dnssec-keygen</strong></span> or <span><strong class="command">dnssec-settime</strong></span>),
- if the <span><strong class="command">auto-dnssec</strong></span> zone option is set to
- <code class="constant">maintain</code>, <span><strong class="command">named</strong></span> will
+ <span class="command"><strong>dnssec-keygen</strong></span> or <span class="command"><strong>dnssec-settime</strong></span>),
+ if the <span class="command"><strong>auto-dnssec</strong></span> zone option is set to
+ <code class="constant">maintain</code>, <span class="command"><strong>named</strong></span> will
automatically carry out the key rollover. If the key's algorithm
has not previously been used to sign the zone, then the zone will
be fully signed as quickly as possible. However, if the new key
@@ -1281,83 +1307,82 @@ options {
signature validity periods expire. By default, this rollover
completes in 30 days, after which it will be safe to remove the
old key from the DNSKEY RRset.</p>
-<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2564078"></a>NSEC3PARAM rollovers via UPDATE</h3></div></div></div></div>
+<div class="section"><div class="titlepage"><div><div><h3 class="title">
+<a name="id-1.5.10.41"></a>NSEC3PARAM rollovers via UPDATE</h3></div></div></div></div>
<p>Add the new NSEC3PARAM record via dynamic update. When the
new NSEC3 chain has been generated, the NSEC3PARAM flag field
will be zero. At this point you can remove the old NSEC3PARAM
record. The old chain will be removed after the update request
completes.</p>
-<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2564088"></a>Converting from NSEC to NSEC3</h3></div></div></div></div>
+<div class="section"><div class="titlepage"><div><div><h3 class="title">
+<a name="id-1.5.10.43"></a>Converting from NSEC to NSEC3</h3></div></div></div></div>
<p>To do this, you just need to add an NSEC3PARAM record. When
the conversion is complete, the NSEC chain will have been removed
and the NSEC3PARAM record will have a zero flag field. The NSEC3
chain will be generated before the NSEC chain is
destroyed.</p>
-<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2569832"></a>Converting from NSEC3 to NSEC</h3></div></div></div></div>
-<p>To do this, use <span><strong class="command">nsupdate</strong></span> to
+<div class="section"><div class="titlepage"><div><div><h3 class="title">
+<a name="id-1.5.10.45"></a>Converting from NSEC3 to NSEC</h3></div></div></div></div>
+<p>To do this, use <span class="command"><strong>nsupdate</strong></span> to
remove all NSEC3PARAM records with a zero flag
field. The NSEC chain will be generated before the NSEC3 chain is
removed.</p>
-<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2569845"></a>Converting from secure to insecure</h3></div></div></div></div>
+<div class="section"><div class="titlepage"><div><div><h3 class="title">
+<a name="id-1.5.10.47"></a>Converting from secure to insecure</h3></div></div></div></div>
<p>To convert a signed zone to unsigned using dynamic DNS,
delete all the DNSKEY records from the zone apex using
- <span><strong class="command">nsupdate</strong></span>. All signatures, NSEC or NSEC3 chains,
+ <span class="command"><strong>nsupdate</strong></span>. All signatures, NSEC or NSEC3 chains,
and associated NSEC3PARAM records will be removed automatically.
This will take place after the update request completes.</p>
-<p> This requires the
- <span><strong class="command">dnssec-secure-to-insecure</strong></span> option to be set to
- <strong class="userinput"><code>yes</code></strong> in
+<p> This requires the
+ <span class="command"><strong>dnssec-secure-to-insecure</strong></span> option to be set to
+ <strong class="userinput"><code>yes</code></strong> in
<code class="filename">named.conf</code>.</p>
-<p>In addition, if the <span><strong class="command">auto-dnssec maintain</strong></span>
+<p>In addition, if the <span class="command"><strong>auto-dnssec maintain</strong></span>
zone statement is used, it should be removed or changed to
- <span><strong class="command">allow</strong></span> instead (or it will re-sign).
+ <span class="command"><strong>allow</strong></span> instead (or it will re-sign).
</p>
-<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2569882"></a>Periodic re-signing</h3></div></div></div></div>
+<div class="section"><div class="titlepage"><div><div><h3 class="title">
+<a name="id-1.5.10.51"></a>Periodic re-signing</h3></div></div></div></div>
<p>In any secure zone which supports dynamic updates, named
will periodically re-sign RRsets which have not been re-signed as
a result of some update action. The signature lifetimes will be
adjusted so as to spread the re-sign load over time rather than
all at once.</p>
-<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2569892"></a>NSEC3 and OPTOUT</h3></div></div></div></div>
+<div class="section"><div class="titlepage"><div><div><h3 class="title">
+<a name="id-1.5.10.53"></a>NSEC3 and OPTOUT</h3></div></div></div></div>
<p>
- <span><strong class="command">named</strong></span> only supports creating new NSEC3 chains
+ <span class="command"><strong>named</strong></span> only supports creating new NSEC3 chains
where all the NSEC3 records in the zone have the same OPTOUT
- state.
- <span><strong class="command">named</strong></span> supports UPDATES to zones where the NSEC3
- records in the chain have mixed OPTOUT state.
- <span><strong class="command">named</strong></span> does not support changing the OPTOUT
+ state.
+ <span class="command"><strong>named</strong></span> supports UPDATES to zones where the NSEC3
+ records in the chain have mixed OPTOUT state.
+ <span class="command"><strong>named</strong></span> does not support changing the OPTOUT
state of an individual NSEC3 record, the entire chain needs to be
changed if the OPTOUT state of an individual NSEC3 needs to be
changed.</p>
</div>
-<div class="sect1" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="rfc5011.support"></a>Dynamic Trust Anchor Management</h2></div></div></div>
<p>BIND 9.7.0 introduces support for RFC 5011, dynamic trust
- anchor management. Using this feature allows
- <span><strong class="command">named</strong></span> to keep track of changes to critical
+ anchor management. Using this feature allows
+ <span class="command"><strong>named</strong></span> to keep track of changes to critical
DNSSEC keys without any need for the operator to make changes to
configuration files.</p>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2610129"></a>Validating Resolver</h3></div></div></div>
+<a name="id-1.5.11.3"></a>Validating Resolver</h3></div></div></div>
<p>To configure a validating resolver to use RFC 5011 to
- maintain a trust anchor, configure the trust anchor using a
- <span><strong class="command">managed-keys</strong></span> statement. Information about
- this can be found in
- <a href="Bv9ARM.ch06.html#managed-keys" title="managed-keys Statement Definition
- and Usage">the section called &#8220;<span><strong class="command">managed-keys</strong></span> Statement Definition
+ maintain a trust anchor, configure the trust anchor using a
+ <span class="command"><strong>managed-keys</strong></span> statement. Information about
+ this can be found in
+ <a class="xref" href="Bv9ARM.ch06.html#managed-keys" title="managed-keys Statement Definition and Usage">the section called &#8220;<span class="command"><strong>managed-keys</strong></span> Statement Definition
and Usage&#8221;</a>.</p>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2610151"></a>Authoritative Server</h3></div></div></div>
+<a name="id-1.5.11.4"></a>Authoritative Server</h3></div></div></div>
<p>To set up an authoritative zone for RFC 5011 trust anchor
maintenance, generate two (or more) key signing keys (KSKs) for
the zone. Sign the zone with one of them; this is the "active"
@@ -1373,21 +1398,21 @@ options {
timer has completed, the active KSK can be revoked, and the
zone can be "rolled over" to the newly accepted key.</p>
<p>The easiest way to place a stand-by key in a zone is to
- use the "smart signing" features of
- <span><strong class="command">dnssec-keygen</strong></span> and
- <span><strong class="command">dnssec-signzone</strong></span>. If a key with a publication
+ use the "smart signing" features of
+ <span class="command"><strong>dnssec-keygen</strong></span> and
+ <span class="command"><strong>dnssec-signzone</strong></span>. If a key with a publication
date in the past, but an activation date which is unset or in
- the future, "
- <span><strong class="command">dnssec-signzone -S</strong></span>" will include the DNSKEY
+ the future, "
+ <span class="command"><strong>dnssec-signzone -S</strong></span>" will include the DNSKEY
record in the zone, but will not sign with it:</p>
<pre class="screen">
$ <strong class="userinput"><code>dnssec-keygen -K keys -f KSK -P now -A now+2y example.net</code></strong>
$ <strong class="userinput"><code>dnssec-signzone -S -K keys example.net</code></strong>
</pre>
-<p>To revoke a key, the new command
- <span><strong class="command">dnssec-revoke</strong></span> has been added. This adds the
- REVOKED bit to the key flags and re-generates the
- <code class="filename">K*.key</code> and
+<p>To revoke a key, the new command
+ <span class="command"><strong>dnssec-revoke</strong></span> has been added. This adds the
+ REVOKED bit to the key flags and re-generates the
+ <code class="filename">K*.key</code> and
<code class="filename">K*.private</code> files.</p>
<p>After revoking the active key, the zone must be signed
with both the revoked KSK and the new active KSK. (Smart
@@ -1405,8 +1430,8 @@ $ <strong class="userinput"><code>dnssec-signzone -S -K keys example.net</code><
"<code class="filename">Kexample.com.+005+10128</code>".</p>
<p>If two keys have ID's exactly 128 apart, and one is
revoked, then the two key ID's will collide, causing several
- problems. To prevent this,
- <span><strong class="command">dnssec-keygen</strong></span> will not generate a new key if
+ problems. To prevent this,
+ <span class="command"><strong>dnssec-keygen</strong></span> will not generate a new key if
another key is present which may collide. This checking will
only occur if the new keys are written to the same directory
which holds all other keys in use for that zone.</p>
@@ -1419,7 +1444,7 @@ $ <strong class="userinput"><code>dnssec-signzone -S -K keys example.net</code><
keys with their original unrevoked key ID's.</p>
</div>
</div>
-<div class="sect1" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="pkcs11"></a>PKCS #11 (Cryptoki) support</h2></div></div></div>
<p>PKCS #11 (Public Key Cryptography Standard #11) defines a
@@ -1429,9 +1454,9 @@ $ <strong class="userinput"><code>dnssec-signzone -S -K keys example.net</code><
cryptographic acceleration board, tested under Solaris x86, and
the AEP Keyper network-attached key storage device, tested with
Debian Linux, Solaris x86 and Windows Server 2003.</p>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2613326"></a>Prerequisites</h3></div></div></div>
+<a name="id-1.5.12.4"></a>Prerequisites</h3></div></div></div>
<p>See the HSM vendor documentation for information about
installing, initializing, testing and troubleshooting the
HSM.</p>
@@ -1450,12 +1475,12 @@ $ <strong class="userinput"><code>dnssec-signzone -S -K keys example.net</code><
the patched OpenSSL, one of which must be chosen at
configuration time. The correct choice depends on the HSM
hardware:</p>
-<div class="itemizedlist"><ul type="disc">
-<li><p>Use 'crypto-accelerator' with HSMs that have hardware
+<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem"><p>Use 'crypto-accelerator' with HSMs that have hardware
cryptographic acceleration features, such as the SCA 6000
board. This causes OpenSSL to run all supported
cryptographic operations in the HSM.</p></li>
-<li><p>Use 'sign-only' with HSMs that are designed to
+<li class="listitem"><p>Use 'sign-only' with HSMs that are designed to
function primarily as secure key storage devices, but lack
hardware acceleration. These devices are highly secure, but
are not necessarily any faster at cryptography than the
@@ -1469,16 +1494,16 @@ $ <strong class="userinput"><code>dnssec-signzone -S -K keys example.net</code><
<p>
The modified OpenSSL code is included in the BIND 9 release,
in the form of a context diff against the latest versions of
- OpenSSL. OpenSSL 0.9.8, 1.0.0, and 1.0.1 are supported; there are
- separate diffs for each version. In the examples to follow,
- we use OpenSSL 0.9.8, but the same methods work with OpenSSL
- 1.0.0 and 1.0.1.
+ OpenSSL. OpenSSL 0.9.8, 1.0.0, 1.0.1 and 1.0.2 are supported;
+ there are separate diffs for each version. In the examples to
+ follow, we use OpenSSL 0.9.8, but the same methods work with
+ OpenSSL 1.0.0 through 1.0.2.
</p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
- The latest OpenSSL versions at the time of the BIND release
- are 0.9.8y, 1.0.0k and 1.0.1e.
- ISC will provide an updated patch as new versions of OpenSSL
+ The OpenSSL patches as of this writing (January 2016)
+ support versions 0.9.8zh, 1.0.0t, 1.0.1q and 1.0.2f.
+ ISC will provide updated patches as new versions of OpenSSL
are released. The version number in the following examples
is expected to change.</div>
<p>
@@ -1488,7 +1513,7 @@ $ <strong class="userinput"><code>dnssec-signzone -S -K keys example.net</code><
library.</p>
<p>Obtain OpenSSL 0.9.8s:</p>
<pre class="screen">
-$ <strong class="userinput"><code>wget <a href="" target="_top">http://www.openssl.org/source/openssl-0.9.8s.tar.gz</a></code></strong>
+$ <strong class="userinput"><code>wget <a class="link" href="" target="_top">http://www.openssl.org/source/openssl-0.9.8s.tar.gz</a></code></strong>
</pre>
<p>Extract the tarball:</p>
<pre class="screen">
@@ -1508,9 +1533,9 @@ $ <strong class="userinput"><code>patch -p1 -d openssl-0.9.8s \
elsewhere on the system. In the following examples, we choose
to install into "/opt/pkcs11/usr". We will use this location
when we configure BIND 9.</p>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2610828"></a>Building OpenSSL for the AEP Keyper on Linux</h4></div></div></div>
+<a name="id-1.5.12.4.18"></a>Building OpenSSL for the AEP Keyper on Linux</h4></div></div></div>
<p>The AEP Keyper is a highly secure key storage device,
but does not provide hardware cryptographic acceleration. It
can carry out cryptographic operations, but it is probably
@@ -1535,14 +1560,14 @@ $ <strong class="userinput"><code>./Configure linux-generic32 -m32 -pthread \
--pk11-flavor=sign-only \
--prefix=/opt/pkcs11/usr</code></strong>
</pre>
-<p>After configuring, run "<span><strong class="command">make</strong></span>"
- and "<span><strong class="command">make test</strong></span>". If "<span><strong class="command">make
+<p>After configuring, run "<span class="command"><strong>make</strong></span>"
+ and "<span class="command"><strong>make test</strong></span>". If "<span class="command"><strong>make
test</strong></span>" fails with "pthread_atfork() not found", you forgot to
add the -pthread above.</p>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2610898"></a>Building OpenSSL for the SCA 6000 on Solaris</h4></div></div></div>
+<a name="id-1.5.12.4.19"></a>Building OpenSSL for the SCA 6000 on Solaris</h4></div></div></div>
<p>The SCA-6000 PKCS #11 provider is installed as a system
library, libpkcs11. It is a true crypto accelerator, up to 4
times faster than any CPU, so the flavor shall be
@@ -1558,13 +1583,13 @@ $ <strong class="userinput"><code>./Configure solaris64-x86_64-cc \
</pre>
<p>(For a 32-bit build, use "solaris-x86-cc" and
/usr/lib/libpkcs11.so.)</p>
-<p>After configuring, run
- <span><strong class="command">make</strong></span> and
- <span><strong class="command">make test</strong></span>.</p>
+<p>After configuring, run
+ <span class="command"><strong>make</strong></span> and
+ <span class="command"><strong>make test</strong></span>.</p>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2611015"></a>Building OpenSSL for SoftHSM</h4></div></div></div>
+<a name="id-1.5.12.4.20"></a>Building OpenSSL for SoftHSM</h4></div></div></div>
<p>SoftHSM is a software library provided by the OpenDNSSEC
project (http://www.opendnssec.org) which provides a PKCS#11
interface to a virtual HSM, implemented in the form of encrypted
@@ -1597,11 +1622,11 @@ $ <strong class="userinput"><code>./Configure linux-x86_64 -pthread \
--pk11-flavor=sign-only \
--prefix=/opt/pkcs11/usr</code></strong>
</pre>
-<p>After configuring, run "<span><strong class="command">make</strong></span>"
- and "<span><strong class="command">make test</strong></span>".</p>
+<p>After configuring, run "<span class="command"><strong>make</strong></span>"
+ and "<span class="command"><strong>make test</strong></span>".</p>
</div>
<p>Once you have built OpenSSL, run
- "<span><strong class="command">apps/openssl engine pkcs11</strong></span>" to confirm
+ "<span class="command"><strong>apps/openssl engine pkcs11</strong></span>" to confirm
that PKCS #11 support was compiled in correctly. The output
should be one of the following lines, depending on the flavor
selected:</p>
@@ -1613,23 +1638,23 @@ $ <strong class="userinput"><code>./Configure linux-x86_64 -pthread \
(pkcs11) PKCS #11 engine support (crypto accelerator)
</pre>
<p>Next, run
- "<span><strong class="command">apps/openssl engine pkcs11 -t</strong></span>". This will
+ "<span class="command"><strong>apps/openssl engine pkcs11 -t</strong></span>". This will
attempt to initialize the PKCS #11 engine. If it is able to
do so successfully, it will report
- &#8220;<span class="quote"><code class="literal">[ available ]</code></span>&#8221;.</p>
+ <span class="quote">&#8220;<span class="quote"><code class="literal">[ available ]</code></span>&#8221;</span>.</p>
<p>If the output is correct, run
- "<span><strong class="command">make install</strong></span>" which will install the
- modified OpenSSL suite to
+ "<span class="command"><strong>make install</strong></span>" which will install the
+ modified OpenSSL suite to
<code class="filename">/opt/pkcs11/usr</code>.</p>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2611166"></a>Building BIND 9 with PKCS#11</h3></div></div></div>
+<a name="id-1.5.12.5"></a>Building BIND 9 with PKCS#11</h3></div></div></div>
<p>When building BIND 9, the location of the custom-built
OpenSSL library must be specified via configure.</p>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2611175"></a>Configuring BIND 9 for Linux with the AEP Keyper</h4></div></div></div>
+<a name="id-1.5.12.5.3"></a>Configuring BIND 9 for Linux with the AEP Keyper</h4></div></div></div>
<p>To link with the PKCS #11 provider, threads must be
enabled in the BIND 9 build.</p>
<p>The PKCS #11 library for the AEP Keyper is currently
@@ -1643,9 +1668,9 @@ $ <strong class="userinput"><code>./configure CC="gcc -m32" --enable-threads \
--with-pkcs11=/opt/pkcs11/usr/lib/libpkcs11.so</code></strong>
</pre>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2611275"></a>Configuring BIND 9 for Solaris with the SCA 6000</h4></div></div></div>
+<a name="id-1.5.12.5.4"></a>Configuring BIND 9 for Solaris with the SCA 6000</h4></div></div></div>
<p>To link with the PKCS #11 provider, threads must be
enabled in the BIND 9 build.</p>
<pre class="screen">
@@ -1661,9 +1686,9 @@ $ <strong class="userinput"><code>./configure CC="cc -xarch=amd64" --enable-thre
same as the --prefix argument to the OpenSSL
Configure).</p>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2611312"></a>Configuring BIND 9 for SoftHSM</h4></div></div></div>
+<a name="id-1.5.12.5.5"></a>Configuring BIND 9 for SoftHSM</h4></div></div></div>
<pre class="screen">
$ <strong class="userinput"><code>cd ../bind9</code></strong>
$ <strong class="userinput"><code>./configure --enable-threads \
@@ -1672,22 +1697,22 @@ $ <strong class="userinput"><code>./configure --enable-threads \
</pre>
</div>
<p>After configuring, run
- "<span><strong class="command">make</strong></span>",
- "<span><strong class="command">make test</strong></span>" and
- "<span><strong class="command">make install</strong></span>".</p>
+ "<span class="command"><strong>make</strong></span>",
+ "<span class="command"><strong>make test</strong></span>" and
+ "<span class="command"><strong>make install</strong></span>".</p>
<p>(Note: If "make test" fails in the "pkcs11" system test, you may
have forgotten to set the SOFTHSM_CONF environment variable.)</p>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2613408"></a>PKCS #11 Tools</h3></div></div></div>
+<a name="id-1.5.12.6"></a>PKCS #11 Tools</h3></div></div></div>
<p>BIND 9 includes a minimal set of tools to operate the
- HSM, including
- <span><strong class="command">pkcs11-keygen</strong></span> to generate a new key pair
- within the HSM,
- <span><strong class="command">pkcs11-list</strong></span> to list objects currently
- available, and
- <span><strong class="command">pkcs11-destroy</strong></span> to remove objects.</p>
+ HSM, including
+ <span class="command"><strong>pkcs11-keygen</strong></span> to generate a new key pair
+ within the HSM,
+ <span class="command"><strong>pkcs11-list</strong></span> to list objects currently
+ available, and
+ <span class="command"><strong>pkcs11-destroy</strong></span> to remove objects.</p>
<p>In UNIX/Linux builds, these tools are built only if BIND
9 is configured with the --with-pkcs11 option. (NOTE: If
--with-pkcs11 is set to "yes", rather than to the path of the
@@ -1696,9 +1721,9 @@ $ <strong class="userinput"><code>./configure --enable-threads \
PKCS11_PROVIDER environment variable to specify the path to the
provider.)</p>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2613438"></a>Using the HSM</h3></div></div></div>
+<a name="id-1.5.12.7"></a>Using the HSM</h3></div></div></div>
<p>First, we must set up the runtime environment so the
OpenSSL and PKCS #11 libraries can be loaded:</p>
<pre class="screen">
@@ -1707,22 +1732,22 @@ $ <strong class="userinput"><code>export LD_LIBRARY_PATH=/opt/pkcs11/usr/lib:${L
<p>When operating an AEP Keyper, it is also necessary to
specify the location of the "machine" file, which stores
information about the Keyper for use by PKCS #11 provider
- library. If the machine file is in
+ library. If the machine file is in
<code class="filename">/opt/Keyper/PKCS11Provider/machine</code>,
use:</p>
<pre class="screen">
$ <strong class="userinput"><code>export KEYPER_LIBRARY_PATH=/opt/Keyper/PKCS11Provider</code></strong>
</pre>
<p>These environment variables must be set whenever running
- any tool that uses the HSM, including
- <span><strong class="command">pkcs11-keygen</strong></span>,
- <span><strong class="command">pkcs11-list</strong></span>,
- <span><strong class="command">pkcs11-destroy</strong></span>,
- <span><strong class="command">dnssec-keyfromlabel</strong></span>,
- <span><strong class="command">dnssec-signzone</strong></span>,
- <span><strong class="command">dnssec-keygen</strong></span>(which will use the HSM for
- random number generation), and
- <span><strong class="command">named</strong></span>.</p>
+ any tool that uses the HSM, including
+ <span class="command"><strong>pkcs11-keygen</strong></span>,
+ <span class="command"><strong>pkcs11-list</strong></span>,
+ <span class="command"><strong>pkcs11-destroy</strong></span>,
+ <span class="command"><strong>dnssec-keyfromlabel</strong></span>,
+ <span class="command"><strong>dnssec-signzone</strong></span>,
+ <span class="command"><strong>dnssec-keygen</strong></span>(which will use the HSM for
+ random number generation), and
+ <span class="command"><strong>named</strong></span>.</p>
<p>We can now create and use keys in the HSM. In this case,
we will create a 2048 bit key and give it the label
"sample-ksk":</p>
@@ -1769,9 +1794,9 @@ $ <strong class="userinput"><code>dnssec-keygen example.net</code></strong>
rolled more frequently, if you wish, to compensate for a
reduction in key security.</p>
<p>Now you can sign the zone. (Note: If not using the -S
- option to
- <span><strong class="command">dnssec-signzone</strong></span>, it will be necessary to add
- the contents of both
+ option to
+ <span class="command"><strong>dnssec-signzone</strong></span>, it will be necessary to add
+ the contents of both
<code class="filename">K*.key</code> files to the zone master file before
signing it.)</p>
<pre class="screen">
@@ -1784,12 +1809,12 @@ Algorithm: NSEC3RSASHA1: ZSKs: 1, KSKs: 1 active, 0 revoked, 0 stand-by
example.net.signed
</pre>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2637735"></a>Specifying the engine on the command line</h3></div></div></div>
-<p>The OpenSSL engine can be specified in
- <span><strong class="command">named</strong></span> and all of the BIND
- <span><strong class="command">dnssec-*</strong></span> tools by using the "-E
+<a name="id-1.5.12.8"></a>Specifying the engine on the command line</h3></div></div></div>
+<p>The OpenSSL engine can be specified in
+ <span class="command"><strong>named</strong></span> and all of the BIND
+ <span class="command"><strong>dnssec-*</strong></span> tools by using the "-E
&lt;engine&gt;" command line option. If BIND 9 is built with
the --with-pkcs11 option, this option defaults to "pkcs11".
Specifying the engine will generally not be necessary unless
@@ -1801,19 +1826,19 @@ example.net.signed
<pre class="screen">
$ <strong class="userinput"><code>dnssec-signzone -E '' -S example.net</code></strong>
</pre>
-<p>This causes
- <span><strong class="command">dnssec-signzone</strong></span> to run as if it were compiled
+<p>This causes
+ <span class="command"><strong>dnssec-signzone</strong></span> to run as if it were compiled
without the --with-pkcs11 option.</p>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2637781"></a>Running named with automatic zone re-signing</h3></div></div></div>
-<p>If you want
- <span><strong class="command">named</strong></span> to dynamically re-sign zones using HSM
+<a name="id-1.5.12.9"></a>Running named with automatic zone re-signing</h3></div></div></div>
+<p>If you want
+ <span class="command"><strong>named</strong></span> to dynamically re-sign zones using HSM
keys, and/or to to sign new records inserted via nsupdate, then
named must have access to the HSM PIN. This can be accomplished
by placing the PIN into the openssl.cnf file (in the above
- examples,
+ examples,
<code class="filename">/opt/pkcs11/usr/ssl/openssl.cnf</code>).</p>
<p>The location of the openssl.cnf file can be overridden by
setting the OPENSSL_CONF environment variable before running
@@ -1841,9 +1866,9 @@ $ <strong class="userinput"><code>dnssec-signzone -E '' -S example.net</code></s
</div>
</div>
</div>
-<div class="sect1" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2571571"></a>IPv6 Support in <acronym class="acronym">BIND</acronym> 9</h2></div></div></div>
+<a name="ipv6"></a>IPv6 Support in <acronym class="acronym">BIND</acronym> 9</h2></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> 9 fully supports all currently
defined forms of IPv6 name to address and address to name
@@ -1877,11 +1902,11 @@ $ <strong class="userinput"><code>dnssec-signzone -E '' -S example.net</code></s
</p>
<p>
For an overview of the format and structure of IPv6 addresses,
- see <a href="Bv9ARM.ch11.html#ipv6addresses" title="IPv6 addresses (AAAA)">the section called &#8220;IPv6 addresses (AAAA)&#8221;</a>.
+ see <a class="xref" href="Bv9ARM.ch11.html#ipv6addresses" title="IPv6 addresses (AAAA)">the section called &#8220;IPv6 addresses (AAAA)&#8221;</a>.
</p>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571837"></a>Address Lookups Using AAAA Records</h3></div></div></div>
+<a name="id-1.5.13.6"></a>Address Lookups Using AAAA Records</h3></div></div></div>
<p>
The IPv6 AAAA record is a parallel to the IPv4 A record,
and, unlike the deprecated A6 record, specifies the entire
@@ -1898,9 +1923,9 @@ host 3600 IN AAAA 2001:db8::1
the address.
</p>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571859"></a>Address to Name Lookups Using Nibble Format</h3></div></div></div>
+<a name="id-1.5.13.7"></a>Address to Name Lookups Using Nibble Format</h3></div></div></div>
<p>
When looking up an address in nibble format, the address
components are simply reversed, just as in IPv4, and
@@ -1935,6 +1960,6 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.9.8-P4 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/Bv9ARM.ch05.html b/doc/arm/Bv9ARM.ch05.html
index 55d3be0c80bd..17ddab0c8072 100644
--- a/doc/arm/Bv9ARM.ch05.html
+++ b/doc/arm/Bv9ARM.ch05.html
@@ -14,13 +14,12 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Chapter 5. The BIND 9 Lightweight Resolver</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
+<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="prev" href="Bv9ARM.ch04.html" title="Chapter 4. Advanced DNS Features">
<link rel="next" href="Bv9ARM.ch06.html" title="Chapter 6. BIND 9 Configuration Reference">
@@ -39,19 +38,19 @@
</table>
<hr>
</div>
-<div class="chapter" lang="en">
-<div class="titlepage"><div><div><h2 class="title">
-<a name="Bv9ARM.ch05"></a>Chapter 5. The <acronym class="acronym">BIND</acronym> 9 Lightweight Resolver</h2></div></div></div>
+<div class="chapter">
+<div class="titlepage"><div><div><h1 class="title">
+<a name="Bv9ARM.ch05"></a>Chapter 5. The <acronym class="acronym">BIND</acronym> 9 Lightweight Resolver</h1></div></div></div>
<div class="toc">
<p><b>Table of Contents</b></p>
-<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2571892">The Lightweight Resolver Library</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch05.html#lwresd">Running a Resolver Daemon</a></span></dt>
+<dl class="toc">
+<dt><span class="section"><a href="Bv9ARM.ch05.html#lightweight_resolver">The Lightweight Resolver Library</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch05.html#lwresd">Running a Resolver Daemon</a></span></dt>
</dl>
</div>
-<div class="sect1" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2571892"></a>The Lightweight Resolver Library</h2></div></div></div>
+<a name="lightweight_resolver"></a>The Lightweight Resolver Library</h2></div></div></div>
<p>
Traditionally applications have been linked with a stub resolver
library that sends recursive DNS queries to a local caching name
@@ -73,14 +72,14 @@
that is distinct from and simpler than the full DNS protocol.
</p>
</div>
-<div class="sect1" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="lwresd"></a>Running a Resolver Daemon</h2></div></div></div>
<p>
To use the lightweight resolver interface, the system must
- run the resolver daemon <span><strong class="command">lwresd</strong></span> or a
+ run the resolver daemon <span class="command"><strong>lwresd</strong></span> or a
local
- name server configured with a <span><strong class="command">lwres</strong></span>
+ name server configured with a <span class="command"><strong>lwres</strong></span>
statement.
</p>
<p>
@@ -88,7 +87,7 @@
make
UDP requests to the IPv4 loopback address (127.0.0.1) on port 921.
The
- address can be overridden by <span><strong class="command">lwserver</strong></span>
+ address can be overridden by <span class="command"><strong>lwserver</strong></span>
lines in
<code class="filename">/etc/resolv.conf</code>.
</p>
@@ -98,27 +97,27 @@
NIS, etc.
</p>
<p>
- The <span><strong class="command">lwresd</strong></span> daemon is essentially a
+ The <span class="command"><strong>lwresd</strong></span> daemon is essentially a
caching-only name server that responds to requests using the
lightweight
resolver protocol rather than the DNS protocol. Because it needs
to run on each host, it is designed to require no or minimal
configuration.
Unless configured otherwise, it uses the name servers listed on
- <span><strong class="command">nameserver</strong></span> lines in <code class="filename">/etc/resolv.conf</code>
+ <span class="command"><strong>nameserver</strong></span> lines in <code class="filename">/etc/resolv.conf</code>
as forwarders, but is also capable of doing the resolution
autonomously if
none are specified.
</p>
<p>
- The <span><strong class="command">lwresd</strong></span> daemon may also be
+ The <span class="command"><strong>lwresd</strong></span> daemon may also be
configured with a
<code class="filename">named.conf</code> style configuration file,
in
<code class="filename">/etc/lwresd.conf</code> by default. A name
server may also
be configured to act as a lightweight resolver daemon using the
- <span><strong class="command">lwres</strong></span> statement in <code class="filename">named.conf</code>.
+ <span class="command"><strong>lwres</strong></span> statement in <code class="filename">named.conf</code>.
</p>
</div>
</div>
@@ -139,6 +138,6 @@
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.9.8-P4 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html
index 1d353986f4c1..51e7f755eeac 100644
--- a/doc/arm/Bv9ARM.ch06.html
+++ b/doc/arm/Bv9ARM.ch06.html
@@ -14,13 +14,12 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Chapter 6. BIND 9 Configuration Reference</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
+<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="prev" href="Bv9ARM.ch05.html" title="Chapter 5. The BIND 9 Lightweight Resolver">
<link rel="next" href="Bv9ARM.ch07.html" title="Chapter 7. BIND 9 Security Considerations">
@@ -39,71 +38,72 @@
</table>
<hr>
</div>
-<div class="chapter" lang="en">
-<div class="titlepage"><div><div><h2 class="title">
-<a name="Bv9ARM.ch06"></a>Chapter 6. <acronym class="acronym">BIND</acronym> 9 Configuration Reference</h2></div></div></div>
+<div class="chapter">
+<div class="titlepage"><div><div><h1 class="title">
+<a name="Bv9ARM.ch06"></a>Chapter 6. <acronym class="acronym">BIND</acronym> 9 Configuration Reference</h1></div></div></div>
<div class="toc">
<p><b>Table of Contents</b></p>
-<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch06.html#configuration_file_elements">Configuration File Elements</a></span></dt>
+<dl class="toc">
+<dt><span class="section"><a href="Bv9ARM.ch06.html#configuration_file_elements">Configuration File Elements</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#address_match_lists">Address Match Lists</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2573374">Comment Syntax</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#address_match_lists">Address Match Lists</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#comment_syntax">Comment Syntax</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch06.html#Configuration_File_Grammar">Configuration File Grammar</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#Configuration_File_Grammar">Configuration File Grammar</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574035"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#acl"><span><strong class="command">acl</strong></span> Statement Definition and
+<dt><span class="section"><a href="Bv9ARM.ch06.html#acl_grammar"><span class="command"><strong>acl</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#acl"><span class="command"><strong>acl</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574225"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage"><span><strong class="command">controls</strong></span> Statement Definition and
+<dt><span class="section"><a href="Bv9ARM.ch06.html#controls_grammar"><span class="command"><strong>controls</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage"><span class="command"><strong>controls</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574584"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574601"><span><strong class="command">include</strong></span> Statement Definition and
+<dt><span class="section"><a href="Bv9ARM.ch06.html#include_grammar"><span class="command"><strong>include</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#include_statement"><span class="command"><strong>include</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#key_grammar"><span class="command"><strong>key</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#key_statement"><span class="command"><strong>key</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#logging_grammar"><span class="command"><strong>logging</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#logging_statement"><span class="command"><strong>logging</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#lwres_grammar"><span class="command"><strong>lwres</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#lwres_statement"><span class="command"><strong>lwres</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#masters_grammar"><span class="command"><strong>masters</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#masters_statement"><span class="command"><strong>masters</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574761"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574785"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574875"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575001"><span><strong class="command">logging</strong></span> Statement Definition and
+<dt><span class="section"><a href="Bv9ARM.ch06.html#options_grammar"><span class="command"><strong>options</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#options"><span class="command"><strong>options</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577236"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577309"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577373"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577417"><span><strong class="command">masters</strong></span> Statement Definition and
- Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577438"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#options"><span><strong class="command">options</strong></span> Statement Definition and
- Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_grammar"><span><strong class="command">server</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_definition_and_usage"><span><strong class="command">server</strong></span> Statement Definition and
+<dt><span class="section"><a href="Bv9ARM.ch06.html#server_statement_grammar"><span class="command"><strong>server</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#server_statement_definition_and_usage"><span class="command"><strong>server</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#statschannels"><span><strong class="command">statistics-channels</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590832"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
+<dt><span class="section"><a href="Bv9ARM.ch06.html#statschannels"><span class="command"><strong>statistics-channels</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#statistics_channels"><span class="command"><strong>statistics-channels</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#trusted-keys"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591139"><span><strong class="command">trusted-keys</strong></span> Statement Definition
+<dt><span class="section"><a href="Bv9ARM.ch06.html#trusted-keys"><span class="command"><strong>trusted-keys</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#trusted_keys"><span class="command"><strong>trusted-keys</strong></span> Statement Definition
and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591186"><span><strong class="command">managed-keys</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#managed-keys"><span><strong class="command">managed-keys</strong></span> Statement Definition
+<dt><span class="section"><a href="Bv9ARM.ch06.html#managed_keys"><span class="command"><strong>managed-keys</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#managed-keys"><span class="command"><strong>managed-keys</strong></span> Statement Definition
and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#view_statement_grammar"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591553"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span><strong class="command">zone</strong></span>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#view_statement_grammar"><span class="command"><strong>view</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#view_statement"><span class="command"><strong>view</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span class="command"><strong>zone</strong></span>
Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593398"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#zone_statement"><span class="command"><strong>zone</strong></span> Statement Definition and Usage</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2597084">Zone File</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#zone_file">Zone File</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2600002">Discussion of MX Records</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2600549">Inverse Mapping in IPv4</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2600812">Other Zone File Directives</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2601017"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zonefile_format">Additional File Formats</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#mx_records">Discussion of MX Records</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#ipv4_reverse">Inverse Mapping in IPv4</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#zone_directives">Other Zone File Directives</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#generate_directive"><acronym class="acronym">BIND</acronym> Master File Extension: the <span class="command"><strong>$GENERATE</strong></span> Directive</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#zonefile_format">Additional File Formats</a></span></dt>
+</dl></dd>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#statistics">BIND9 Statistics</a></span></dt>
+<dd><dl>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#statsfile">The Statistics File</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#statistics_counters">Statistics Counters</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch06.html#statistics">BIND9 Statistics</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch06.html#statistics_counters">Statistics Counters</a></span></dt></dl></dd>
</dl>
</div>
<p>
@@ -122,7 +122,7 @@
using the shell script
<code class="filename">contrib/named-bootconf/named-bootconf.sh</code>.
</p>
-<div class="sect1" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="configuration_file_elements"></a>Configuration File Elements</h2></div></div></div>
<p>
@@ -131,8 +131,8 @@
</p>
<div class="informaltable"><table border="1">
<colgroup>
-<col>
-<col>
+<col width="1.855in" class="1">
+<col width="3.770in" class="2">
</colgroup>
<tbody>
<tr>
@@ -144,7 +144,7 @@
<td>
<p>
The name of an <code class="varname">address_match_list</code> as
- defined by the <span><strong class="command">acl</strong></span> statement.
+ defined by the <span class="command"><strong>acl</strong></span> statement.
</p>
</td>
</tr>
@@ -160,7 +160,7 @@
<code class="varname">ip_addr</code>,
<code class="varname">ip_prefix</code>, <code class="varname">key_id</code>,
or <code class="varname">acl_name</code> elements, see
- <a href="Bv9ARM.ch06.html#address_match_lists" title="Address Match Lists">the section called &#8220;Address Match Lists&#8221;</a>.
+ <a class="xref" href="Bv9ARM.ch06.html#address_match_lists" title="Address Match Lists">the section called &#8220;Address Match Lists&#8221;</a>.
</p>
</td>
</tr>
@@ -215,8 +215,8 @@
<td>
<p>
One to four integers valued 0 through
- 255 separated by dots (`.'), such as <span><strong class="command">123</strong></span>,
- <span><strong class="command">45.67</strong></span> or <span><strong class="command">89.123.45.67</strong></span>.
+ 255 separated by dots (`.'), such as <span class="command"><strong>123</strong></span>,
+ <span class="command"><strong>45.67</strong></span> or <span class="command"><strong>89.123.45.67</strong></span>.
</p>
</td>
</tr>
@@ -241,7 +241,7 @@
</td>
<td>
<p>
- An IPv6 address, such as <span><strong class="command">2001:db8::1234</strong></span>.
+ An IPv6 address, such as <span class="command"><strong>2001:db8::1234</strong></span>.
IPv6 scoped addresses that have ambiguity on their
scope zones must be disambiguated by an appropriate
zone ID with the percent character (`%') as
@@ -253,9 +253,9 @@
currently only interface names as link identifiers
are supported, assuming one-to-one mapping between
interfaces and links. For example, a link-local
- address <span><strong class="command">fe80::1</strong></span> on the link
- attached to the interface <span><strong class="command">ne0</strong></span>
- can be specified as <span><strong class="command">fe80::1%ne0</strong></span>.
+ address <span class="command"><strong>fe80::1</strong></span> on the link
+ attached to the interface <span class="command"><strong>ne0</strong></span>
+ can be specified as <span class="command"><strong>fe80::1%ne0</strong></span>.
Note that on most systems link-local addresses
always have the ambiguity, and need to be
disambiguated.
@@ -306,10 +306,10 @@
netmask.
Trailing zeros in a <code class="varname">ip_addr</code>
may omitted.
- For example, <span><strong class="command">127/8</strong></span> is the
- network <span><strong class="command">127.0.0.0</strong></span> with
- netmask <span><strong class="command">255.0.0.0</strong></span> and <span><strong class="command">1.2.3.0/28</strong></span> is
- network <span><strong class="command">1.2.3.0</strong></span> with netmask <span><strong class="command">255.255.255.240</strong></span>.
+ For example, <span class="command"><strong>127/8</strong></span> is the
+ network <span class="command"><strong>127.0.0.0</strong></span> with
+ netmask <span class="command"><strong>255.0.0.0</strong></span> and <span class="command"><strong>1.2.3.0/28</strong></span> is
+ network <span class="command"><strong>1.2.3.0</strong></span> with netmask <span class="command"><strong>255.255.255.240</strong></span>.
</p>
<p>
When specifying a prefix involving a IPv6 scoped address
@@ -417,7 +417,7 @@
Integers may take values
0 &lt;= value &lt;= 18446744073709551615, though
certain parameters
- (such as <span><strong class="command">max-journal-size</strong></span>) may
+ (such as <span class="command"><strong>max-journal-size</strong></span>) may
use a more limited range within these extremes.
In most cases, setting a value to 0 does not
literally mean zero; it means "undefined" or
@@ -488,39 +488,39 @@
</tr>
</tbody>
</table></div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="address_match_lists"></a>Address Match Lists</h3></div></div></div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2573073"></a>Syntax</h4></div></div></div>
+<a name="id-1.7.4.4.2"></a>Syntax</h4></div></div></div>
<pre class="programlisting"><code class="varname">address_match_list</code> = address_match_list_element ;
[<span class="optional"> address_match_list_element; ... </span>]
<code class="varname">address_match_list_element</code> = [<span class="optional"> ! </span>] (ip_address [<span class="optional">/length</span>] |
key key_id | acl_name | { address_match_list } )
</pre>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2573100"></a>Definition and Usage</h4></div></div></div>
+<a name="id-1.7.4.4.3"></a>Definition and Usage</h4></div></div></div>
<p>
Address match lists are primarily used to determine access
control for various server operations. They are also used in
- the <span><strong class="command">listen-on</strong></span> and <span><strong class="command">sortlist</strong></span>
+ the <span class="command"><strong>listen-on</strong></span> and <span class="command"><strong>sortlist</strong></span>
statements. The elements which constitute an address match
list can be any of the following:
</p>
-<div class="itemizedlist"><ul type="disc">
-<li>an IP address (IPv4 or IPv6)</li>
-<li>an IP prefix (in `/' notation)</li>
-<li>
- a key ID, as defined by the <span><strong class="command">key</strong></span>
+<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">an IP address (IPv4 or IPv6)</li>
+<li class="listitem">an IP prefix (in `/' notation)</li>
+<li class="listitem">
+ a key ID, as defined by the <span class="command"><strong>key</strong></span>
statement
</li>
-<li>the name of an address match list defined with
- the <span><strong class="command">acl</strong></span> statement
+<li class="listitem">the name of an address match list defined with
+ the <span class="command"><strong>acl</strong></span> statement
</li>
-<li>a nested address match list enclosed in braces</li>
+<li class="listitem">a nested address match list enclosed in braces</li>
</ul></div>
<p>
Elements can be negated with a leading exclamation mark (`!'),
@@ -544,25 +544,25 @@
</p>
<p>
The interpretation of a match depends on whether the list is being
- used for access control, defining <span><strong class="command">listen-on</strong></span> ports, or in a
- <span><strong class="command">sortlist</strong></span>, and whether the element was negated.
+ used for access control, defining <span class="command"><strong>listen-on</strong></span> ports, or in a
+ <span class="command"><strong>sortlist</strong></span>, and whether the element was negated.
</p>
<p>
When used as an access control list, a non-negated match
allows access and a negated match denies access. If
there is no match, access is denied. The clauses
- <span><strong class="command">allow-notify</strong></span>,
- <span><strong class="command">allow-recursion</strong></span>,
- <span><strong class="command">allow-recursion-on</strong></span>,
- <span><strong class="command">allow-query</strong></span>,
- <span><strong class="command">allow-query-on</strong></span>,
- <span><strong class="command">allow-query-cache</strong></span>,
- <span><strong class="command">allow-query-cache-on</strong></span>,
- <span><strong class="command">allow-transfer</strong></span>,
- <span><strong class="command">allow-update</strong></span>,
- <span><strong class="command">allow-update-forwarding</strong></span>, and
- <span><strong class="command">blackhole</strong></span> all use address match
- lists. Similarly, the <span><strong class="command">listen-on</strong></span> option will cause the
+ <span class="command"><strong>allow-notify</strong></span>,
+ <span class="command"><strong>allow-recursion</strong></span>,
+ <span class="command"><strong>allow-recursion-on</strong></span>,
+ <span class="command"><strong>allow-query</strong></span>,
+ <span class="command"><strong>allow-query-on</strong></span>,
+ <span class="command"><strong>allow-query-cache</strong></span>,
+ <span class="command"><strong>allow-query-cache-on</strong></span>,
+ <span class="command"><strong>allow-transfer</strong></span>,
+ <span class="command"><strong>allow-update</strong></span>,
+ <span class="command"><strong>allow-update-forwarding</strong></span>, and
+ <span class="command"><strong>blackhole</strong></span> all use address match
+ lists. Similarly, the <span class="command"><strong>listen-on</strong></span> option will cause the
server to refuse queries on any of the machine's
addresses which do not match the list.
</p>
@@ -575,18 +575,18 @@
defines a subset of another element in the list should
come before the broader element, regardless of whether
either is negated. For example, in
- <span><strong class="command">1.2.3/24; ! 1.2.3.13;</strong></span>
+ <span class="command"><strong>1.2.3/24; ! 1.2.3.13;</strong></span>
the 1.2.3.13 element is completely useless because the
algorithm will match any lookup for 1.2.3.13 to the 1.2.3/24
- element. Using <span><strong class="command">! 1.2.3.13; 1.2.3/24</strong></span> fixes
+ element. Using <span class="command"><strong>! 1.2.3.13; 1.2.3/24</strong></span> fixes
that problem by having 1.2.3.13 blocked by the negation, but
all other 1.2.3.* hosts fall through.
</p>
</div>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2573374"></a>Comment Syntax</h3></div></div></div>
+<a name="comment_syntax"></a>Comment Syntax</h3></div></div></div>
<p>
The <acronym class="acronym">BIND</acronym> 9 comment syntax allows for
comments to appear
@@ -594,9 +594,9 @@
file. To appeal to programmers of all kinds, they can be written
in the C, C++, or shell/perl style.
</p>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2573458"></a>Syntax</h4></div></div></div>
+<a name="id-1.7.4.5.3"></a>Syntax</h4></div></div></div>
<p>
</p>
<pre class="programlisting">/* This is a <acronym class="acronym">BIND</acronym> comment as in C */</pre>
@@ -610,9 +610,9 @@
<p>
</p>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2573488"></a>Definition and Usage</h4></div></div></div>
+<a name="id-1.7.4.5.4"></a>Definition and Usage</h4></div></div></div>
<p>
Comments may appear anywhere that whitespace may appear in
a <acronym class="acronym">BIND</acronym> configuration file.
@@ -684,7 +684,7 @@
</div>
</div>
</div>
-<div class="sect1" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="Configuration_File_Grammar"></a>Configuration File Grammar</h2></div></div></div>
<p>
@@ -700,13 +700,13 @@
</p>
<div class="informaltable"><table border="1">
<colgroup>
-<col>
-<col>
+<col width="1.336in" class="1">
+<col width="3.778in" class="2">
</colgroup>
<tbody>
<tr>
<td>
- <p><span><strong class="command">acl</strong></span></p>
+ <p><span class="command"><strong>acl</strong></span></p>
</td>
<td>
<p>
@@ -717,18 +717,18 @@
</tr>
<tr>
<td>
- <p><span><strong class="command">controls</strong></span></p>
+ <p><span class="command"><strong>controls</strong></span></p>
</td>
<td>
<p>
declares control channels to be used
- by the <span><strong class="command">rndc</strong></span> utility.
+ by the <span class="command"><strong>rndc</strong></span> utility.
</p>
</td>
</tr>
<tr>
<td>
- <p><span><strong class="command">include</strong></span></p>
+ <p><span class="command"><strong>include</strong></span></p>
</td>
<td>
<p>
@@ -738,7 +738,7 @@
</tr>
<tr>
<td>
- <p><span><strong class="command">key</strong></span></p>
+ <p><span class="command"><strong>key</strong></span></p>
</td>
<td>
<p>
@@ -749,7 +749,7 @@
</tr>
<tr>
<td>
- <p><span><strong class="command">logging</strong></span></p>
+ <p><span class="command"><strong>logging</strong></span></p>
</td>
<td>
<p>
@@ -760,31 +760,31 @@
</tr>
<tr>
<td>
- <p><span><strong class="command">lwres</strong></span></p>
+ <p><span class="command"><strong>lwres</strong></span></p>
</td>
<td>
<p>
- configures <span><strong class="command">named</strong></span> to
- also act as a light-weight resolver daemon (<span><strong class="command">lwresd</strong></span>).
+ configures <span class="command"><strong>named</strong></span> to
+ also act as a light-weight resolver daemon (<span class="command"><strong>lwresd</strong></span>).
</p>
</td>
</tr>
<tr>
<td>
- <p><span><strong class="command">masters</strong></span></p>
+ <p><span class="command"><strong>masters</strong></span></p>
</td>
<td>
<p>
defines a named masters list for
inclusion in stub and slave zones'
- <span><strong class="command">masters</strong></span> or
- <span><strong class="command">also-notify</strong></span> lists.
+ <span class="command"><strong>masters</strong></span> or
+ <span class="command"><strong>also-notify</strong></span> lists.
</p>
</td>
</tr>
<tr>
<td>
- <p><span><strong class="command">options</strong></span></p>
+ <p><span class="command"><strong>options</strong></span></p>
</td>
<td>
<p>
@@ -795,7 +795,7 @@
</tr>
<tr>
<td>
- <p><span><strong class="command">server</strong></span></p>
+ <p><span class="command"><strong>server</strong></span></p>
</td>
<td>
<p>
@@ -806,18 +806,18 @@
</tr>
<tr>
<td>
- <p><span><strong class="command">statistics-channels</strong></span></p>
+ <p><span class="command"><strong>statistics-channels</strong></span></p>
</td>
<td>
<p>
declares communication channels to get access to
- <span><strong class="command">named</strong></span> statistics.
+ <span class="command"><strong>named</strong></span> statistics.
</p>
</td>
</tr>
<tr>
<td>
- <p><span><strong class="command">trusted-keys</strong></span></p>
+ <p><span class="command"><strong>trusted-keys</strong></span></p>
</td>
<td>
<p>
@@ -827,7 +827,7 @@
</tr>
<tr>
<td>
- <p><span><strong class="command">managed-keys</strong></span></p>
+ <p><span class="command"><strong>managed-keys</strong></span></p>
</td>
<td>
<p>
@@ -838,7 +838,7 @@
</tr>
<tr>
<td>
- <p><span><strong class="command">view</strong></span></p>
+ <p><span class="command"><strong>view</strong></span></p>
</td>
<td>
<p>
@@ -848,7 +848,7 @@
</tr>
<tr>
<td>
- <p><span><strong class="command">zone</strong></span></p>
+ <p><span class="command"><strong>zone</strong></span></p>
</td>
<td>
<p>
@@ -859,25 +859,25 @@
</tbody>
</table></div>
<p>
- The <span><strong class="command">logging</strong></span> and
- <span><strong class="command">options</strong></span> statements may only occur once
+ The <span class="command"><strong>logging</strong></span> and
+ <span class="command"><strong>options</strong></span> statements may only occur once
per
configuration.
</p>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2574035"></a><span><strong class="command">acl</strong></span> Statement Grammar</h3></div></div></div>
-<pre class="programlisting"><span><strong class="command">acl</strong></span> acl-name {
+<a name="acl_grammar"></a><span class="command"><strong>acl</strong></span> Statement Grammar</h3></div></div></div>
+<pre class="programlisting"><span class="command"><strong>acl</strong></span> acl-name {
address_match_list
};
</pre>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="acl"></a><span><strong class="command">acl</strong></span> Statement Definition and
+<a name="acl"></a><span class="command"><strong>acl</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p>
- The <span><strong class="command">acl</strong></span> statement assigns a symbolic
+ The <span class="command"><strong>acl</strong></span> statement assigns a symbolic
name to an address match list. It gets its name from a primary
use of address match lists: Access Control Lists (ACLs).
</p>
@@ -886,13 +886,13 @@
</p>
<div class="informaltable"><table border="1">
<colgroup>
-<col>
-<col>
+<col width="1.130in" class="1">
+<col width="4.000in" class="2">
</colgroup>
<tbody>
<tr>
<td>
- <p><span><strong class="command">any</strong></span></p>
+ <p><span class="command"><strong>any</strong></span></p>
</td>
<td>
<p>
@@ -902,7 +902,7 @@
</tr>
<tr>
<td>
- <p><span><strong class="command">none</strong></span></p>
+ <p><span class="command"><strong>none</strong></span></p>
</td>
<td>
<p>
@@ -912,44 +912,44 @@
</tr>
<tr>
<td>
- <p><span><strong class="command">localhost</strong></span></p>
+ <p><span class="command"><strong>localhost</strong></span></p>
</td>
<td>
<p>
Matches the IPv4 and IPv6 addresses of all network
interfaces on the system. When addresses are
- added or removed, the <span><strong class="command">localhost</strong></span>
+ added or removed, the <span class="command"><strong>localhost</strong></span>
ACL element is updated to reflect the changes.
</p>
</td>
</tr>
<tr>
<td>
- <p><span><strong class="command">localnets</strong></span></p>
+ <p><span class="command"><strong>localnets</strong></span></p>
</td>
<td>
<p>
Matches any host on an IPv4 or IPv6 network
for which the system has an interface.
When addresses are added or removed,
- the <span><strong class="command">localnets</strong></span>
+ the <span class="command"><strong>localnets</strong></span>
ACL element is updated to reflect the changes.
Some systems do not provide a way to determine the prefix
lengths of
local IPv6 addresses.
- In such a case, <span><strong class="command">localnets</strong></span>
+ In such a case, <span class="command"><strong>localnets</strong></span>
only matches the local
- IPv6 addresses, just like <span><strong class="command">localhost</strong></span>.
+ IPv6 addresses, just like <span class="command"><strong>localhost</strong></span>.
</p>
</td>
</tr>
</tbody>
</table></div>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2574225"></a><span><strong class="command">controls</strong></span> Statement Grammar</h3></div></div></div>
-<pre class="programlisting"><span><strong class="command">controls</strong></span> {
+<a name="controls_grammar"></a><span class="command"><strong>controls</strong></span> Statement Grammar</h3></div></div></div>
+<pre class="programlisting"><span class="command"><strong>controls</strong></span> {
[ inet ( ip_addr | * ) [ port ip_port ]
allow { <em class="replaceable"><code> address_match_list </code></em> }
keys { <em class="replaceable"><code>key_list</code></em> }; ]
@@ -960,70 +960,70 @@
};
</pre>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="controls_statement_definition_and_usage"></a><span><strong class="command">controls</strong></span> Statement Definition and
+<a name="controls_statement_definition_and_usage"></a><span class="command"><strong>controls</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p>
- The <span><strong class="command">controls</strong></span> statement declares control
+ The <span class="command"><strong>controls</strong></span> statement declares control
channels to be used by system administrators to control the
operation of the name server. These control channels are
- used by the <span><strong class="command">rndc</strong></span> utility to send
+ used by the <span class="command"><strong>rndc</strong></span> utility to send
commands to and retrieve non-DNS results from a name server.
</p>
<p>
- An <span><strong class="command">inet</strong></span> control channel is a TCP socket
- listening at the specified <span><strong class="command">ip_port</strong></span> on the
- specified <span><strong class="command">ip_addr</strong></span>, which can be an IPv4 or IPv6
- address. An <span><strong class="command">ip_addr</strong></span> of <code class="literal">*</code> (asterisk) is
+ An <span class="command"><strong>inet</strong></span> control channel is a TCP socket
+ listening at the specified <span class="command"><strong>ip_port</strong></span> on the
+ specified <span class="command"><strong>ip_addr</strong></span>, which can be an IPv4 or IPv6
+ address. An <span class="command"><strong>ip_addr</strong></span> of <code class="literal">*</code> (asterisk) is
interpreted as the IPv4 wildcard address; connections will be
accepted on any of the system's IPv4 addresses.
To listen on the IPv6 wildcard address,
- use an <span><strong class="command">ip_addr</strong></span> of <code class="literal">::</code>.
- If you will only use <span><strong class="command">rndc</strong></span> on the local host,
+ use an <span class="command"><strong>ip_addr</strong></span> of <code class="literal">::</code>.
+ If you will only use <span class="command"><strong>rndc</strong></span> on the local host,
using the loopback address (<code class="literal">127.0.0.1</code>
or <code class="literal">::1</code>) is recommended for maximum security.
</p>
<p>
If no port is specified, port 953 is used. The asterisk
- "<code class="literal">*</code>" cannot be used for <span><strong class="command">ip_port</strong></span>.
+ "<code class="literal">*</code>" cannot be used for <span class="command"><strong>ip_port</strong></span>.
</p>
<p>
The ability to issue commands over the control channel is
- restricted by the <span><strong class="command">allow</strong></span> and
- <span><strong class="command">keys</strong></span> clauses.
+ restricted by the <span class="command"><strong>allow</strong></span> and
+ <span class="command"><strong>keys</strong></span> clauses.
Connections to the control channel are permitted based on the
- <span><strong class="command">address_match_list</strong></span>. This is for simple
- IP address based filtering only; any <span><strong class="command">key_id</strong></span>
- elements of the <span><strong class="command">address_match_list</strong></span>
+ <span class="command"><strong>address_match_list</strong></span>. This is for simple
+ IP address based filtering only; any <span class="command"><strong>key_id</strong></span>
+ elements of the <span class="command"><strong>address_match_list</strong></span>
are ignored.
</p>
<p>
- A <span><strong class="command">unix</strong></span> control channel is a UNIX domain
+ A <span class="command"><strong>unix</strong></span> control channel is a UNIX domain
socket listening at the specified path in the file system.
- Access to the socket is specified by the <span><strong class="command">perm</strong></span>,
- <span><strong class="command">owner</strong></span> and <span><strong class="command">group</strong></span> clauses.
+ Access to the socket is specified by the <span class="command"><strong>perm</strong></span>,
+ <span class="command"><strong>owner</strong></span> and <span class="command"><strong>group</strong></span> clauses.
Note on some platforms (SunOS and Solaris) the permissions
- (<span><strong class="command">perm</strong></span>) are applied to the parent directory
+ (<span class="command"><strong>perm</strong></span>) are applied to the parent directory
as the permissions on the socket itself are ignored.
</p>
<p>
The primary authorization mechanism of the command
- channel is the <span><strong class="command">key_list</strong></span>, which
- contains a list of <span><strong class="command">key_id</strong></span>s.
- Each <span><strong class="command">key_id</strong></span> in the <span><strong class="command">key_list</strong></span>
+ channel is the <span class="command"><strong>key_list</strong></span>, which
+ contains a list of <span class="command"><strong>key_id</strong></span>s.
+ Each <span class="command"><strong>key_id</strong></span> in the <span class="command"><strong>key_list</strong></span>
is authorized to execute commands over the control channel.
- See <a href="Bv9ARM.ch03.html#rndc">Remote Name Daemon Control application</a> in <a href="Bv9ARM.ch03.html#admin_tools" title="Administrative Tools">the section called &#8220;Administrative Tools&#8221;</a>)
- for information about configuring keys in <span><strong class="command">rndc</strong></span>.
+ See <a class="xref" href="Bv9ARM.ch03.html#rndc">Remote Name Daemon Control application</a> in <a class="xref" href="Bv9ARM.ch03.html#admin_tools" title="Administrative Tools">the section called &#8220;Administrative Tools&#8221;</a>)
+ for information about configuring keys in <span class="command"><strong>rndc</strong></span>.
</p>
<p>
- If no <span><strong class="command">controls</strong></span> statement is present,
- <span><strong class="command">named</strong></span> will set up a default
+ If no <span class="command"><strong>controls</strong></span> statement is present,
+ <span class="command"><strong>named</strong></span> will set up a default
control channel listening on the loopback address 127.0.0.1
and its IPv6 counterpart ::1.
- In this case, and also when the <span><strong class="command">controls</strong></span> statement
- is present but does not have a <span><strong class="command">keys</strong></span> clause,
- <span><strong class="command">named</strong></span> will attempt to load the command channel key
+ In this case, and also when the <span class="command"><strong>controls</strong></span> statement
+ is present but does not have a <span class="command"><strong>keys</strong></span> clause,
+ <span class="command"><strong>named</strong></span> will attempt to load the command channel key
from the file <code class="filename">rndc.key</code> in
<code class="filename">/etc</code> (or whatever <code class="varname">sysconfdir</code>
was specified as when <acronym class="acronym">BIND</acronym> was built).
@@ -1034,12 +1034,12 @@
The <code class="filename">rndc.key</code> feature was created to
ease the transition of systems from <acronym class="acronym">BIND</acronym> 8,
which did not have digital signatures on its command channel
- messages and thus did not have a <span><strong class="command">keys</strong></span> clause.
+ messages and thus did not have a <span class="command"><strong>keys</strong></span> clause.
It makes it possible to use an existing <acronym class="acronym">BIND</acronym> 8
configuration file in <acronym class="acronym">BIND</acronym> 9 unchanged,
- and still have <span><strong class="command">rndc</strong></span> work the same way
- <span><strong class="command">ndc</strong></span> worked in BIND 8, simply by executing the
+ and still have <span class="command"><strong>rndc</strong></span> work the same way
+ <span class="command"><strong>ndc</strong></span> worked in BIND 8, simply by executing the
command <strong class="userinput"><code>rndc-confgen -a</code></strong> after BIND 9 is
installed.
</p>
@@ -1055,10 +1055,10 @@
those things. The <code class="filename">rndc.key</code> file
also has its
permissions set such that only the owner of the file (the user that
- <span><strong class="command">named</strong></span> is running as) can access it.
+ <span class="command"><strong>named</strong></span> is running as) can access it.
If you
desire greater flexibility in allowing other users to access
- <span><strong class="command">rndc</strong></span> commands, then you need to create
+ <span class="command"><strong>rndc</strong></span> commands, then you need to create
a
<code class="filename">rndc.conf</code> file and make it group
readable by a group
@@ -1066,23 +1066,22 @@
</p>
<p>
To disable the command channel, use an empty
- <span><strong class="command">controls</strong></span> statement:
- <span><strong class="command">controls { };</strong></span>.
+ <span class="command"><strong>controls</strong></span> statement:
+ <span class="command"><strong>controls { };</strong></span>.
</p>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2574584"></a><span><strong class="command">include</strong></span> Statement Grammar</h3></div></div></div>
-<pre class="programlisting"><span><strong class="command">include</strong></span> <em class="replaceable"><code>filename</code></em>;</pre>
+<a name="include_grammar"></a><span class="command"><strong>include</strong></span> Statement Grammar</h3></div></div></div>
+<pre class="programlisting"><span class="command"><strong>include</strong></span> <em class="replaceable"><code>filename</code></em>;</pre>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2574601"></a><span><strong class="command">include</strong></span> Statement Definition and
- Usage</h3></div></div></div>
+<a name="include_statement"></a><span class="command"><strong>include</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>
- The <span><strong class="command">include</strong></span> statement inserts the
- specified file at the point where the <span><strong class="command">include</strong></span>
- statement is encountered. The <span><strong class="command">include</strong></span>
+ The <span class="command"><strong>include</strong></span> statement inserts the
+ specified file at the point where the <span class="command"><strong>include</strong></span>
+ statement is encountered. The <span class="command"><strong>include</strong></span>
statement facilitates the administration of configuration
files
by permitting the reading or writing of some things but not
@@ -1090,42 +1089,40 @@
that are readable only by the name server.
</p>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2574761"></a><span><strong class="command">key</strong></span> Statement Grammar</h3></div></div></div>
-<pre class="programlisting"><span><strong class="command">key</strong></span> <em class="replaceable"><code>key_id</code></em> {
+<a name="key_grammar"></a><span class="command"><strong>key</strong></span> Statement Grammar</h3></div></div></div>
+<pre class="programlisting"><span class="command"><strong>key</strong></span> <em class="replaceable"><code>key_id</code></em> {
algorithm <em class="replaceable"><code>algorithm_id</code></em>;
secret <em class="replaceable"><code>secret_string</code></em>;
};
</pre>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2574785"></a><span><strong class="command">key</strong></span> Statement Definition and Usage</h3></div></div></div>
+<a name="key_statement"></a><span class="command"><strong>key</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>
- The <span><strong class="command">key</strong></span> statement defines a shared
- secret key for use with TSIG (see <a href="Bv9ARM.ch04.html#tsig" title="TSIG">the section called &#8220;TSIG&#8221;</a>)
+ The <span class="command"><strong>key</strong></span> statement defines a shared
+ secret key for use with TSIG (see <a class="xref" href="Bv9ARM.ch04.html#tsig" title="TSIG">the section called &#8220;TSIG&#8221;</a>)
or the command channel
- (see <a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage" title="controls Statement Definition and
- Usage">the section called &#8220;<span><strong class="command">controls</strong></span> Statement Definition and
+ (see <a class="xref" href="Bv9ARM.ch06.html#controls_statement_definition_and_usage" title="controls Statement Definition and Usage">the section called &#8220;<span class="command"><strong>controls</strong></span> Statement Definition and
Usage&#8221;</a>).
</p>
<p>
- The <span><strong class="command">key</strong></span> statement can occur at the
+ The <span class="command"><strong>key</strong></span> statement can occur at the
top level
- of the configuration file or inside a <span><strong class="command">view</strong></span>
- statement. Keys defined in top-level <span><strong class="command">key</strong></span>
+ of the configuration file or inside a <span class="command"><strong>view</strong></span>
+ statement. Keys defined in top-level <span class="command"><strong>key</strong></span>
statements can be used in all views. Keys intended for use in
- a <span><strong class="command">controls</strong></span> statement
- (see <a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage" title="controls Statement Definition and
- Usage">the section called &#8220;<span><strong class="command">controls</strong></span> Statement Definition and
+ a <span class="command"><strong>controls</strong></span> statement
+ (see <a class="xref" href="Bv9ARM.ch06.html#controls_statement_definition_and_usage" title="controls Statement Definition and Usage">the section called &#8220;<span class="command"><strong>controls</strong></span> Statement Definition and
Usage&#8221;</a>)
must be defined at the top level.
</p>
<p>
The <em class="replaceable"><code>key_id</code></em>, also known as the
key name, is a domain name uniquely identifying the key. It can
- be used in a <span><strong class="command">server</strong></span>
+ be used in a <span class="command"><strong>server</strong></span>
statement to cause requests sent to that
server to be signed with this key, or in address match lists to
verify that incoming requests have been signed with a key
@@ -1146,46 +1143,45 @@
encoded string.
</p>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2574875"></a><span><strong class="command">logging</strong></span> Statement Grammar</h3></div></div></div>
-<pre class="programlisting"><span><strong class="command">logging</strong></span> {
- [ <span><strong class="command">channel</strong></span> <em class="replaceable"><code>channel_name</code></em> {
- ( <span><strong class="command">file</strong></span> <em class="replaceable"><code>path_name</code></em>
- [ <span><strong class="command">versions</strong></span> ( <em class="replaceable"><code>number</code></em> | <span><strong class="command">unlimited</strong></span> ) ]
- [ <span><strong class="command">size</strong></span> <em class="replaceable"><code>size_spec</code></em> ]
- | <span><strong class="command">syslog</strong></span> <em class="replaceable"><code>syslog_facility</code></em>
- | <span><strong class="command">stderr</strong></span>
- | <span><strong class="command">null</strong></span> );
- [ <span><strong class="command">severity</strong></span> (<code class="option">critical</code> | <code class="option">error</code> | <code class="option">warning</code> | <code class="option">notice</code> |
+<a name="logging_grammar"></a><span class="command"><strong>logging</strong></span> Statement Grammar</h3></div></div></div>
+<pre class="programlisting"><span class="command"><strong>logging</strong></span> {
+ [ <span class="command"><strong>channel</strong></span> <em class="replaceable"><code>channel_name</code></em> {
+ ( <span class="command"><strong>file</strong></span> <em class="replaceable"><code>path_name</code></em>
+ [ <span class="command"><strong>versions</strong></span> ( <em class="replaceable"><code>number</code></em> | <span class="command"><strong>unlimited</strong></span> ) ]
+ [ <span class="command"><strong>size</strong></span> <em class="replaceable"><code>size_spec</code></em> ]
+ | <span class="command"><strong>syslog</strong></span> <em class="replaceable"><code>syslog_facility</code></em>
+ | <span class="command"><strong>stderr</strong></span>
+ | <span class="command"><strong>null</strong></span> );
+ [ <span class="command"><strong>severity</strong></span> (<code class="option">critical</code> | <code class="option">error</code> | <code class="option">warning</code> | <code class="option">notice</code> |
<code class="option">info</code> | <code class="option">debug</code> [ <em class="replaceable"><code>level</code></em> ] | <code class="option">dynamic</code> ); ]
- [ <span><strong class="command">print-category</strong></span> <code class="option">yes</code> or <code class="option">no</code>; ]
- [ <span><strong class="command">print-severity</strong></span> <code class="option">yes</code> or <code class="option">no</code>; ]
- [ <span><strong class="command">print-time</strong></span> <code class="option">yes</code> or <code class="option">no</code>; ]
+ [ <span class="command"><strong>print-category</strong></span> <code class="option">yes</code> or <code class="option">no</code>; ]
+ [ <span class="command"><strong>print-severity</strong></span> <code class="option">yes</code> or <code class="option">no</code>; ]
+ [ <span class="command"><strong>print-time</strong></span> <code class="option">yes</code> or <code class="option">no</code>; ]
}; ]
- [ <span><strong class="command">category</strong></span> <em class="replaceable"><code>category_name</code></em> {
+ [ <span class="command"><strong>category</strong></span> <em class="replaceable"><code>category_name</code></em> {
<em class="replaceable"><code>channel_name</code></em> ; [ <em class="replaceable"><code>channel_name</code></em> ; ... ]
}; ]
...
};
</pre>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2575001"></a><span><strong class="command">logging</strong></span> Statement Definition and
- Usage</h3></div></div></div>
+<a name="logging_statement"></a><span class="command"><strong>logging</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>
- The <span><strong class="command">logging</strong></span> statement configures a
+ The <span class="command"><strong>logging</strong></span> statement configures a
wide
- variety of logging options for the name server. Its <span><strong class="command">channel</strong></span> phrase
+ variety of logging options for the name server. Its <span class="command"><strong>channel</strong></span> phrase
associates output methods, format options and severity levels with
- a name that can then be used with the <span><strong class="command">category</strong></span> phrase
+ a name that can then be used with the <span class="command"><strong>category</strong></span> phrase
to select how various classes of messages are logged.
</p>
<p>
- Only one <span><strong class="command">logging</strong></span> statement is used to
+ Only one <span class="command"><strong>logging</strong></span> statement is used to
define
- as many channels and categories as are wanted. If there is no <span><strong class="command">logging</strong></span> statement,
+ as many channels and categories as are wanted. If there is no <span class="command"><strong>logging</strong></span> statement,
the logging configuration will be:
</p>
<pre class="programlisting">logging {
@@ -1197,16 +1193,16 @@
In <acronym class="acronym">BIND</acronym> 9, the logging configuration
is only established when
the entire configuration file has been parsed. In <acronym class="acronym">BIND</acronym> 8, it was
- established as soon as the <span><strong class="command">logging</strong></span>
+ established as soon as the <span class="command"><strong>logging</strong></span>
statement
was parsed. When the server is starting up, all logging messages
regarding syntax errors in the configuration file go to the default
channels, or to standard error if the "<code class="option">-g</code>" option
was specified.
</p>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2575053"></a>The <span><strong class="command">channel</strong></span> Phrase</h4></div></div></div>
+<a name="channel"></a>The <span class="command"><strong>channel</strong></span> Phrase</h4></div></div></div>
<p>
All log output goes to one or more <span class="emphasis"><em>channels</em></span>;
you can make as many of them as you want.
@@ -1217,18 +1213,18 @@
particular syslog facility, to the standard error stream, or are
discarded. It can optionally also limit the message severity level
that will be accepted by the channel (the default is
- <span><strong class="command">info</strong></span>), and whether to include a
- <span><strong class="command">named</strong></span>-generated time stamp, the
+ <span class="command"><strong>info</strong></span>), and whether to include a
+ <span class="command"><strong>named</strong></span>-generated time stamp, the
category name
and/or severity level (the default is not to include any).
</p>
<p>
- The <span><strong class="command">null</strong></span> destination clause
+ The <span class="command"><strong>null</strong></span> destination clause
causes all messages sent to the channel to be discarded;
in that case, other options for the channel are meaningless.
</p>
<p>
- The <span><strong class="command">file</strong></span> destination clause directs
+ The <span class="command"><strong>file</strong></span> destination clause directs
the channel
to a disk file. It can include limitations
both on how large the file is allowed to become, and how many
@@ -1236,9 +1232,9 @@
of the file will be saved each time the file is opened.
</p>
<p>
- If you use the <span><strong class="command">versions</strong></span> log file
+ If you use the <span class="command"><strong>versions</strong></span> log file
option, then
- <span><strong class="command">named</strong></span> will retain that many backup
+ <span class="command"><strong>named</strong></span> will retain that many backup
versions of the file by
renaming them when opening. For example, if you choose to keep
three old versions
@@ -1248,10 +1244,10 @@
<code class="filename">lamers.log.2</code>, <code class="filename">lamers.log.0</code> is renamed
to <code class="filename">lamers.log.1</code>, and <code class="filename">lamers.log</code> is
renamed to <code class="filename">lamers.log.0</code>.
- You can say <span><strong class="command">versions unlimited</strong></span> to
+ You can say <span class="command"><strong>versions unlimited</strong></span> to
not limit
the number of versions.
- If a <span><strong class="command">size</strong></span> option is associated with
+ If a <span class="command"><strong>size</strong></span> option is associated with
the log file,
then renaming is only done when the file being opened exceeds the
indicated size. No backup versions are kept by default; any
@@ -1259,14 +1255,14 @@
log file is simply appended.
</p>
<p>
- The <span><strong class="command">size</strong></span> option for files is used
+ The <span class="command"><strong>size</strong></span> option for files is used
to limit log
- growth. If the file ever exceeds the size, then <span><strong class="command">named</strong></span> will
- stop writing to the file unless it has a <span><strong class="command">versions</strong></span> option
+ growth. If the file ever exceeds the size, then <span class="command"><strong>named</strong></span> will
+ stop writing to the file unless it has a <span class="command"><strong>versions</strong></span> option
associated with it. If backup versions are kept, the files are
rolled as
described above and a new one begun. If there is no
- <span><strong class="command">versions</strong></span> option, no more data will
+ <span class="command"><strong>versions</strong></span> option, no more data will
be written to the log
until some out-of-band mechanism removes or truncates the log to
less than the
@@ -1275,8 +1271,8 @@
file.
</p>
<p>
- Example usage of the <span><strong class="command">size</strong></span> and
- <span><strong class="command">versions</strong></span> options:
+ Example usage of the <span class="command"><strong>size</strong></span> and
+ <span class="command"><strong>versions</strong></span> options:
</p>
<pre class="programlisting">channel an_example_channel {
file "example.log" versions 3 size 20m;
@@ -1285,53 +1281,53 @@
};
</pre>
<p>
- The <span><strong class="command">syslog</strong></span> destination clause
+ The <span class="command"><strong>syslog</strong></span> destination clause
directs the
channel to the system log. Its argument is a
- syslog facility as described in the <span><strong class="command">syslog</strong></span> man
- page. Known facilities are <span><strong class="command">kern</strong></span>, <span><strong class="command">user</strong></span>,
- <span><strong class="command">mail</strong></span>, <span><strong class="command">daemon</strong></span>, <span><strong class="command">auth</strong></span>,
- <span><strong class="command">syslog</strong></span>, <span><strong class="command">lpr</strong></span>, <span><strong class="command">news</strong></span>,
- <span><strong class="command">uucp</strong></span>, <span><strong class="command">cron</strong></span>, <span><strong class="command">authpriv</strong></span>,
- <span><strong class="command">ftp</strong></span>, <span><strong class="command">local0</strong></span>, <span><strong class="command">local1</strong></span>,
- <span><strong class="command">local2</strong></span>, <span><strong class="command">local3</strong></span>, <span><strong class="command">local4</strong></span>,
- <span><strong class="command">local5</strong></span>, <span><strong class="command">local6</strong></span> and
- <span><strong class="command">local7</strong></span>, however not all facilities
+ syslog facility as described in the <span class="command"><strong>syslog</strong></span> man
+ page. Known facilities are <span class="command"><strong>kern</strong></span>, <span class="command"><strong>user</strong></span>,
+ <span class="command"><strong>mail</strong></span>, <span class="command"><strong>daemon</strong></span>, <span class="command"><strong>auth</strong></span>,
+ <span class="command"><strong>syslog</strong></span>, <span class="command"><strong>lpr</strong></span>, <span class="command"><strong>news</strong></span>,
+ <span class="command"><strong>uucp</strong></span>, <span class="command"><strong>cron</strong></span>, <span class="command"><strong>authpriv</strong></span>,
+ <span class="command"><strong>ftp</strong></span>, <span class="command"><strong>local0</strong></span>, <span class="command"><strong>local1</strong></span>,
+ <span class="command"><strong>local2</strong></span>, <span class="command"><strong>local3</strong></span>, <span class="command"><strong>local4</strong></span>,
+ <span class="command"><strong>local5</strong></span>, <span class="command"><strong>local6</strong></span> and
+ <span class="command"><strong>local7</strong></span>, however not all facilities
are supported on
all operating systems.
- How <span><strong class="command">syslog</strong></span> will handle messages
+ How <span class="command"><strong>syslog</strong></span> will handle messages
sent to
- this facility is described in the <span><strong class="command">syslog.conf</strong></span> man
- page. If you have a system which uses a very old version of <span><strong class="command">syslog</strong></span> that
- only uses two arguments to the <span><strong class="command">openlog()</strong></span> function,
+ this facility is described in the <span class="command"><strong>syslog.conf</strong></span> man
+ page. If you have a system which uses a very old version of <span class="command"><strong>syslog</strong></span> that
+ only uses two arguments to the <span class="command"><strong>openlog()</strong></span> function,
then this clause is silently ignored.
</p>
<p>
On Windows machines syslog messages are directed to the EventViewer.
</p>
<p>
- The <span><strong class="command">severity</strong></span> clause works like <span><strong class="command">syslog</strong></span>'s
+ The <span class="command"><strong>severity</strong></span> clause works like <span class="command"><strong>syslog</strong></span>'s
"priorities", except that they can also be used if you are writing
- straight to a file rather than using <span><strong class="command">syslog</strong></span>.
+ straight to a file rather than using <span class="command"><strong>syslog</strong></span>.
Messages which are not at least of the severity level given will
not be selected for the channel; messages of higher severity
levels
will be accepted.
</p>
<p>
- If you are using <span><strong class="command">syslog</strong></span>, then the <span><strong class="command">syslog.conf</strong></span> priorities
+ If you are using <span class="command"><strong>syslog</strong></span>, then the <span class="command"><strong>syslog.conf</strong></span> priorities
will also determine what eventually passes through. For example,
- defining a channel facility and severity as <span><strong class="command">daemon</strong></span> and <span><strong class="command">debug</strong></span> but
- only logging <span><strong class="command">daemon.warning</strong></span> via <span><strong class="command">syslog.conf</strong></span> will
- cause messages of severity <span><strong class="command">info</strong></span> and
- <span><strong class="command">notice</strong></span> to
- be dropped. If the situation were reversed, with <span><strong class="command">named</strong></span> writing
- messages of only <span><strong class="command">warning</strong></span> or higher,
- then <span><strong class="command">syslogd</strong></span> would
+ defining a channel facility and severity as <span class="command"><strong>daemon</strong></span> and <span class="command"><strong>debug</strong></span> but
+ only logging <span class="command"><strong>daemon.warning</strong></span> via <span class="command"><strong>syslog.conf</strong></span> will
+ cause messages of severity <span class="command"><strong>info</strong></span> and
+ <span class="command"><strong>notice</strong></span> to
+ be dropped. If the situation were reversed, with <span class="command"><strong>named</strong></span> writing
+ messages of only <span class="command"><strong>warning</strong></span> or higher,
+ then <span class="command"><strong>syslogd</strong></span> would
print all messages it received from the channel.
</p>
<p>
- The <span><strong class="command">stderr</strong></span> destination clause
+ The <span class="command"><strong>stderr</strong></span> destination clause
directs the
channel to the server's standard error stream. This is intended
for
@@ -1344,11 +1340,11 @@
it is in debugging mode. If the server's global debug level is
greater
than zero, then debugging mode will be active. The global debug
- level is set either by starting the <span><strong class="command">named</strong></span> server
+ level is set either by starting the <span class="command"><strong>named</strong></span> server
with the <code class="option">-d</code> flag followed by a positive integer,
- or by running <span><strong class="command">rndc trace</strong></span>.
+ or by running <span class="command"><strong>rndc trace</strong></span>.
The global debug level
- can be set to zero, and debugging mode turned off, by running <span><strong class="command">rndc
+ can be set to zero, and debugging mode turned off, by running <span class="command"><strong>rndc
notrace</strong></span>. All debugging messages in the server have a debug
level, and higher debug levels give more detailed output. Channels
that specify a specific debug severity, for example:
@@ -1361,26 +1357,26 @@ notrace</strong></span>. All debugging messages in the server have a debug
<p>
will get debugging output of level 3 or less any time the
server is in debugging mode, regardless of the global debugging
- level. Channels with <span><strong class="command">dynamic</strong></span>
+ level. Channels with <span class="command"><strong>dynamic</strong></span>
severity use the
server's global debug level to determine what messages to print.
</p>
<p>
- If <span><strong class="command">print-time</strong></span> has been turned on,
+ If <span class="command"><strong>print-time</strong></span> has been turned on,
then
- the date and time will be logged. <span><strong class="command">print-time</strong></span> may
- be specified for a <span><strong class="command">syslog</strong></span> channel,
+ the date and time will be logged. <span class="command"><strong>print-time</strong></span> may
+ be specified for a <span class="command"><strong>syslog</strong></span> channel,
but is usually
- pointless since <span><strong class="command">syslog</strong></span> also logs
+ pointless since <span class="command"><strong>syslog</strong></span> also logs
the date and
- time. If <span><strong class="command">print-category</strong></span> is
+ time. If <span class="command"><strong>print-category</strong></span> is
requested, then the
- category of the message will be logged as well. Finally, if <span><strong class="command">print-severity</strong></span> is
- on, then the severity level of the message will be logged. The <span><strong class="command">print-</strong></span> options may
+ category of the message will be logged as well. Finally, if <span class="command"><strong>print-severity</strong></span> is
+ on, then the severity level of the message will be logged. The <span class="command"><strong>print-</strong></span> options may
be used in any combination, and will always be printed in the
following
order: time, category, severity. Here is an example where all
- three <span><strong class="command">print-</strong></span> options
+ three <span class="command"><strong>print-</strong></span> options
are on:
</p>
<p>
@@ -1388,9 +1384,9 @@ notrace</strong></span>. All debugging messages in the server have a debug
</p>
<p>
There are four predefined channels that are used for
- <span><strong class="command">named</strong></span>'s default logging as follows.
+ <span class="command"><strong>named</strong></span>'s default logging as follows.
How they are
- used is described in <a href="Bv9ARM.ch06.html#the_category_phrase" title="The category Phrase">the section called &#8220;The <span><strong class="command">category</strong></span> Phrase&#8221;</a>.
+ used is described in <a class="xref" href="Bv9ARM.ch06.html#the_category_phrase" title="The category Phrase">the section called &#8220;The <span class="command"><strong>category</strong></span> Phrase&#8221;</a>.
</p>
<pre class="programlisting">channel default_syslog {
// send to syslog's daemon facility
@@ -1420,7 +1416,7 @@ channel null {
};
</pre>
<p>
- The <span><strong class="command">default_debug</strong></span> channel has the
+ The <span class="command"><strong>default_debug</strong></span> channel has the
special
property that it only produces output when the server's debug
level is
@@ -1430,9 +1426,9 @@ channel null {
<p>
For security reasons, when the "<code class="option">-u</code>"
command line option is used, the <code class="filename">named.run</code> file
- is created only after <span><strong class="command">named</strong></span> has
+ is created only after <span class="command"><strong>named</strong></span> has
changed to the
- new UID, and any debug output generated while <span><strong class="command">named</strong></span> is
+ new UID, and any debug output generated while <span class="command"><strong>named</strong></span> is
starting up and still running as root is discarded. If you need
to capture this output, you must run the server with the "<code class="option">-g</code>"
option and redirect standard error to a file.
@@ -1444,15 +1440,15 @@ channel null {
defined.
</p>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="the_category_phrase"></a>The <span><strong class="command">category</strong></span> Phrase</h4></div></div></div>
+<a name="the_category_phrase"></a>The <span class="command"><strong>category</strong></span> Phrase</h4></div></div></div>
<p>
There are many categories, so you can send the logs you want
to see wherever you want, without seeing logs you don't want. If
you don't specify a list of channels for a category, then log
messages
- in that category will be sent to the <span><strong class="command">default</strong></span> category
+ in that category will be sent to the <span class="command"><strong>default</strong></span> category
instead. If you don't specify a default category, the following
"default default" is used:
</p>
@@ -1473,7 +1469,7 @@ category security {
default_debug;
};</pre>
<p>
- To discard all messages in a category, specify the <span><strong class="command">null</strong></span> channel:
+ To discard all messages in a category, specify the <span class="command"><strong>null</strong></span> channel:
</p>
<pre class="programlisting">category xfer-out { null; };
category notify { null; };
@@ -1485,364 +1481,376 @@ category notify { null; };
</p>
<div class="informaltable"><table border="1">
<colgroup>
-<col>
-<col>
+<col width="1.150in" class="1">
+<col width="3.350in" class="2">
</colgroup>
<tbody>
<tr>
<td>
- <p><span><strong class="command">default</strong></span></p>
- </td>
+ <p><span class="command"><strong>client</strong></span></p>
+ </td>
<td>
- <p>
- The default category defines the logging
- options for those categories where no specific
- configuration has been
- defined.
- </p>
- </td>
+ <p>
+ Processing of client requests.
+ </p>
+ </td>
</tr>
<tr>
<td>
- <p><span><strong class="command">general</strong></span></p>
- </td>
+ <p><span class="command"><strong>cname</strong></span></p>
+ </td>
<td>
- <p>
- The catch-all. Many things still aren't
- classified into categories, and they all end up here.
- </p>
- </td>
+ <p>
+ Logs nameservers that are skipped due to them being
+ a CNAME rather than A / AAAA records.
+ </p>
+ </td>
</tr>
<tr>
<td>
- <p><span><strong class="command">database</strong></span></p>
- </td>
+ <p><span class="command"><strong>config</strong></span></p>
+ </td>
<td>
- <p>
- Messages relating to the databases used
- internally by the name server to store zone and cache
- data.
- </p>
- </td>
+ <p>
+ Configuration file parsing and processing.
+ </p>
+ </td>
</tr>
<tr>
<td>
- <p><span><strong class="command">security</strong></span></p>
- </td>
+ <p><span class="command"><strong>database</strong></span></p>
+ </td>
<td>
- <p>
- Approval and denial of requests.
- </p>
- </td>
+ <p>
+ Messages relating to the databases used
+ internally by the name server to store zone and cache
+ data.
+ </p>
+ </td>
</tr>
<tr>
<td>
- <p><span><strong class="command">config</strong></span></p>
- </td>
+ <p><span class="command"><strong>default</strong></span></p>
+ </td>
<td>
- <p>
- Configuration file parsing and processing.
- </p>
- </td>
+ <p>
+ The default category defines the logging
+ options for those categories where no specific
+ configuration has been
+ defined.
+ </p>
+ </td>
</tr>
<tr>
<td>
- <p><span><strong class="command">resolver</strong></span></p>
- </td>
+ <p><span class="command"><strong>delegation-only</strong></span></p>
+ </td>
<td>
- <p>
- DNS resolution, such as the recursive
- lookups performed on behalf of clients by a caching name
- server.
- </p>
- </td>
+ <p>
+ Delegation only. Logs queries that have been
+ forced to NXDOMAIN as the result of a
+ delegation-only zone or a
+ <span class="command"><strong>delegation-only</strong></span> in a
+ forward, hint or stub zone declaration.
+ </p>
+ </td>
</tr>
<tr>
<td>
- <p><span><strong class="command">xfer-in</strong></span></p>
- </td>
+ <p><span class="command"><strong>dispatch</strong></span></p>
+ </td>
<td>
- <p>
- Zone transfers the server is receiving.
- </p>
- </td>
+ <p>
+ Dispatching of incoming packets to the
+ server modules where they are to be processed.
+ </p>
+ </td>
</tr>
<tr>
<td>
- <p><span><strong class="command">xfer-out</strong></span></p>
- </td>
+ <p><span class="command"><strong>dnssec</strong></span></p>
+ </td>
<td>
- <p>
- Zone transfers the server is sending.
- </p>
- </td>
+ <p>
+ DNSSEC and TSIG protocol processing.
+ </p>
+ </td>
</tr>
<tr>
<td>
- <p><span><strong class="command">notify</strong></span></p>
- </td>
+ <p><span class="command"><strong>edns-disabled</strong></span></p>
+ </td>
<td>
- <p>
- The NOTIFY protocol.
- </p>
- </td>
+ <p>
+ Log queries that have been forced to use plain
+ DNS due to timeouts. This is often due to
+ the remote servers not being RFC 1034 compliant
+ (not always returning FORMERR or similar to
+ EDNS queries and other extensions to the DNS
+ when they are not understood). In other words, this is
+ targeted at servers that fail to respond to
+ DNS queries that they don't understand.
+ </p>
+ <p>
+ Note: the log message can also be due to
+ packet loss. Before reporting servers for
+ non-RFC 1034 compliance they should be re-tested
+ to determine the nature of the non-compliance.
+ This testing should prevent or reduce the
+ number of false-positive reports.
+ </p>
+ <p>
+ Note: eventually <span class="command"><strong>named</strong></span> will have to stop
+ treating such timeouts as due to RFC 1034 non
+ compliance and start treating it as plain
+ packet loss. Falsely classifying packet
+ loss as due to RFC 1034 non compliance impacts
+ on DNSSEC validation which requires EDNS for
+ the DNSSEC records to be returned.
+ </p>
+ </td>
</tr>
<tr>
<td>
- <p><span><strong class="command">client</strong></span></p>
- </td>
+ <p><span class="command"><strong>general</strong></span></p>
+ </td>
<td>
- <p>
- Processing of client requests.
- </p>
- </td>
+ <p>
+ The catch-all. Many things still aren't
+ classified into categories, and they all end up here.
+ </p>
+ </td>
</tr>
<tr>
<td>
- <p><span><strong class="command">unmatched</strong></span></p>
- </td>
+ <p><span class="command"><strong>lame-servers</strong></span></p>
+ </td>
<td>
- <p>
- Messages that <span><strong class="command">named</strong></span> was unable to determine the
- class of or for which there was no matching <span><strong class="command">view</strong></span>.
- A one line summary is also logged to the <span><strong class="command">client</strong></span> category.
- This category is best sent to a file or stderr, by
- default it is sent to
- the <span><strong class="command">null</strong></span> channel.
- </p>
- </td>
+ <p>
+ Lame servers. These are misconfigurations
+ in remote servers, discovered by BIND 9 when trying to
+ query those servers during resolution.
+ </p>
+ </td>
</tr>
<tr>
<td>
- <p><span><strong class="command">network</strong></span></p>
- </td>
+ <p><span class="command"><strong>network</strong></span></p>
+ </td>
<td>
- <p>
- Network operations.
- </p>
- </td>
+ <p>
+ Network operations.
+ </p>
+ </td>
</tr>
<tr>
<td>
- <p><span><strong class="command">update</strong></span></p>
- </td>
+ <p><span class="command"><strong>notify</strong></span></p>
+ </td>
<td>
- <p>
- Dynamic updates.
- </p>
- </td>
+ <p>
+ The NOTIFY protocol.
+ </p>
+ </td>
</tr>
<tr>
<td>
- <p><span><strong class="command">update-security</strong></span></p>
- </td>
+ <p><span class="command"><strong>queries</strong></span></p>
+ </td>
<td>
- <p>
- Approval and denial of update requests.
- </p>
- </td>
+ <p>
+ Specify where queries should be logged to.
+ </p>
+ <p>
+ At startup, specifying the category <span class="command"><strong>queries</strong></span> will also
+ enable query logging unless <span class="command"><strong>querylog</strong></span> option has been
+ specified.
+ </p>
+
+ <p>
+ The query log entry reports the client's IP
+ address and port number, and the query name,
+ class and type. Next it reports whether the
+ Recursion Desired flag was set (+ if set, -
+ if not set), if the query was signed (S),
+ EDNS was in use (E), if TCP was used (T), if
+ DO (DNSSEC Ok) was set (D), or if CD (Checking
+ Disabled) was set (C). After this the
+ destination address the query was sent to is
+ reported.
+ </p>
+
+ <p>
+ <code class="computeroutput">client 127.0.0.1#62536 (www.example.com): query: www.example.com IN AAAA +SE</code>
+ </p>
+ <p>
+ <code class="computeroutput">client ::1#62537 (www.example.net): query: www.example.net IN AAAA -SE</code>
+ </p>
+ <p>
+ (The first part of this log message, showing the
+ client address/port number and query name, is
+ repeated in all subsequent log messages related
+ to the same query.)
+ </p>
+ </td>
</tr>
<tr>
<td>
- <p><span><strong class="command">queries</strong></span></p>
- </td>
+ <p><span class="command"><strong>query-errors</strong></span></p>
+ </td>
+<td>
+ <p>
+ Information about queries that resulted in some
+ failure.
+ </p>
+ </td>
+</tr>
+<tr>
<td>
- <p>
- Specify where queries should be logged to.
- </p>
- <p>
- At startup, specifying the category <span><strong class="command">queries</strong></span> will also
- enable query logging unless <span><strong class="command">querylog</strong></span> option has been
- specified.
- </p>
-
- <p>
- The query log entry reports the client's IP
- address and port number, and the query name,
- class and type. Next it reports whether the
- Recursion Desired flag was set (+ if set, -
- if not set), if the query was signed (S),
- EDNS was in use (E), if TCP was used (T), if
- DO (DNSSEC Ok) was set (D), or if CD (Checking
- Disabled) was set (C). After this the
- destination address the query was sent to is
- reported.
- </p>
-
- <p>
- <code class="computeroutput">client 127.0.0.1#62536 (www.example.com): query: www.example.com IN AAAA +SE</code>
- </p>
- <p>
- <code class="computeroutput">client ::1#62537 (www.example.net): query: www.example.net IN AAAA -SE</code>
- </p>
- <p>
- (The first part of this log message, showing the
- client address/port number and query name, is
- repeated in all subsequent log messages related
- to the same query.)
- </p>
- </td>
+ <p><span class="command"><strong>rate-limit</strong></span></p>
+ </td>
+<td>
+ <p>
+ (Only available when <acronym class="acronym">BIND</acronym> 9 is
+ configured with the <strong class="userinput"><code>--enable-rrl</code></strong>
+ option at compile time.)
+ </p>
+ <p>
+ The start, periodic, and final notices of the
+ rate limiting of a stream of responses are logged at
+ <span class="command"><strong>info</strong></span> severity in this category.
+ These messages include a hash value of the domain name
+ of the response and the name itself,
+ except when there is insufficient memory to record
+ the name for the final notice
+ The final notice is normally delayed until about one
+ minute after rate limit stops.
+ A lack of memory can hurry the final notice,
+ in which case it starts with an asterisk (*).
+ Various internal events are logged at debug 1 level
+ and higher.
+ </p>
+ <p>
+ Rate limiting of individual requests
+ is logged in the <span class="command"><strong>query-errors</strong></span> category.
+ </p>
+ </td>
</tr>
<tr>
<td>
- <p><span><strong class="command">query-errors</strong></span></p>
- </td>
+ <p><span class="command"><strong>resolver</strong></span></p>
+ </td>
<td>
- <p>
- Information about queries that resulted in some
- failure.
- </p>
- </td>
+ <p>
+ DNS resolution, such as the recursive
+ lookups performed on behalf of clients by a caching name
+ server.
+ </p>
+ </td>
</tr>
<tr>
<td>
- <p><span><strong class="command">dispatch</strong></span></p>
- </td>
+ <p><span class="command"><strong>rpz</strong></span></p>
+ </td>
<td>
- <p>
- Dispatching of incoming packets to the
- server modules where they are to be processed.
- </p>
- </td>
+ <p>
+ Information about errors in response policy zone files,
+ rewritten responses, and at the highest
+ <span class="command"><strong>debug</strong></span> levels, mere rewriting
+ attempts.
+ </p>
+ </td>
</tr>
<tr>
<td>
- <p><span><strong class="command">dnssec</strong></span></p>
- </td>
+ <p><span class="command"><strong>security</strong></span></p>
+ </td>
<td>
- <p>
- DNSSEC and TSIG protocol processing.
- </p>
- </td>
+ <p>
+ Approval and denial of requests.
+ </p>
+ </td>
</tr>
<tr>
<td>
- <p><span><strong class="command">lame-servers</strong></span></p>
- </td>
+ <p><span class="command"><strong>spill</strong></span></p>
+ </td>
<td>
- <p>
- Lame servers. These are misconfigurations
- in remote servers, discovered by BIND 9 when trying to
- query those servers during resolution.
- </p>
- </td>
+ <p>
+ Logs queries that have been terminated, either by dropping
+ or responding with SERVFAIL, as a result of a fetchlimit
+ quota being exceeded.
+ </p>
+ </td>
</tr>
<tr>
<td>
- <p><span><strong class="command">delegation-only</strong></span></p>
- </td>
+ <p><span class="command"><strong>unmatched</strong></span></p>
+ </td>
<td>
- <p>
- Delegation only. Logs queries that have been
- forced to NXDOMAIN as the result of a
- delegation-only zone or a
- <span><strong class="command">delegation-only</strong></span> in a
- forward, hint or stub zone declaration.
- </p>
- </td>
+ <p>
+ Messages that <span class="command"><strong>named</strong></span> was unable to determine the
+ class of or for which there was no matching <span class="command"><strong>view</strong></span>.
+ A one line summary is also logged to the <span class="command"><strong>client</strong></span> category.
+ This category is best sent to a file or stderr, by
+ default it is sent to
+ the <span class="command"><strong>null</strong></span> channel.
+ </p>
+ </td>
</tr>
<tr>
<td>
- <p><span><strong class="command">edns-disabled</strong></span></p>
- </td>
+ <p><span class="command"><strong>update</strong></span></p>
+ </td>
<td>
- <p>
- Log queries that have been forced to use plain
- DNS due to timeouts. This is often due to
- the remote servers not being RFC 1034 compliant
- (not always returning FORMERR or similar to
- EDNS queries and other extensions to the DNS
- when they are not understood). In other words, this is
- targeted at servers that fail to respond to
- DNS queries that they don't understand.
- </p>
- <p>
- Note: the log message can also be due to
- packet loss. Before reporting servers for
- non-RFC 1034 compliance they should be re-tested
- to determine the nature of the non-compliance.
- This testing should prevent or reduce the
- number of false-positive reports.
- </p>
- <p>
- Note: eventually <span><strong class="command">named</strong></span> will have to stop
- treating such timeouts as due to RFC 1034 non
- compliance and start treating it as plain
- packet loss. Falsely classifying packet
- loss as due to RFC 1034 non compliance impacts
- on DNSSEC validation which requires EDNS for
- the DNSSEC records to be returned.
- </p>
- </td>
+ <p>
+ Dynamic updates.
+ </p>
+ </td>
</tr>
<tr>
<td>
- <p><span><strong class="command">RPZ</strong></span></p>
- </td>
+ <p><span class="command"><strong>update-security</strong></span></p>
+ </td>
<td>
- <p>
- Information about errors in response policy zone files,
- rewritten responses, and at the highest
- <span><strong class="command">debug</strong></span> levels, mere rewriting
- attempts.
- </p>
- </td>
+ <p>
+ Approval and denial of update requests.
+ </p>
+ </td>
</tr>
<tr>
<td>
- <p><span><strong class="command">rate-limit</strong></span></p>
- </td>
+ <p><span class="command"><strong>xfer-in</strong></span></p>
+ </td>
<td>
- <p>
- (Only available when <acronym class="acronym">BIND</acronym> 9 is
- configured with the <strong class="userinput"><code>--enable-rrl</code></strong>
- option at compile time.)
- </p>
- <p>
- The start, periodic, and final notices of the
- rate limiting of a stream of responses are logged at
- <span><strong class="command">info</strong></span> severity in this category.
- These messages include a hash value of the domain name
- of the response and the name itself,
- except when there is insufficient memory to record
- the name for the final notice
- The final notice is normally delayed until about one
- minute after rate limit stops.
- A lack of memory can hurry the final notice,
- in which case it starts with an asterisk (*).
- Various internal events are logged at debug 1 level
- and higher.
- </p>
- <p>
- Rate limiting of individual requests
- is logged in the <span><strong class="command">query-errors</strong></span> category.
- </p>
- </td>
+ <p>
+ Zone transfers the server is receiving.
+ </p>
+ </td>
</tr>
<tr>
<td>
- <p><span><strong class="command">cname</strong></span></p>
- </td>
+ <p><span class="command"><strong>xfer-out</strong></span></p>
+ </td>
<td>
- <p>
- Logs nameservers that are skipped due to them being
- a CNAME rather than A / AAAA records.
- </p>
- </td>
+ <p>
+ Zone transfers the server is sending.
+ </p>
+ </td>
</tr>
</tbody>
</table></div>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2576580"></a>The <span><strong class="command">query-errors</strong></span> Category</h4></div></div></div>
+<a name="query_errors"></a>The <span class="command"><strong>query-errors</strong></span> Category</h4></div></div></div>
<p>
- The <span><strong class="command">query-errors</strong></span> category is
+ The <span class="command"><strong>query-errors</strong></span> category is
specifically intended for debugging purposes: To identify
why and how specific queries result in responses which
indicate an error.
Messages of this category are therefore only logged
- with <span><strong class="command">debug</strong></span> levels.
+ with <span class="command"><strong>debug</strong></span> levels.
</p>
<p>
At the debug levels of 1 or higher, each response with the
@@ -1905,8 +1913,8 @@ badresp:1,adberr:0,findfail:0,valfail:0]
</p>
<div class="informaltable"><table border="1">
<colgroup>
-<col>
-<col>
+<col width="1.150in" class="1">
+<col width="3.350in" class="2">
</colgroup>
<tbody>
<tr>
@@ -2061,14 +2069,14 @@ badresp:1,adberr:0,findfail:0,valfail:0]
</p>
</div>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2577236"></a><span><strong class="command">lwres</strong></span> Statement Grammar</h3></div></div></div>
+<a name="lwres_grammar"></a><span class="command"><strong>lwres</strong></span> Statement Grammar</h3></div></div></div>
<p>
- This is the grammar of the <span><strong class="command">lwres</strong></span>
+ This is the grammar of the <span class="command"><strong>lwres</strong></span>
statement in the <code class="filename">named.conf</code> file:
</p>
-<pre class="programlisting"><span><strong class="command">lwres</strong></span> {
+<pre class="programlisting"><span class="command"><strong>lwres</strong></span> {
[<span class="optional"> listen-on { <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ;
[<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; ... </span>] }; </span>]
[<span class="optional"> view <em class="replaceable"><code>view_name</code></em>; </span>]
@@ -2077,19 +2085,19 @@ badresp:1,adberr:0,findfail:0,valfail:0]
};
</pre>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2577309"></a><span><strong class="command">lwres</strong></span> Statement Definition and Usage</h3></div></div></div>
+<a name="lwres_statement"></a><span class="command"><strong>lwres</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>
- The <span><strong class="command">lwres</strong></span> statement configures the
+ The <span class="command"><strong>lwres</strong></span> statement configures the
name
server to also act as a lightweight resolver server. (See
- <a href="Bv9ARM.ch05.html#lwresd" title="Running a Resolver Daemon">the section called &#8220;Running a Resolver Daemon&#8221;</a>.) There may be multiple
- <span><strong class="command">lwres</strong></span> statements configuring
+ <a class="xref" href="Bv9ARM.ch05.html#lwresd" title="Running a Resolver Daemon">the section called &#8220;Running a Resolver Daemon&#8221;</a>.) There may be multiple
+ <span class="command"><strong>lwres</strong></span> statements configuring
lightweight resolver servers with different properties.
</p>
<p>
- The <span><strong class="command">listen-on</strong></span> statement specifies a
+ The <span class="command"><strong>listen-on</strong></span> statement specifies a
list of
IPv4 addresses (and ports) that this instance of a lightweight
resolver daemon
@@ -2100,7 +2108,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
port 921.
</p>
<p>
- The <span><strong class="command">view</strong></span> statement binds this
+ The <span class="command"><strong>view</strong></span> statement binds this
instance of a
lightweight resolver daemon to a view in the DNS namespace, so that
the
@@ -2111,49 +2119,49 @@ badresp:1,adberr:0,findfail:0,valfail:0]
used, and if there is no default view, an error is triggered.
</p>
<p>
- The <span><strong class="command">search</strong></span> statement is equivalent to
+ The <span class="command"><strong>search</strong></span> statement is equivalent to
the
- <span><strong class="command">search</strong></span> statement in
+ <span class="command"><strong>search</strong></span> statement in
<code class="filename">/etc/resolv.conf</code>. It provides a
list of domains
which are appended to relative names in queries.
</p>
<p>
- The <span><strong class="command">ndots</strong></span> statement is equivalent to
+ The <span class="command"><strong>ndots</strong></span> statement is equivalent to
the
- <span><strong class="command">ndots</strong></span> statement in
+ <span class="command"><strong>ndots</strong></span> statement in
<code class="filename">/etc/resolv.conf</code>. It indicates the
minimum
number of dots in a relative domain name that should result in an
exact match lookup before search path elements are appended.
</p>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2577373"></a><span><strong class="command">masters</strong></span> Statement Grammar</h3></div></div></div>
+<a name="masters_grammar"></a><span class="command"><strong>masters</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting">
-<span><strong class="command">masters</strong></span> <em class="replaceable"><code>name</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] { ( <em class="replaceable"><code>masters_list</code></em> |
+<span class="command"><strong>masters</strong></span> <em class="replaceable"><code>name</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] { ( <em class="replaceable"><code>masters_list</code></em> |
<em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">key <em class="replaceable"><code>key</code></em></span>] ) ; [<span class="optional">...</span>] };
</pre>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2577417"></a><span><strong class="command">masters</strong></span> Statement Definition and
+<a name="masters_statement"></a><span class="command"><strong>masters</strong></span> Statement Definition and
Usage</h3></div></div></div>
-<p><span><strong class="command">masters</strong></span>
+<p><span class="command"><strong>masters</strong></span>
lists allow for a common set of masters to be easily used by
- multiple stub and slave zones in their <span><strong class="command">masters</strong></span>
- or <span><strong class="command">also-notify</strong></span> lists.
+ multiple stub and slave zones in their <span class="command"><strong>masters</strong></span>
+ or <span class="command"><strong>also-notify</strong></span> lists.
</p>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2577438"></a><span><strong class="command">options</strong></span> Statement Grammar</h3></div></div></div>
+<a name="options_grammar"></a><span class="command"><strong>options</strong></span> Statement Grammar</h3></div></div></div>
<p>
- This is the grammar of the <span><strong class="command">options</strong></span>
+ This is the grammar of the <span class="command"><strong>options</strong></span>
statement in the <code class="filename">named.conf</code> file:
</p>
-<pre class="programlisting"><span><strong class="command">options</strong></span> {
+<pre class="programlisting"><span class="command"><strong>options</strong></span> {
[<span class="optional"> attach-cache <em class="replaceable"><code>cache_name</code></em>; </span>]
[<span class="optional"> version <em class="replaceable"><code>version_string</code></em>; </span>]
[<span class="optional"> hostname <em class="replaceable"><code>hostname_string</code></em>; </span>]
@@ -2197,6 +2205,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
[<span class="optional"> use-id-pool <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> maintain-ixfr-base <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> ixfr-from-differences (<em class="replaceable"><code>yes_or_no</code></em> | <code class="constant">master</code> | <code class="constant">slave</code>); </span>]
+ [<span class="optional"> auto-dnssec <code class="constant">allow</code>|<code class="constant">maintain</code>|<code class="constant">off</code>; </span>]
[<span class="optional"> dnssec-enable <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> dnssec-validation (<em class="replaceable"><code>yes_or_no</code></em> | <code class="constant">auto</code>); </span>]
[<span class="optional"> dnssec-lookaside ( <em class="replaceable"><code>auto</code></em> |
@@ -2268,7 +2277,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
[<span class="optional"> max-clients-per-query <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> fetches-per-server <em class="replaceable"><code>number</code></em> [<span class="optional"><em class="replaceable"><code>(drop | fail)</code></em></span>]; </span>]
[<span class="optional"> fetch-quota-params <em class="replaceable"><code>number fixedpoint fixedpoint fixedpoint</code></em> ; </span>]
- [<span class="optional"> fetches-per-zone<em class="replaceable"><code>number</code></em> [<span class="optional"><em class="replaceable"><code>(drop | fail)</code></em></span>]; </span>]
+ [<span class="optional"> fetches-per-zone <em class="replaceable"><code>number</code></em> [<span class="optional"><em class="replaceable"><code>(drop | fail)</code></em></span>]; </span>]
[<span class="optional"> serial-query-rate <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> serial-queries <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> tcp-listen-queue <em class="replaceable"><code>number</code></em>; </span>]
@@ -2286,9 +2295,9 @@ badresp:1,adberr:0,findfail:0,valfail:0]
[<span class="optional"> notify-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> notify-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> notify-to-soa <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
- [<span class="optional"> also-notify { <em class="replaceable"><code>ip_addr</code></em>
- [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">key <em class="replaceable"><code>keyname</code></em></span>] ;
- [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">key <em class="replaceable"><code>keyname</code></em></span>] ; ... </span>] }; </span>]
+ [<span class="optional"> also-notify [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] { ( <em class="replaceable"><code>masters_list</code></em> | <em class="replaceable"><code>ip_addr</code></em>
+ [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>]
+ [<span class="optional">key <em class="replaceable"><code>key</code></em></span>] ) ; [<span class="optional">...</span>] }; </span>]
[<span class="optional"> max-ixfr-log-size <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> max-journal-size <em class="replaceable"><code>size_spec</code></em>; </span>]
[<span class="optional"> coresize <em class="replaceable"><code>size_spec</code></em> ; </span>]
@@ -2305,6 +2314,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
[<span class="optional"> lame-ttl <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> max-ncache-ttl <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> max-cache-ttl <em class="replaceable"><code>number</code></em>; </span>]
+ [<span class="optional"> serial-update-method <code class="constant">increment</code>|<code class="constant">unixtime</code>|<code class="constant">date</code>; </span>]
[<span class="optional"> sig-validity-interval <em class="replaceable"><code>number</code></em> [<span class="optional"><em class="replaceable"><code>number</code></em></span>] ; </span>]
[<span class="optional"> sig-signing-nodes <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> sig-signing-signatures <em class="replaceable"><code>number</code></em> ; </span>]
@@ -2330,7 +2340,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
[<span class="optional"> clients { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> mapped { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> exclude { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
- [<span class="optional"> suffix IPv6-address; </span>]
+ [<span class="optional"> suffix <em class="replaceable"><code>IPv6-address</code></em>; </span>]
[<span class="optional"> recursive-only <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> break-dnssec <em class="replaceable"><code>yes_or_no</code></em>; </span>]
}; </span>];
@@ -2389,21 +2399,21 @@ badresp:1,adberr:0,findfail:0,valfail:0]
};
</pre>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="options"></a><span><strong class="command">options</strong></span> Statement Definition and
+<a name="options"></a><span class="command"><strong>options</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p>
- The <span><strong class="command">options</strong></span> statement sets up global
+ The <span class="command"><strong>options</strong></span> statement sets up global
options
to be used by <acronym class="acronym">BIND</acronym>. This statement
may appear only
- once in a configuration file. If there is no <span><strong class="command">options</strong></span>
+ once in a configuration file. If there is no <span class="command"><strong>options</strong></span>
statement, an options block with each option set to its default will
be used.
</p>
-<div class="variablelist"><dl>
-<dt><span class="term"><span><strong class="command">attach-cache</strong></span></span></dt>
+<div class="variablelist"><dl class="variablelist">
+<dt><span class="term"><span class="command"><strong>attach-cache</strong></span></span></dt>
<dd>
<p>
Allows multiple views to share a single cache
@@ -2415,15 +2425,15 @@ badresp:1,adberr:0,findfail:0,valfail:0]
improve resolution efficiency by using this option.
</p>
<p>
- The <span><strong class="command">attach-cache</strong></span> option
- may also be specified in <span><strong class="command">view</strong></span>
+ The <span class="command"><strong>attach-cache</strong></span> option
+ may also be specified in <span class="command"><strong>view</strong></span>
statements, in which case it overrides the
- global <span><strong class="command">attach-cache</strong></span> option.
+ global <span class="command"><strong>attach-cache</strong></span> option.
</p>
<p>
The <em class="replaceable"><code>cache_name</code></em> specifies
the cache to be shared.
- When the <span><strong class="command">named</strong></span> server configures
+ When the <span class="command"><strong>named</strong></span> server configures
views which are supposed to share a cache, it
creates a cache with the specified name for the
first view of these sharing views.
@@ -2434,7 +2444,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
One common configuration to share a cache would be to
allow all views to share a single cache.
This can be done by specifying
- the <span><strong class="command">attach-cache</strong></span> as a global
+ the <span class="command"><strong>attach-cache</strong></span> as a global
option with an arbitrary name.
</p>
<p>
@@ -2443,7 +2453,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
retain their own caches.
For example, if there are three views A, B, and C,
and only A and B should share a cache, specify the
- <span><strong class="command">attach-cache</strong></span> option as a view A (or
+ <span class="command"><strong>attach-cache</strong></span> option as a view A (or
B)'s option, referring to the other view name:
</p>
<pre class="programlisting">
@@ -2466,14 +2476,14 @@ badresp:1,adberr:0,findfail:0,valfail:0]
The current implementation requires the following
configurable options be consistent among these
views:
- <span><strong class="command">check-names</strong></span>,
- <span><strong class="command">cleaning-interval</strong></span>,
- <span><strong class="command">dnssec-accept-expired</strong></span>,
- <span><strong class="command">dnssec-validation</strong></span>,
- <span><strong class="command">max-cache-ttl</strong></span>,
- <span><strong class="command">max-ncache-ttl</strong></span>,
- <span><strong class="command">max-cache-size</strong></span>, and
- <span><strong class="command">zero-no-soa-ttl</strong></span>.
+ <span class="command"><strong>check-names</strong></span>,
+ <span class="command"><strong>cleaning-interval</strong></span>,
+ <span class="command"><strong>dnssec-accept-expired</strong></span>,
+ <span class="command"><strong>dnssec-validation</strong></span>,
+ <span class="command"><strong>max-cache-ttl</strong></span>,
+ <span class="command"><strong>max-ncache-ttl</strong></span>,
+ <span class="command"><strong>max-cache-size</strong></span>, and
+ <span class="command"><strong>zero-no-soa-ttl</strong></span>.
</p>
<p>
Note that there may be other parameters that may
@@ -2488,7 +2498,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
not cause disruption with a shared cache.
</p>
</dd>
-<dt><span class="term"><span><strong class="command">directory</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>directory</strong></span></span></dt>
<dd><p>
The working directory of the server.
Any non-absolute pathnames in the configuration file will be
@@ -2503,7 +2513,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
was started. The directory specified should be an absolute
path.
</p></dd>
-<dt><span class="term"><span><strong class="command">key-directory</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>key-directory</strong></span></span></dt>
<dd><p>
When performing dynamic update of secure zones, the
directory where the public and private DNSSEC key files
@@ -2514,7 +2524,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
<code class="filename">rndc.key</code> or
<code class="filename">session.key</code>.)
</p></dd>
-<dt><span class="term"><span><strong class="command">managed-keys-directory</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>managed-keys-directory</strong></span></span></dt>
<dd>
<p>
Specifies the directory in which to store the files that
@@ -2522,7 +2532,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
directory.
</p>
<p>
- If <span><strong class="command">named</strong></span> is not configured to use views,
+ If <span class="command"><strong>named</strong></span> is not configured to use views,
then managed keys for the server will be tracked in a single
file called <code class="filename">managed-keys.bind</code>.
Otherwise, managed keys will be tracked in separate files,
@@ -2531,23 +2541,23 @@ badresp:1,adberr:0,findfail:0,valfail:0]
<code class="filename">.mkeys</code>.
</p>
</dd>
-<dt><span class="term"><span><strong class="command">named-xfer</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>named-xfer</strong></span></span></dt>
<dd><p>
<span class="emphasis"><em>This option is obsolete.</em></span> It
was used in <acronym class="acronym">BIND</acronym> 8 to specify
- the pathname to the <span><strong class="command">named-xfer</strong></span>
+ the pathname to the <span class="command"><strong>named-xfer</strong></span>
program. In <acronym class="acronym">BIND</acronym> 9, no separate
- <span><strong class="command">named-xfer</strong></span> program is needed;
+ <span class="command"><strong>named-xfer</strong></span> program is needed;
its functionality is built into the name server.
</p></dd>
-<dt><span class="term"><span><strong class="command">tkey-gssapi-keytab</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>tkey-gssapi-keytab</strong></span></span></dt>
<dd><p>
The KRB5 keytab file to use for GSS-TSIG updates. If
this option is set and tkey-gssapi-credential is not
set, then updates will be allowed with any key
matching a principal in the specified keytab.
</p></dd>
-<dt><span class="term"><span><strong class="command">tkey-gssapi-credential</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>tkey-gssapi-credential</strong></span></span></dt>
<dd><p>
The security credential with which the server should
authenticate keys requested by the GSS-TSIG protocol.
@@ -2558,128 +2568,128 @@ badresp:1,adberr:0,findfail:0,valfail:0]
The location keytab file can be overridden using the
tkey-gssapi-keytab option. Normally this principal is
of the form "<strong class="userinput"><code>DNS/</code></strong><code class="varname">server.domain</code>".
- To use GSS-TSIG, <span><strong class="command">tkey-domain</strong></span> must
+ To use GSS-TSIG, <span class="command"><strong>tkey-domain</strong></span> must
also be set if a specific keytab is not set with
tkey-gssapi-keytab.
</p></dd>
-<dt><span class="term"><span><strong class="command">tkey-domain</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>tkey-domain</strong></span></span></dt>
<dd><p>
The domain appended to the names of all shared keys
- generated with <span><strong class="command">TKEY</strong></span>. When a
- client requests a <span><strong class="command">TKEY</strong></span> exchange,
+ generated with <span class="command"><strong>TKEY</strong></span>. When a
+ client requests a <span class="command"><strong>TKEY</strong></span> exchange,
it may or may not specify the desired name for the
key. If present, the name of the shared key will
be <code class="varname">client specified part</code> +
<code class="varname">tkey-domain</code>. Otherwise, the
name of the shared key will be <code class="varname">random hex
digits</code> + <code class="varname">tkey-domain</code>.
- In most cases, the <span><strong class="command">domainname</strong></span>
+ In most cases, the <span class="command"><strong>domainname</strong></span>
should be the server's domain name, or an otherwise
non-existent subdomain like
"_tkey.<code class="varname">domainname</code>". If you are
using GSS-TSIG, this variable must be defined, unless
you specify a specific keytab using tkey-gssapi-keytab.
</p></dd>
-<dt><span class="term"><span><strong class="command">tkey-dhkey</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>tkey-dhkey</strong></span></span></dt>
<dd><p>
The Diffie-Hellman key used by the server
to generate shared keys with clients using the Diffie-Hellman
mode
- of <span><strong class="command">TKEY</strong></span>. The server must be
+ of <span class="command"><strong>TKEY</strong></span>. The server must be
able to load the
public and private keys from files in the working directory.
In
most cases, the keyname should be the server's host name.
</p></dd>
-<dt><span class="term"><span><strong class="command">cache-file</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>cache-file</strong></span></span></dt>
<dd><p>
This is for testing only. Do not use.
</p></dd>
-<dt><span class="term"><span><strong class="command">dump-file</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>dump-file</strong></span></span></dt>
<dd><p>
The pathname of the file the server dumps
the database to when instructed to do so with
- <span><strong class="command">rndc dumpdb</strong></span>.
+ <span class="command"><strong>rndc dumpdb</strong></span>.
If not specified, the default is <code class="filename">named_dump.db</code>.
</p></dd>
-<dt><span class="term"><span><strong class="command">memstatistics-file</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>memstatistics-file</strong></span></span></dt>
<dd><p>
The pathname of the file the server writes memory
usage statistics to on exit. If not specified,
the default is <code class="filename">named.memstats</code>.
</p></dd>
-<dt><span class="term"><span><strong class="command">pid-file</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>pid-file</strong></span></span></dt>
<dd><p>
The pathname of the file the server writes its process ID
in. If not specified, the default is
<code class="filename">/var/run/named/named.pid</code>.
The PID file is used by programs that want to send signals to
the running
- name server. Specifying <span><strong class="command">pid-file none</strong></span> disables the
+ name server. Specifying <span class="command"><strong>pid-file none</strong></span> disables the
use of a PID file &#8212; no file will be written and any
- existing one will be removed. Note that <span><strong class="command">none</strong></span>
+ existing one will be removed. Note that <span class="command"><strong>none</strong></span>
is a keyword, not a filename, and therefore is not enclosed
in
double quotes.
</p></dd>
-<dt><span class="term"><span><strong class="command">recursing-file</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>recursing-file</strong></span></span></dt>
<dd><p>
The pathname of the file the server dumps
the queries that are currently recursing when instructed
- to do so with <span><strong class="command">rndc recursing</strong></span>.
+ to do so with <span class="command"><strong>rndc recursing</strong></span>.
If not specified, the default is <code class="filename">named.recursing</code>.
</p></dd>
-<dt><span class="term"><span><strong class="command">statistics-file</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>statistics-file</strong></span></span></dt>
<dd><p>
The pathname of the file the server appends statistics
- to when instructed to do so using <span><strong class="command">rndc stats</strong></span>.
+ to when instructed to do so using <span class="command"><strong>rndc stats</strong></span>.
If not specified, the default is <code class="filename">named.stats</code> in the
server's current directory. The format of the file is
described
- in <a href="Bv9ARM.ch06.html#statsfile" title="The Statistics File">the section called &#8220;The Statistics File&#8221;</a>.
+ in <a class="xref" href="Bv9ARM.ch06.html#statsfile" title="The Statistics File">the section called &#8220;The Statistics File&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">bindkeys-file</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>bindkeys-file</strong></span></span></dt>
<dd><p>
The pathname of a file to override the built-in trusted
- keys provided by <span><strong class="command">named</strong></span>.
- See the discussion of <span><strong class="command">dnssec-lookaside</strong></span>
- and <span><strong class="command">dnssec-validation</strong></span> for details.
+ keys provided by <span class="command"><strong>named</strong></span>.
+ See the discussion of <span class="command"><strong>dnssec-lookaside</strong></span>
+ and <span class="command"><strong>dnssec-validation</strong></span> for details.
If not specified, the default is
<code class="filename">/etc/bind.keys</code>.
</p></dd>
-<dt><span class="term"><span><strong class="command">secroots-file</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>secroots-file</strong></span></span></dt>
<dd><p>
The pathname of the file the server dumps
security roots to when instructed to do so with
- <span><strong class="command">rndc secroots</strong></span>.
+ <span class="command"><strong>rndc secroots</strong></span>.
If not specified, the default is
<code class="filename">named.secroots</code>.
</p></dd>
-<dt><span class="term"><span><strong class="command">session-keyfile</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>session-keyfile</strong></span></span></dt>
<dd><p>
The pathname of the file into which to write a TSIG
- session key generated by <span><strong class="command">named</strong></span> for use by
- <span><strong class="command">nsupdate -l</strong></span>. If not specified, the
+ session key generated by <span class="command"><strong>named</strong></span> for use by
+ <span class="command"><strong>nsupdate -l</strong></span>. If not specified, the
default is <code class="filename">/var/run/named/session.key</code>.
- (See <a href="Bv9ARM.ch06.html#dynamic_update_policies" title="Dynamic Update Policies">the section called &#8220;Dynamic Update Policies&#8221;</a>, and in
+ (See <a class="xref" href="Bv9ARM.ch06.html#dynamic_update_policies" title="Dynamic Update Policies">the section called &#8220;Dynamic Update Policies&#8221;</a>, and in
particular the discussion of the
- <span><strong class="command">update-policy</strong></span> statement's
+ <span class="command"><strong>update-policy</strong></span> statement's
<strong class="userinput"><code>local</code></strong> option for more
information about this feature.)
</p></dd>
-<dt><span class="term"><span><strong class="command">session-keyname</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>session-keyname</strong></span></span></dt>
<dd><p>
The key name to use for the TSIG session key.
If not specified, the default is "local-ddns".
</p></dd>
-<dt><span class="term"><span><strong class="command">session-keyalg</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>session-keyalg</strong></span></span></dt>
<dd><p>
The algorithm to use for the TSIG session key.
Valid values are hmac-sha1, hmac-sha224, hmac-sha256,
hmac-sha384, hmac-sha512 and hmac-md5. If not
specified, the default is hmac-sha256.
</p></dd>
-<dt><span class="term"><span><strong class="command">port</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>port</strong></span></span></dt>
<dd><p>
The UDP/TCP port number the server uses for
receiving and sending DNS protocol traffic.
@@ -2689,7 +2699,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
communicate with
the global DNS.
</p></dd>
-<dt><span class="term"><span><strong class="command">random-device</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>random-device</strong></span></span></dt>
<dd><p>
The source of entropy to be used by the server. Entropy is
primarily needed
@@ -2703,20 +2713,22 @@ badresp:1,adberr:0,findfail:0,valfail:0]
is
<code class="filename">/dev/random</code>
(or equivalent) when present, and none otherwise. The
- <span><strong class="command">random-device</strong></span> option takes
+ <span class="command"><strong>random-device</strong></span> option takes
effect during
the initial configuration load at server startup time and
is ignored on subsequent reloads.
</p></dd>
-<dt><span class="term"><span><strong class="command">preferred-glue</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>preferred-glue</strong></span></span></dt>
<dd><p>
If specified, the listed type (A or AAAA) will be emitted
before other glue
in the additional section of a query response.
- The default is not to prefer any type (NONE).
+ The default is to prefer A records when responding
+ to queries that arrived via IPv4 and AAAA when
+ responding to queries that arrived via IPv6.
</p></dd>
<dt>
-<a name="root_delegation_only"></a><span class="term"><span><strong class="command">root-delegation-only</strong></span></span>
+<a name="root_delegation_only"></a><span class="term"><span class="command"><strong>root-delegation-only</strong></span></span>
</dt>
<dd>
<p>
@@ -2762,22 +2774,22 @@ options {
};
</pre>
</dd>
-<dt><span class="term"><span><strong class="command">disable-algorithms</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>disable-algorithms</strong></span></span></dt>
<dd><p>
Disable the specified DNSSEC algorithms at and below the
specified name.
- Multiple <span><strong class="command">disable-algorithms</strong></span>
+ Multiple <span class="command"><strong>disable-algorithms</strong></span>
statements are allowed.
Only the most specific will be applied.
</p></dd>
-<dt><span class="term"><span><strong class="command">dnssec-lookaside</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>dnssec-lookaside</strong></span></span></dt>
<dd>
<p>
- When set, <span><strong class="command">dnssec-lookaside</strong></span> provides the
+ When set, <span class="command"><strong>dnssec-lookaside</strong></span> provides the
validator with an alternate method to validate DNSKEY
records at the top of a zone. When a DNSKEY is at or
below a domain specified by the deepest
- <span><strong class="command">dnssec-lookaside</strong></span>, and the normal DNSSEC
+ <span class="command"><strong>dnssec-lookaside</strong></span>, and the normal DNSSEC
validation has left the key untrusted, the trust-anchor
will be appended to the key name and a DLV record will be
looked up to see if it can validate the key. If the DLV
@@ -2785,61 +2797,61 @@ options {
record does) the DNSKEY RRset is deemed to be trusted.
</p>
<p>
- If <span><strong class="command">dnssec-lookaside</strong></span> is set to
+ If <span class="command"><strong>dnssec-lookaside</strong></span> is set to
<strong class="userinput"><code>auto</code></strong>, then built-in default
values for the DLV domain and trust anchor will be
used, along with a built-in key for validation.
</p>
<p>
- If <span><strong class="command">dnssec-lookaside</strong></span> is set to
+ If <span class="command"><strong>dnssec-lookaside</strong></span> is set to
<strong class="userinput"><code>no</code></strong>, then dnssec-lookaside
is not used.
</p>
<p>
The default DLV key is stored in the file
<code class="filename">bind.keys</code>;
- <span><strong class="command">named</strong></span> will load that key at
- startup if <span><strong class="command">dnssec-lookaside</strong></span> is set to
+ <span class="command"><strong>named</strong></span> will load that key at
+ startup if <span class="command"><strong>dnssec-lookaside</strong></span> is set to
<code class="constant">auto</code>. A copy of the file is
installed along with <acronym class="acronym">BIND</acronym> 9, and is
current as of the release date. If the DLV key expires, a
new copy of <code class="filename">bind.keys</code> can be downloaded
- from <a href="https://www.isc.org/solutions/dlv/" target="_top">https://www.isc.org/solutions/dlv/</a>.
+ from <a class="link" href="https://www.isc.org/solutions/dlv/" target="_top">https://www.isc.org/solutions/dlv/</a>.
</p>
<p>
(To prevent problems if <code class="filename">bind.keys</code> is
not found, the current key is also compiled in to
- <span><strong class="command">named</strong></span>. Relying on this is not
- recommended, however, as it requires <span><strong class="command">named</strong></span>
+ <span class="command"><strong>named</strong></span>. Relying on this is not
+ recommended, however, as it requires <span class="command"><strong>named</strong></span>
to be recompiled with a new key when the DLV key expires.)
</p>
<p>
- NOTE: <span><strong class="command">named</strong></span> only loads certain specific
+ NOTE: <span class="command"><strong>named</strong></span> only loads certain specific
keys from <code class="filename">bind.keys</code>: those for the
DLV zone and for the DNS root zone. The file cannot be
used to store keys for other zones.
</p>
</dd>
-<dt><span class="term"><span><strong class="command">dnssec-must-be-secure</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>dnssec-must-be-secure</strong></span></span></dt>
<dd><p>
Specify hierarchies which must be or may not be secure
(signed and validated). If <strong class="userinput"><code>yes</code></strong>,
- then <span><strong class="command">named</strong></span> will only accept answers if
+ then <span class="command"><strong>named</strong></span> will only accept answers if
they are secure. If <strong class="userinput"><code>no</code></strong>, then normal
DNSSEC validation applies allowing for insecure answers to
be accepted. The specified domain must be under a
- <span><strong class="command">trusted-keys</strong></span> or
- <span><strong class="command">managed-keys</strong></span> statement, or
- <span><strong class="command">dnssec-lookaside</strong></span> must be active.
+ <span class="command"><strong>trusted-keys</strong></span> or
+ <span class="command"><strong>managed-keys</strong></span> statement, or
+ <span class="command"><strong>dnssec-lookaside</strong></span> must be active.
</p></dd>
-<dt><span class="term"><span><strong class="command">dns64</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>dns64</strong></span></span></dt>
<dd>
<p>
- This directive instructs <span><strong class="command">named</strong></span> to
+ This directive instructs <span class="command"><strong>named</strong></span> to
return mapped IPv4 addresses to AAAA queries when
there are no AAAA records. It is intended to be
used in conjunction with a NAT64. Each
- <span><strong class="command">dns64</strong></span> defines one DNS64 prefix.
+ <span class="command"><strong>dns64</strong></span> defines one DNS64 prefix.
Multiple DNS64 prefixes can be defined.
</p>
<p>
@@ -2850,21 +2862,21 @@ options {
Additionally a reverse IP6.ARPA zone will be created for
the prefix to provide a mapping from the IP6.ARPA names
to the corresponding IN-ADDR.ARPA names using synthesized
- CNAMEs. <span><strong class="command">dns64-server</strong></span> and
- <span><strong class="command">dns64-contact</strong></span> can be used to specify
+ CNAMEs. <span class="command"><strong>dns64-server</strong></span> and
+ <span class="command"><strong>dns64-contact</strong></span> can be used to specify
the name of the server and contact for the zones. These
are settable at the view / options level. These are
not settable on a per-prefix basis.
</p>
<p>
- Each <span><strong class="command">dns64</strong></span> supports an optional
- <span><strong class="command">clients</strong></span> ACL that determines which
+ Each <span class="command"><strong>dns64</strong></span> supports an optional
+ <span class="command"><strong>clients</strong></span> ACL that determines which
clients are affected by this directive. If not defined,
it defaults to <strong class="userinput"><code>any;</code></strong>.
</p>
<p>
- Each <span><strong class="command">dns64</strong></span> supports an optional
- <span><strong class="command">mapped</strong></span> ACL that selects which
+ Each <span class="command"><strong>dns64</strong></span> supports an optional
+ <span class="command"><strong>mapped</strong></span> ACL that selects which
IPv4 addresses are to be mapped in the corresponding
A RRset. If not defined it defaults to
<strong class="userinput"><code>any;</code></strong>.
@@ -2873,15 +2885,15 @@ options {
Normally, DNS64 won't apply to a domain name that
owns one or more AAAA records; these records will
simply be returned. The optional
- <span><strong class="command">exclude</strong></span> ACL allows specification
+ <span class="command"><strong>exclude</strong></span> ACL allows specification
of a list of IPv6 addresses that will be ignored
if they appear in a domain name's AAAA records, and
DNS64 will be applied to any A records the domain
- name owns. If not defined, <span><strong class="command">exclude</strong></span>
+ name owns. If not defined, <span class="command"><strong>exclude</strong></span>
defaults to none.
</p>
<p>
- A optional <span><strong class="command">suffix</strong></span> can also
+ A optional <span class="command"><strong>suffix</strong></span> can also
be defined to set the bits trailing the mapped
IPv4 address bits. By default these bits are
set to <strong class="userinput"><code>::</code></strong>. The bits
@@ -2889,17 +2901,17 @@ options {
must be zero.
</p>
<p>
- If <span><strong class="command">recursive-only</strong></span> is set to
- <span><strong class="command">yes</strong></span> the DNS64 synthesis will
+ If <span class="command"><strong>recursive-only</strong></span> is set to
+ <span class="command"><strong>yes</strong></span> the DNS64 synthesis will
only happen for recursive queries. The default
- is <span><strong class="command">no</strong></span>.
+ is <span class="command"><strong>no</strong></span>.
</p>
<p>
- If <span><strong class="command">break-dnssec</strong></span> is set to
- <span><strong class="command">yes</strong></span> the DNS64 synthesis will
+ If <span class="command"><strong>break-dnssec</strong></span> is set to
+ <span class="command"><strong>yes</strong></span> the DNS64 synthesis will
happen even if the result, if validated, would
cause a DNSSEC validation failure. If this option
- is set to <span><strong class="command">no</strong></span> (the default), the DO
+ is set to <span class="command"><strong>no</strong></span> (the default), the DO
is set on the incoming query, and there are RRSIGs on
the applicable records, then synthesis will not happen.
</p>
@@ -2914,46 +2926,83 @@ options {
};
</pre>
</dd>
-<dt><span class="term"><span><strong class="command">dnssec-update-mode</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>dnssec-loadkeys-interval</strong></span></span></dt>
+<dd><p>
+ When a zone is configured with <span class="command"><strong>auto-dnssec
+ maintain;</strong></span> its key repository must be checked
+ periodically to see if any new keys have been added
+ or any existing keys' timing metadata has been updated
+ (see <a class="xref" href="man.dnssec-keygen.html" title="dnssec-keygen"><span class="refentrytitle"><span class="application">dnssec-keygen</span></span>(8)</a> and
+ <a class="xref" href="man.dnssec-settime.html" title="dnssec-settime"><span class="refentrytitle"><span class="application">dnssec-settime</span></span>(8)</a>). The
+ <span class="command"><strong>dnssec-loadkeys-interval</strong></span> option
+ sets the frequency of automatic repository checks, in
+ minutes. The default is <code class="literal">60</code> (1 hour),
+ the minimum is <code class="literal">1</code> (1 minute), and the
+ maximum is <code class="literal">1440</code> (24 hours); any higher
+ value is silently reduced.
+ </p></dd>
+<dt><span class="term"><span class="command"><strong>dnssec-update-mode</strong></span></span></dt>
<dd>
<p>
If this option is set to its default value of
<code class="literal">maintain</code> in a zone of type
<code class="literal">master</code> which is DNSSEC-signed
and configured to allow dynamic updates (see
- <a href="Bv9ARM.ch06.html#dynamic_update_policies" title="Dynamic Update Policies">the section called &#8220;Dynamic Update Policies&#8221;</a>), and
- if <span><strong class="command">named</strong></span> has access to the
+ <a class="xref" href="Bv9ARM.ch06.html#dynamic_update_policies" title="Dynamic Update Policies">the section called &#8220;Dynamic Update Policies&#8221;</a>), and
+ if <span class="command"><strong>named</strong></span> has access to the
private signing key(s) for the zone, then
- <span><strong class="command">named</strong></span> will automatically sign all new
+ <span class="command"><strong>named</strong></span> will automatically sign all new
or changed records and maintain signatures for the zone
by regenerating RRSIG records whenever they approach
their expiration date.
</p>
<p>
If the option is changed to <code class="literal">no-resign</code>,
- then <span><strong class="command">named</strong></span> will sign all new or
+ then <span class="command"><strong>named</strong></span> will sign all new or
changed records, but scheduled maintenance of
signatures is disabled.
</p>
<p>
- With either of these settings, <span><strong class="command">named</strong></span>
+ With either of these settings, <span class="command"><strong>named</strong></span>
will reject updates to a DNSSEC-signed zone when the
signing keys are inactive or unavailable to
- <span><strong class="command">named</strong></span>. (A planned third option,
+ <span class="command"><strong>named</strong></span>. (A planned third option,
<code class="literal">external</code>, will disable all automatic
signing and allow DNSSEC data to be submitted into a zone
via dynamic update; this is not yet implemented.)
</p>
</dd>
-<dt><span class="term"><span><strong class="command">zone-statistics</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>serial-update-method</strong></span></span></dt>
+<dd>
+<p>
+ Zones configured for dynamic DNS may use this
+ option to set the update method that will be used for
+ the zone serial number in the SOA record.
+ </p>
+<p>
+ With the default setting of
+ <span class="command"><strong>serial-update-method increment;</strong></span>, the
+ SOA serial number will be incremented by one each time
+ the zone is updated.
+ </p>
+<p>
+ When set to
+ <span class="command"><strong>serial-update-method unixtime;</strong></span>, the
+ SOA serial number will be set to the number of seconds
+ since the UNIX epoch, unless the serial number is
+ already greater than or equal to that value, in which
+ case it is simply incremented by one.
+ </p>
+</dd>
+<dt><span class="term"><span class="command"><strong>zone-statistics</strong></span></span></dt>
<dd>
<p>
If <strong class="userinput"><code>full</code></strong>, the server will collect
statistical data on all zones (unless specifically
turned off on a per-zone basis by specifying
- <span><strong class="command">zone-statistics terse</strong></span> or
- <span><strong class="command">zone-statistics none</strong></span>
- in the <span><strong class="command">zone</strong></span> statement).
+ <span class="command"><strong>zone-statistics terse</strong></span> or
+ <span class="command"><strong>zone-statistics none</strong></span>
+ in the <span class="command"><strong>zone</strong></span> statement).
The default is <strong class="userinput"><code>terse</code></strong>, providing
minimal statistics on zones (including name and
current serial number, but not query type
@@ -2961,15 +3010,15 @@ options {
</p>
<p>
These statistics may be accessed via the
- <span><strong class="command">statistics-channel</strong></span> or
- using <span><strong class="command">rndc stats</strong></span>, which
+ <span class="command"><strong>statistics-channel</strong></span> or
+ using <span class="command"><strong>rndc stats</strong></span>, which
will dump them to the file listed
- in the <span><strong class="command">statistics-file</strong></span>. See
- also <a href="Bv9ARM.ch06.html#statsfile" title="The Statistics File">the section called &#8220;The Statistics File&#8221;</a>.
+ in the <span class="command"><strong>statistics-file</strong></span>. See
+ also <a class="xref" href="Bv9ARM.ch06.html#statsfile" title="The Statistics File">the section called &#8220;The Statistics File&#8221;</a>.
</p>
<p>
For backward compatibility with earlier versions
- of BIND 9, the <span><strong class="command">zone-statistics</strong></span>
+ of BIND 9, the <span class="command"><strong>zone-statistics</strong></span>
option can also accept <strong class="userinput"><code>yes</code></strong>
or <strong class="userinput"><code>no</code></strong>, which have the same
effect as <strong class="userinput"><code>full</code></strong> and
@@ -2977,20 +3026,20 @@ options {
</p>
</dd>
</dl></div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
<a name="boolean_options"></a>Boolean Options</h4></div></div></div>
-<div class="variablelist"><dl>
-<dt><span class="term"><span><strong class="command">allow-new-zones</strong></span></span></dt>
+<div class="variablelist"><dl class="variablelist">
+<dt><span class="term"><span class="command"><strong>allow-new-zones</strong></span></span></dt>
<dd><p>
If <strong class="userinput"><code>yes</code></strong>, then zones can be
- added at runtime via <span><strong class="command">rndc addzone</strong></span>
- or deleted via <span><strong class="command">rndc delzone</strong></span>.
+ added at runtime via <span class="command"><strong>rndc addzone</strong></span>
+ or deleted via <span class="command"><strong>rndc delzone</strong></span>.
The default is <strong class="userinput"><code>no</code></strong>.
</p></dd>
-<dt><span class="term"><span><strong class="command">auth-nxdomain</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>auth-nxdomain</strong></span></span></dt>
<dd><p>
- If <strong class="userinput"><code>yes</code></strong>, then the <span><strong class="command">AA</strong></span> bit
+ If <strong class="userinput"><code>yes</code></strong>, then the <span class="command"><strong>AA</strong></span> bit
is always set on NXDOMAIN responses, even if the server is
not actually
authoritative. The default is <strong class="userinput"><code>no</code></strong>;
@@ -2999,22 +3048,22 @@ options {
are using very old DNS software, you
may need to set it to <strong class="userinput"><code>yes</code></strong>.
</p></dd>
-<dt><span class="term"><span><strong class="command">deallocate-on-exit</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>deallocate-on-exit</strong></span></span></dt>
<dd><p>
This option was used in <acronym class="acronym">BIND</acronym>
8 to enable checking
for memory leaks on exit. <acronym class="acronym">BIND</acronym> 9 ignores the option and always performs
the checks.
</p></dd>
-<dt><span class="term"><span><strong class="command">memstatistics</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>memstatistics</strong></span></span></dt>
<dd><p>
Write memory statistics to the file specified by
- <span><strong class="command">memstatistics-file</strong></span> at exit.
+ <span class="command"><strong>memstatistics-file</strong></span> at exit.
The default is <strong class="userinput"><code>no</code></strong> unless
'-m record' is specified on the command line in
which case it is <strong class="userinput"><code>yes</code></strong>.
</p></dd>
-<dt><span class="term"><span><strong class="command">dialup</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>dialup</strong></span></span></dt>
<dd>
<p>
If <strong class="userinput"><code>yes</code></strong>, then the
@@ -3026,16 +3075,16 @@ options {
according
to zone type and concentrates the zone maintenance so that
it all
- happens in a short interval, once every <span><strong class="command">heartbeat-interval</strong></span> and
+ happens in a short interval, once every <span class="command"><strong>heartbeat-interval</strong></span> and
hopefully during the one call. It also suppresses some of
the normal
zone maintenance traffic. The default is <strong class="userinput"><code>no</code></strong>.
</p>
<p>
- The <span><strong class="command">dialup</strong></span> option
- may also be specified in the <span><strong class="command">view</strong></span> and
- <span><strong class="command">zone</strong></span> statements,
- in which case it overrides the global <span><strong class="command">dialup</strong></span>
+ The <span class="command"><strong>dialup</strong></span> option
+ may also be specified in the <span class="command"><strong>view</strong></span> and
+ <span class="command"><strong>zone</strong></span> statements,
+ in which case it overrides the global <span class="command"><strong>dialup</strong></span>
option.
</p>
<p>
@@ -3048,7 +3097,7 @@ options {
to verify the zone while the connection is active.
The set of servers to which NOTIFY is sent can be controlled
by
- <span><strong class="command">notify</strong></span> and <span><strong class="command">also-notify</strong></span>.
+ <span class="command"><strong>notify</strong></span> and <span class="command"><strong>also-notify</strong></span>.
</p>
<p>
If the
@@ -3056,7 +3105,7 @@ options {
the regular
"zone up to date" (refresh) queries and only perform them
when the
- <span><strong class="command">heartbeat-interval</strong></span> expires in
+ <span class="command"><strong>heartbeat-interval</strong></span> expires in
addition to sending
NOTIFY requests.
</p>
@@ -3069,7 +3118,7 @@ options {
suppresses the normal refresh queries, <strong class="userinput"><code>refresh</code></strong>
which suppresses normal refresh processing and sends refresh
queries
- when the <span><strong class="command">heartbeat-interval</strong></span>
+ when the <span class="command"><strong>heartbeat-interval</strong></span>
expires, and
<strong class="userinput"><code>passive</code></strong> which just disables normal
refresh
@@ -3077,10 +3126,10 @@ options {
</p>
<div class="informaltable"><table border="1">
<colgroup>
-<col>
-<col>
-<col>
-<col>
+<col width="1.150in" class="1">
+<col width="1.150in" class="2">
+<col width="1.150in" class="3">
+<col width="1.150in" class="4">
</colgroup>
<tbody>
<tr>
@@ -3107,7 +3156,7 @@ options {
</tr>
<tr>
<td>
- <p><span><strong class="command">no</strong></span> (default)</p>
+ <p><span class="command"><strong>no</strong></span> (default)</p>
</td>
<td>
<p>
@@ -3127,7 +3176,7 @@ options {
</tr>
<tr>
<td>
- <p><span><strong class="command">yes</strong></span></p>
+ <p><span class="command"><strong>yes</strong></span></p>
</td>
<td>
<p>
@@ -3147,7 +3196,7 @@ options {
</tr>
<tr>
<td>
- <p><span><strong class="command">notify</strong></span></p>
+ <p><span class="command"><strong>notify</strong></span></p>
</td>
<td>
<p>
@@ -3167,7 +3216,7 @@ options {
</tr>
<tr>
<td>
- <p><span><strong class="command">refresh</strong></span></p>
+ <p><span class="command"><strong>refresh</strong></span></p>
</td>
<td>
<p>
@@ -3187,7 +3236,7 @@ options {
</tr>
<tr>
<td>
- <p><span><strong class="command">passive</strong></span></p>
+ <p><span class="command"><strong>passive</strong></span></p>
</td>
<td>
<p>
@@ -3207,7 +3256,7 @@ options {
</tr>
<tr>
<td>
- <p><span><strong class="command">notify-passive</strong></span></p>
+ <p><span class="command"><strong>notify-passive</strong></span></p>
</td>
<td>
<p>
@@ -3229,17 +3278,17 @@ options {
</table></div>
<p>
Note that normal NOTIFY processing is not affected by
- <span><strong class="command">dialup</strong></span>.
+ <span class="command"><strong>dialup</strong></span>.
</p>
</dd>
-<dt><span class="term"><span><strong class="command">fake-iquery</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>fake-iquery</strong></span></span></dt>
<dd><p>
In <acronym class="acronym">BIND</acronym> 8, this option
enabled simulating the obsolete DNS query type
IQUERY. <acronym class="acronym">BIND</acronym> 9 never does
IQUERY simulation.
</p></dd>
-<dt><span class="term"><span><strong class="command">fetch-glue</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>fetch-glue</strong></span></span></dt>
<dd><p>
This option is obsolete.
In BIND 8, <strong class="userinput"><code>fetch-glue yes</code></strong>
@@ -3250,31 +3299,31 @@ options {
idea
and BIND 9 never does it.
</p></dd>
-<dt><span class="term"><span><strong class="command">flush-zones-on-shutdown</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>flush-zones-on-shutdown</strong></span></span></dt>
<dd><p>
When the nameserver exits due receiving SIGTERM,
flush or do not flush any pending zone writes. The default
is
- <span><strong class="command">flush-zones-on-shutdown</strong></span> <strong class="userinput"><code>no</code></strong>.
+ <span class="command"><strong>flush-zones-on-shutdown</strong></span> <strong class="userinput"><code>no</code></strong>.
</p></dd>
-<dt><span class="term"><span><strong class="command">has-old-clients</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>has-old-clients</strong></span></span></dt>
<dd><p>
This option was incorrectly implemented
in <acronym class="acronym">BIND</acronym> 8, and is ignored by <acronym class="acronym">BIND</acronym> 9.
To achieve the intended effect
of
- <span><strong class="command">has-old-clients</strong></span> <strong class="userinput"><code>yes</code></strong>, specify
- the two separate options <span><strong class="command">auth-nxdomain</strong></span> <strong class="userinput"><code>yes</code></strong>
- and <span><strong class="command">rfc2308-type1</strong></span> <strong class="userinput"><code>no</code></strong> instead.
+ <span class="command"><strong>has-old-clients</strong></span> <strong class="userinput"><code>yes</code></strong>, specify
+ the two separate options <span class="command"><strong>auth-nxdomain</strong></span> <strong class="userinput"><code>yes</code></strong>
+ and <span class="command"><strong>rfc2308-type1</strong></span> <strong class="userinput"><code>no</code></strong> instead.
</p></dd>
-<dt><span class="term"><span><strong class="command">host-statistics</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>host-statistics</strong></span></span></dt>
<dd><p>
In BIND 8, this enables keeping of
statistics for every host that the name server interacts
with.
Not implemented in BIND 9.
</p></dd>
-<dt><span class="term"><span><strong class="command">maintain-ixfr-base</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>maintain-ixfr-base</strong></span></span></dt>
<dd><p>
<span class="emphasis"><em>This option is obsolete</em></span>.
It was used in <acronym class="acronym">BIND</acronym> 8 to
@@ -3282,9 +3331,9 @@ options {
kept for Incremental Zone Transfer. <acronym class="acronym">BIND</acronym> 9 maintains a transaction
log whenever possible. If you need to disable outgoing
incremental zone
- transfers, use <span><strong class="command">provide-ixfr</strong></span> <strong class="userinput"><code>no</code></strong>.
+ transfers, use <span class="command"><strong>provide-ixfr</strong></span> <strong class="userinput"><code>no</code></strong>.
</p></dd>
-<dt><span class="term"><span><strong class="command">minimal-responses</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>minimal-responses</strong></span></span></dt>
<dd><p>
If <strong class="userinput"><code>yes</code></strong>, then when generating
responses the server will only add records to the authority
@@ -3293,7 +3342,7 @@ options {
performance of the server.
The default is <strong class="userinput"><code>no</code></strong>.
</p></dd>
-<dt><span class="term"><span><strong class="command">multiple-cnames</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>multiple-cnames</strong></span></span></dt>
<dd><p>
This option was used in <acronym class="acronym">BIND</acronym> 8 to allow
a domain name to have multiple CNAME records in violation of
@@ -3301,18 +3350,18 @@ options {
always strictly enforces the CNAME rules both in master
files and dynamic updates.
</p></dd>
-<dt><span class="term"><span><strong class="command">notify</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>notify</strong></span></span></dt>
<dd>
<p>
If <strong class="userinput"><code>yes</code></strong> (the default),
DNS NOTIFY messages are sent when a zone the server is
authoritative for
- changes, see <a href="Bv9ARM.ch04.html#notify" title="Notify">the section called &#8220;Notify&#8221;</a>. The messages are
+ changes, see <a class="xref" href="Bv9ARM.ch04.html#notify" title="Notify">the section called &#8220;Notify&#8221;</a>. The messages are
sent to the
servers listed in the zone's NS records (except the master
server identified
in the SOA MNAME field), and to any servers listed in the
- <span><strong class="command">also-notify</strong></span> option.
+ <span class="command"><strong>also-notify</strong></span> option.
</p>
<p>
If <strong class="userinput"><code>master-only</code></strong>, notifies are only
@@ -3320,20 +3369,20 @@ options {
for master zones.
If <strong class="userinput"><code>explicit</code></strong>, notifies are sent only
to
- servers explicitly listed using <span><strong class="command">also-notify</strong></span>.
+ servers explicitly listed using <span class="command"><strong>also-notify</strong></span>.
If <strong class="userinput"><code>no</code></strong>, no notifies are sent.
</p>
<p>
- The <span><strong class="command">notify</strong></span> option may also be
- specified in the <span><strong class="command">zone</strong></span>
+ The <span class="command"><strong>notify</strong></span> option may also be
+ specified in the <span class="command"><strong>zone</strong></span>
statement,
- in which case it overrides the <span><strong class="command">options notify</strong></span> statement.
+ in which case it overrides the <span class="command"><strong>options notify</strong></span> statement.
It would only be necessary to turn off this option if it
caused slaves
to crash.
</p>
</dd>
-<dt><span class="term"><span><strong class="command">notify-to-soa</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>notify-to-soa</strong></span></span></dt>
<dd><p>
If <strong class="userinput"><code>yes</code></strong> do not check the nameservers
in the NS RRset against the SOA MNAME. Normally a NOTIFY
@@ -3344,7 +3393,7 @@ options {
want the ultimate master to still send NOTIFY messages to
all the nameservers listed in the NS RRset.
</p></dd>
-<dt><span class="term"><span><strong class="command">recursion</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>recursion</strong></span></span></dt>
<dd><p>
If <strong class="userinput"><code>yes</code></strong>, and a
DNS query requests recursion, then the server will attempt
@@ -3355,26 +3404,25 @@ options {
return a
referral response. The default is
<strong class="userinput"><code>yes</code></strong>.
- Note that setting <span><strong class="command">recursion no</strong></span> does not prevent
+ Note that setting <span class="command"><strong>recursion no</strong></span> does not prevent
clients from getting data from the server's cache; it only
prevents new data from being cached as an effect of client
queries.
Caching may still occur as an effect the server's internal
operation, such as NOTIFY address lookups.
- See also <span><strong class="command">fetch-glue</strong></span> above.
</p></dd>
-<dt><span class="term"><span><strong class="command">request-nsid</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>request-nsid</strong></span></span></dt>
<dd><p>
If <strong class="userinput"><code>yes</code></strong>, then an empty EDNS(0)
NSID (Name Server Identifier) option is sent with all
queries to authoritative name servers during iterative
resolution. If the authoritative server returns an NSID
option in its response, then its contents are logged in
- the <span><strong class="command">resolver</strong></span> category at level
- <span><strong class="command">info</strong></span>.
+ the <span class="command"><strong>resolver</strong></span> category at level
+ <span class="command"><strong>info</strong></span>.
The default is <strong class="userinput"><code>no</code></strong>.
</p></dd>
-<dt><span class="term"><span><strong class="command">rfc2308-type1</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>rfc2308-type1</strong></span></span></dt>
<dd>
<p>
Setting this to <strong class="userinput"><code>yes</code></strong> will
@@ -3390,55 +3438,52 @@ options {
</p>
</div>
</dd>
-<dt><span class="term"><span><strong class="command">use-id-pool</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>use-id-pool</strong></span></span></dt>
<dd><p>
<span class="emphasis"><em>This option is obsolete</em></span>.
<acronym class="acronym">BIND</acronym> 9 always allocates query
IDs from a pool.
</p></dd>
-<dt><span class="term"><span><strong class="command">use-ixfr</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>use-ixfr</strong></span></span></dt>
<dd><p>
<span class="emphasis"><em>This option is obsolete</em></span>.
If you need to disable IXFR to a particular server or
servers, see
- the information on the <span><strong class="command">provide-ixfr</strong></span> option
- in <a href="Bv9ARM.ch06.html#server_statement_definition_and_usage" title="server Statement Definition and
- Usage">the section called &#8220;<span><strong class="command">server</strong></span> Statement Definition and
+ the information on the <span class="command"><strong>provide-ixfr</strong></span> option
+ in <a class="xref" href="Bv9ARM.ch06.html#server_statement_definition_and_usage" title="server Statement Definition and Usage">the section called &#8220;<span class="command"><strong>server</strong></span> Statement Definition and
Usage&#8221;</a>.
See also
- <a href="Bv9ARM.ch04.html#incremental_zone_transfers" title="Incremental Zone Transfers (IXFR)">the section called &#8220;Incremental Zone Transfers (IXFR)&#8221;</a>.
+ <a class="xref" href="Bv9ARM.ch04.html#incremental_zone_transfers" title="Incremental Zone Transfers (IXFR)">the section called &#8220;Incremental Zone Transfers (IXFR)&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">provide-ixfr</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>provide-ixfr</strong></span></span></dt>
<dd><p>
See the description of
- <span><strong class="command">provide-ixfr</strong></span> in
- <a href="Bv9ARM.ch06.html#server_statement_definition_and_usage" title="server Statement Definition and
- Usage">the section called &#8220;<span><strong class="command">server</strong></span> Statement Definition and
+ <span class="command"><strong>provide-ixfr</strong></span> in
+ <a class="xref" href="Bv9ARM.ch06.html#server_statement_definition_and_usage" title="server Statement Definition and Usage">the section called &#8220;<span class="command"><strong>server</strong></span> Statement Definition and
Usage&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">request-ixfr</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>request-ixfr</strong></span></span></dt>
<dd><p>
See the description of
- <span><strong class="command">request-ixfr</strong></span> in
- <a href="Bv9ARM.ch06.html#server_statement_definition_and_usage" title="server Statement Definition and
- Usage">the section called &#8220;<span><strong class="command">server</strong></span> Statement Definition and
+ <span class="command"><strong>request-ixfr</strong></span> in
+ <a class="xref" href="Bv9ARM.ch06.html#server_statement_definition_and_usage" title="server Statement Definition and Usage">the section called &#8220;<span class="command"><strong>server</strong></span> Statement Definition and
Usage&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">treat-cr-as-space</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>treat-cr-as-space</strong></span></span></dt>
<dd><p>
This option was used in <acronym class="acronym">BIND</acronym>
8 to make
- the server treat carriage return ("<span><strong class="command">\r</strong></span>") characters the same way
+ the server treat carriage return ("<span class="command"><strong>\r</strong></span>") characters the same way
as a space or tab character,
to facilitate loading of zone files on a UNIX system that
were generated
- on an NT or DOS machine. In <acronym class="acronym">BIND</acronym> 9, both UNIX "<span><strong class="command">\n</strong></span>"
- and NT/DOS "<span><strong class="command">\r\n</strong></span>" newlines
+ on an NT or DOS machine. In <acronym class="acronym">BIND</acronym> 9, both UNIX "<span class="command"><strong>\n</strong></span>"
+ and NT/DOS "<span class="command"><strong>\r\n</strong></span>" newlines
are always accepted,
and the option is ignored.
</p></dd>
<dt>
-<span class="term"><span><strong class="command">additional-from-auth</strong></span>, </span><span class="term"><span><strong class="command">additional-from-cache</strong></span></span>
+<span class="term"><span class="command"><strong>additional-from-auth</strong></span>, </span><span class="term"><span class="command"><strong>additional-from-cache</strong></span></span>
</dt>
<dd>
<p>
@@ -3473,7 +3518,7 @@ options {
and the record found is "<code class="literal">MX 10 mail.example.net</code>", normally the address
records (A and AAAA) for <code class="literal">mail.example.net</code> will be provided as well,
if known, even though they are not in the example.com zone.
- Setting these options to <span><strong class="command">no</strong></span>
+ Setting these options to <span class="command"><strong>no</strong></span>
disables this behavior and makes
the server only search for additional data in the zone it
answers from.
@@ -3481,14 +3526,14 @@ options {
<p>
These options are intended for use in authoritative-only
servers, or in authoritative-only views. Attempts to set
- them to <span><strong class="command">no</strong></span> without also
+ them to <span class="command"><strong>no</strong></span> without also
specifying
- <span><strong class="command">recursion no</strong></span> will cause the
+ <span class="command"><strong>recursion no</strong></span> will cause the
server to
ignore the options and log a warning message.
</p>
<p>
- Specifying <span><strong class="command">additional-from-cache no</strong></span> actually
+ Specifying <span class="command"><strong>additional-from-cache no</strong></span> actually
disables the use of the cache not only for additional data
lookups
but also when looking up the answer. This is usually the
@@ -3508,7 +3553,7 @@ options {
upwards referral
comes from the cache, the server will not be able to provide
upwards
- referrals when <span><strong class="command">additional-from-cache no</strong></span>
+ referrals when <span class="command"><strong>additional-from-cache no</strong></span>
has been specified. Instead, it will respond to such
queries
with REFUSED. This should not cause any problems since
@@ -3516,7 +3561,7 @@ options {
process.
</p>
</dd>
-<dt><span class="term"><span><strong class="command">match-mapped-addresses</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>match-mapped-addresses</strong></span></span></dt>
<dd>
<p>
If <strong class="userinput"><code>yes</code></strong>, then an
@@ -3529,11 +3574,11 @@ options {
connections, such as zone transfers, to be accepted on an
IPv6 socket using mapped addresses. This caused address
match lists designed for IPv4 to fail to match. However,
- <span><strong class="command">named</strong></span> now solves this problem
+ <span class="command"><strong>named</strong></span> now solves this problem
internally. The use of this option is discouraged.
</p>
</dd>
-<dt><span class="term"><span><strong class="command">filter-aaaa-on-v4</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>filter-aaaa-on-v4</strong></span></span></dt>
<dd>
<p>
This option is only available when
@@ -3544,14 +3589,14 @@ options {
to DNS clients unless they have connections to the IPv6
Internet. This is not recommended unless absolutely
necessary. The default is <strong class="userinput"><code>no</code></strong>.
- The <span><strong class="command">filter-aaaa-on-v4</strong></span> option
- may also be specified in <span><strong class="command">view</strong></span> statements
- to override the global <span><strong class="command">filter-aaaa-on-v4</strong></span>
+ The <span class="command"><strong>filter-aaaa-on-v4</strong></span> option
+ may also be specified in <span class="command"><strong>view</strong></span> statements
+ to override the global <span class="command"><strong>filter-aaaa-on-v4</strong></span>
option.
</p>
<p>
If <strong class="userinput"><code>yes</code></strong>,
- the DNS client is at an IPv4 address, in <span><strong class="command">filter-aaaa</strong></span>,
+ the DNS client is at an IPv4 address, in <span class="command"><strong>filter-aaaa</strong></span>,
and if the response does not include DNSSEC signatures,
then all AAAA records are deleted from the response.
This filtering applies to all responses and not only
@@ -3584,7 +3629,7 @@ options {
answer requests for AAAA records received via IPv4.
</p>
</dd>
-<dt><span class="term"><span><strong class="command">ixfr-from-differences</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>ixfr-from-differences</strong></span></span></dt>
<dd>
<p>
When <strong class="userinput"><code>yes</code></strong> and the server loads a new
@@ -3608,40 +3653,80 @@ options {
temporarily allocate memory to hold this complete
difference set.
</p>
-<p><span><strong class="command">ixfr-from-differences</strong></span>
- also accepts <span><strong class="command">master</strong></span> and
- <span><strong class="command">slave</strong></span> at the view and options
+<p><span class="command"><strong>ixfr-from-differences</strong></span>
+ also accepts <span class="command"><strong>master</strong></span> and
+ <span class="command"><strong>slave</strong></span> at the view and options
levels which causes
- <span><strong class="command">ixfr-from-differences</strong></span> to be enabled for
- all <span><strong class="command">master</strong></span> or
- <span><strong class="command">slave</strong></span> zones respectively.
+ <span class="command"><strong>ixfr-from-differences</strong></span> to be enabled for
+ all <span class="command"><strong>master</strong></span> or
+ <span class="command"><strong>slave</strong></span> zones respectively.
It is off by default.
</p>
</dd>
-<dt><span class="term"><span><strong class="command">multi-master</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>multi-master</strong></span></span></dt>
<dd><p>
This should be set when you have multiple masters for a zone
and the
- addresses refer to different machines. If <strong class="userinput"><code>yes</code></strong>, <span><strong class="command">named</strong></span> will
+ addresses refer to different machines. If <strong class="userinput"><code>yes</code></strong>, <span class="command"><strong>named</strong></span> will
not log
- when the serial number on the master is less than what <span><strong class="command">named</strong></span>
+ when the serial number on the master is less than what <span class="command"><strong>named</strong></span>
currently
has. The default is <strong class="userinput"><code>no</code></strong>.
</p></dd>
-<dt><span class="term"><span><strong class="command">dnssec-enable</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>auto-dnssec</strong></span></span></dt>
+<dd>
+<p>
+ Zones configured for dynamic DNS may use this
+ option to allow varying levels of automatic DNSSEC key
+ management. There are three possible settings:
+ </p>
+<p>
+ <span class="command"><strong>auto-dnssec allow;</strong></span> permits
+ keys to be updated and the zone fully re-signed
+ whenever the user issues the command <span class="command"><strong>rndc sign
+ <em class="replaceable"><code>zonename</code></em></strong></span>.
+ </p>
+<p>
+ <span class="command"><strong>auto-dnssec maintain;</strong></span> includes the
+ above, but also automatically adjusts the zone's DNSSEC
+ keys on schedule, according to the keys' timing metadata
+ (see <a class="xref" href="man.dnssec-keygen.html" title="dnssec-keygen"><span class="refentrytitle"><span class="application">dnssec-keygen</span></span>(8)</a> and
+ <a class="xref" href="man.dnssec-settime.html" title="dnssec-settime"><span class="refentrytitle"><span class="application">dnssec-settime</span></span>(8)</a>). The command
+ <span class="command"><strong>rndc sign
+ <em class="replaceable"><code>zonename</code></em></strong></span> causes
+ <span class="command"><strong>named</strong></span> to load keys from the key
+ repository and sign the zone with all keys that are
+ active.
+ <span class="command"><strong>rndc loadkeys
+ <em class="replaceable"><code>zonename</code></em></strong></span> causes
+ <span class="command"><strong>named</strong></span> to load keys from the key
+ repository and schedule key maintenance events to occur
+ in the future, but it does not sign the full zone
+ immediately. Note: once keys have been loaded for a
+ zone the first time, the repository will be searched
+ for changes periodically, regardless of whether
+ <span class="command"><strong>rndc loadkeys</strong></span> is used. The recheck
+ interval is defined by
+ <span class="command"><strong>dnssec-loadkeys-interval</strong></span>.)
+ </p>
+<p>
+ The default setting is <span class="command"><strong>auto-dnssec off</strong></span>.
+ </p>
+</dd>
+<dt><span class="term"><span class="command"><strong>dnssec-enable</strong></span></span></dt>
<dd><p>
This indicates whether DNSSEC-related resource
- records are to be returned by <span><strong class="command">named</strong></span>.
+ records are to be returned by <span class="command"><strong>named</strong></span>.
If set to <strong class="userinput"><code>no</code></strong>,
- <span><strong class="command">named</strong></span> will not return DNSSEC-related
+ <span class="command"><strong>named</strong></span> will not return DNSSEC-related
resource records unless specifically queried for.
The default is <strong class="userinput"><code>yes</code></strong>.
</p></dd>
-<dt><span class="term"><span><strong class="command">dnssec-validation</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>dnssec-validation</strong></span></span></dt>
<dd>
<p>
- Enable DNSSEC validation in <span><strong class="command">named</strong></span>.
- Note <span><strong class="command">dnssec-enable</strong></span> also needs to be
+ Enable DNSSEC validation in <span class="command"><strong>named</strong></span>.
+ Note <span class="command"><strong>dnssec-enable</strong></span> also needs to be
set to <strong class="userinput"><code>yes</code></strong> to be effective.
If set to <strong class="userinput"><code>no</code></strong>, DNSSEC validation
is disabled. If set to <strong class="userinput"><code>auto</code></strong>,
@@ -3649,8 +3734,8 @@ options {
trust-anchor for the DNS root zone is used. If set to
<strong class="userinput"><code>yes</code></strong>, DNSSEC validation is enabled,
but a trust anchor must be manually configured using
- a <span><strong class="command">trusted-keys</strong></span> or
- <span><strong class="command">managed-keys</strong></span> statement. The default
+ a <span class="command"><strong>trusted-keys</strong></span> or
+ <span class="command"><strong>managed-keys</strong></span> statement. The default
is <strong class="userinput"><code>yes</code></strong>.
</p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
@@ -3659,27 +3744,27 @@ options {
Whenever the resolver sends out queries to an
EDNS-compliant server, it always sets the DO bit
indicating it can support DNSSEC responses even if
- <span><strong class="command">dnssec-validation</strong></span> is off.
+ <span class="command"><strong>dnssec-validation</strong></span> is off.
</p>
</div>
</dd>
-<dt><span class="term"><span><strong class="command">dnssec-accept-expired</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>dnssec-accept-expired</strong></span></span></dt>
<dd><p>
Accept expired signatures when verifying DNSSEC signatures.
The default is <strong class="userinput"><code>no</code></strong>.
Setting this option to <strong class="userinput"><code>yes</code></strong>
- leaves <span><strong class="command">named</strong></span> vulnerable to
+ leaves <span class="command"><strong>named</strong></span> vulnerable to
replay attacks.
</p></dd>
-<dt><span class="term"><span><strong class="command">querylog</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>querylog</strong></span></span></dt>
<dd><p>
- Specify whether query logging should be started when <span><strong class="command">named</strong></span>
+ Specify whether query logging should be started when <span class="command"><strong>named</strong></span>
starts.
- If <span><strong class="command">querylog</strong></span> is not specified,
+ If <span class="command"><strong>querylog</strong></span> is not specified,
then the query logging
- is determined by the presence of the logging category <span><strong class="command">queries</strong></span>.
+ is determined by the presence of the logging category <span class="command"><strong>queries</strong></span>.
</p></dd>
-<dt><span class="term"><span><strong class="command">check-names</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>check-names</strong></span></span></dt>
<dd>
<p>
This option is used to restrict the character set and syntax
@@ -3688,17 +3773,17 @@ options {
received
from the network. The default varies according to usage
area. For
- <span><strong class="command">master</strong></span> zones the default is <span><strong class="command">fail</strong></span>.
- For <span><strong class="command">slave</strong></span> zones the default
- is <span><strong class="command">warn</strong></span>.
- For answers received from the network (<span><strong class="command">response</strong></span>)
- the default is <span><strong class="command">ignore</strong></span>.
+ <span class="command"><strong>master</strong></span> zones the default is <span class="command"><strong>fail</strong></span>.
+ For <span class="command"><strong>slave</strong></span> zones the default
+ is <span class="command"><strong>warn</strong></span>.
+ For answers received from the network (<span class="command"><strong>response</strong></span>)
+ the default is <span class="command"><strong>ignore</strong></span>.
</p>
<p>
The rules for legal hostnames and mail domains are derived
from RFC 952 and RFC 821 as modified by RFC 1123.
</p>
-<p><span><strong class="command">check-names</strong></span>
+<p><span class="command"><strong>check-names</strong></span>
applies to the owner names of A, AAAA and MX records.
It also applies to the domain names in the RDATA of NS, SOA,
MX, and SRV records.
@@ -3707,32 +3792,32 @@ options {
(the owner name ends in IN-ADDR.ARPA, IP6.ARPA, or IP6.INT).
</p>
</dd>
-<dt><span class="term"><span><strong class="command">check-dup-records</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>check-dup-records</strong></span></span></dt>
<dd><p>
Check master zones for records that are treated as different
by DNSSEC but are semantically equal in plain DNS. The
- default is to <span><strong class="command">warn</strong></span>. Other possible
- values are <span><strong class="command">fail</strong></span> and
- <span><strong class="command">ignore</strong></span>.
+ default is to <span class="command"><strong>warn</strong></span>. Other possible
+ values are <span class="command"><strong>fail</strong></span> and
+ <span class="command"><strong>ignore</strong></span>.
</p></dd>
-<dt><span class="term"><span><strong class="command">check-mx</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>check-mx</strong></span></span></dt>
<dd><p>
Check whether the MX record appears to refer to a IP address.
- The default is to <span><strong class="command">warn</strong></span>. Other possible
- values are <span><strong class="command">fail</strong></span> and
- <span><strong class="command">ignore</strong></span>.
+ The default is to <span class="command"><strong>warn</strong></span>. Other possible
+ values are <span class="command"><strong>fail</strong></span> and
+ <span class="command"><strong>ignore</strong></span>.
</p></dd>
-<dt><span class="term"><span><strong class="command">check-wildcard</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>check-wildcard</strong></span></span></dt>
<dd><p>
This option is used to check for non-terminal wildcards.
The use of non-terminal wildcards is almost always as a
result of a failure
to understand the wildcard matching algorithm (RFC 1034).
This option
- affects master zones. The default (<span><strong class="command">yes</strong></span>) is to check
+ affects master zones. The default (<span class="command"><strong>yes</strong></span>) is to check
for non-terminal wildcards and issue a warning.
</p></dd>
-<dt><span class="term"><span><strong class="command">check-integrity</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>check-integrity</strong></span></span></dt>
<dd>
<p>
Perform post load zone integrity checks on master
@@ -3741,11 +3826,11 @@ options {
address records exist for delegated zones. For
MX and SRV records only in-zone hostnames are
checked (for out-of-zone hostnames use
- <span><strong class="command">named-checkzone</strong></span>).
+ <span class="command"><strong>named-checkzone</strong></span>).
For NS records only names below top of zone are
checked (for out-of-zone names and glue consistency
- checks use <span><strong class="command">named-checkzone</strong></span>).
- The default is <span><strong class="command">yes</strong></span>.
+ checks use <span class="command"><strong>named-checkzone</strong></span>).
+ The default is <span class="command"><strong>yes</strong></span>.
</p>
<p>
The use of the SPF record for publishing Sender
@@ -3755,48 +3840,48 @@ options {
Policy Framework record exists (starts with "v=spf1")
if there is an SPF record. Warnings are emitted if the
TXT record does not exist and can be suppressed with
- <span><strong class="command">check-spf</strong></span>.
+ <span class="command"><strong>check-spf</strong></span>.
</p>
</dd>
-<dt><span class="term"><span><strong class="command">check-mx-cname</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>check-mx-cname</strong></span></span></dt>
<dd><p>
- If <span><strong class="command">check-integrity</strong></span> is set then
+ If <span class="command"><strong>check-integrity</strong></span> is set then
fail, warn or ignore MX records that refer
- to CNAMES. The default is to <span><strong class="command">warn</strong></span>.
+ to CNAMES. The default is to <span class="command"><strong>warn</strong></span>.
</p></dd>
-<dt><span class="term"><span><strong class="command">check-srv-cname</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>check-srv-cname</strong></span></span></dt>
<dd><p>
- If <span><strong class="command">check-integrity</strong></span> is set then
+ If <span class="command"><strong>check-integrity</strong></span> is set then
fail, warn or ignore SRV records that refer
- to CNAMES. The default is to <span><strong class="command">warn</strong></span>.
+ to CNAMES. The default is to <span class="command"><strong>warn</strong></span>.
</p></dd>
-<dt><span class="term"><span><strong class="command">check-sibling</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>check-sibling</strong></span></span></dt>
<dd><p>
When performing integrity checks, also check that
- sibling glue exists. The default is <span><strong class="command">yes</strong></span>.
+ sibling glue exists. The default is <span class="command"><strong>yes</strong></span>.
</p></dd>
-<dt><span class="term"><span><strong class="command">check-spf</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>check-spf</strong></span></span></dt>
<dd><p>
- If <span><strong class="command">check-integrity</strong></span> is set then
+ If <span class="command"><strong>check-integrity</strong></span> is set then
check that there is a TXT Sender Policy Framework
record present (starts with "v=spf1") if there is an
SPF record present. The default is
- <span><strong class="command">warn</strong></span>.
+ <span class="command"><strong>warn</strong></span>.
</p></dd>
-<dt><span class="term"><span><strong class="command">zero-no-soa-ttl</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>zero-no-soa-ttl</strong></span></span></dt>
<dd><p>
When returning authoritative negative responses to
SOA queries set the TTL of the SOA record returned in
the authority section to zero.
- The default is <span><strong class="command">yes</strong></span>.
+ The default is <span class="command"><strong>yes</strong></span>.
</p></dd>
-<dt><span class="term"><span><strong class="command">zero-no-soa-ttl-cache</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>zero-no-soa-ttl-cache</strong></span></span></dt>
<dd><p>
When caching a negative response to a SOA query
set the TTL to zero.
- The default is <span><strong class="command">no</strong></span>.
+ The default is <span class="command"><strong>no</strong></span>.
</p></dd>
-<dt><span class="term"><span><strong class="command">update-check-ksk</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>update-check-ksk</strong></span></span></dt>
<dd>
<p>
When set to the default value of <code class="literal">yes</code>,
@@ -3811,7 +3896,7 @@ options {
However, if this option is set to <code class="literal">no</code>,
then the KSK bit is ignored; KSKs are treated as if they
were ZSKs and are used to sign the entire zone. This is
- similar to the <span><strong class="command">dnssec-signzone -z</strong></span>
+ similar to the <span class="command"><strong>dnssec-signzone -z</strong></span>
command line option.
</p>
<p>
@@ -3823,52 +3908,37 @@ options {
for that algorithm.
</p>
</dd>
-<dt><span class="term"><span><strong class="command">dnssec-dnskey-kskonly</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>dnssec-dnskey-kskonly</strong></span></span></dt>
<dd>
<p>
- When this option and <span><strong class="command">update-check-ksk</strong></span>
+ When this option and <span class="command"><strong>update-check-ksk</strong></span>
are both set to <code class="literal">yes</code>, only key-signing
keys (that is, keys with the KSK bit set) will be used
to sign the DNSKEY RRset at the zone apex. Zone-signing
keys (keys without the KSK bit set) will be used to sign
the remainder of the zone, but not the DNSKEY RRset.
This is similar to the
- <span><strong class="command">dnssec-signzone -x</strong></span> command line option.
+ <span class="command"><strong>dnssec-signzone -x</strong></span> command line option.
</p>
<p>
- The default is <span><strong class="command">no</strong></span>. If
- <span><strong class="command">update-check-ksk</strong></span> is set to
+ The default is <span class="command"><strong>no</strong></span>. If
+ <span class="command"><strong>update-check-ksk</strong></span> is set to
<code class="literal">no</code>, this option is ignored.
</p>
</dd>
-<dt><span class="term"><span><strong class="command">dnssec-loadkeys-interval</strong></span></span></dt>
-<dd><p>
- When a zone is configured with <span><strong class="command">auto-dnssec
- maintain;</strong></span> its key repository must be checked
- periodically to see if any new keys have been added
- or any existing keys' timing metadata has been updated
- (see <a href="man.dnssec-keygen.html" title="dnssec-keygen"><span class="refentrytitle"><span class="application">dnssec-keygen</span></span>(8)</a> and
- <a href="man.dnssec-settime.html" title="dnssec-settime"><span class="refentrytitle"><span class="application">dnssec-settime</span></span>(8)</a>). The
- <span><strong class="command">dnssec-loadkeys-interval</strong></span> option
- sets the frequency of automatic repository checks, in
- minutes. The default is <code class="literal">60</code> (1 hour),
- the minimum is <code class="literal">1</code> (1 minute), and the
- maximum is <code class="literal">1440</code> (24 hours); any higher
- value is silently reduced.
- </p></dd>
-<dt><span class="term"><span><strong class="command">try-tcp-refresh</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>try-tcp-refresh</strong></span></span></dt>
<dd><p>
Try to refresh the zone using TCP if UDP queries fail.
For BIND 8 compatibility, the default is
- <span><strong class="command">yes</strong></span>.
+ <span class="command"><strong>yes</strong></span>.
</p></dd>
-<dt><span class="term"><span><strong class="command">dnssec-secure-to-insecure</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>dnssec-secure-to-insecure</strong></span></span></dt>
<dd>
<p>
Allow a dynamic zone to transition from secure to
insecure (i.e., signed to unsigned) by deleting all
- of the DNSKEY records. The default is <span><strong class="command">no</strong></span>.
- If set to <span><strong class="command">yes</strong></span>, and if the DNSKEY RRset
+ of the DNSKEY records. The default is <span class="command"><strong>no</strong></span>.
+ If set to <span class="command"><strong>yes</strong></span>, and if the DNSKEY RRset
at the zone apex is deleted, all RRSIG and NSEC records
will be removed from the zone as well.
</p>
@@ -3881,17 +3951,17 @@ options {
</p>
<p>
Note that if a zone has been configured with
- <span><strong class="command">auto-dnssec maintain</strong></span> and the
+ <span class="command"><strong>auto-dnssec maintain</strong></span> and the
private keys remain accessible in the key repository,
then the zone will be automatically signed again the
- next time <span><strong class="command">named</strong></span> is started.
+ next time <span class="command"><strong>named</strong></span> is started.
</p>
</dd>
</dl></div>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2583480"></a>Forwarding</h4></div></div></div>
+<a name="forwarding"></a>Forwarding</h4></div></div></div>
<p>
The forwarding facility can be used to create a large site-wide
cache on a few servers, reducing traffic over links to external
@@ -3902,8 +3972,8 @@ options {
the server is not authoritative and does not have the answer in
its cache.
</p>
-<div class="variablelist"><dl>
-<dt><span class="term"><span><strong class="command">forward</strong></span></span></dt>
+<div class="variablelist"><dl class="variablelist">
+<dt><span class="term"><span class="command"><strong>forward</strong></span></span></dt>
<dd><p>
This option is only meaningful if the
forwarders list is not empty. A value of <code class="varname">first</code>,
@@ -3915,7 +3985,7 @@ options {
specified, the
server will only query the forwarders.
</p></dd>
-<dt><span class="term"><span><strong class="command">forwarders</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>forwarders</strong></span></span></dt>
<dd><p>
Specifies the IP addresses to be used
for forwarding. The default is the empty list (no
@@ -3927,15 +3997,14 @@ options {
for the global forwarding options to be overridden in a variety
of ways. You can set particular domains to use different
forwarders,
- or have a different <span><strong class="command">forward only/first</strong></span> behavior,
- or not forward at all, see <a href="Bv9ARM.ch06.html#zone_statement_grammar" title="zone
- Statement Grammar">the section called &#8220;<span><strong class="command">zone</strong></span>
+ or have a different <span class="command"><strong>forward only/first</strong></span> behavior,
+ or not forward at all, see <a class="xref" href="Bv9ARM.ch06.html#zone_statement_grammar" title="zone Statement Grammar">the section called &#8220;<span class="command"><strong>zone</strong></span>
Statement Grammar&#8221;</a>.
</p>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2583607"></a>Dual-stack Servers</h4></div></div></div>
+<a name="dual_stack"></a>Dual-stack Servers</h4></div></div></div>
<p>
Dual-stack servers are used as servers of last resort to work
around
@@ -3943,64 +4012,64 @@ options {
or IPv6
on the host machine.
</p>
-<div class="variablelist"><dl>
-<dt><span class="term"><span><strong class="command">dual-stack-servers</strong></span></span></dt>
+<div class="variablelist"><dl class="variablelist">
+<dt><span class="term"><span class="command"><strong>dual-stack-servers</strong></span></span></dt>
<dd><p>
Specifies host names or addresses of machines with access to
both IPv4 and IPv6 transports. If a hostname is used, the
server must be able
to resolve the name using only the transport it has. If the
machine is dual
- stacked, then the <span><strong class="command">dual-stack-servers</strong></span> have no effect unless
+ stacked, then the <span class="command"><strong>dual-stack-servers</strong></span> have no effect unless
access to a transport has been disabled on the command line
- (e.g. <span><strong class="command">named -4</strong></span>).
+ (e.g. <span class="command"><strong>named -4</strong></span>).
</p></dd>
</dl></div>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
<a name="access_control"></a>Access Control</h4></div></div></div>
<p>
Access to the server can be restricted based on the IP address
- of the requesting system. See <a href="Bv9ARM.ch06.html#address_match_lists" title="Address Match Lists">the section called &#8220;Address Match Lists&#8221;</a> for
+ of the requesting system. See <a class="xref" href="Bv9ARM.ch06.html#address_match_lists" title="Address Match Lists">the section called &#8220;Address Match Lists&#8221;</a> for
details on how to specify IP address lists.
</p>
-<div class="variablelist"><dl>
-<dt><span class="term"><span><strong class="command">allow-notify</strong></span></span></dt>
+<div class="variablelist"><dl class="variablelist">
+<dt><span class="term"><span class="command"><strong>allow-notify</strong></span></span></dt>
<dd><p>
Specifies which hosts are allowed to
notify this server, a slave, of zone changes in addition
to the zone masters.
- <span><strong class="command">allow-notify</strong></span> may also be
+ <span class="command"><strong>allow-notify</strong></span> may also be
specified in the
- <span><strong class="command">zone</strong></span> statement, in which case
+ <span class="command"><strong>zone</strong></span> statement, in which case
it overrides the
- <span><strong class="command">options allow-notify</strong></span>
+ <span class="command"><strong>options allow-notify</strong></span>
statement. It is only meaningful
for a slave zone. If not specified, the default is to
process notify messages
only from a zone's master.
</p></dd>
-<dt><span class="term"><span><strong class="command">allow-query</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>allow-query</strong></span></span></dt>
<dd>
<p>
Specifies which hosts are allowed to ask ordinary
- DNS questions. <span><strong class="command">allow-query</strong></span> may
- also be specified in the <span><strong class="command">zone</strong></span>
+ DNS questions. <span class="command"><strong>allow-query</strong></span> may
+ also be specified in the <span class="command"><strong>zone</strong></span>
statement, in which case it overrides the
- <span><strong class="command">options allow-query</strong></span> statement.
+ <span class="command"><strong>options allow-query</strong></span> statement.
If not specified, the default is to allow queries
from all hosts.
</p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>
- <span><strong class="command">allow-query-cache</strong></span> is now
+ <span class="command"><strong>allow-query-cache</strong></span> is now
used to specify access to the cache.
</p>
</div>
</dd>
-<dt><span class="term"><span><strong class="command">allow-query-on</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>allow-query-on</strong></span></span></dt>
<dd>
<p>
Specifies which local addresses can accept ordinary
@@ -4010,16 +4079,16 @@ options {
necessarily knowing the internal network's addresses.
</p>
<p>
- Note that <span><strong class="command">allow-query-on</strong></span> is only
+ Note that <span class="command"><strong>allow-query-on</strong></span> is only
checked for queries that are permitted by
- <span><strong class="command">allow-query</strong></span>. A query must be
+ <span class="command"><strong>allow-query</strong></span>. A query must be
allowed by both ACLs, or it will be refused.
</p>
<p>
- <span><strong class="command">allow-query-on</strong></span> may
- also be specified in the <span><strong class="command">zone</strong></span>
+ <span class="command"><strong>allow-query-on</strong></span> may
+ also be specified in the <span class="command"><strong>zone</strong></span>
statement, in which case it overrides the
- <span><strong class="command">options allow-query-on</strong></span> statement.
+ <span class="command"><strong>options allow-query-on</strong></span> statement.
</p>
<p>
If not specified, the default is to allow queries
@@ -4028,57 +4097,57 @@ options {
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>
- <span><strong class="command">allow-query-cache</strong></span> is
+ <span class="command"><strong>allow-query-cache</strong></span> is
used to specify access to the cache.
</p>
</div>
</dd>
-<dt><span class="term"><span><strong class="command">allow-query-cache</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>allow-query-cache</strong></span></span></dt>
<dd><p>
Specifies which hosts are allowed to get answers
- from the cache. If <span><strong class="command">allow-query-cache</strong></span>
- is not set then <span><strong class="command">allow-recursion</strong></span>
- is used if set, otherwise <span><strong class="command">allow-query</strong></span>
- is used if set unless <span><strong class="command">recursion no;</strong></span> is
- set in which case <span><strong class="command">none;</strong></span> is used,
- otherwise the default (<span><strong class="command">localnets;</strong></span>
- <span><strong class="command">localhost;</strong></span>) is used.
+ from the cache. If <span class="command"><strong>allow-query-cache</strong></span>
+ is not set then <span class="command"><strong>allow-recursion</strong></span>
+ is used if set, otherwise <span class="command"><strong>allow-query</strong></span>
+ is used if set unless <span class="command"><strong>recursion no;</strong></span> is
+ set in which case <span class="command"><strong>none;</strong></span> is used,
+ otherwise the default (<span class="command"><strong>localnets;</strong></span>
+ <span class="command"><strong>localhost;</strong></span>) is used.
</p></dd>
-<dt><span class="term"><span><strong class="command">allow-query-cache-on</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>allow-query-cache-on</strong></span></span></dt>
<dd><p>
Specifies which local addresses can give answers
from the cache. If not specified, the default is
to allow cache queries on any address,
- <span><strong class="command">localnets</strong></span> and
- <span><strong class="command">localhost</strong></span>.
+ <span class="command"><strong>localnets</strong></span> and
+ <span class="command"><strong>localhost</strong></span>.
</p></dd>
-<dt><span class="term"><span><strong class="command">allow-recursion</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>allow-recursion</strong></span></span></dt>
<dd><p>
Specifies which hosts are allowed to make recursive
queries through this server. If
- <span><strong class="command">allow-recursion</strong></span> is not set
- then <span><strong class="command">allow-query-cache</strong></span> is
- used if set, otherwise <span><strong class="command">allow-query</strong></span>
+ <span class="command"><strong>allow-recursion</strong></span> is not set
+ then <span class="command"><strong>allow-query-cache</strong></span> is
+ used if set, otherwise <span class="command"><strong>allow-query</strong></span>
is used if set, otherwise the default
- (<span><strong class="command">localnets;</strong></span>
- <span><strong class="command">localhost;</strong></span>) is used.
+ (<span class="command"><strong>localnets;</strong></span>
+ <span class="command"><strong>localhost;</strong></span>) is used.
</p></dd>
-<dt><span class="term"><span><strong class="command">allow-recursion-on</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>allow-recursion-on</strong></span></span></dt>
<dd><p>
Specifies which local addresses can accept recursive
queries. If not specified, the default is to allow
recursive queries on all addresses.
</p></dd>
-<dt><span class="term"><span><strong class="command">allow-update</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>allow-update</strong></span></span></dt>
<dd><p>
Specifies which hosts are allowed to
submit Dynamic DNS updates for master zones. The default is
to deny
updates from all hosts. Note that allowing updates based
on the requestor's IP address is insecure; see
- <a href="Bv9ARM.ch07.html#dynamic_update_security" title="Dynamic Update Security">the section called &#8220;Dynamic Update Security&#8221;</a> for details.
+ <a class="xref" href="Bv9ARM.ch07.html#dynamic_update_security" title="Dynamic Update Security">the section called &#8220;Dynamic Update Security&#8221;</a> for details.
</p></dd>
-<dt><span class="term"><span><strong class="command">allow-update-forwarding</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>allow-update-forwarding</strong></span></span></dt>
<dd>
<p>
Specifies which hosts are allowed to
@@ -4102,11 +4171,11 @@ options {
server
may expose master servers relying on insecure IP address
based
- access control to attacks; see <a href="Bv9ARM.ch07.html#dynamic_update_security" title="Dynamic Update Security">the section called &#8220;Dynamic Update Security&#8221;</a>
+ access control to attacks; see <a class="xref" href="Bv9ARM.ch07.html#dynamic_update_security" title="Dynamic Update Security">the section called &#8220;Dynamic Update Security&#8221;</a>
for more details.
</p>
</dd>
-<dt><span class="term"><span><strong class="command">allow-v6-synthesis</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>allow-v6-synthesis</strong></span></span></dt>
<dd><p>
This option was introduced for the smooth transition from
AAAA
@@ -4116,17 +4185,17 @@ options {
this option was also deprecated.
It is now ignored with some warning messages.
</p></dd>
-<dt><span class="term"><span><strong class="command">allow-transfer</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>allow-transfer</strong></span></span></dt>
<dd><p>
Specifies which hosts are allowed to
- receive zone transfers from the server. <span><strong class="command">allow-transfer</strong></span> may
- also be specified in the <span><strong class="command">zone</strong></span>
+ receive zone transfers from the server. <span class="command"><strong>allow-transfer</strong></span> may
+ also be specified in the <span class="command"><strong>zone</strong></span>
statement, in which
- case it overrides the <span><strong class="command">options allow-transfer</strong></span> statement.
+ case it overrides the <span class="command"><strong>options allow-transfer</strong></span> statement.
If not specified, the default is to allow transfers to all
hosts.
</p></dd>
-<dt><span class="term"><span><strong class="command">blackhole</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>blackhole</strong></span></span></dt>
<dd><p>
Specifies a list of addresses that the
server will not accept queries from or use to resolve a
@@ -4134,25 +4203,25 @@ options {
from these addresses will not be responded to. The default
is <strong class="userinput"><code>none</code></strong>.
</p></dd>
-<dt><span class="term"><span><strong class="command">filter-aaaa</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>filter-aaaa</strong></span></span></dt>
<dd><p>
Specifies a list of addresses to which
- <span><strong class="command">filter-aaaa-on-v4</strong></span>
+ <span class="command"><strong>filter-aaaa-on-v4</strong></span>
is applies. The default is <strong class="userinput"><code>any</code></strong>.
</p></dd>
-<dt><span class="term"><span><strong class="command">no-case-compress</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>no-case-compress</strong></span></span></dt>
<dd>
<p>
Specifies a list of addresses which require responses
to use case-insensitive compression. This ACL can be
- used when <span><strong class="command">named</strong></span> needs to work with
+ used when <span class="command"><strong>named</strong></span> needs to work with
clients that do not comply with the requirement in RFC
1034 to use case-insensitive name comparisons when
checking for matching domain names.
</p>
<p>
If left undefined, the ACL defaults to
- <span><strong class="command">none</strong></span>: case-insensitive compression
+ <span class="command"><strong>none</strong></span>: case-insensitive compression
will be used for all clients. If the ACL is defined and
matches a client, then case will be ignored when
compressing domain names in DNS responses sent to that
@@ -4176,7 +4245,7 @@ options {
the client matches this ACL.
</p>
<p>
- There are circumstances in which <span><strong class="command">named</strong></span>
+ There are circumstances in which <span class="command"><strong>named</strong></span>
will not preserve the case of owner names of records:
if a zone file defines records of different types with
the same name, but the capitalization of the name is
@@ -4191,7 +4260,7 @@ options {
ACL.
</p>
</dd>
-<dt><span class="term"><span><strong class="command">resolver-query-timeout</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>resolver-query-timeout</strong></span></span></dt>
<dd><p>
The amount of time the resolver will spend attempting
to resolve a recursive query before failing. The default
@@ -4201,12 +4270,12 @@ options {
</p></dd>
</dl></div>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2584281"></a>Interfaces</h4></div></div></div>
+<a name="interfaces"></a>Interfaces</h4></div></div></div>
<p>
The interfaces and ports that the server will answer queries
- from may be specified using the <span><strong class="command">listen-on</strong></span> option. <span><strong class="command">listen-on</strong></span> takes
+ from may be specified using the <span class="command"><strong>listen-on</strong></span> option. <span class="command"><strong>listen-on</strong></span> takes
an optional port and an <code class="varname">address_match_list</code>
of IPv4 addresses. (IPv6 addresses are ignored, with a
logged warning.)
@@ -4214,7 +4283,7 @@ options {
match list. If a port is not specified, port 53 will be used.
</p>
<p>
- Multiple <span><strong class="command">listen-on</strong></span> statements are
+ Multiple <span class="command"><strong>listen-on</strong></span> statements are
allowed.
For example,
</p>
@@ -4227,11 +4296,11 @@ listen-on port 1234 { !1.2.3.4; 1.2/16; };
1.2 that is not 1.2.3.4.
</p>
<p>
- If no <span><strong class="command">listen-on</strong></span> is specified, the
+ If no <span class="command"><strong>listen-on</strong></span> is specified, the
server will listen on port 53 on all IPv4 interfaces.
</p>
<p>
- The <span><strong class="command">listen-on-v6</strong></span> option is used to
+ The <span class="command"><strong>listen-on-v6</strong></span> option is used to
specify the interfaces and the ports on which the server will
listen
for incoming queries sent using IPv6.
@@ -4242,7 +4311,7 @@ listen-on port 1234 { !1.2.3.4; 1.2/16; };
<p> is
specified
as the <code class="varname">address_match_list</code> for the
- <span><strong class="command">listen-on-v6</strong></span> option,
+ <span class="command"><strong>listen-on-v6</strong></span> option,
the server does not bind a separate socket to each IPv6 interface
address as it does for IPv4 if the operating system has enough API
support for IPv6 (specifically if it conforms to RFC 3493 and RFC
@@ -4257,11 +4326,11 @@ listen-on port 1234 { !1.2.3.4; 1.2/16; };
the server listens on a separate socket for each specified
address,
regardless of whether the desired API is supported by the system.
- IPv4 addresses specified in <span><strong class="command">listen-on-v6</strong></span>
+ IPv4 addresses specified in <span class="command"><strong>listen-on-v6</strong></span>
will be ignored, with a logged warning.
</p>
<p>
- Multiple <span><strong class="command">listen-on-v6</strong></span> options can
+ Multiple <span class="command"><strong>listen-on-v6</strong></span> options can
be used.
For example,
</p>
@@ -4280,52 +4349,52 @@ listen-on-v6 port 1234 { !2001:db8::/32; any; };
<pre class="programlisting">listen-on-v6 { none; };
</pre>
<p>
- If no <span><strong class="command">listen-on-v6</strong></span> option is
+ If no <span class="command"><strong>listen-on-v6</strong></span> option is
specified, the server will not listen on any IPv6 address
- unless <span><strong class="command">-6</strong></span> is specified when <span><strong class="command">named</strong></span> is
- invoked. If <span><strong class="command">-6</strong></span> is specified then
- <span><strong class="command">named</strong></span> will listen on port 53 on all IPv6 interfaces by default.
+ unless <span class="command"><strong>-6</strong></span> is specified when <span class="command"><strong>named</strong></span> is
+ invoked. If <span class="command"><strong>-6</strong></span> is specified then
+ <span class="command"><strong>named</strong></span> will listen on port 53 on all IPv6 interfaces by default.
</p>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
<a name="query_address"></a>Query Address</h4></div></div></div>
<p>
If the server doesn't know the answer to a question, it will
- query other name servers. <span><strong class="command">query-source</strong></span> specifies
+ query other name servers. <span class="command"><strong>query-source</strong></span> specifies
the address and port used for such queries. For queries sent over
- IPv6, there is a separate <span><strong class="command">query-source-v6</strong></span> option.
- If <span><strong class="command">address</strong></span> is <span><strong class="command">*</strong></span> (asterisk) or is omitted,
- a wildcard IP address (<span><strong class="command">INADDR_ANY</strong></span>)
+ IPv6, there is a separate <span class="command"><strong>query-source-v6</strong></span> option.
+ If <span class="command"><strong>address</strong></span> is <span class="command"><strong>*</strong></span> (asterisk) or is omitted,
+ a wildcard IP address (<span class="command"><strong>INADDR_ANY</strong></span>)
will be used.
</p>
<p>
- If <span><strong class="command">port</strong></span> is <span><strong class="command">*</strong></span> or is omitted,
+ If <span class="command"><strong>port</strong></span> is <span class="command"><strong>*</strong></span> or is omitted,
a random port number from a pre-configured
range is picked up and will be used for each query.
The port range(s) is that specified in
- the <span><strong class="command">use-v4-udp-ports</strong></span> (for IPv4)
- and <span><strong class="command">use-v6-udp-ports</strong></span> (for IPv6)
+ the <span class="command"><strong>use-v4-udp-ports</strong></span> (for IPv4)
+ and <span class="command"><strong>use-v6-udp-ports</strong></span> (for IPv6)
options, excluding the ranges specified in
- the <span><strong class="command">avoid-v4-udp-ports</strong></span>
- and <span><strong class="command">avoid-v6-udp-ports</strong></span> options, respectively.
+ the <span class="command"><strong>avoid-v4-udp-ports</strong></span>
+ and <span class="command"><strong>avoid-v6-udp-ports</strong></span> options, respectively.
</p>
<p>
- The defaults of the <span><strong class="command">query-source</strong></span> and
- <span><strong class="command">query-source-v6</strong></span> options
+ The defaults of the <span class="command"><strong>query-source</strong></span> and
+ <span class="command"><strong>query-source-v6</strong></span> options
are:
</p>
<pre class="programlisting">query-source address * port *;
query-source-v6 address * port *;
</pre>
<p>
- If <span><strong class="command">use-v4-udp-ports</strong></span> or
- <span><strong class="command">use-v6-udp-ports</strong></span> is unspecified,
- <span><strong class="command">named</strong></span> will check if the operating
+ If <span class="command"><strong>use-v4-udp-ports</strong></span> or
+ <span class="command"><strong>use-v6-udp-ports</strong></span> is unspecified,
+ <span class="command"><strong>named</strong></span> will check if the operating
system provides a programming interface to retrieve the
system's default range for ephemeral ports.
If such an interface is available,
- <span><strong class="command">named</strong></span> will use the corresponding system
+ <span class="command"><strong>named</strong></span> will use the corresponding system
default range; otherwise, it will use its own defaults:
</p>
<pre class="programlisting">use-v4-udp-ports { range 1024 65535; };
@@ -4338,20 +4407,20 @@ use-v6-udp-ports { range 1024 65535; };
(14 bits of entropy).
Note also that the system's default range when used may be
too small for this purpose, and that the range may even be
- changed while <span><strong class="command">named</strong></span> is running; the new
- range will automatically be applied when <span><strong class="command">named</strong></span>
+ changed while <span class="command"><strong>named</strong></span> is running; the new
+ range will automatically be applied when <span class="command"><strong>named</strong></span>
is reloaded.
It is encouraged to
- configure <span><strong class="command">use-v4-udp-ports</strong></span> and
- <span><strong class="command">use-v6-udp-ports</strong></span> explicitly so that the
+ configure <span class="command"><strong>use-v4-udp-ports</strong></span> and
+ <span class="command"><strong>use-v6-udp-ports</strong></span> explicitly so that the
ranges are sufficiently large and are reasonably
independent from the ranges used by other applications.
</p>
<p>
Note: the operational configuration
- where <span><strong class="command">named</strong></span> runs may prohibit the use
+ where <span class="command"><strong>named</strong></span> runs may prohibit the use
of some ports. For example, UNIX systems will not allow
- <span><strong class="command">named</strong></span> running without a root privilege
+ <span class="command"><strong>named</strong></span> running without a root privilege
to use ports less than 1024.
If such ports are included in the specified (or detected)
set of query ports, the corresponding query attempts will
@@ -4360,8 +4429,8 @@ use-v6-udp-ports { range 1024 65535; };
that can be safely used in the expected operational environment.
</p>
<p>
- The defaults of the <span><strong class="command">avoid-v4-udp-ports</strong></span> and
- <span><strong class="command">avoid-v6-udp-ports</strong></span> options
+ The defaults of the <span class="command"><strong>avoid-v4-udp-ports</strong></span> and
+ <span class="command"><strong>avoid-v6-udp-ports</strong></span> options
are:
</p>
<pre class="programlisting">avoid-v4-udp-ports {};
@@ -4369,26 +4438,26 @@ avoid-v6-udp-ports {};
</pre>
<p>
Note: BIND 9.5.0 introduced
- the <span><strong class="command">use-queryport-pool</strong></span>
+ the <span class="command"><strong>use-queryport-pool</strong></span>
option to support a pool of such random ports, but this
option is now obsolete because reusing the same ports in
the pool may not be sufficiently secure.
For the same reason, it is generally strongly discouraged to
specify a particular port for the
- <span><strong class="command">query-source</strong></span> or
- <span><strong class="command">query-source-v6</strong></span> options;
+ <span class="command"><strong>query-source</strong></span> or
+ <span class="command"><strong>query-source-v6</strong></span> options;
it implicitly disables the use of randomized port numbers.
</p>
-<div class="variablelist"><dl>
-<dt><span class="term"><span><strong class="command">use-queryport-pool</strong></span></span></dt>
+<div class="variablelist"><dl class="variablelist">
+<dt><span class="term"><span class="command"><strong>use-queryport-pool</strong></span></span></dt>
<dd><p>
This option is obsolete.
</p></dd>
-<dt><span class="term"><span><strong class="command">queryport-pool-ports</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>queryport-pool-ports</strong></span></span></dt>
<dd><p>
This option is obsolete.
</p></dd>
-<dt><span class="term"><span><strong class="command">queryport-pool-updateinterval</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>queryport-pool-updateinterval</strong></span></span></dt>
<dd><p>
This option is obsolete.
</p></dd>
@@ -4396,7 +4465,7 @@ avoid-v6-udp-ports {};
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>
- The address specified in the <span><strong class="command">query-source</strong></span> option
+ The address specified in the <span class="command"><strong>query-source</strong></span> option
is used for both UDP and TCP queries, but the port applies only
to UDP queries. TCP queries always use a random
unprivileged port.
@@ -4412,12 +4481,12 @@ avoid-v6-udp-ports {};
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>
- See also <span><strong class="command">transfer-source</strong></span> and
- <span><strong class="command">notify-source</strong></span>.
+ See also <span class="command"><strong>transfer-source</strong></span> and
+ <span class="command"><strong>notify-source</strong></span>.
</p>
</div>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
<a name="zone_transfers"></a>Zone Transfers</h4></div></div></div>
<p>
@@ -4426,8 +4495,8 @@ avoid-v6-udp-ports {};
and set limits on the amount of load that transfers place on the
system. The following options apply to zone transfers.
</p>
-<div class="variablelist"><dl>
-<dt><span class="term"><span><strong class="command">also-notify</strong></span></span></dt>
+<div class="variablelist"><dl class="variablelist">
+<dt><span class="term"><span class="command"><strong>also-notify</strong></span></span></dt>
<dd>
<p>
Defines a global list of IP addresses of name servers
@@ -4438,58 +4507,58 @@ avoid-v6-udp-ports {};
This helps to ensure that copies of the zones will
quickly converge on stealth servers.
Optionally, a port may be specified with each
- <span><strong class="command">also-notify</strong></span> address to send
+ <span class="command"><strong>also-notify</strong></span> address to send
the notify messages to a port other than the
default of 53.
An optional TSIG key can also be specified with each
address to cause the notify messages to be signed; this
can be useful when sending notifies to multiple views.
In place of explicit addresses, one or more named
- <span><strong class="command">masters</strong></span> lists can be used.
+ <span class="command"><strong>masters</strong></span> lists can be used.
</p>
<p>
- If an <span><strong class="command">also-notify</strong></span> list
- is given in a <span><strong class="command">zone</strong></span> statement,
+ If an <span class="command"><strong>also-notify</strong></span> list
+ is given in a <span class="command"><strong>zone</strong></span> statement,
it will override
- the <span><strong class="command">options also-notify</strong></span>
- statement. When a <span><strong class="command">zone notify</strong></span>
+ the <span class="command"><strong>options also-notify</strong></span>
+ statement. When a <span class="command"><strong>zone notify</strong></span>
statement
- is set to <span><strong class="command">no</strong></span>, the IP
- addresses in the global <span><strong class="command">also-notify</strong></span> list will
+ is set to <span class="command"><strong>no</strong></span>, the IP
+ addresses in the global <span class="command"><strong>also-notify</strong></span> list will
not be sent NOTIFY messages for that zone. The default is
the empty
list (no global notification list).
</p>
</dd>
-<dt><span class="term"><span><strong class="command">max-transfer-time-in</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>max-transfer-time-in</strong></span></span></dt>
<dd><p>
Inbound zone transfers running longer than
this many minutes will be terminated. The default is 120
minutes
(2 hours). The maximum value is 28 days (40320 minutes).
</p></dd>
-<dt><span class="term"><span><strong class="command">max-transfer-idle-in</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>max-transfer-idle-in</strong></span></span></dt>
<dd><p>
Inbound zone transfers making no progress
in this many minutes will be terminated. The default is 60
minutes
(1 hour). The maximum value is 28 days (40320 minutes).
</p></dd>
-<dt><span class="term"><span><strong class="command">max-transfer-time-out</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>max-transfer-time-out</strong></span></span></dt>
<dd><p>
Outbound zone transfers running longer than
this many minutes will be terminated. The default is 120
minutes
(2 hours). The maximum value is 28 days (40320 minutes).
</p></dd>
-<dt><span class="term"><span><strong class="command">max-transfer-idle-out</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>max-transfer-idle-out</strong></span></span></dt>
<dd><p>
Outbound zone transfers making no progress
in this many minutes will be terminated. The default is 60
minutes (1
hour). The maximum value is 28 days (40320 minutes).
</p></dd>
-<dt><span class="term"><span><strong class="command">serial-query-rate</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>serial-query-rate</strong></span></span></dt>
<dd>
<p>
Slave servers will periodically query master
@@ -4498,7 +4567,7 @@ avoid-v6-udp-ports {};
the slave server's network bandwidth. To limit
the amount of bandwidth used, BIND 9 limits the
rate at which queries are sent. The value of the
- <span><strong class="command">serial-query-rate</strong></span> option, an
+ <span class="command"><strong>serial-query-rate</strong></span> option, an
integer, is the maximum number of queries sent
per second. The default is 20 per second.
The lowest possible rate is one per second; when set
@@ -4507,77 +4576,77 @@ avoid-v6-udp-ports {};
<p>
In addition to controlling the rate SOA refresh
queries are issued at,
- <span><strong class="command">serial-query-rate</strong></span> also controls
+ <span class="command"><strong>serial-query-rate</strong></span> also controls
the rate at which NOTIFY messages are sent from
both master and slave zones.
</p>
</dd>
-<dt><span class="term"><span><strong class="command">serial-queries</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>serial-queries</strong></span></span></dt>
<dd><p>
- In BIND 8, the <span><strong class="command">serial-queries</strong></span>
+ In BIND 8, the <span class="command"><strong>serial-queries</strong></span>
option
set the maximum number of concurrent serial number queries
allowed to be outstanding at any given time.
BIND 9 does not limit the number of outstanding
- serial queries and ignores the <span><strong class="command">serial-queries</strong></span> option.
+ serial queries and ignores the <span class="command"><strong>serial-queries</strong></span> option.
Instead, it limits the rate at which the queries are sent
- as defined using the <span><strong class="command">serial-query-rate</strong></span> option.
+ as defined using the <span class="command"><strong>serial-query-rate</strong></span> option.
</p></dd>
-<dt><span class="term"><span><strong class="command">transfer-format</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>transfer-format</strong></span></span></dt>
<dd><p>
Zone transfers can be sent using two different formats,
- <span><strong class="command">one-answer</strong></span> and
- <span><strong class="command">many-answers</strong></span>.
- The <span><strong class="command">transfer-format</strong></span> option is used
+ <span class="command"><strong>one-answer</strong></span> and
+ <span class="command"><strong>many-answers</strong></span>.
+ The <span class="command"><strong>transfer-format</strong></span> option is used
on the master server to determine which format it sends.
- <span><strong class="command">one-answer</strong></span> uses one DNS message per
+ <span class="command"><strong>one-answer</strong></span> uses one DNS message per
resource record transferred.
- <span><strong class="command">many-answers</strong></span> packs as many resource
+ <span class="command"><strong>many-answers</strong></span> packs as many resource
records as possible into a message.
- <span><strong class="command">many-answers</strong></span> is more efficient, but is
+ <span class="command"><strong>many-answers</strong></span> is more efficient, but is
only supported by relatively new slave servers,
such as <acronym class="acronym">BIND</acronym> 9, <acronym class="acronym">BIND</acronym>
8.x and <acronym class="acronym">BIND</acronym> 4.9.5 onwards.
- The <span><strong class="command">many-answers</strong></span> format is also supported by
+ The <span class="command"><strong>many-answers</strong></span> format is also supported by
recent Microsoft Windows nameservers.
- The default is <span><strong class="command">many-answers</strong></span>.
- <span><strong class="command">transfer-format</strong></span> may be overridden on a
- per-server basis by using the <span><strong class="command">server</strong></span>
+ The default is <span class="command"><strong>many-answers</strong></span>.
+ <span class="command"><strong>transfer-format</strong></span> may be overridden on a
+ per-server basis by using the <span class="command"><strong>server</strong></span>
statement.
</p></dd>
-<dt><span class="term"><span><strong class="command">transfers-in</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>transfers-in</strong></span></span></dt>
<dd><p>
The maximum number of inbound zone transfers
that can be running concurrently. The default value is <code class="literal">10</code>.
- Increasing <span><strong class="command">transfers-in</strong></span> may
+ Increasing <span class="command"><strong>transfers-in</strong></span> may
speed up the convergence
of slave zones, but it also may increase the load on the
local system.
</p></dd>
-<dt><span class="term"><span><strong class="command">transfers-out</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>transfers-out</strong></span></span></dt>
<dd><p>
The maximum number of outbound zone transfers
that can be running concurrently. Zone transfer requests in
excess
of the limit will be refused. The default value is <code class="literal">10</code>.
</p></dd>
-<dt><span class="term"><span><strong class="command">transfers-per-ns</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>transfers-per-ns</strong></span></span></dt>
<dd><p>
The maximum number of inbound zone transfers
that can be concurrently transferring from a given remote
name server.
The default value is <code class="literal">2</code>.
- Increasing <span><strong class="command">transfers-per-ns</strong></span>
+ Increasing <span class="command"><strong>transfers-per-ns</strong></span>
may
speed up the convergence of slave zones, but it also may
increase
- the load on the remote name server. <span><strong class="command">transfers-per-ns</strong></span> may
- be overridden on a per-server basis by using the <span><strong class="command">transfers</strong></span> phrase
- of the <span><strong class="command">server</strong></span> statement.
+ the load on the remote name server. <span class="command"><strong>transfers-per-ns</strong></span> may
+ be overridden on a per-server basis by using the <span class="command"><strong>transfers</strong></span> phrase
+ of the <span class="command"><strong>server</strong></span> statement.
</p></dd>
-<dt><span class="term"><span><strong class="command">transfer-source</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>transfer-source</strong></span></span></dt>
<dd>
-<p><span><strong class="command">transfer-source</strong></span>
+<p><span class="command"><strong>transfer-source</strong></span>
determines which local address will be bound to IPv4
TCP connections used to fetch zones transferred
inbound by the server. It also determines the
@@ -4587,15 +4656,15 @@ avoid-v6-udp-ports {};
controlled value which will usually be the address
of the interface "closest to" the remote end. This
address must appear in the remote end's
- <span><strong class="command">allow-transfer</strong></span> option for the
+ <span class="command"><strong>allow-transfer</strong></span> option for the
zone being transferred, if one is specified. This
statement sets the
- <span><strong class="command">transfer-source</strong></span> for all zones,
+ <span class="command"><strong>transfer-source</strong></span> for all zones,
but can be overridden on a per-view or per-zone
basis by including a
- <span><strong class="command">transfer-source</strong></span> statement within
- the <span><strong class="command">view</strong></span> or
- <span><strong class="command">zone</strong></span> block in the configuration
+ <span class="command"><strong>transfer-source</strong></span> statement within
+ the <span class="command"><strong>view</strong></span> or
+ <span class="command"><strong>zone</strong></span> block in the configuration
file.
</p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
@@ -4606,58 +4675,60 @@ avoid-v6-udp-ports {};
</p>
</div>
</dd>
-<dt><span class="term"><span><strong class="command">transfer-source-v6</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>transfer-source-v6</strong></span></span></dt>
<dd><p>
- The same as <span><strong class="command">transfer-source</strong></span>,
+ The same as <span class="command"><strong>transfer-source</strong></span>,
except zone transfers are performed using IPv6.
</p></dd>
-<dt><span class="term"><span><strong class="command">alt-transfer-source</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>alt-transfer-source</strong></span></span></dt>
<dd>
<p>
An alternate transfer source if the one listed in
- <span><strong class="command">transfer-source</strong></span> fails and
- <span><strong class="command">use-alt-transfer-source</strong></span> is
+ <span class="command"><strong>transfer-source</strong></span> fails and
+ <span class="command"><strong>use-alt-transfer-source</strong></span> is
set.
</p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
+<p>
If you do not wish the alternate transfer source
to be used, you should set
- <span><strong class="command">use-alt-transfer-source</strong></span>
+ <span class="command"><strong>use-alt-transfer-source</strong></span>
appropriately and you should not depend upon
getting an answer back to the first refresh
query.
- </div>
+ </p>
+</div>
</dd>
-<dt><span class="term"><span><strong class="command">alt-transfer-source-v6</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>alt-transfer-source-v6</strong></span></span></dt>
<dd><p>
An alternate transfer source if the one listed in
- <span><strong class="command">transfer-source-v6</strong></span> fails and
- <span><strong class="command">use-alt-transfer-source</strong></span> is
+ <span class="command"><strong>transfer-source-v6</strong></span> fails and
+ <span class="command"><strong>use-alt-transfer-source</strong></span> is
set.
</p></dd>
-<dt><span class="term"><span><strong class="command">use-alt-transfer-source</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>use-alt-transfer-source</strong></span></span></dt>
<dd><p>
Use the alternate transfer sources or not. If views are
- specified this defaults to <span><strong class="command">no</strong></span>
+ specified this defaults to <span class="command"><strong>no</strong></span>
otherwise it defaults to
- <span><strong class="command">yes</strong></span> (for BIND 8
+ <span class="command"><strong>yes</strong></span> (for BIND 8
compatibility).
</p></dd>
-<dt><span class="term"><span><strong class="command">notify-source</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>notify-source</strong></span></span></dt>
<dd>
-<p><span><strong class="command">notify-source</strong></span>
+<p><span class="command"><strong>notify-source</strong></span>
determines which local source address, and
optionally UDP port, will be used to send NOTIFY
messages. This address must appear in the slave
- server's <span><strong class="command">masters</strong></span> zone clause or
- in an <span><strong class="command">allow-notify</strong></span> clause. This
- statement sets the <span><strong class="command">notify-source</strong></span>
+ server's <span class="command"><strong>masters</strong></span> zone clause or
+ in an <span class="command"><strong>allow-notify</strong></span> clause. This
+ statement sets the <span class="command"><strong>notify-source</strong></span>
for all zones, but can be overridden on a per-zone or
per-view basis by including a
- <span><strong class="command">notify-source</strong></span> statement within
- the <span><strong class="command">zone</strong></span> or
- <span><strong class="command">view</strong></span> block in the configuration
+ <span class="command"><strong>notify-source</strong></span> statement within
+ the <span class="command"><strong>zone</strong></span> or
+ <span class="command"><strong>view</strong></span> block in the configuration
file.
</p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
@@ -4668,24 +4739,24 @@ avoid-v6-udp-ports {};
</p>
</div>
</dd>
-<dt><span class="term"><span><strong class="command">notify-source-v6</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>notify-source-v6</strong></span></span></dt>
<dd><p>
- Like <span><strong class="command">notify-source</strong></span>,
+ Like <span class="command"><strong>notify-source</strong></span>,
but applies to notify messages sent to IPv6 addresses.
</p></dd>
</dl></div>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2585434"></a>UDP Port Lists</h4></div></div></div>
+<a name="port_lists"></a>UDP Port Lists</h4></div></div></div>
<p>
- <span><strong class="command">use-v4-udp-ports</strong></span>,
- <span><strong class="command">avoid-v4-udp-ports</strong></span>,
- <span><strong class="command">use-v6-udp-ports</strong></span>, and
- <span><strong class="command">avoid-v6-udp-ports</strong></span>
+ <span class="command"><strong>use-v4-udp-ports</strong></span>,
+ <span class="command"><strong>avoid-v4-udp-ports</strong></span>,
+ <span class="command"><strong>use-v6-udp-ports</strong></span>, and
+ <span class="command"><strong>avoid-v6-udp-ports</strong></span>
specify a list of IPv4 and IPv6 UDP ports that will be
used or not used as source ports for UDP messages.
- See <a href="Bv9ARM.ch06.html#query_address" title="Query Address">the section called &#8220;Query Address&#8221;</a> about how the
+ See <a class="xref" href="Bv9ARM.ch06.html#query_address" title="Query Address">the section called &#8220;Query Address&#8221;</a> about how the
available ports are determined.
For example, with the following configuration
</p>
@@ -4695,14 +4766,14 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</pre>
<p>
UDP ports of IPv6 messages sent
- from <span><strong class="command">named</strong></span> will be in one
+ from <span class="command"><strong>named</strong></span> will be in one
of the following ranges: 32768 to 39999, 40001 to 49999,
and 60001 to 65535.
</p>
<p>
- <span><strong class="command">avoid-v4-udp-ports</strong></span> and
- <span><strong class="command">avoid-v6-udp-ports</strong></span> can be used
- to prevent <span><strong class="command">named</strong></span> from choosing as its random source port a
+ <span class="command"><strong>avoid-v4-udp-ports</strong></span> and
+ <span class="command"><strong>avoid-v6-udp-ports</strong></span> can be used
+ to prevent <span class="command"><strong>named</strong></span> from choosing as its random source port a
port that is blocked by your firewall or a port that is
used by other applications;
if a query went out with a source port blocked by a
@@ -4710,28 +4781,28 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
answer would not get by the firewall and the name server would
have to query again.
Note: the desired range can also be represented only with
- <span><strong class="command">use-v4-udp-ports</strong></span> and
- <span><strong class="command">use-v6-udp-ports</strong></span>, and the
- <span><strong class="command">avoid-</strong></span> options are redundant in that
+ <span class="command"><strong>use-v4-udp-ports</strong></span> and
+ <span class="command"><strong>use-v6-udp-ports</strong></span>, and the
+ <span class="command"><strong>avoid-</strong></span> options are redundant in that
sense; they are provided for backward compatibility and
to possibly simplify the port specification.
</p>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2585562"></a>Operating System Resource Limits</h4></div></div></div>
+<a name="resource_limits"></a>Operating System Resource Limits</h4></div></div></div>
<p>
The server's usage of many system resources can be limited.
Scaled values are allowed when specifying resource limits. For
- example, <span><strong class="command">1G</strong></span> can be used instead of
- <span><strong class="command">1073741824</strong></span> to specify a limit of
+ example, <span class="command"><strong>1G</strong></span> can be used instead of
+ <span class="command"><strong>1073741824</strong></span> to specify a limit of
one
- gigabyte. <span><strong class="command">unlimited</strong></span> requests
+ gigabyte. <span class="command"><strong>unlimited</strong></span> requests
unlimited use, or the
- maximum available amount. <span><strong class="command">default</strong></span>
+ maximum available amount. <span class="command"><strong>default</strong></span>
uses the limit
that was in force when the server was started. See the description
- of <span><strong class="command">size_spec</strong></span> in <a href="Bv9ARM.ch06.html#configuration_file_elements" title="Configuration File Elements">the section called &#8220;Configuration File Elements&#8221;</a>.
+ of <span class="command"><strong>size_spec</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#configuration_file_elements" title="Configuration File Elements">the section called &#8220;Configuration File Elements&#8221;</a>.
</p>
<p>
The following options set operating system resource limits for
@@ -4741,13 +4812,13 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
the
unsupported limit is used.
</p>
-<div class="variablelist"><dl>
-<dt><span class="term"><span><strong class="command">coresize</strong></span></span></dt>
+<div class="variablelist"><dl class="variablelist">
+<dt><span class="term"><span class="command"><strong>coresize</strong></span></span></dt>
<dd><p>
The maximum size of a core dump. The default
is <code class="literal">default</code>.
</p></dd>
-<dt><span class="term"><span><strong class="command">datasize</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>datasize</strong></span></span></dt>
<dd><p>
The maximum amount of data memory the server
may use. The default is <code class="literal">default</code>.
@@ -4760,23 +4831,23 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
to raise an operating system data size limit that is
too small by default. If you wish to limit the amount
of memory used by the server, use the
- <span><strong class="command">max-cache-size</strong></span> and
- <span><strong class="command">recursive-clients</strong></span>
+ <span class="command"><strong>max-cache-size</strong></span> and
+ <span class="command"><strong>recursive-clients</strong></span>
options instead.
</p></dd>
-<dt><span class="term"><span><strong class="command">files</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>files</strong></span></span></dt>
<dd><p>
The maximum number of files the server
may have open concurrently. The default is <code class="literal">unlimited</code>.
</p></dd>
-<dt><span class="term"><span><strong class="command">stacksize</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>stacksize</strong></span></span></dt>
<dd><p>
The maximum amount of stack memory the server
may use. The default is <code class="literal">default</code>.
</p></dd>
</dl></div>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
<a name="server_resource_limits"></a>Server Resource Limits</h4></div></div></div>
<p>
@@ -4784,18 +4855,18 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
resource consumption that are enforced internally by the
server rather than the operating system.
</p>
-<div class="variablelist"><dl>
-<dt><span class="term"><span><strong class="command">max-ixfr-log-size</strong></span></span></dt>
+<div class="variablelist"><dl class="variablelist">
+<dt><span class="term"><span class="command"><strong>max-ixfr-log-size</strong></span></span></dt>
<dd><p>
This option is obsolete; it is accepted
and ignored for BIND 8 compatibility. The option
- <span><strong class="command">max-journal-size</strong></span> performs a
+ <span class="command"><strong>max-journal-size</strong></span> performs a
similar function in BIND 9.
</p></dd>
-<dt><span class="term"><span><strong class="command">max-journal-size</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>max-journal-size</strong></span></span></dt>
<dd><p>
Sets a maximum size for each journal file
- (see <a href="Bv9ARM.ch04.html#journal" title="The journal file">the section called &#8220;The journal file&#8221;</a>). When the journal file
+ (see <a class="xref" href="Bv9ARM.ch04.html#journal" title="The journal file">the section called &#8220;The journal file&#8221;</a>). When the journal file
approaches
the specified size, some of the oldest transactions in the
journal
@@ -4805,13 +4876,13 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
means 2 gigabytes.
This may also be set on a per-zone basis.
</p></dd>
-<dt><span class="term"><span><strong class="command">host-statistics-max</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>host-statistics-max</strong></span></span></dt>
<dd><p>
In BIND 8, specifies the maximum number of host statistics
entries to be kept.
Not implemented in BIND 9.
</p></dd>
-<dt><span class="term"><span><strong class="command">recursive-clients</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>recursive-clients</strong></span></span></dt>
<dd>
<p>
The maximum number ("hard quota") of simultaneous
@@ -4821,7 +4892,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
client uses a fair
bit of memory (on the order of 20 kilobytes), the
value of the
- <span><strong class="command">recursive-clients</strong></span> option may
+ <span class="command"><strong>recursive-clients</strong></span> option may
have to be decreased on hosts with limited memory.
</p>
<p>
@@ -4842,28 +4913,28 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
<code class="option">recursive-clients</code>.
</p>
</dd>
-<dt><span class="term"><span><strong class="command">tcp-clients</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>tcp-clients</strong></span></span></dt>
<dd><p>
The maximum number of simultaneous client TCP
connections that the server will accept.
The default is <code class="literal">100</code>.
</p></dd>
<dt>
-<a name="clients-per-query"></a><span class="term"><span><strong class="command">clients-per-query</strong></span>, </span><span class="term"><span><strong class="command">max-clients-per-query</strong></span></span>
+<a name="clients-per-query"></a><span class="term"><a name="cpq_term"></a><span class="command"><strong>clients-per-query</strong></span>, </span><span class="term"><span class="command"><strong>max-clients-per-query</strong></span></span>
</dt>
<dd>
<p>These set the
initial value (minimum) and maximum number of recursive
simultaneous clients for any given query
(&lt;qname,qtype,qclass&gt;) that the server will accept
- before dropping additional clients. <span><strong class="command">named</strong></span> will attempt to
+ before dropping additional clients. <span class="command"><strong>named</strong></span> will attempt to
self tune this value and changes will be logged. The
default values are 10 and 100.
</p>
<p>
This value should reflect how many queries come in for
a given name in the time it takes to resolve that name.
- If the number of queries exceed this value, <span><strong class="command">named</strong></span> will
+ If the number of queries exceed this value, <span class="command"><strong>named</strong></span> will
assume that it is dealing with a non-responsive zone
and will drop additional queries. If it gets a response
after dropping queries, it will raise the estimate. The
@@ -4871,18 +4942,18 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
remained unchanged.
</p>
<p>
- If <span><strong class="command">clients-per-query</strong></span> is set to zero,
+ If <span class="command"><strong>clients-per-query</strong></span> is set to zero,
then there is no limit on the number of clients per query
and no queries will be dropped.
</p>
<p>
- If <span><strong class="command">max-clients-per-query</strong></span> is set to zero,
+ If <span class="command"><strong>max-clients-per-query</strong></span> is set to zero,
then there is no upper bound other than imposed by
- <span><strong class="command">recursive-clients</strong></span>.
+ <span class="command"><strong>recursive-clients</strong></span>.
</p>
</dd>
<dt>
-<a name="fetches-per-zone"></a><span class="term"><span><strong class="command">fetches-per-zone</strong></span></span>
+<a name="fetches-per-zone"></a><span class="term"><span class="command"><strong>fetches-per-zone</strong></span></span>
</dt>
<dd>
<p>
@@ -4916,13 +4987,13 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
<code class="literal">drop</code>.
</p>
<p>
- If <span><strong class="command">fetches-per-zone</strong></span> is set to zero,
+ If <span class="command"><strong>fetches-per-zone</strong></span> is set to zero,
then there is no limit on the number of fetches per query
and no queries will be dropped. The default is zero.
</p>
<p>
The current list of active fetches can be dumped by
- running <span><strong class="command">rndc recursing</strong></span>. The list
+ running <span class="command"><strong>rndc recursing</strong></span>. The list
includes the number of active fetches for each
domain and the number of queries that have been
passed or dropped as a result of the
@@ -4935,11 +5006,11 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</p>
<p>
(Note: This option is only available when BIND is
- built with <span><strong class="command">configure --enable-fetchlimit</strong></span>.)
+ built with <span class="command"><strong>configure --enable-fetchlimit</strong></span>.)
</p>
</dd>
<dt>
-<a name="fetches-per-server"></a><span class="term"><span><strong class="command">fetches-per-server</strong></span></span>
+<a name="fetches-per-server"></a><span class="term"><span class="command"><strong>fetches-per-server</strong></span></span>
</dt>
<dd>
<p>
@@ -4962,32 +5033,32 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
<code class="literal">fail</code>.
</p>
<p>
- If <span><strong class="command">fetches-per-server</strong></span> is set to zero,
+ If <span class="command"><strong>fetches-per-server</strong></span> is set to zero,
then there is no limit on the number of fetches per query
and no queries will be dropped. The default is zero.
</p>
<p>
- The <span><strong class="command">fetches-per-server</strong></span> quota is
+ The <span class="command"><strong>fetches-per-server</strong></span> quota is
dynamically adjusted in response to detected
congestion. As queries are sent to a server
and are either answered or time out, an
exponentially weighted moving average is calculated
of the ratio of timeouts to responses. If the
current average timeout ratio rises above a "high"
- threshold, then <span><strong class="command">fetches-per-server</strong></span>
+ threshold, then <span class="command"><strong>fetches-per-server</strong></span>
is reduced for that server. If the timeout ratio
drops below a "low" threshold, then
- <span><strong class="command">fetches-per-server</strong></span> is increased.
- The <span><strong class="command">fetch-quota-params</strong></span> options
+ <span class="command"><strong>fetches-per-server</strong></span> is increased.
+ The <span class="command"><strong>fetch-quota-params</strong></span> options
can be used to adjust the parameters for this
calculation.
</p>
<p>
(Note: This option is only available when BIND is
- built with <span><strong class="command">configure --enable-fetchlimit</strong></span>.)
+ built with <span class="command"><strong>configure --enable-fetchlimit</strong></span>.)
</p>
</dd>
-<dt><span class="term"><span><strong class="command">fetch-quota-params</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>fetch-quota-params</strong></span></span></dt>
<dd>
<p>
Sets the parameters to use for dynamic resizing of
@@ -5019,15 +5090,15 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</p>
<p>
(Note: This option is only available when BIND is
- built with <span><strong class="command">configure --enable-fetchlimit</strong></span>.)
+ built with <span class="command"><strong>configure --enable-fetchlimit</strong></span>.)
</p>
</dd>
-<dt><span class="term"><span><strong class="command">reserved-sockets</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>reserved-sockets</strong></span></span></dt>
<dd>
<p>
The number of file descriptors reserved for TCP, stdio,
etc. This needs to be big enough to cover the number of
- interfaces <span><strong class="command">named</strong></span> listens on, <span><strong class="command">tcp-clients</strong></span> as well as
+ interfaces <span class="command"><strong>named</strong></span> listens on, <span class="command"><strong>tcp-clients</strong></span> as well as
to provide room for outgoing TCP queries and incoming zone
transfers. The default is <code class="literal">512</code>.
The minimum value is <code class="literal">128</code> and the
@@ -5038,7 +5109,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
This option has little effect on Windows.
</p>
</dd>
-<dt><span class="term"><span><strong class="command">max-cache-size</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>max-cache-size</strong></span></span></dt>
<dd><p>
The maximum amount of memory to use for the
server's cache, in bytes.
@@ -5060,7 +5131,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
separately to the cache of each view.
The default is 0.
</p></dd>
-<dt><span class="term"><span><strong class="command">tcp-listen-queue</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>tcp-listen-queue</strong></span></span></dt>
<dd><p>
The listen queue depth. The default and minimum is 10.
If the kernel supports the accept filter "dataready" this
@@ -5074,35 +5145,35 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</p></dd>
</dl></div>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2586413"></a>Periodic Task Intervals</h4></div></div></div>
-<div class="variablelist"><dl>
-<dt><span class="term"><span><strong class="command">cleaning-interval</strong></span></span></dt>
+<a name="intervals"></a>Periodic Task Intervals</h4></div></div></div>
+<div class="variablelist"><dl class="variablelist">
+<dt><span class="term"><span class="command"><strong>cleaning-interval</strong></span></span></dt>
<dd><p>
This interval is effectively obsolete. Previously,
the server would remove expired resource records
- from the cache every <span><strong class="command">cleaning-interval</strong></span> minutes.
+ from the cache every <span class="command"><strong>cleaning-interval</strong></span> minutes.
<acronym class="acronym">BIND</acronym> 9 now manages cache
memory in a more sophisticated manner and does not
rely on the periodic cleaning any more.
Specifying this option therefore has no effect on
the server's behavior.
</p></dd>
-<dt><span class="term"><span><strong class="command">heartbeat-interval</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>heartbeat-interval</strong></span></span></dt>
<dd><p>
The server will perform zone maintenance tasks
- for all zones marked as <span><strong class="command">dialup</strong></span> whenever this
+ for all zones marked as <span class="command"><strong>dialup</strong></span> whenever this
interval expires. The default is 60 minutes. Reasonable
values are up
to 1 day (1440 minutes). The maximum value is 28 days
(40320 minutes).
If set to 0, no zone maintenance for these zones will occur.
</p></dd>
-<dt><span class="term"><span><strong class="command">interface-interval</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>interface-interval</strong></span></span></dt>
<dd><p>
The server will scan the network interface list
- every <span><strong class="command">interface-interval</strong></span>
+ every <span class="command"><strong>interface-interval</strong></span>
minutes. The default
is 60 minutes. The maximum value is 28 days (40320 minutes).
If set to 0, interface scanning will only occur when
@@ -5110,15 +5181,15 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
server will
begin listening for queries on any newly discovered
interfaces (provided they are allowed by the
- <span><strong class="command">listen-on</strong></span> configuration), and
+ <span class="command"><strong>listen-on</strong></span> configuration), and
will
stop listening on interfaces that have gone away.
</p></dd>
-<dt><span class="term"><span><strong class="command">statistics-interval</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>statistics-interval</strong></span></span></dt>
<dd>
<p>
Name server statistics will be logged
- every <span><strong class="command">statistics-interval</strong></span>
+ every <span class="command"><strong>statistics-interval</strong></span>
minutes. The default is
60. The maximum value is 28 days (40320 minutes).
If set to 0, no statistics will be logged.
@@ -5133,15 +5204,15 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</dd>
</dl></div>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
<a name="topology"></a>Topology</h4></div></div></div>
<p>
All other things being equal, when the server chooses a name
server
to query from a list of name servers, it prefers the one that is
- topologically closest to itself. The <span><strong class="command">topology</strong></span> statement
- takes an <span><strong class="command">address_match_list</strong></span> and
+ topologically closest to itself. The <span class="command"><strong>topology</strong></span> statement
+ takes an <span class="command"><strong>address_match_list</strong></span> and
interprets it
in a special way. Each top-level list element is assigned a
distance.
@@ -5172,21 +5243,21 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>
- The <span><strong class="command">topology</strong></span> option
+ The <span class="command"><strong>topology</strong></span> option
is not implemented in <acronym class="acronym">BIND</acronym> 9.
</p>
</div>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="the_sortlist_statement"></a>The <span><strong class="command">sortlist</strong></span> Statement</h4></div></div></div>
+<a name="the_sortlist_statement"></a>The <span class="command"><strong>sortlist</strong></span> Statement</h4></div></div></div>
<p>
The response to a DNS query may consist of multiple resource
records (RRs) forming a resource records set (RRset).
The name server will normally return the
RRs within the RRset in an indeterminate order
- (but see the <span><strong class="command">rrset-order</strong></span>
- statement in <a href="Bv9ARM.ch06.html#rrset_ordering" title="RRset Ordering">the section called &#8220;RRset Ordering&#8221;</a>).
+ (but see the <span class="command"><strong>rrset-order</strong></span>
+ statement in <a class="xref" href="Bv9ARM.ch06.html#rrset_ordering" title="RRset Ordering">the section called &#8220;RRset Ordering&#8221;</a>).
The client resolver code should rearrange the RRs as appropriate,
that is, using any addresses on the local net in preference to
other addresses.
@@ -5197,18 +5268,18 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
configuring the name servers, not all the clients.
</p>
<p>
- The <span><strong class="command">sortlist</strong></span> statement (see below)
+ The <span class="command"><strong>sortlist</strong></span> statement (see below)
takes
- an <span><strong class="command">address_match_list</strong></span> and
+ an <span class="command"><strong>address_match_list</strong></span> and
interprets it even
- more specifically than the <span><strong class="command">topology</strong></span>
+ more specifically than the <span class="command"><strong>topology</strong></span>
statement
- does (<a href="Bv9ARM.ch06.html#topology" title="Topology">the section called &#8220;Topology&#8221;</a>).
- Each top level statement in the <span><strong class="command">sortlist</strong></span> must
- itself be an explicit <span><strong class="command">address_match_list</strong></span> with
+ does (<a class="xref" href="Bv9ARM.ch06.html#topology" title="Topology">the section called &#8220;Topology&#8221;</a>).
+ Each top level statement in the <span class="command"><strong>sortlist</strong></span> must
+ itself be an explicit <span class="command"><strong>address_match_list</strong></span> with
one or two elements. The first element (which may be an IP
address,
- an IP prefix, an ACL name or a nested <span><strong class="command">address_match_list</strong></span>)
+ an IP prefix, an ACL name or a nested <span class="command"><strong>address_match_list</strong></span>)
of each top level list is checked against the source address of
the query until a match is found.
</p>
@@ -5220,8 +5291,8 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
address
in the response to move to the beginning of the response. If the
statement is a list of two elements, then the second element is
- treated the same as the <span><strong class="command">address_match_list</strong></span> in
- a <span><strong class="command">topology</strong></span> statement. Each top
+ treated the same as the <span class="command"><strong>address_match_list</strong></span> in
+ a <span class="command"><strong>topology</strong></span> statement. Each top
level element
is assigned a distance and the address in the response with the
minimum
@@ -5286,21 +5357,21 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
};
</pre>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
<a name="rrset_ordering"></a>RRset Ordering</h4></div></div></div>
<p>
When multiple records are returned in an answer it may be
useful to configure the order of the records placed into the
response.
- The <span><strong class="command">rrset-order</strong></span> statement permits
+ The <span class="command"><strong>rrset-order</strong></span> statement permits
configuration
of the ordering of the records in a multiple record response.
- See also the <span><strong class="command">sortlist</strong></span> statement,
- <a href="Bv9ARM.ch06.html#the_sortlist_statement" title="The sortlist Statement">the section called &#8220;The <span><strong class="command">sortlist</strong></span> Statement&#8221;</a>.
+ See also the <span class="command"><strong>sortlist</strong></span> statement,
+ <a class="xref" href="Bv9ARM.ch06.html#the_sortlist_statement" title="The sortlist Statement">the section called &#8220;The <span class="command"><strong>sortlist</strong></span> Statement&#8221;</a>.
</p>
<p>
- An <span><strong class="command">order_spec</strong></span> is defined as
+ An <span class="command"><strong>order_spec</strong></span> is defined as
follows:
</p>
<p>
@@ -5310,22 +5381,22 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
order <em class="replaceable"><code>ordering</code></em>
</p>
<p>
- If no class is specified, the default is <span><strong class="command">ANY</strong></span>.
- If no type is specified, the default is <span><strong class="command">ANY</strong></span>.
- If no name is specified, the default is "<span><strong class="command">*</strong></span>" (asterisk).
+ If no class is specified, the default is <span class="command"><strong>ANY</strong></span>.
+ If no type is specified, the default is <span class="command"><strong>ANY</strong></span>.
+ If no name is specified, the default is "<span class="command"><strong>*</strong></span>" (asterisk).
</p>
<p>
- The legal values for <span><strong class="command">ordering</strong></span> are:
+ The legal values for <span class="command"><strong>ordering</strong></span> are:
</p>
<div class="informaltable"><table border="1">
<colgroup>
-<col>
-<col>
+<col width="0.750in" class="1">
+<col width="3.750in" class="2">
</colgroup>
<tbody>
<tr>
<td>
- <p><span><strong class="command">fixed</strong></span></p>
+ <p><span class="command"><strong>fixed</strong></span></p>
</td>
<td>
<p>
@@ -5336,7 +5407,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</tr>
<tr>
<td>
- <p><span><strong class="command">random</strong></span></p>
+ <p><span class="command"><strong>random</strong></span></p>
</td>
<td>
<p>
@@ -5346,7 +5417,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</tr>
<tr>
<td>
- <p><span><strong class="command">cyclic</strong></span></p>
+ <p><span class="command"><strong>cyclic</strong></span></p>
</td>
<td>
<p>
@@ -5377,7 +5448,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
in random order. All other records are returned in cyclic order.
</p>
<p>
- If multiple <span><strong class="command">rrset-order</strong></span> statements
+ If multiple <span class="command"><strong>rrset-order</strong></span> statements
appear, they are not combined &#8212; the last one applies.
</p>
<p>
@@ -5387,18 +5458,18 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
<h3 class="title">Note</h3>
<p>
In this release of <acronym class="acronym">BIND</acronym> 9, the
- <span><strong class="command">rrset-order</strong></span> statement does not support
+ <span class="command"><strong>rrset-order</strong></span> statement does not support
"fixed" ordering by default. Fixed ordering can be enabled
at compile time by specifying "--enable-fixed-rrset" on
the "configure" command line.
</p>
</div>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
<a name="tuning"></a>Tuning</h4></div></div></div>
-<div class="variablelist"><dl>
-<dt><span class="term"><span><strong class="command">lame-ttl</strong></span></span></dt>
+<div class="variablelist"><dl class="variablelist">
+<dt><span class="term"><span class="command"><strong>lame-ttl</strong></span></span></dt>
<dd>
<p>
Sets the number of seconds to cache a
@@ -5415,19 +5486,19 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
lame-ttl is set to less than 30 seconds.
</p>
</dd>
-<dt><span class="term"><span><strong class="command">max-ncache-ttl</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>max-ncache-ttl</strong></span></span></dt>
<dd><p>
To reduce network traffic and increase performance,
- the server stores negative answers. <span><strong class="command">max-ncache-ttl</strong></span> is
+ the server stores negative answers. <span class="command"><strong>max-ncache-ttl</strong></span> is
used to set a maximum retention time for these answers in
the server
in seconds. The default
- <span><strong class="command">max-ncache-ttl</strong></span> is <code class="literal">10800</code> seconds (3 hours).
- <span><strong class="command">max-ncache-ttl</strong></span> cannot exceed
+ <span class="command"><strong>max-ncache-ttl</strong></span> is <code class="literal">10800</code> seconds (3 hours).
+ <span class="command"><strong>max-ncache-ttl</strong></span> cannot exceed
7 days and will
be silently truncated to 7 days if set to a greater value.
</p></dd>
-<dt><span class="term"><span><strong class="command">max-cache-ttl</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>max-cache-ttl</strong></span></span></dt>
<dd><p>
Sets the maximum time for which the server will
cache ordinary (positive) answers. The default is
@@ -5437,7 +5508,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
RRsets (such as NS and glue AAAA/A records) in the
resolution process.
</p></dd>
-<dt><span class="term"><span><strong class="command">min-roots</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>min-roots</strong></span></span></dt>
<dd>
<p>
The minimum number of root servers that
@@ -5452,12 +5523,12 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</p>
</div>
</dd>
-<dt><span class="term"><span><strong class="command">sig-validity-interval</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>sig-validity-interval</strong></span></span></dt>
<dd>
<p>
Specifies the number of days into the future when
DNSSEC signatures automatically generated as a
- result of dynamic updates (<a href="Bv9ARM.ch04.html#dynamic_update" title="Dynamic Update">the section called &#8220;Dynamic Update&#8221;</a>) will expire. There
+ result of dynamic updates (<a class="xref" href="Bv9ARM.ch04.html#dynamic_update" title="Dynamic Update">the section called &#8220;Dynamic Update&#8221;</a>) will expire. There
is an optional second field which specifies how
long before expiry that the signatures will be
regenerated. If not specified, the signatures will
@@ -5474,27 +5545,27 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
for a limited amount of clock skew.
</p>
<p>
- The <span><strong class="command">sig-validity-interval</strong></span>
+ The <span class="command"><strong>sig-validity-interval</strong></span>
should be, at least, several multiples of the SOA
expire interval to allow for reasonable interaction
between the various timer and expiry dates.
</p>
</dd>
-<dt><span class="term"><span><strong class="command">sig-signing-nodes</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>sig-signing-nodes</strong></span></span></dt>
<dd><p>
Specify the maximum number of nodes to be
examined in each quantum when signing a zone with
a new DNSKEY. The default is
<code class="literal">100</code>.
</p></dd>
-<dt><span class="term"><span><strong class="command">sig-signing-signatures</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>sig-signing-signatures</strong></span></span></dt>
<dd><p>
Specify a threshold number of signatures that
will terminate processing a quantum when signing
a zone with a new DNSKEY. The default is
<code class="literal">10</code>.
</p></dd>
-<dt><span class="term"><span><strong class="command">sig-signing-type</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>sig-signing-type</strong></span></span></dt>
<dd>
<p>
Specify a private RDATA type to be used when generating
@@ -5507,23 +5578,23 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</p>
<p>
Signing state records are used to internally by
- <span><strong class="command">named</strong></span> to track the current state of
+ <span class="command"><strong>named</strong></span> to track the current state of
a zone-signing process, i.e., whether it is still active
or has been completed. The records can be inspected
using the command
- <span><strong class="command">rndc signing -list <em class="replaceable"><code>zone</code></em></strong></span>.
- Once <span><strong class="command">named</strong></span> has finished signing
+ <span class="command"><strong>rndc signing -list <em class="replaceable"><code>zone</code></em></strong></span>.
+ Once <span class="command"><strong>named</strong></span> has finished signing
a zone with a particular key, the signing state
record associated with that key can be removed from
the zone by running
- <span><strong class="command">rndc signing -clear <em class="replaceable"><code>keyid/algorithm</code></em> <em class="replaceable"><code>zone</code></em></strong></span>.
+ <span class="command"><strong>rndc signing -clear <em class="replaceable"><code>keyid/algorithm</code></em> <em class="replaceable"><code>zone</code></em></strong></span>.
To clear all of the completed signing state
records for a zone, use
- <span><strong class="command">rndc signing -clear all <em class="replaceable"><code>zone</code></em></strong></span>.
+ <span class="command"><strong>rndc signing -clear all <em class="replaceable"><code>zone</code></em></strong></span>.
</p>
</dd>
<dt>
-<span class="term"><span><strong class="command">min-refresh-time</strong></span>, </span><span class="term"><span><strong class="command">max-refresh-time</strong></span>, </span><span class="term"><span><strong class="command">min-retry-time</strong></span>, </span><span class="term"><span><strong class="command">max-retry-time</strong></span></span>
+<span class="term"><span class="command"><strong>min-refresh-time</strong></span>, </span><span class="term"><span class="command"><strong>max-refresh-time</strong></span>, </span><span class="term"><span class="command"><strong>min-retry-time</strong></span>, </span><span class="term"><span class="command"><strong>max-retry-time</strong></span></span>
</dt>
<dd>
<p>
@@ -5547,14 +5618,14 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</p>
<p>
The following defaults apply.
- <span><strong class="command">min-refresh-time</strong></span> 300 seconds,
- <span><strong class="command">max-refresh-time</strong></span> 2419200 seconds
- (4 weeks), <span><strong class="command">min-retry-time</strong></span> 500 seconds,
- and <span><strong class="command">max-retry-time</strong></span> 1209600 seconds
+ <span class="command"><strong>min-refresh-time</strong></span> 300 seconds,
+ <span class="command"><strong>max-refresh-time</strong></span> 2419200 seconds
+ (4 weeks), <span class="command"><strong>min-retry-time</strong></span> 500 seconds,
+ and <span class="command"><strong>max-retry-time</strong></span> 1209600 seconds
(2 weeks).
</p>
</dd>
-<dt><span class="term"><span><strong class="command">edns-udp-size</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>edns-udp-size</strong></span></span></dt>
<dd>
<p>
Sets the advertised EDNS UDP buffer size in bytes
@@ -5562,73 +5633,73 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
Valid values are 512 to 4096 (values outside this range
will be silently adjusted). The default value
is 4096. The usual reason for setting
- <span><strong class="command">edns-udp-size</strong></span> to a non-default
+ <span class="command"><strong>edns-udp-size</strong></span> to a non-default
value is to get UDP answers to pass through broken
firewalls that block fragmented packets and/or
block UDP packets that are greater than 512 bytes.
</p>
<p>
- <span><strong class="command">named</strong></span> will fallback to using 512 bytes
+ <span class="command"><strong>named</strong></span> will fallback to using 512 bytes
if it get a series of timeout at the initial value. 512
bytes is not being offered to encourage sites to fix their
firewalls. Small EDNS UDP sizes will result in the
excessive use of TCP.
</p>
</dd>
-<dt><span class="term"><span><strong class="command">max-udp-size</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>max-udp-size</strong></span></span></dt>
<dd>
<p>
Sets the maximum EDNS UDP message size
- <span><strong class="command">named</strong></span> will send in bytes.
+ <span class="command"><strong>named</strong></span> will send in bytes.
Valid values are 512 to 4096 (values outside this
range will be silently adjusted). The default
value is 4096. The usual reason for setting
- <span><strong class="command">max-udp-size</strong></span> to a non-default
+ <span class="command"><strong>max-udp-size</strong></span> to a non-default
value is to get UDP answers to pass through broken
firewalls that block fragmented packets and/or
block UDP packets that are greater than 512 bytes.
This is independent of the advertised receive
- buffer (<span><strong class="command">edns-udp-size</strong></span>).
+ buffer (<span class="command"><strong>edns-udp-size</strong></span>).
</p>
<p>
Setting this to a low value will encourage additional
TCP traffic to the nameserver.
</p>
</dd>
-<dt><span class="term"><span><strong class="command">masterfile-format</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>masterfile-format</strong></span></span></dt>
<dd>
<p>Specifies
the file format of zone files (see
- <a href="Bv9ARM.ch06.html#zonefile_format" title="Additional File Formats">the section called &#8220;Additional File Formats&#8221;</a>).
+ <a class="xref" href="Bv9ARM.ch06.html#zonefile_format" title="Additional File Formats">the section called &#8220;Additional File Formats&#8221;</a>).
The default value is <code class="constant">text</code>, which is the
standard textual representation, except for slave zones,
in which the default value is <code class="constant">raw</code>.
Files in other formats than <code class="constant">text</code> are
typically expected to be generated by the
- <span><strong class="command">named-compilezone</strong></span> tool, or dumped by
- <span><strong class="command">named</strong></span>.
+ <span class="command"><strong>named-compilezone</strong></span> tool, or dumped by
+ <span class="command"><strong>named</strong></span>.
</p>
<p>
Note that when a zone file in a different format than
- <code class="constant">text</code> is loaded, <span><strong class="command">named</strong></span>
+ <code class="constant">text</code> is loaded, <span class="command"><strong>named</strong></span>
may omit some of the checks which would be performed for a
file in the <code class="constant">text</code> format. In particular,
- <span><strong class="command">check-names</strong></span> checks do not apply
+ <span class="command"><strong>check-names</strong></span> checks do not apply
for the <code class="constant">raw</code> format. This means
a zone file in the <code class="constant">raw</code> format
must be generated with the same check level as that
- specified in the <span><strong class="command">named</strong></span> configuration
+ specified in the <span class="command"><strong>named</strong></span> configuration
file. This statement sets the
- <span><strong class="command">masterfile-format</strong></span> for all zones,
+ <span class="command"><strong>masterfile-format</strong></span> for all zones,
but can be overridden on a per-zone or per-view basis
- by including a <span><strong class="command">masterfile-format</strong></span>
- statement within the <span><strong class="command">zone</strong></span> or
- <span><strong class="command">view</strong></span> block in the configuration
+ by including a <span class="command"><strong>masterfile-format</strong></span>
+ statement within the <span class="command"><strong>zone</strong></span> or
+ <span class="command"><strong>view</strong></span> block in the configuration
file.
</p>
</dd>
<dt>
-<a name="max-recursion-depth"></a><span class="term"><span><strong class="command">max-recursion-depth</strong></span></span>
+<a name="max-recursion-depth"></a><span class="term"><span class="command"><strong>max-recursion-depth</strong></span></span>
</dt>
<dd><p>
Sets the maximum number of levels of recursion
@@ -5641,7 +5712,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
default is 7.
</p></dd>
<dt>
-<a name="max-recursion-queries"></a><span class="term"><span><strong class="command">max-recursion-queries</strong></span></span>
+<a name="max-recursion-queries"></a><span class="term"><span class="command"><strong>max-recursion-queries</strong></span></span>
</dt>
<dd><p>
Sets the maximum number of iterative queries that
@@ -5652,7 +5723,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
and the DNS root zone are exempt from this limitation.
The default is 75.
</p></dd>
-<dt><span class="term"><span><strong class="command">notify-delay</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>notify-delay</strong></span></span></dt>
<dd>
<p>
The delay, in seconds, between sending sets of notify
@@ -5660,10 +5731,10 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</p>
<p>
The overall rate that NOTIFY messages are sent for all
- zones is controlled by <span><strong class="command">serial-query-rate</strong></span>.
+ zones is controlled by <span class="command"><strong>serial-query-rate</strong></span>.
</p>
</dd>
-<dt><span class="term"><span><strong class="command">max-rsa-exponent-size</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>max-rsa-exponent-size</strong></span></span></dt>
<dd><p>
The maximum RSA exponent size, in bits, that will
be accepted when validating. Valid values are 35
@@ -5672,73 +5743,73 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</p></dd>
</dl></div>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
<a name="builtin"></a>Built-in server information zones</h4></div></div></div>
<p>
The server provides some helpful diagnostic information
through a number of built-in zones under the
pseudo-top-level-domain <code class="literal">bind</code> in the
- <span><strong class="command">CHAOS</strong></span> class. These zones are part
+ <span class="command"><strong>CHAOS</strong></span> class. These zones are part
of a
- built-in view (see <a href="Bv9ARM.ch06.html#view_statement_grammar" title="view Statement Grammar">the section called &#8220;<span><strong class="command">view</strong></span> Statement Grammar&#8221;</a>) of
+ built-in view (see <a class="xref" href="Bv9ARM.ch06.html#view_statement_grammar" title="view Statement Grammar">the section called &#8220;<span class="command"><strong>view</strong></span> Statement Grammar&#8221;</a>) of
class
- <span><strong class="command">CHAOS</strong></span> which is separate from the
- default view of class <span><strong class="command">IN</strong></span>. Most global
- configuration options (<span><strong class="command">allow-query</strong></span>,
+ <span class="command"><strong>CHAOS</strong></span> which is separate from the
+ default view of class <span class="command"><strong>IN</strong></span>. Most global
+ configuration options (<span class="command"><strong>allow-query</strong></span>,
etc) will apply to this view, but some are locally
- overridden: <span><strong class="command">notify</strong></span>,
- <span><strong class="command">recursion</strong></span> and
- <span><strong class="command">allow-new-zones</strong></span> are
+ overridden: <span class="command"><strong>notify</strong></span>,
+ <span class="command"><strong>recursion</strong></span> and
+ <span class="command"><strong>allow-new-zones</strong></span> are
always set to <strong class="userinput"><code>no</code></strong>.
</p>
<p>
If you need to disable these zones, use the options
- below, or hide the built-in <span><strong class="command">CHAOS</strong></span>
+ below, or hide the built-in <span class="command"><strong>CHAOS</strong></span>
view by
- defining an explicit view of class <span><strong class="command">CHAOS</strong></span>
+ defining an explicit view of class <span class="command"><strong>CHAOS</strong></span>
that matches all clients.
</p>
-<div class="variablelist"><dl>
-<dt><span class="term"><span><strong class="command">version</strong></span></span></dt>
+<div class="variablelist"><dl class="variablelist">
+<dt><span class="term"><span class="command"><strong>version</strong></span></span></dt>
<dd><p>
The version the server should report
via a query of the name <code class="literal">version.bind</code>
- with type <span><strong class="command">TXT</strong></span>, class <span><strong class="command">CHAOS</strong></span>.
+ with type <span class="command"><strong>TXT</strong></span>, class <span class="command"><strong>CHAOS</strong></span>.
The default is the real version number of this server.
- Specifying <span><strong class="command">version none</strong></span>
+ Specifying <span class="command"><strong>version none</strong></span>
disables processing of the queries.
</p></dd>
-<dt><span class="term"><span><strong class="command">hostname</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>hostname</strong></span></span></dt>
<dd><p>
The hostname the server should report via a query of
the name <code class="filename">hostname.bind</code>
- with type <span><strong class="command">TXT</strong></span>, class <span><strong class="command">CHAOS</strong></span>.
+ with type <span class="command"><strong>TXT</strong></span>, class <span class="command"><strong>CHAOS</strong></span>.
This defaults to the hostname of the machine hosting the
name server as
found by the gethostname() function. The primary purpose of such queries
is to
identify which of a group of anycast servers is actually
- answering your queries. Specifying <span><strong class="command">hostname none;</strong></span>
+ answering your queries. Specifying <span class="command"><strong>hostname none;</strong></span>
disables processing of the queries.
</p></dd>
-<dt><span class="term"><span><strong class="command">server-id</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>server-id</strong></span></span></dt>
<dd><p>
The ID the server should report when receiving a Name
Server Identifier (NSID) query, or a query of the name
<code class="filename">ID.SERVER</code> with type
- <span><strong class="command">TXT</strong></span>, class <span><strong class="command">CHAOS</strong></span>.
+ <span class="command"><strong>TXT</strong></span>, class <span class="command"><strong>CHAOS</strong></span>.
The primary purpose of such queries is to
identify which of a group of anycast servers is actually
- answering your queries. Specifying <span><strong class="command">server-id none;</strong></span>
+ answering your queries. Specifying <span class="command"><strong>server-id none;</strong></span>
disables processing of the queries.
- Specifying <span><strong class="command">server-id hostname;</strong></span> will cause <span><strong class="command">named</strong></span> to
+ Specifying <span class="command"><strong>server-id hostname;</strong></span> will cause <span class="command"><strong>named</strong></span> to
use the hostname as found by the gethostname() function.
- The default <span><strong class="command">server-id</strong></span> is <span><strong class="command">none</strong></span>.
+ The default <span class="command"><strong>server-id</strong></span> is <span class="command"><strong>none</strong></span>.
</p></dd>
</dl></div>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
<a name="empty"></a>Built-in Empty Zones</h4></div></div></div>
<p>
@@ -5761,104 +5832,104 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
<p>
The current list of empty zones is:
</p>
-<div class="itemizedlist"><ul type="disc">
-<li>10.IN-ADDR.ARPA</li>
-<li>16.172.IN-ADDR.ARPA</li>
-<li>17.172.IN-ADDR.ARPA</li>
-<li>18.172.IN-ADDR.ARPA</li>
-<li>19.172.IN-ADDR.ARPA</li>
-<li>20.172.IN-ADDR.ARPA</li>
-<li>21.172.IN-ADDR.ARPA</li>
-<li>22.172.IN-ADDR.ARPA</li>
-<li>23.172.IN-ADDR.ARPA</li>
-<li>24.172.IN-ADDR.ARPA</li>
-<li>25.172.IN-ADDR.ARPA</li>
-<li>26.172.IN-ADDR.ARPA</li>
-<li>27.172.IN-ADDR.ARPA</li>
-<li>28.172.IN-ADDR.ARPA</li>
-<li>29.172.IN-ADDR.ARPA</li>
-<li>30.172.IN-ADDR.ARPA</li>
-<li>31.172.IN-ADDR.ARPA</li>
-<li>168.192.IN-ADDR.ARPA</li>
-<li>64.100.IN-ADDR.ARPA</li>
-<li>65.100.IN-ADDR.ARPA</li>
-<li>66.100.IN-ADDR.ARPA</li>
-<li>67.100.IN-ADDR.ARPA</li>
-<li>68.100.IN-ADDR.ARPA</li>
-<li>69.100.IN-ADDR.ARPA</li>
-<li>70.100.IN-ADDR.ARPA</li>
-<li>71.100.IN-ADDR.ARPA</li>
-<li>72.100.IN-ADDR.ARPA</li>
-<li>73.100.IN-ADDR.ARPA</li>
-<li>74.100.IN-ADDR.ARPA</li>
-<li>75.100.IN-ADDR.ARPA</li>
-<li>76.100.IN-ADDR.ARPA</li>
-<li>77.100.IN-ADDR.ARPA</li>
-<li>78.100.IN-ADDR.ARPA</li>
-<li>79.100.IN-ADDR.ARPA</li>
-<li>80.100.IN-ADDR.ARPA</li>
-<li>81.100.IN-ADDR.ARPA</li>
-<li>82.100.IN-ADDR.ARPA</li>
-<li>83.100.IN-ADDR.ARPA</li>
-<li>84.100.IN-ADDR.ARPA</li>
-<li>85.100.IN-ADDR.ARPA</li>
-<li>86.100.IN-ADDR.ARPA</li>
-<li>87.100.IN-ADDR.ARPA</li>
-<li>88.100.IN-ADDR.ARPA</li>
-<li>89.100.IN-ADDR.ARPA</li>
-<li>90.100.IN-ADDR.ARPA</li>
-<li>91.100.IN-ADDR.ARPA</li>
-<li>92.100.IN-ADDR.ARPA</li>
-<li>93.100.IN-ADDR.ARPA</li>
-<li>94.100.IN-ADDR.ARPA</li>
-<li>95.100.IN-ADDR.ARPA</li>
-<li>96.100.IN-ADDR.ARPA</li>
-<li>97.100.IN-ADDR.ARPA</li>
-<li>98.100.IN-ADDR.ARPA</li>
-<li>99.100.IN-ADDR.ARPA</li>
-<li>100.100.IN-ADDR.ARPA</li>
-<li>101.100.IN-ADDR.ARPA</li>
-<li>102.100.IN-ADDR.ARPA</li>
-<li>103.100.IN-ADDR.ARPA</li>
-<li>104.100.IN-ADDR.ARPA</li>
-<li>105.100.IN-ADDR.ARPA</li>
-<li>106.100.IN-ADDR.ARPA</li>
-<li>107.100.IN-ADDR.ARPA</li>
-<li>108.100.IN-ADDR.ARPA</li>
-<li>109.100.IN-ADDR.ARPA</li>
-<li>110.100.IN-ADDR.ARPA</li>
-<li>111.100.IN-ADDR.ARPA</li>
-<li>112.100.IN-ADDR.ARPA</li>
-<li>113.100.IN-ADDR.ARPA</li>
-<li>114.100.IN-ADDR.ARPA</li>
-<li>115.100.IN-ADDR.ARPA</li>
-<li>116.100.IN-ADDR.ARPA</li>
-<li>117.100.IN-ADDR.ARPA</li>
-<li>118.100.IN-ADDR.ARPA</li>
-<li>119.100.IN-ADDR.ARPA</li>
-<li>120.100.IN-ADDR.ARPA</li>
-<li>121.100.IN-ADDR.ARPA</li>
-<li>122.100.IN-ADDR.ARPA</li>
-<li>123.100.IN-ADDR.ARPA</li>
-<li>124.100.IN-ADDR.ARPA</li>
-<li>125.100.IN-ADDR.ARPA</li>
-<li>126.100.IN-ADDR.ARPA</li>
-<li>127.100.IN-ADDR.ARPA</li>
-<li>0.IN-ADDR.ARPA</li>
-<li>127.IN-ADDR.ARPA</li>
-<li>254.169.IN-ADDR.ARPA</li>
-<li>2.0.192.IN-ADDR.ARPA</li>
-<li>100.51.198.IN-ADDR.ARPA</li>
-<li>113.0.203.IN-ADDR.ARPA</li>
-<li>255.255.255.255.IN-ADDR.ARPA</li>
-<li>0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA</li>
-<li>1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA</li>
-<li>8.B.D.0.1.0.0.2.IP6.ARPA</li>
-<li>D.F.IP6.ARPA</li>
-<li>8.E.F.IP6.ARPA</li>
-<li>9.E.F.IP6.ARPA</li>
-<li>A.E.F.IP6.ARPA</li>
-<li>B.E.F.IP6.ARPA</li>
+<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">10.IN-ADDR.ARPA</li>
+<li class="listitem">16.172.IN-ADDR.ARPA</li>
+<li class="listitem">17.172.IN-ADDR.ARPA</li>
+<li class="listitem">18.172.IN-ADDR.ARPA</li>
+<li class="listitem">19.172.IN-ADDR.ARPA</li>
+<li class="listitem">20.172.IN-ADDR.ARPA</li>
+<li class="listitem">21.172.IN-ADDR.ARPA</li>
+<li class="listitem">22.172.IN-ADDR.ARPA</li>
+<li class="listitem">23.172.IN-ADDR.ARPA</li>
+<li class="listitem">24.172.IN-ADDR.ARPA</li>
+<li class="listitem">25.172.IN-ADDR.ARPA</li>
+<li class="listitem">26.172.IN-ADDR.ARPA</li>
+<li class="listitem">27.172.IN-ADDR.ARPA</li>
+<li class="listitem">28.172.IN-ADDR.ARPA</li>
+<li class="listitem">29.172.IN-ADDR.ARPA</li>
+<li class="listitem">30.172.IN-ADDR.ARPA</li>
+<li class="listitem">31.172.IN-ADDR.ARPA</li>
+<li class="listitem">168.192.IN-ADDR.ARPA</li>
+<li class="listitem">64.100.IN-ADDR.ARPA</li>
+<li class="listitem">65.100.IN-ADDR.ARPA</li>
+<li class="listitem">66.100.IN-ADDR.ARPA</li>
+<li class="listitem">67.100.IN-ADDR.ARPA</li>
+<li class="listitem">68.100.IN-ADDR.ARPA</li>
+<li class="listitem">69.100.IN-ADDR.ARPA</li>
+<li class="listitem">70.100.IN-ADDR.ARPA</li>
+<li class="listitem">71.100.IN-ADDR.ARPA</li>
+<li class="listitem">72.100.IN-ADDR.ARPA</li>
+<li class="listitem">73.100.IN-ADDR.ARPA</li>
+<li class="listitem">74.100.IN-ADDR.ARPA</li>
+<li class="listitem">75.100.IN-ADDR.ARPA</li>
+<li class="listitem">76.100.IN-ADDR.ARPA</li>
+<li class="listitem">77.100.IN-ADDR.ARPA</li>
+<li class="listitem">78.100.IN-ADDR.ARPA</li>
+<li class="listitem">79.100.IN-ADDR.ARPA</li>
+<li class="listitem">80.100.IN-ADDR.ARPA</li>
+<li class="listitem">81.100.IN-ADDR.ARPA</li>
+<li class="listitem">82.100.IN-ADDR.ARPA</li>
+<li class="listitem">83.100.IN-ADDR.ARPA</li>
+<li class="listitem">84.100.IN-ADDR.ARPA</li>
+<li class="listitem">85.100.IN-ADDR.ARPA</li>
+<li class="listitem">86.100.IN-ADDR.ARPA</li>
+<li class="listitem">87.100.IN-ADDR.ARPA</li>
+<li class="listitem">88.100.IN-ADDR.ARPA</li>
+<li class="listitem">89.100.IN-ADDR.ARPA</li>
+<li class="listitem">90.100.IN-ADDR.ARPA</li>
+<li class="listitem">91.100.IN-ADDR.ARPA</li>
+<li class="listitem">92.100.IN-ADDR.ARPA</li>
+<li class="listitem">93.100.IN-ADDR.ARPA</li>
+<li class="listitem">94.100.IN-ADDR.ARPA</li>
+<li class="listitem">95.100.IN-ADDR.ARPA</li>
+<li class="listitem">96.100.IN-ADDR.ARPA</li>
+<li class="listitem">97.100.IN-ADDR.ARPA</li>
+<li class="listitem">98.100.IN-ADDR.ARPA</li>
+<li class="listitem">99.100.IN-ADDR.ARPA</li>
+<li class="listitem">100.100.IN-ADDR.ARPA</li>
+<li class="listitem">101.100.IN-ADDR.ARPA</li>
+<li class="listitem">102.100.IN-ADDR.ARPA</li>
+<li class="listitem">103.100.IN-ADDR.ARPA</li>
+<li class="listitem">104.100.IN-ADDR.ARPA</li>
+<li class="listitem">105.100.IN-ADDR.ARPA</li>
+<li class="listitem">106.100.IN-ADDR.ARPA</li>
+<li class="listitem">107.100.IN-ADDR.ARPA</li>
+<li class="listitem">108.100.IN-ADDR.ARPA</li>
+<li class="listitem">109.100.IN-ADDR.ARPA</li>
+<li class="listitem">110.100.IN-ADDR.ARPA</li>
+<li class="listitem">111.100.IN-ADDR.ARPA</li>
+<li class="listitem">112.100.IN-ADDR.ARPA</li>
+<li class="listitem">113.100.IN-ADDR.ARPA</li>
+<li class="listitem">114.100.IN-ADDR.ARPA</li>
+<li class="listitem">115.100.IN-ADDR.ARPA</li>
+<li class="listitem">116.100.IN-ADDR.ARPA</li>
+<li class="listitem">117.100.IN-ADDR.ARPA</li>
+<li class="listitem">118.100.IN-ADDR.ARPA</li>
+<li class="listitem">119.100.IN-ADDR.ARPA</li>
+<li class="listitem">120.100.IN-ADDR.ARPA</li>
+<li class="listitem">121.100.IN-ADDR.ARPA</li>
+<li class="listitem">122.100.IN-ADDR.ARPA</li>
+<li class="listitem">123.100.IN-ADDR.ARPA</li>
+<li class="listitem">124.100.IN-ADDR.ARPA</li>
+<li class="listitem">125.100.IN-ADDR.ARPA</li>
+<li class="listitem">126.100.IN-ADDR.ARPA</li>
+<li class="listitem">127.100.IN-ADDR.ARPA</li>
+<li class="listitem">0.IN-ADDR.ARPA</li>
+<li class="listitem">127.IN-ADDR.ARPA</li>
+<li class="listitem">254.169.IN-ADDR.ARPA</li>
+<li class="listitem">2.0.192.IN-ADDR.ARPA</li>
+<li class="listitem">100.51.198.IN-ADDR.ARPA</li>
+<li class="listitem">113.0.203.IN-ADDR.ARPA</li>
+<li class="listitem">255.255.255.255.IN-ADDR.ARPA</li>
+<li class="listitem">0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA</li>
+<li class="listitem">1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA</li>
+<li class="listitem">8.B.D.0.1.0.0.2.IP6.ARPA</li>
+<li class="listitem">D.F.IP6.ARPA</li>
+<li class="listitem">8.E.F.IP6.ARPA</li>
+<li class="listitem">9.E.F.IP6.ARPA</li>
+<li class="listitem">A.E.F.IP6.ARPA</li>
+<li class="listitem">B.E.F.IP6.ARPA</li>
</ul></div>
<p>
</p>
@@ -5885,46 +5956,48 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
+<p>
The real parent servers for these zones should disable all
empty zone under the parent zone they serve. For the real
root servers, this is all built-in empty zones. This will
enable them to return referrals to deeper in the tree.
- </div>
-<div class="variablelist"><dl>
-<dt><span class="term"><span><strong class="command">empty-server</strong></span></span></dt>
+ </p>
+</div>
+<div class="variablelist"><dl class="variablelist">
+<dt><span class="term"><span class="command"><strong>empty-server</strong></span></span></dt>
<dd><p>
Specify what server name will appear in the returned
SOA record for empty zones. If none is specified, then
the zone's name will be used.
</p></dd>
-<dt><span class="term"><span><strong class="command">empty-contact</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>empty-contact</strong></span></span></dt>
<dd><p>
Specify what contact name will appear in the returned
SOA record for empty zones. If none is specified, then
"." will be used.
</p></dd>
-<dt><span class="term"><span><strong class="command">empty-zones-enable</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>empty-zones-enable</strong></span></span></dt>
<dd><p>
Enable or disable all empty zones. By default, they
are enabled.
</p></dd>
-<dt><span class="term"><span><strong class="command">disable-empty-zone</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>disable-empty-zone</strong></span></span></dt>
<dd><p>
Disable individual empty zones. By default, none are
disabled. This option can be specified multiple times.
</p></dd>
</dl></div>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
<a name="acache"></a>Additional Section Caching</h4></div></div></div>
<p>
- The additional section cache, also called <span><strong class="command">acache</strong></span>,
+ The additional section cache, also called <span class="command"><strong>acache</strong></span>,
is an internal cache to improve the response performance of BIND 9.
When additional section caching is enabled, BIND 9 will
cache an internal short-cut to the additional section content for
each answer RR.
- Note that <span><strong class="command">acache</strong></span> is an internal caching
+ Note that <span class="command"><strong>acache</strong></span> is an internal caching
mechanism of BIND 9, and is not related to the DNS caching
server function.
</p>
@@ -5939,35 +6012,35 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
<p>
In order to obtain the maximum performance improvement
from additional section caching, setting
- <span><strong class="command">additional-from-cache</strong></span>
- to <span><strong class="command">no</strong></span> is recommended, since the current
- implementation of <span><strong class="command">acache</strong></span>
+ <span class="command"><strong>additional-from-cache</strong></span>
+ to <span class="command"><strong>no</strong></span> is recommended, since the current
+ implementation of <span class="command"><strong>acache</strong></span>
does not short-cut of additional section information from the
DNS cache data.
</p>
<p>
- One obvious disadvantage of <span><strong class="command">acache</strong></span> is
+ One obvious disadvantage of <span class="command"><strong>acache</strong></span> is
that it requires much more
memory for the internal cached data.
Thus, if the response performance does not matter and memory
consumption is much more critical, the
- <span><strong class="command">acache</strong></span> mechanism can be
- disabled by setting <span><strong class="command">acache-enable</strong></span> to
- <span><strong class="command">no</strong></span>.
+ <span class="command"><strong>acache</strong></span> mechanism can be
+ disabled by setting <span class="command"><strong>acache-enable</strong></span> to
+ <span class="command"><strong>no</strong></span>.
It is also possible to specify the upper limit of memory
consumption
- for acache by using <span><strong class="command">max-acache-size</strong></span>.
+ for acache by using <span class="command"><strong>max-acache-size</strong></span>.
</p>
<p>
Additional section caching also has a minor effect on the
RRset ordering in the additional section.
- Without <span><strong class="command">acache</strong></span>,
- <span><strong class="command">cyclic</strong></span> order is effective for the additional
+ Without <span class="command"><strong>acache</strong></span>,
+ <span class="command"><strong>cyclic</strong></span> order is effective for the additional
section as well as the answer and authority sections.
However, additional section caching fixes the ordering when it
first caches an RRset for the additional section, and the same
ordering will be kept in succeeding responses, regardless of the
- setting of <span><strong class="command">rrset-order</strong></span>.
+ setting of <span class="command"><strong>rrset-order</strong></span>.
The effect of this should be minor, however, since an
RRset in the additional section
typically only contains a small number of RRs (and in many cases
@@ -5976,23 +6049,23 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</p>
<p>
The following is a summary of options related to
- <span><strong class="command">acache</strong></span>.
+ <span class="command"><strong>acache</strong></span>.
</p>
-<div class="variablelist"><dl>
-<dt><span class="term"><span><strong class="command">acache-enable</strong></span></span></dt>
+<div class="variablelist"><dl class="variablelist">
+<dt><span class="term"><span class="command"><strong>acache-enable</strong></span></span></dt>
<dd><p>
- If <span><strong class="command">yes</strong></span>, additional section caching is
- enabled. The default value is <span><strong class="command">no</strong></span>.
+ If <span class="command"><strong>yes</strong></span>, additional section caching is
+ enabled. The default value is <span class="command"><strong>no</strong></span>.
</p></dd>
-<dt><span class="term"><span><strong class="command">acache-cleaning-interval</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>acache-cleaning-interval</strong></span></span></dt>
<dd><p>
The server will remove stale cache entries, based on an LRU
based
- algorithm, every <span><strong class="command">acache-cleaning-interval</strong></span> minutes.
+ algorithm, every <span class="command"><strong>acache-cleaning-interval</strong></span> minutes.
The default is 60 minutes.
If set to 0, no periodic cleaning will occur.
</p></dd>
-<dt><span class="term"><span><strong class="command">max-acache-size</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>max-acache-size</strong></span></span></dt>
<dd><p>
The maximum amount of memory in bytes to use for the server's acache.
When the amount of data in the acache reaches this limit,
@@ -6006,9 +6079,9 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</p></dd>
</dl></div>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2588923"></a>Content Filtering</h4></div></div></div>
+<a name="content_filtering"></a>Content Filtering</h4></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> 9 provides the ability to filter
out DNS responses from external DNS servers containing
@@ -6016,23 +6089,23 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
Specifically, it can reject address (A or AAAA) records if
the corresponding IPv4 or IPv6 addresses match the given
<code class="varname">address_match_list</code> of the
- <span><strong class="command">deny-answer-addresses</strong></span> option.
+ <span class="command"><strong>deny-answer-addresses</strong></span> option.
It can also reject CNAME or DNAME records if the "alias"
name (i.e., the CNAME alias or the substituted query name
due to DNAME) matches the
given <code class="varname">namelist</code> of the
- <span><strong class="command">deny-answer-aliases</strong></span> option, where
+ <span class="command"><strong>deny-answer-aliases</strong></span> option, where
"match" means the alias name is a subdomain of one of
the <code class="varname">name_list</code> elements.
If the optional <code class="varname">namelist</code> is specified
- with <span><strong class="command">except-from</strong></span>, records whose query name
+ with <span class="command"><strong>except-from</strong></span>, records whose query name
matches the list will be accepted regardless of the filter
setting.
Likewise, if the alias name is a subdomain of the
- corresponding zone, the <span><strong class="command">deny-answer-aliases</strong></span>
+ corresponding zone, the <span class="command"><strong>deny-answer-aliases</strong></span>
filter will not apply;
for example, even if "example.com" is specified for
- <span><strong class="command">deny-answer-aliases</strong></span>,
+ <span class="command"><strong>deny-answer-aliases</strong></span>,
</p>
<pre class="programlisting">www.example.com. CNAME xxx.example.com.</pre>
<p>
@@ -6040,7 +6113,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</p>
<p>
In the <code class="varname">address_match_list</code> of the
- <span><strong class="command">deny-answer-addresses</strong></span> option, only
+ <span class="command"><strong>deny-answer-addresses</strong></span> option, only
<code class="varname">ip_addr</code>
and <code class="varname">ip_prefix</code>
are meaningful;
@@ -6061,7 +6134,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
to get access to an internal node of your local network
that couldn't be externally accessed otherwise.
See the paper available at
- <a href="http://portal.acm.org/citation.cfm?id=1315245.1315298" target="_top">
+ <a class="link" href="http://portal.acm.org/citation.cfm?id=1315245.1315298" target="_top">
http://portal.acm.org/citation.cfm?id=1315245.1315298
</a>
for more details about the attacks.
@@ -6095,7 +6168,7 @@ deny-answer-aliases { "example.net"; };
<pre class="programlisting">www.example.net. A 192.0.2.2</pre>
<p>
it will be accepted since the owner name "www.example.net"
- matches the <span><strong class="command">except-from</strong></span> element,
+ matches the <span class="command"><strong>except-from</strong></span> element,
"example.net".
</p>
<p>
@@ -6129,9 +6202,9 @@ deny-answer-aliases { "example.net"; };
spuriously can break such applications.
</p>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2589049"></a>Response Policy Zone (RPZ) Rewriting</h4></div></div></div>
+<a name="rpz"></a>Response Policy Zone (RPZ) Rewriting</h4></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> 9 includes a limited
mechanism to modify DNS responses for requests
@@ -6142,12 +6215,12 @@ deny-answer-aliases { "example.net"; };
</p>
<p>
Response policy zones are named in the
- <span><strong class="command">response-policy</strong></span> option for the view or among the
+ <span class="command"><strong>response-policy</strong></span> option for the view or among the
global options if there is no response-policy option for the view.
RPZs are ordinary DNS zones containing RRsets
that can be queried normally if allowed.
It is usually best to restrict those queries with something like
- <span><strong class="command">allow-query { localhost; };</strong></span>.
+ <span class="command"><strong>allow-query { localhost; };</strong></span>.
</p>
<p>
Four policy triggers are encoded in RPZ records, QNAME, IP, NSIP,
@@ -6193,8 +6266,8 @@ deny-answer-aliases { "example.net"; };
NSIP triggers are encoded like IP triggers except as subdomains of
<strong class="userinput"><code>rpz-nsip</code></strong>.
NSDNAME and NSIP triggers are checked only for names with at
- least <span><strong class="command">min-ns-dots</strong></span> dots.
- The default value of <span><strong class="command">min-ns-dots</strong></span> is 1 to
+ least <span class="command"><strong>min-ns-dots</strong></span> dots.
+ The default value of <span class="command"><strong>min-ns-dots</strong></span> is 1 to
exclude top level domains.
</p>
<p>
@@ -6202,24 +6275,24 @@ deny-answer-aliases { "example.net"; };
two or more policy records can be triggered by a response.
Because DNS responses can be rewritten according to at most one
policy record, a single record encoding an action (other than
- <span><strong class="command">DISABLED</strong></span> actions) must be chosen.
+ <span class="command"><strong>DISABLED</strong></span> actions) must be chosen.
Triggers or the records that encode them are chosen in
the following order:
</p>
-<div class="itemizedlist"><ul type="disc">
-<li>Choose the triggered record in the zone that appears
+<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">Choose the triggered record in the zone that appears
first in the response-policy option.
</li>
-<li>Prefer QNAME to IP to NSDNAME to NSIP triggers
+<li class="listitem">Prefer QNAME to IP to NSDNAME to NSIP triggers
in a single zone.
</li>
-<li>Among NSDNAME triggers, prefer the
+<li class="listitem">Among NSDNAME triggers, prefer the
trigger that matches the smallest name under the DNSSEC ordering.
</li>
-<li>Among IP or NSIP triggers, prefer the trigger
+<li class="listitem">Among IP or NSIP triggers, prefer the trigger
with the longest prefix.
</li>
-<li>Among triggers with the same prefix length,
+<li class="listitem">Among triggers with the same prefix length,
prefer the IP or NSIP trigger that matches
the smallest IP address.
</li>
@@ -6237,15 +6310,15 @@ deny-answer-aliases { "example.net"; };
RPZ record sets are sets of any types of DNS record except
DNAME or DNSSEC that encode actions or responses to queries.
</p>
-<div class="itemizedlist"><ul type="disc">
-<li>The <span><strong class="command">NXDOMAIN</strong></span> response is encoded
+<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">The <span class="command"><strong>NXDOMAIN</strong></span> response is encoded
by a CNAME whose target is the root domain (.)
</li>
-<li>A CNAME whose target is the wildcard top-level
- domain (*.) specifies the <span><strong class="command">NODATA</strong></span> action,
+<li class="listitem">A CNAME whose target is the wildcard top-level
+ domain (*.) specifies the <span class="command"><strong>NODATA</strong></span> action,
which rewrites the response to NODATA or ANCOUNT=1.
</li>
-<li>The <span><strong class="command">Local Data</strong></span> action is
+<li class="listitem">The <span class="command"><strong>Local Data</strong></span> action is
represented by a set ordinary DNS records that are used
to answer queries. Queries for record types not the
set are answered with NODATA.
@@ -6257,8 +6330,8 @@ deny-answer-aliases { "example.net"; };
The purpose for this special form is query logging in the
walled garden's authority DNS server.
</li>
-<li>The <span><strong class="command">PASSTHRU</strong></span> policy is specified
- by a CNAME whose target is <span><strong class="command">rpz-passthru.</strong></span>
+<li class="listitem">The <span class="command"><strong>PASSTHRU</strong></span> policy is specified
+ by a CNAME whose target is <span class="command"><strong>rpz-passthru.</strong></span>
It causes the response to not be rewritten
and is most often used to "poke holes" in policies for
CIDR blocks.
@@ -6270,18 +6343,18 @@ deny-answer-aliases { "example.net"; };
</p>
<p>
The actions specified in an RPZ can be overridden with a
- <span><strong class="command">policy</strong></span> clause in the
- <span><strong class="command">response-policy</strong></span> option.
+ <span class="command"><strong>policy</strong></span> clause in the
+ <span class="command"><strong>response-policy</strong></span> option.
An organization using an RPZ provided by another organization might
use this mechanism to redirect domains to its own walled garden.
</p>
-<div class="itemizedlist"><ul type="disc">
-<li>
-<span><strong class="command">GIVEN</strong></span> says "do not override but
+<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">
+<span class="command"><strong>GIVEN</strong></span> says "do not override but
perform the action specified in the zone."
</li>
-<li>
-<span><strong class="command">DISABLED</strong></span> causes policy records to do
+<li class="listitem">
+<span class="command"><strong>DISABLED</strong></span> causes policy records to do
nothing but log what they might have done.
The response to the DNS query will be written according to
any triggered policy records that are not disabled.
@@ -6289,22 +6362,22 @@ deny-answer-aliases { "example.net"; };
because they will often not be logged
if a higher precedence trigger is found first.
</li>
-<li>
-<span><strong class="command">PASSTHRU</strong></span> causes all policy records
+<li class="listitem">
+<span class="command"><strong>PASSTHRU</strong></span> causes all policy records
to act as if they were CNAME records with targets the variable
part of their owner name. They protect the response from
being changed.
</li>
-<li>
-<span><strong class="command">NXDOMAIN</strong></span> causes all RPZ records
+<li class="listitem">
+<span class="command"><strong>NXDOMAIN</strong></span> causes all RPZ records
to specify NXDOMAIN policies.
</li>
-<li>
-<span><strong class="command">NODATA</strong></span> overrides with the
+<li class="listitem">
+<span class="command"><strong>NODATA</strong></span> overrides with the
NODATA policy
</li>
-<li>
-<span><strong class="command">CNAME domain</strong></span> causes all RPZ
+<li class="listitem">
+<span class="command"><strong>CNAME domain</strong></span> causes all RPZ
policy records to act as if they were "cname domain" records.
</li>
</ul></div>
@@ -6314,7 +6387,7 @@ deny-answer-aliases { "example.net"; };
By default, the actions encoded in an RPZ are applied
only to queries that ask for recursion (RD=1).
That default can be changed for a single RPZ or all RPZs in a view
- with a <span><strong class="command">recursive-only no</strong></span> clause.
+ with a <span class="command"><strong>recursive-only no</strong></span> clause.
This feature is useful for serving the same zone files
both inside and outside an RFC 1918 cloud and using RPZ to
delete answers that would otherwise contain RFC 1918 values
@@ -6326,7 +6399,7 @@ deny-answer-aliases { "example.net"; };
records are available for request name in the original zone (not
the response policy zone).
This default can be changed for all RPZs in a view with a
- <span><strong class="command">break-dnssec yes</strong></span> clause.
+ <span class="command"><strong>break-dnssec yes</strong></span> clause.
In that case, RPZ actions are applied regardless of DNSSEC.
The name of the clause option reflects the fact that results
rewritten by RPZ actions cannot verify.
@@ -6335,7 +6408,7 @@ deny-answer-aliases { "example.net"; };
The TTL of a record modified by RPZ policies is set from the
TTL of the relevant record in policy zone. It is then limited
to a maximum value.
- The <span><strong class="command">max-policy-ttl</strong></span> clause changes that
+ The <span class="command"><strong>max-policy-ttl</strong></span> clause changes that
maximum from its default of 5.
</p>
<p>
@@ -6393,12 +6466,12 @@ ns.domain.com.rpz-nsdname CNAME .
</p>
<p>
Responses rewritten by RPZ are counted in the
- <span><strong class="command">RPZRewrites</strong></span> statistics.
+ <span class="command"><strong>RPZRewrites</strong></span> statistics.
</p>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2589479"></a>Response Rate Limiting</h4></div></div></div>
+<a name="rrl"></a>Response Rate Limiting</h4></div></div></div>
<p>
This feature is only available when <acronym class="acronym">BIND</acronym> 9
is compiled with the <strong class="userinput"><code>--enable-rrl</code></strong>
@@ -6407,8 +6480,8 @@ ns.domain.com.rpz-nsdname CNAME .
<p>
Excessive almost identical UDP <span class="emphasis"><em>responses</em></span>
can be controlled by configuring a
- <span><strong class="command">rate-limit</strong></span> clause in an
- <span><strong class="command">options</strong></span> or <span><strong class="command">view</strong></span> statement.
+ <span class="command"><strong>rate-limit</strong></span> clause in an
+ <span class="command"><strong>options</strong></span> or <span class="command"><strong>view</strong></span> statement.
This mechanism keeps authoritative BIND 9 from being used
in amplifying reflection denial of service (DoS) attacks.
Short truncated (TC=1) responses can be sent to provide
@@ -6435,11 +6508,11 @@ ns.domain.com.rpz-nsdname CNAME .
while the account is negative.
Responses are tracked within a rolling window of time
which defaults to 15 seconds, but can be configured with
- the <span><strong class="command">window</strong></span> option to any value from
+ the <span class="command"><strong>window</strong></span> option to any value from
1 to 3600 seconds (1 hour).
The account cannot become more positive than
the per-second limit
- or more negative than <span><strong class="command">window</strong></span>
+ or more negative than <span class="command"><strong>window</strong></span>
times the per-second limit.
When the specified number of credits for a class of
responses is set to 0, those responses are not rate limited.
@@ -6450,32 +6523,32 @@ ns.domain.com.rpz-nsdname CNAME .
All responses to an address block are counted as if to a
single client.
The prefix lengths of addresses blocks are
- specified with <span><strong class="command">ipv4-prefix-length</strong></span> (default 24)
- and <span><strong class="command">ipv6-prefix-length</strong></span> (default 56).
+ specified with <span class="command"><strong>ipv4-prefix-length</strong></span> (default 24)
+ and <span class="command"><strong>ipv6-prefix-length</strong></span> (default 56).
</p>
<p>
All non-empty responses for a valid domain name (qname)
and record type (qtype) are identical and have a limit specified
- with <span><strong class="command">responses-per-second</strong></span>
+ with <span class="command"><strong>responses-per-second</strong></span>
(default 0 or no limit).
All empty (NODATA) responses for a valid domain,
regardless of query type, are identical.
Responses in the NODATA class are limited by
- <span><strong class="command">nodata-per-second</strong></span>
- (default <span><strong class="command">responses-per-second</strong></span>).
+ <span class="command"><strong>nodata-per-second</strong></span>
+ (default <span class="command"><strong>responses-per-second</strong></span>).
Requests for any and all undefined subdomains of a given
valid domain result in NXDOMAIN errors, and are identical
regardless of query type.
- They are limited by <span><strong class="command">nxdomain-per-second</strong></span>
- (default <span><strong class="command">responses-per-second</strong></span>).
+ They are limited by <span class="command"><strong>nxdomain-per-second</strong></span>
+ (default <span class="command"><strong>responses-per-second</strong></span>).
This controls some attacks using random names, but
can be relaxed or turned off (set to 0)
on servers that expect many legitimate
NXDOMAIN responses, such as from anti-spam blacklists.
Referrals or delegations to the server of a given
domain are identical and are limited by
- <span><strong class="command">referrals-per-second</strong></span>
- (default <span><strong class="command">responses-per-second</strong></span>).
+ <span class="command"><strong>referrals-per-second</strong></span>
+ (default <span class="command"><strong>responses-per-second</strong></span>).
</p>
<p>
Responses generated from local wildcards are counted and limited
@@ -6489,9 +6562,9 @@ ns.domain.com.rpz-nsdname CNAME .
This controls attacks using invalid requests or distant,
broken authoritative servers.
By default the limit on errors is the same as the
- <span><strong class="command">responses-per-second</strong></span> value,
+ <span class="command"><strong>responses-per-second</strong></span> value,
but it can be set separately with
- <span><strong class="command">errors-per-second</strong></span>.
+ <span class="command"><strong>errors-per-second</strong></span>.
</p>
<p>
Many attacks using DNS involve UDP requests with forged source
@@ -6501,13 +6574,13 @@ ns.domain.com.rpz-nsdname CNAME .
but could let a third party block responses to legitimate requests.
There is a mechanism that can answer some legitimate
requests from a client whose address is being forged in a flood.
- Setting <span><strong class="command">slip</strong></span> to 2 (its default) causes every
+ Setting <span class="command"><strong>slip</strong></span> to 2 (its default) causes every
other UDP request to be answered with a small truncated (TC=1)
response.
The small size and reduced frequency, and so lack of
amplification, of "slipped" responses make them unattractive
for reflection DoS attacks.
- <span><strong class="command">slip</strong></span> must be between 0 and 10.
+ <span class="command"><strong>slip</strong></span> must be between 0 and 10.
A value of 0 does not "slip":
no truncated responses are sent due to rate limiting,
all responses are dropped.
@@ -6515,7 +6588,7 @@ ns.domain.com.rpz-nsdname CNAME .
values between 2 and 10 cause every n'th response to slip.
Some error responses including REFUSED and SERVFAIL
cannot be replaced with truncated responses and are instead
- leaked at the <span><strong class="command">slip</strong></span> rate.
+ leaked at the <span class="command"><strong>slip</strong></span> rate.
</p>
<p>
(NOTE: Dropped responses from an authoritative server may
@@ -6526,21 +6599,21 @@ ns.domain.com.rpz-nsdname CNAME .
to validate the responses. When this is not an option,
operators who are more concerned with response integrity
than with flood mitigation may consider setting
- <span><strong class="command">slip</strong></span> to 1, causing all rate-limited
+ <span class="command"><strong>slip</strong></span> to 1, causing all rate-limited
responses to be truncated rather than dropped. This reduces
the effectiveness of rate-limiting against reflection attacks.)
</p>
<p>
When the approximate query per second rate exceeds
- the <span><strong class="command">qps-scale</strong></span> value,
- then the <span><strong class="command">responses-per-second</strong></span>,
- <span><strong class="command">errors-per-second</strong></span>,
- <span><strong class="command">nxdomains-per-second</strong></span> and
- <span><strong class="command">all-per-second</strong></span> values are reduced by the
- ratio of the current rate to the <span><strong class="command">qps-scale</strong></span> value.
+ the <span class="command"><strong>qps-scale</strong></span> value,
+ then the <span class="command"><strong>responses-per-second</strong></span>,
+ <span class="command"><strong>errors-per-second</strong></span>,
+ <span class="command"><strong>nxdomains-per-second</strong></span> and
+ <span class="command"><strong>all-per-second</strong></span> values are reduced by the
+ ratio of the current rate to the <span class="command"><strong>qps-scale</strong></span> value.
This feature can tighten defenses during attacks.
For example, with
- <span><strong class="command">qps-scale 250; responses-per-second 20;</strong></span> and
+ <span class="command"><strong>qps-scale 250; responses-per-second 20;</strong></span> and
a total query rate of 1000 queries/second for all queries from
all DNS clients including via TCP,
then the effective responses/second limit changes to
@@ -6551,30 +6624,30 @@ ns.domain.com.rpz-nsdname CNAME .
<p>
Communities of DNS clients can be given their own parameters or no
rate limiting by putting
- <span><strong class="command">rate-limit</strong></span> statements in <span><strong class="command">view</strong></span>
- statements instead of the global <span><strong class="command">option</strong></span>
+ <span class="command"><strong>rate-limit</strong></span> statements in <span class="command"><strong>view</strong></span>
+ statements instead of the global <span class="command"><strong>option</strong></span>
statement.
- A <span><strong class="command">rate-limit</strong></span> statement in a view replaces,
- rather than supplementing, a <span><strong class="command">rate-limit</strong></span>
+ A <span class="command"><strong>rate-limit</strong></span> statement in a view replaces,
+ rather than supplementing, a <span class="command"><strong>rate-limit</strong></span>
statement among the main options.
DNS clients within a view can be exempted from rate limits
- with the <span><strong class="command">exempt-clients</strong></span> clause.
+ with the <span class="command"><strong>exempt-clients</strong></span> clause.
</p>
<p>
UDP responses of all kinds can be limited with the
- <span><strong class="command">all-per-second</strong></span> phrase.
+ <span class="command"><strong>all-per-second</strong></span> phrase.
This rate limiting is unlike the rate limiting provided by
- <span><strong class="command">responses-per-second</strong></span>,
- <span><strong class="command">errors-per-second</strong></span>, and
- <span><strong class="command">nxdomains-per-second</strong></span> on a DNS server
+ <span class="command"><strong>responses-per-second</strong></span>,
+ <span class="command"><strong>errors-per-second</strong></span>, and
+ <span class="command"><strong>nxdomains-per-second</strong></span> on a DNS server
which are often invisible to the victim of a DNS reflection attack.
Unless the forged requests of the attack are the same as the
legitimate requests of the victim, the victim's requests are
not affected.
- Responses affected by an <span><strong class="command">all-per-second</strong></span> limit
- are always dropped; the <span><strong class="command">slip</strong></span> value has no
+ Responses affected by an <span class="command"><strong>all-per-second</strong></span> limit
+ are always dropped; the <span class="command"><strong>slip</strong></span> value has no
effect.
- An <span><strong class="command">all-per-second</strong></span> limit should be
+ An <span class="command"><strong>all-per-second</strong></span> limit should be
at least 4 times as large as the other limits,
because single DNS clients often send bursts of legitimate
requests.
@@ -6582,11 +6655,11 @@ ns.domain.com.rpz-nsdname CNAME .
requests from an SMTP server for NS, PTR, A, and AAAA records
as the incoming SMTP/TCP/IP connection is considered.
The SMTP server can need additional NS, A, AAAA, MX, TXT, and SPF
- records as it considers the STMP <span><strong class="command">Mail From</strong></span>
+ records as it considers the STMP <span class="command"><strong>Mail From</strong></span>
command.
Web browsers often repeatedly resolve the same names that
are repeated in HTML &lt;IMG&gt; tags in a page.
- <span><strong class="command">All-per-second</strong></span> is similar to the
+ <span class="command"><strong>All-per-second</strong></span> is similar to the
rate limiting offered by firewalls but often inferior.
Attacks that justify ignoring the
contents of DNS responses are likely to be attacks on the
@@ -6598,35 +6671,35 @@ ns.domain.com.rpz-nsdname CNAME .
</p>
<p>
The maximum size of the table used to track requests and
- rate limit responses is set with <span><strong class="command">max-table-size</strong></span>.
+ rate limit responses is set with <span class="command"><strong>max-table-size</strong></span>.
Each entry in the table is between 40 and 80 bytes.
The table needs approximately as many entries as the number
of requests received per second.
The default is 20,000.
To reduce the cold start of growing the table,
- <span><strong class="command">min-table-size</strong></span> (default 500)
+ <span class="command"><strong>min-table-size</strong></span> (default 500)
can set the minimum table size.
- Enable <span><strong class="command">rate-limit</strong></span> category logging to monitor
+ Enable <span class="command"><strong>rate-limit</strong></span> category logging to monitor
expansions of the table and inform
choices for the initial and maximum table size.
</p>
<p>
- Use <span><strong class="command">log-only yes</strong></span> to test rate limiting parameters
+ Use <span class="command"><strong>log-only yes</strong></span> to test rate limiting parameters
without actually dropping any requests.
</p>
<p>
Responses dropped by rate limits are included in the
- <span><strong class="command">RateDropped</strong></span> and <span><strong class="command">QryDropped</strong></span>
+ <span class="command"><strong>RateDropped</strong></span> and <span class="command"><strong>QryDropped</strong></span>
statistics.
Responses that truncated by rate limits are included in
- <span><strong class="command">RateSlipped</strong></span> and <span><strong class="command">RespTruncated</strong></span>.
+ <span class="command"><strong>RateSlipped</strong></span> and <span class="command"><strong>RespTruncated</strong></span>.
</p>
</div>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="server_statement_grammar"></a><span><strong class="command">server</strong></span> Statement Grammar</h3></div></div></div>
-<pre class="programlisting"><span><strong class="command">server</strong></span> <em class="replaceable"><code>ip_addr[/prefixlen]</code></em> {
+<a name="server_statement_grammar"></a><span class="command"><strong>server</strong></span> Statement Grammar</h3></div></div></div>
+<pre class="programlisting"><span class="command"><strong>server</strong></span> <em class="replaceable"><code>ip_addr[/prefixlen]</code></em> {
[<span class="optional"> bogus <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> provide-ixfr <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> request-ixfr <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
@@ -6651,12 +6724,12 @@ ns.domain.com.rpz-nsdname CNAME .
};
</pre>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="server_statement_definition_and_usage"></a><span><strong class="command">server</strong></span> Statement Definition and
+<a name="server_statement_definition_and_usage"></a><span class="command"><strong>server</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p>
- The <span><strong class="command">server</strong></span> statement defines
+ The <span class="command"><strong>server</strong></span> statement defines
characteristics
to be associated with a remote name server. If a prefix length is
specified, then a range of servers is covered. Only the most
@@ -6665,17 +6738,17 @@ ns.domain.com.rpz-nsdname CNAME .
<code class="filename">named.conf</code>.
</p>
<p>
- The <span><strong class="command">server</strong></span> statement can occur at
+ The <span class="command"><strong>server</strong></span> statement can occur at
the top level of the
- configuration file or inside a <span><strong class="command">view</strong></span>
+ configuration file or inside a <span class="command"><strong>view</strong></span>
statement.
- If a <span><strong class="command">view</strong></span> statement contains
- one or more <span><strong class="command">server</strong></span> statements, only
+ If a <span class="command"><strong>view</strong></span> statement contains
+ one or more <span class="command"><strong>server</strong></span> statements, only
those
apply to the view and any top-level ones are ignored.
- If a view contains no <span><strong class="command">server</strong></span>
+ If a view contains no <span class="command"><strong>server</strong></span>
statements,
- any top-level <span><strong class="command">server</strong></span> statements are
+ any top-level <span class="command"><strong>server</strong></span> statements are
used as
defaults.
</p>
@@ -6683,30 +6756,30 @@ ns.domain.com.rpz-nsdname CNAME .
If you discover that a remote server is giving out bad data,
marking it as bogus will prevent further queries to it. The
default
- value of <span><strong class="command">bogus</strong></span> is <span><strong class="command">no</strong></span>.
+ value of <span class="command"><strong>bogus</strong></span> is <span class="command"><strong>no</strong></span>.
</p>
<p>
- The <span><strong class="command">provide-ixfr</strong></span> clause determines
+ The <span class="command"><strong>provide-ixfr</strong></span> clause determines
whether
the local server, acting as master, will respond with an
incremental
zone transfer when the given remote server, a slave, requests it.
- If set to <span><strong class="command">yes</strong></span>, incremental transfer
+ If set to <span class="command"><strong>yes</strong></span>, incremental transfer
will be provided
- whenever possible. If set to <span><strong class="command">no</strong></span>,
+ whenever possible. If set to <span class="command"><strong>no</strong></span>,
all transfers
to the remote server will be non-incremental. If not set, the
value
- of the <span><strong class="command">provide-ixfr</strong></span> option in the
+ of the <span class="command"><strong>provide-ixfr</strong></span> option in the
view or
global options block is used as a default.
</p>
<p>
- The <span><strong class="command">request-ixfr</strong></span> clause determines
+ The <span class="command"><strong>request-ixfr</strong></span> clause determines
whether
the local server, acting as a slave, will request incremental zone
transfers from the given remote server, a master. If not set, the
- value of the <span><strong class="command">request-ixfr</strong></span> option in
+ value of the <span class="command"><strong>request-ixfr</strong></span> option in
the view or global options block is used as a default. It may
also be set in the zone block and, if set there, it will
override the global or view setting for that zone.
@@ -6717,22 +6790,22 @@ ns.domain.com.rpz-nsdname CNAME .
fall back to AXFR. Therefore, there is no need to manually list
which servers support IXFR and which ones do not; the global
default
- of <span><strong class="command">yes</strong></span> should always work.
- The purpose of the <span><strong class="command">provide-ixfr</strong></span> and
- <span><strong class="command">request-ixfr</strong></span> clauses is
+ of <span class="command"><strong>yes</strong></span> should always work.
+ The purpose of the <span class="command"><strong>provide-ixfr</strong></span> and
+ <span class="command"><strong>request-ixfr</strong></span> clauses is
to make it possible to disable the use of IXFR even when both
master
and slave claim to support it, for example if one of the servers
is buggy and crashes or corrupts data when IXFR is used.
</p>
<p>
- The <span><strong class="command">edns</strong></span> clause determines whether
+ The <span class="command"><strong>edns</strong></span> clause determines whether
the local server will attempt to use EDNS when communicating
- with the remote server. The default is <span><strong class="command">yes</strong></span>.
+ with the remote server. The default is <span class="command"><strong>yes</strong></span>.
</p>
<p>
- The <span><strong class="command">edns-udp-size</strong></span> option sets the EDNS UDP size
- that is advertised by <span><strong class="command">named</strong></span> when querying the remote server.
+ The <span class="command"><strong>edns-udp-size</strong></span> option sets the EDNS UDP size
+ that is advertised by <span class="command"><strong>named</strong></span> when querying the remote server.
Valid values are 512 to 4096 bytes (values outside this range will be
silently adjusted). This option is useful when you wish to
advertises a different value to this server than the value you
@@ -6740,38 +6813,38 @@ ns.domain.com.rpz-nsdname CNAME .
remote site that is blocking large replies.
</p>
<p>
- The <span><strong class="command">max-udp-size</strong></span> option sets the
- maximum EDNS UDP message size <span><strong class="command">named</strong></span> will send. Valid
+ The <span class="command"><strong>max-udp-size</strong></span> option sets the
+ maximum EDNS UDP message size <span class="command"><strong>named</strong></span> will send. Valid
values are 512 to 4096 bytes (values outside this range will
be silently adjusted). This option is useful when you
know that there is a firewall that is blocking large
- replies from <span><strong class="command">named</strong></span>.
+ replies from <span class="command"><strong>named</strong></span>.
</p>
<p>
- The server supports two zone transfer methods. The first, <span><strong class="command">one-answer</strong></span>,
- uses one DNS message per resource record transferred. <span><strong class="command">many-answers</strong></span> packs
- as many resource records as possible into a message. <span><strong class="command">many-answers</strong></span> is
+ The server supports two zone transfer methods. The first, <span class="command"><strong>one-answer</strong></span>,
+ uses one DNS message per resource record transferred. <span class="command"><strong>many-answers</strong></span> packs
+ as many resource records as possible into a message. <span class="command"><strong>many-answers</strong></span> is
more efficient, but is only known to be understood by <acronym class="acronym">BIND</acronym> 9, <acronym class="acronym">BIND</acronym>
8.x, and patched versions of <acronym class="acronym">BIND</acronym>
4.9.5. You can specify which method
- to use for a server with the <span><strong class="command">transfer-format</strong></span> option.
- If <span><strong class="command">transfer-format</strong></span> is not
- specified, the <span><strong class="command">transfer-format</strong></span>
+ to use for a server with the <span class="command"><strong>transfer-format</strong></span> option.
+ If <span class="command"><strong>transfer-format</strong></span> is not
+ specified, the <span class="command"><strong>transfer-format</strong></span>
specified
- by the <span><strong class="command">options</strong></span> statement will be
+ by the <span class="command"><strong>options</strong></span> statement will be
used.
</p>
-<p><span><strong class="command">transfers</strong></span>
+<p><span class="command"><strong>transfers</strong></span>
is used to limit the number of concurrent inbound zone
transfers from the specified server. If no
- <span><strong class="command">transfers</strong></span> clause is specified, the
+ <span class="command"><strong>transfers</strong></span> clause is specified, the
limit is set according to the
- <span><strong class="command">transfers-per-ns</strong></span> option.
+ <span class="command"><strong>transfers-per-ns</strong></span> option.
</p>
<p>
- The <span><strong class="command">keys</strong></span> clause identifies a
- <span><strong class="command">key_id</strong></span> defined by the <span><strong class="command">key</strong></span> statement,
- to be used for transaction security (TSIG, <a href="Bv9ARM.ch04.html#tsig" title="TSIG">the section called &#8220;TSIG&#8221;</a>)
+ The <span class="command"><strong>keys</strong></span> clause identifies a
+ <span class="command"><strong>key_id</strong></span> defined by the <span class="command"><strong>key</strong></span> statement,
+ to be used for transaction security (TSIG, <a class="xref" href="Bv9ARM.ch04.html#tsig" title="TSIG">the section called &#8220;TSIG&#8221;</a>)
when talking to the remote server.
When a request is sent to the remote server, a request signature
will be generated using the key specified here and appended to the
@@ -6783,63 +6856,63 @@ ns.domain.com.rpz-nsdname CNAME .
Only a single key per server is currently supported.
</p>
<p>
- The <span><strong class="command">transfer-source</strong></span> and
- <span><strong class="command">transfer-source-v6</strong></span> clauses specify
+ The <span class="command"><strong>transfer-source</strong></span> and
+ <span class="command"><strong>transfer-source-v6</strong></span> clauses specify
the IPv4 and IPv6 source
address to be used for zone transfer with the remote server,
respectively.
- For an IPv4 remote server, only <span><strong class="command">transfer-source</strong></span> can
+ For an IPv4 remote server, only <span class="command"><strong>transfer-source</strong></span> can
be specified.
Similarly, for an IPv6 remote server, only
- <span><strong class="command">transfer-source-v6</strong></span> can be
+ <span class="command"><strong>transfer-source-v6</strong></span> can be
specified.
For more details, see the description of
- <span><strong class="command">transfer-source</strong></span> and
- <span><strong class="command">transfer-source-v6</strong></span> in
- <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called &#8220;Zone Transfers&#8221;</a>.
+ <span class="command"><strong>transfer-source</strong></span> and
+ <span class="command"><strong>transfer-source-v6</strong></span> in
+ <a class="xref" href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called &#8220;Zone Transfers&#8221;</a>.
</p>
<p>
- The <span><strong class="command">notify-source</strong></span> and
- <span><strong class="command">notify-source-v6</strong></span> clauses specify the
+ The <span class="command"><strong>notify-source</strong></span> and
+ <span class="command"><strong>notify-source-v6</strong></span> clauses specify the
IPv4 and IPv6 source address to be used for notify
messages sent to remote servers, respectively. For an
- IPv4 remote server, only <span><strong class="command">notify-source</strong></span>
+ IPv4 remote server, only <span class="command"><strong>notify-source</strong></span>
can be specified. Similarly, for an IPv6 remote server,
- only <span><strong class="command">notify-source-v6</strong></span> can be specified.
+ only <span class="command"><strong>notify-source-v6</strong></span> can be specified.
</p>
<p>
- The <span><strong class="command">query-source</strong></span> and
- <span><strong class="command">query-source-v6</strong></span> clauses specify the
+ The <span class="command"><strong>query-source</strong></span> and
+ <span class="command"><strong>query-source-v6</strong></span> clauses specify the
IPv4 and IPv6 source address to be used for queries
sent to remote servers, respectively. For an IPv4
- remote server, only <span><strong class="command">query-source</strong></span> can
+ remote server, only <span class="command"><strong>query-source</strong></span> can
be specified. Similarly, for an IPv6 remote server,
- only <span><strong class="command">query-source-v6</strong></span> can be specified.
+ only <span class="command"><strong>query-source-v6</strong></span> can be specified.
</p>
<p>
- The <span><strong class="command">request-nsid</strong></span> clause determines
+ The <span class="command"><strong>request-nsid</strong></span> clause determines
whether the local server will add a NSID EDNS option
to requests sent to the server. This overrides
- <span><strong class="command">request-nsid</strong></span> set at the view or
+ <span class="command"><strong>request-nsid</strong></span> set at the view or
option level.
</p>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="statschannels"></a><span><strong class="command">statistics-channels</strong></span> Statement Grammar</h3></div></div></div>
-<pre class="programlisting"><span><strong class="command">statistics-channels</strong></span> {
+<a name="statschannels"></a><span class="command"><strong>statistics-channels</strong></span> Statement Grammar</h3></div></div></div>
+<pre class="programlisting"><span class="command"><strong>statistics-channels</strong></span> {
[ inet ( ip_addr | * ) [ port ip_port ]
[ allow { <em class="replaceable"><code> address_match_list </code></em> } ]; ]
[ inet ...; ]
};
</pre>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2590832"></a><span><strong class="command">statistics-channels</strong></span> Statement Definition and
+<a name="statistics_channels"></a><span class="command"><strong>statistics-channels</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p>
- The <span><strong class="command">statistics-channels</strong></span> statement
+ The <span class="command"><strong>statistics-channels</strong></span> statement
declares communication channels to be used by system
administrators to get access to statistics information of
the name server.
@@ -6849,46 +6922,46 @@ ns.domain.com.rpz-nsdname CNAME .
communication protocols in the future, but currently only
HTTP access is supported.
It requires that BIND 9 be compiled with libxml2;
- the <span><strong class="command">statistics-channels</strong></span> statement is
+ the <span class="command"><strong>statistics-channels</strong></span> statement is
still accepted even if it is built without the library,
but any HTTP access will fail with an error.
</p>
<p>
- An <span><strong class="command">inet</strong></span> control channel is a TCP socket
- listening at the specified <span><strong class="command">ip_port</strong></span> on the
- specified <span><strong class="command">ip_addr</strong></span>, which can be an IPv4 or IPv6
- address. An <span><strong class="command">ip_addr</strong></span> of <code class="literal">*</code> (asterisk) is
+ An <span class="command"><strong>inet</strong></span> control channel is a TCP socket
+ listening at the specified <span class="command"><strong>ip_port</strong></span> on the
+ specified <span class="command"><strong>ip_addr</strong></span>, which can be an IPv4 or IPv6
+ address. An <span class="command"><strong>ip_addr</strong></span> of <code class="literal">*</code> (asterisk) is
interpreted as the IPv4 wildcard address; connections will be
accepted on any of the system's IPv4 addresses.
To listen on the IPv6 wildcard address,
- use an <span><strong class="command">ip_addr</strong></span> of <code class="literal">::</code>.
+ use an <span class="command"><strong>ip_addr</strong></span> of <code class="literal">::</code>.
</p>
<p>
If no port is specified, port 80 is used for HTTP channels.
The asterisk "<code class="literal">*</code>" cannot be used for
- <span><strong class="command">ip_port</strong></span>.
+ <span class="command"><strong>ip_port</strong></span>.
</p>
<p>
The attempt of opening a statistics channel is
- restricted by the optional <span><strong class="command">allow</strong></span> clause.
+ restricted by the optional <span class="command"><strong>allow</strong></span> clause.
Connections to the statistics channel are permitted based on the
- <span><strong class="command">address_match_list</strong></span>.
- If no <span><strong class="command">allow</strong></span> clause is present,
- <span><strong class="command">named</strong></span> accepts connection
+ <span class="command"><strong>address_match_list</strong></span>.
+ If no <span class="command"><strong>allow</strong></span> clause is present,
+ <span class="command"><strong>named</strong></span> accepts connection
attempts from any address; since the statistics may
contain sensitive internal information, it is highly
recommended to restrict the source of connection requests
appropriately.
</p>
<p>
- If no <span><strong class="command">statistics-channels</strong></span> statement is present,
- <span><strong class="command">named</strong></span> will not open any communication channels.
+ If no <span class="command"><strong>statistics-channels</strong></span> statement is present,
+ <span class="command"><strong>named</strong></span> will not open any communication channels.
</p>
<p>
If the statistics channel is configured to listen on 127.0.0.1
port 8888, then the statistics are accessible in XML format at
- <a href="http://127.0.0.1:8888/" target="_top">http://127.0.0.1:8888/</a> or
- <a href="http://127.0.0.1:8888/xml" target="_top">http://127.0.0.1:8888/xml</a>. A CSS file is
+ <a class="link" href="http://127.0.0.1:8888/" target="_top">http://127.0.0.1:8888/</a> or
+ <a class="link" href="http://127.0.0.1:8888/xml" target="_top">http://127.0.0.1:8888/xml</a>. A CSS file is
included which can format the XML statistics into tables
when viewed with a stylesheet-capable browser. When
<acronym class="acronym">BIND</acronym> 9 is configured with --enable-newstats,
@@ -6901,30 +6974,30 @@ ns.domain.com.rpz-nsdname CNAME .
<p>
Applications that depend on a particular XML schema
can request
- <a href="http://127.0.0.1:8888/xml/v2" target="_top">http://127.0.0.1:8888/xml/v2</a> for version 2
+ <a class="link" href="http://127.0.0.1:8888/xml/v2" target="_top">http://127.0.0.1:8888/xml/v2</a> for version 2
of the statistics XML schema or
- <a href="http://127.0.0.1:8888/xml/v3" target="_top">http://127.0.0.1:8888/xml/v3</a> for version 3.
+ <a class="link" href="http://127.0.0.1:8888/xml/v3" target="_top">http://127.0.0.1:8888/xml/v3</a> for version 3.
If the requested schema is supported by the server, then
it will respond; if not, it will return a "page not found"
error.
</p>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="trusted-keys"></a><span><strong class="command">trusted-keys</strong></span> Statement Grammar</h3></div></div></div>
-<pre class="programlisting"><span><strong class="command">trusted-keys</strong></span> {
+<a name="trusted-keys"></a><span class="command"><strong>trusted-keys</strong></span> Statement Grammar</h3></div></div></div>
+<pre class="programlisting"><span class="command"><strong>trusted-keys</strong></span> {
<em class="replaceable"><code>string</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ;
[<span class="optional"> <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ; [<span class="optional">...</span>]</span>]
};
</pre>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2591139"></a><span><strong class="command">trusted-keys</strong></span> Statement Definition
+<a name="trusted_keys"></a><span class="command"><strong>trusted-keys</strong></span> Statement Definition
and Usage</h3></div></div></div>
<p>
- The <span><strong class="command">trusted-keys</strong></span> statement defines
- DNSSEC security roots. DNSSEC is described in <a href="Bv9ARM.ch04.html#DNSSEC" title="DNSSEC">the section called &#8220;DNSSEC&#8221;</a>. A security root is defined when the
+ The <span class="command"><strong>trusted-keys</strong></span> statement defines
+ DNSSEC security roots. DNSSEC is described in <a class="xref" href="Bv9ARM.ch04.html#DNSSEC" title="DNSSEC">the section called &#8220;DNSSEC&#8221;</a>. A security root is defined when the
public key for a non-authoritative zone is known, but
cannot be securely obtained through DNS, either because
it is the DNS root zone or because its parent zone is
@@ -6935,14 +7008,14 @@ ns.domain.com.rpz-nsdname CNAME .
</p>
<p>
All keys (and corresponding zones) listed in
- <span><strong class="command">trusted-keys</strong></span> are deemed to exist regardless
+ <span class="command"><strong>trusted-keys</strong></span> are deemed to exist regardless
of what parent zones say. Similarly for all keys listed in
- <span><strong class="command">trusted-keys</strong></span> only those keys are
+ <span class="command"><strong>trusted-keys</strong></span> only those keys are
used to validate the DNSKEY RRset. The parent's DS RRset
will not be used.
</p>
<p>
- The <span><strong class="command">trusted-keys</strong></span> statement can contain
+ The <span class="command"><strong>trusted-keys</strong></span> statement can contain
multiple key entries, each consisting of the key's
domain name, flags, protocol, algorithm, and the Base-64
representation of the key data.
@@ -6951,31 +7024,31 @@ ns.domain.com.rpz-nsdname CNAME .
multiple lines.
</p>
<p>
- <span><strong class="command">trusted-keys</strong></span> may be set at the top level
+ <span class="command"><strong>trusted-keys</strong></span> may be set at the top level
of <code class="filename">named.conf</code> or within a view. If it is
set in both places, they are additive: keys defined at the top
level are inherited by all views, but keys defined in a view
are only used within that view.
</p>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2591186"></a><span><strong class="command">managed-keys</strong></span> Statement Grammar</h3></div></div></div>
-<pre class="programlisting"><span><strong class="command">managed-keys</strong></span> {
+<a name="managed_keys"></a><span class="command"><strong>managed-keys</strong></span> Statement Grammar</h3></div></div></div>
+<pre class="programlisting"><span class="command"><strong>managed-keys</strong></span> {
<em class="replaceable"><code>name</code></em> initial-key <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key-data</code></em> ;
[<span class="optional"> <em class="replaceable"><code>name</code></em> initial-key <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key-data</code></em> ; [<span class="optional">...</span>]</span>]
};
</pre>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="managed-keys"></a><span><strong class="command">managed-keys</strong></span> Statement Definition
+<a name="managed-keys"></a><span class="command"><strong>managed-keys</strong></span> Statement Definition
and Usage</h3></div></div></div>
<p>
- The <span><strong class="command">managed-keys</strong></span> statement, like
- <span><strong class="command">trusted-keys</strong></span>, defines DNSSEC
+ The <span class="command"><strong>managed-keys</strong></span> statement, like
+ <span class="command"><strong>trusted-keys</strong></span>, defines DNSSEC
security roots. The difference is that
- <span><strong class="command">managed-keys</strong></span> can be kept up to date
+ <span class="command"><strong>managed-keys</strong></span> can be kept up to date
automatically, without intervention from the resolver
operator.
</p>
@@ -6983,76 +7056,76 @@ ns.domain.com.rpz-nsdname CNAME .
Suppose, for example, that a zone's key-signing
key was compromised, and the zone owner had to revoke and
replace the key. A resolver which had the old key in a
- <span><strong class="command">trusted-keys</strong></span> statement would be
+ <span class="command"><strong>trusted-keys</strong></span> statement would be
unable to validate this zone any longer; it would
reply with a SERVFAIL response code. This would
continue until the resolver operator had updated the
- <span><strong class="command">trusted-keys</strong></span> statement with the new key.
+ <span class="command"><strong>trusted-keys</strong></span> statement with the new key.
</p>
<p>
If, however, the zone were listed in a
- <span><strong class="command">managed-keys</strong></span> statement instead, then the
+ <span class="command"><strong>managed-keys</strong></span> statement instead, then the
zone owner could add a "stand-by" key to the zone in advance.
- <span><strong class="command">named</strong></span> would store the stand-by key, and
- when the original key was revoked, <span><strong class="command">named</strong></span>
+ <span class="command"><strong>named</strong></span> would store the stand-by key, and
+ when the original key was revoked, <span class="command"><strong>named</strong></span>
would be able to transition smoothly to the new key. It would
also recognize that the old key had been revoked, and cease
using that key to validate answers, minimizing the damage that
the compromised key could do.
</p>
<p>
- A <span><strong class="command">managed-keys</strong></span> statement contains a list of
+ A <span class="command"><strong>managed-keys</strong></span> statement contains a list of
the keys to be managed, along with information about how the
keys are to be initialized for the first time. The only
initialization method currently supported (as of
<acronym class="acronym">BIND</acronym> 9.7.0) is <code class="literal">initial-key</code>.
- This means the <span><strong class="command">managed-keys</strong></span> statement must
+ This means the <span class="command"><strong>managed-keys</strong></span> statement must
contain a copy of the initializing key. (Future releases may
allow keys to be initialized by other methods, eliminating this
requirement.)
</p>
<p>
- Consequently, a <span><strong class="command">managed-keys</strong></span> statement
- appears similar to a <span><strong class="command">trusted-keys</strong></span>, differing
+ Consequently, a <span class="command"><strong>managed-keys</strong></span> statement
+ appears similar to a <span class="command"><strong>trusted-keys</strong></span>, differing
in the presence of the second field, containing the keyword
<code class="literal">initial-key</code>. The difference is, whereas the
- keys listed in a <span><strong class="command">trusted-keys</strong></span> continue to be
+ keys listed in a <span class="command"><strong>trusted-keys</strong></span> continue to be
trusted until they are removed from
<code class="filename">named.conf</code>, an initializing key listed
- in a <span><strong class="command">managed-keys</strong></span> statement is only trusted
+ in a <span class="command"><strong>managed-keys</strong></span> statement is only trusted
<span class="emphasis"><em>once</em></span>: for as long as it takes to load the
managed key database and start the RFC 5011 key maintenance
process.
</p>
<p>
- The first time <span><strong class="command">named</strong></span> runs with a managed key
+ The first time <span class="command"><strong>named</strong></span> runs with a managed key
configured in <code class="filename">named.conf</code>, it fetches the
DNSKEY RRset directly from the zone apex, and validates it
- using the key specified in the <span><strong class="command">managed-keys</strong></span>
+ using the key specified in the <span class="command"><strong>managed-keys</strong></span>
statement. If the DNSKEY RRset is validly signed, then it is
used as the basis for a new managed keys database.
</p>
<p>
- From that point on, whenever <span><strong class="command">named</strong></span> runs, it
- sees the <span><strong class="command">managed-keys</strong></span> statement, checks to
+ From that point on, whenever <span class="command"><strong>named</strong></span> runs, it
+ sees the <span class="command"><strong>managed-keys</strong></span> statement, checks to
make sure RFC 5011 key maintenance has already been initialized
for the specified domain, and if so, it simply moves on. The
- key specified in the <span><strong class="command">managed-keys</strong></span> is not
+ key specified in the <span class="command"><strong>managed-keys</strong></span> is not
used to validate answers; it has been superseded by the key or
keys stored in the managed keys database.
</p>
<p>
- The next time <span><strong class="command">named</strong></span> runs after a name
+ The next time <span class="command"><strong>named</strong></span> runs after a name
has been <span class="emphasis"><em>removed</em></span> from the
- <span><strong class="command">managed-keys</strong></span> statement, the corresponding
+ <span class="command"><strong>managed-keys</strong></span> statement, the corresponding
zone will be removed from the managed keys database,
and RFC 5011 key maintenance will no longer be used for that
domain.
</p>
<p>
- <span><strong class="command">named</strong></span> only maintains a single managed keys
- database; consequently, unlike <span><strong class="command">trusted-keys</strong></span>,
- <span><strong class="command">managed-keys</strong></span> may only be set at the top
+ <span class="command"><strong>named</strong></span> only maintains a single managed keys
+ database; consequently, unlike <span class="command"><strong>trusted-keys</strong></span>,
+ <span class="command"><strong>managed-keys</strong></span> may only be set at the top
level of <code class="filename">named.conf</code>, not within a view.
</p>
<p>
@@ -7064,29 +7137,29 @@ ns.domain.com.rpz-nsdname CNAME .
<code class="filename">managed-keys.bind.jnl</code>. They are committed
to the master file as soon as possible afterward; in the case
of the managed key database, this will usually occur within 30
- seconds. So, whenever <span><strong class="command">named</strong></span> is using
+ seconds. So, whenever <span class="command"><strong>named</strong></span> is using
automatic key maintenance, those two files can be expected to
exist in the working directory. (For this reason among others,
the working directory should be always be writable by
- <span><strong class="command">named</strong></span>.)
+ <span class="command"><strong>named</strong></span>.)
</p>
<p>
- If the <span><strong class="command">dnssec-validation</strong></span> option is
- set to <strong class="userinput"><code>auto</code></strong>, <span><strong class="command">named</strong></span>
+ If the <span class="command"><strong>dnssec-validation</strong></span> option is
+ set to <strong class="userinput"><code>auto</code></strong>, <span class="command"><strong>named</strong></span>
will automatically initialize a managed key for the
- root zone. Similarly, if the <span><strong class="command">dnssec-lookaside</strong></span>
+ root zone. Similarly, if the <span class="command"><strong>dnssec-lookaside</strong></span>
option is set to <strong class="userinput"><code>auto</code></strong>,
- <span><strong class="command">named</strong></span> will automatically initialize
+ <span class="command"><strong>named</strong></span> will automatically initialize
a managed key for the zone <code class="literal">dlv.isc.org</code>.
In both cases, the key that is used to initialize the key
- maintenance process is built into <span><strong class="command">named</strong></span>,
- and can be overridden from <span><strong class="command">bindkeys-file</strong></span>.
+ maintenance process is built into <span class="command"><strong>named</strong></span>,
+ and can be overridden from <span class="command"><strong>bindkeys-file</strong></span>.
</p>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="view_statement_grammar"></a><span><strong class="command">view</strong></span> Statement Grammar</h3></div></div></div>
-<pre class="programlisting"><span><strong class="command">view</strong></span> <em class="replaceable"><code>view_name</code></em>
+<a name="view_statement_grammar"></a><span class="command"><strong>view</strong></span> Statement Grammar</h3></div></div></div>
+<pre class="programlisting"><span class="command"><strong>view</strong></span> <em class="replaceable"><code>view_name</code></em>
[<span class="optional"><em class="replaceable"><code>class</code></em></span>] {
match-clients { <em class="replaceable"><code>address_match_list</code></em> };
match-destinations { <em class="replaceable"><code>address_match_list</code></em> };
@@ -7096,11 +7169,11 @@ ns.domain.com.rpz-nsdname CNAME .
};
</pre>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2591553"></a><span><strong class="command">view</strong></span> Statement Definition and Usage</h3></div></div></div>
+<a name="view_statement"></a><span class="command"><strong>view</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>
- The <span><strong class="command">view</strong></span> statement is a powerful
+ The <span class="command"><strong>view</strong></span> statement is a powerful
feature
of <acronym class="acronym">BIND</acronym> 9 that lets a name server
answer a DNS query differently
@@ -7109,54 +7182,54 @@ ns.domain.com.rpz-nsdname CNAME .
split DNS setups without having to run multiple servers.
</p>
<p>
- Each <span><strong class="command">view</strong></span> statement defines a view
+ Each <span class="command"><strong>view</strong></span> statement defines a view
of the
DNS namespace that will be seen by a subset of clients. A client
matches
a view if its source IP address matches the
<code class="varname">address_match_list</code> of the view's
- <span><strong class="command">match-clients</strong></span> clause and its
+ <span class="command"><strong>match-clients</strong></span> clause and its
destination IP address matches
the <code class="varname">address_match_list</code> of the
view's
- <span><strong class="command">match-destinations</strong></span> clause. If not
+ <span class="command"><strong>match-destinations</strong></span> clause. If not
specified, both
- <span><strong class="command">match-clients</strong></span> and <span><strong class="command">match-destinations</strong></span>
+ <span class="command"><strong>match-clients</strong></span> and <span class="command"><strong>match-destinations</strong></span>
default to matching all addresses. In addition to checking IP
addresses
- <span><strong class="command">match-clients</strong></span> and <span><strong class="command">match-destinations</strong></span>
- can also take <span><strong class="command">keys</strong></span> which provide an
+ <span class="command"><strong>match-clients</strong></span> and <span class="command"><strong>match-destinations</strong></span>
+ can also take <span class="command"><strong>keys</strong></span> which provide an
mechanism for the
client to select the view. A view can also be specified
- as <span><strong class="command">match-recursive-only</strong></span>, which
+ as <span class="command"><strong>match-recursive-only</strong></span>, which
means that only recursive
requests from matching clients will match that view.
- The order of the <span><strong class="command">view</strong></span> statements is
+ The order of the <span class="command"><strong>view</strong></span> statements is
significant &#8212;
a client request will be resolved in the context of the first
- <span><strong class="command">view</strong></span> that it matches.
+ <span class="command"><strong>view</strong></span> that it matches.
</p>
<p>
- Zones defined within a <span><strong class="command">view</strong></span>
+ Zones defined within a <span class="command"><strong>view</strong></span>
statement will
- only be accessible to clients that match the <span><strong class="command">view</strong></span>.
+ only be accessible to clients that match the <span class="command"><strong>view</strong></span>.
By defining a zone of the same name in multiple views, different
zone data can be given to different clients, for example,
"internal"
and "external" clients in a split DNS setup.
</p>
<p>
- Many of the options given in the <span><strong class="command">options</strong></span> statement
- can also be used within a <span><strong class="command">view</strong></span>
+ Many of the options given in the <span class="command"><strong>options</strong></span> statement
+ can also be used within a <span class="command"><strong>view</strong></span>
statement, and then
apply only when resolving queries with that view. When no
view-specific
- value is given, the value in the <span><strong class="command">options</strong></span> statement
+ value is given, the value in the <span class="command"><strong>options</strong></span> statement
is used as a default. Also, zone options can have default values
specified
- in the <span><strong class="command">view</strong></span> statement; these
+ in the <span class="command"><strong>view</strong></span> statement; these
view-specific defaults
- take precedence over those in the <span><strong class="command">options</strong></span> statement.
+ take precedence over those in the <span class="command"><strong>options</strong></span> statement.
</p>
<p>
Views are class specific. If no class is given, class IN
@@ -7164,24 +7237,24 @@ ns.domain.com.rpz-nsdname CNAME .
since only the IN class has compiled-in default hints.
</p>
<p>
- If there are no <span><strong class="command">view</strong></span> statements in
+ If there are no <span class="command"><strong>view</strong></span> statements in
the config
file, a default view that matches any client is automatically
created
- in class IN. Any <span><strong class="command">zone</strong></span> statements
+ in class IN. Any <span class="command"><strong>zone</strong></span> statements
specified on
the top level of the configuration file are considered to be part
of
- this default view, and the <span><strong class="command">options</strong></span>
+ this default view, and the <span class="command"><strong>options</strong></span>
statement will
- apply to the default view. If any explicit <span><strong class="command">view</strong></span>
- statements are present, all <span><strong class="command">zone</strong></span>
+ apply to the default view. If any explicit <span class="command"><strong>view</strong></span>
+ statements are present, all <span class="command"><strong>zone</strong></span>
statements must
- occur inside <span><strong class="command">view</strong></span> statements.
+ occur inside <span class="command"><strong>view</strong></span> statements.
</p>
<p>
Here is an example of a typical split DNS setup implemented
- using <span><strong class="command">view</strong></span> statements:
+ using <span class="command"><strong>view</strong></span> statements:
</p>
<pre class="programlisting">view "internal" {
// This should match our internal networks.
@@ -7216,11 +7289,11 @@ view "external" {
};
</pre>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="zone_statement_grammar"></a><span><strong class="command">zone</strong></span>
+<a name="zone_statement_grammar"></a><span class="command"><strong>zone</strong></span>
Statement Grammar</h3></div></div></div>
-<pre class="programlisting"><span><strong class="command">zone</strong></span> <em class="replaceable"><code>zone_name</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em></span>] {
+<pre class="programlisting"><span class="command"><strong>zone</strong></span> <em class="replaceable"><code>zone_name</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em></span>] {
type master;
[<span class="optional"> allow-query { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-query-on { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
@@ -7230,8 +7303,6 @@ view "external" {
[<span class="optional"> dnssec-dnskey-kskonly <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> dnssec-loadkeys-interval <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> update-policy <em class="replaceable"><code>local</code></em> | { <em class="replaceable"><code>update_policy_rule</code></em> [<span class="optional">...</span>] }; </span>]
- [<span class="optional"> also-notify { <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ;
- [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; ... </span>] }; </span>]
[<span class="optional"> check-names (<code class="constant">warn</code>|<code class="constant">fail</code>|<code class="constant">ignore</code>) ; </span>]
[<span class="optional"> check-mx (<code class="constant">warn</code>|<code class="constant">fail</code>|<code class="constant">ignore</code>) ; </span>]
[<span class="optional"> check-wildcard <em class="replaceable"><code>yes_or_no</code></em>; </span>]
@@ -7371,7 +7442,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
[<span class="optional"> alt-transfer-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>)
[<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; </span>]
[<span class="optional"> use-alt-transfer-source <em class="replaceable"><code>yes_or_no</code></em>; </span>]
- [<span class="optional"> zone-statistics <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
+ [<span class="optional"> zone-statistics <em class="replaceable"><code>full</code></em> | <em class="replaceable"><code>terse</code></em> | <em class="replaceable"><code>none</code></em>; </span>]
[<span class="optional"> database <em class="replaceable"><code>string</code></em> ; </span>]
[<span class="optional"> min-refresh-time <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-refresh-time <em class="replaceable"><code>number</code></em> ; </span>]
@@ -7385,7 +7456,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
[<span class="optional"> allow-query { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> server-addresses { [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> ; ... </span>] }; </span>]
[<span class="optional"> server-names { [<span class="optional"> <em class="replaceable"><code>namelist</code></em> </span>] }; </span>]
- [<span class="optional"> zone-statistics <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
+ [<span class="optional"> zone-statistics <em class="replaceable"><code>full</code></em> | <em class="replaceable"><code>terse</code></em> | <em class="replaceable"><code>none</code></em>; </span>]
};
zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em></span>] {
@@ -7408,16 +7479,25 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</pre>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2593398"></a><span><strong class="command">zone</strong></span> Statement Definition and Usage</h3></div></div></div>
-<div class="sect3" lang="en">
+<a name="zone_statement"></a><span class="command"><strong>zone</strong></span> Statement Definition and Usage</h3></div></div></div>
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2593405"></a>Zone Types</h4></div></div></div>
+<a name="zone_types"></a>Zone Types</h4></div></div></div>
+<p>
+ The <span class="command"><strong>type</strong></span> keyword is required
+ for the <span class="command"><strong>zone</strong></span> configuration. Its
+ acceptable values include: <code class="varname">delegation-only</code>,
+ <code class="varname">forward</code>, <code class="varname">hint</code>,
+ <code class="varname">master</code>, <code class="varname">redirect</code>,
+ <code class="varname">slave</code>, <code class="varname">static-stub</code>,
+ and <code class="varname">stub</code>.
+ </p>
<div class="informaltable"><table border="1">
<colgroup>
-<col>
-<col>
+<col class="1">
+<col width="4.017in" class="2">
</colgroup>
<tbody>
<tr>
@@ -7444,7 +7524,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
<td>
<p>
A slave zone is a replica of a master
- zone. The <span><strong class="command">masters</strong></span> list
+ zone. The <span class="command"><strong>masters</strong></span> list
specifies one or more IP addresses
of master servers that the slave contacts to update
its copy of the zone.
@@ -7559,14 +7639,14 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</p>
<p>
Zone data is configured via the
- <span><strong class="command">server-addresses</strong></span> and
- <span><strong class="command">server-names</strong></span> zone options.
+ <span class="command"><strong>server-addresses</strong></span> and
+ <span class="command"><strong>server-names</strong></span> zone options.
</p>
<p>
The zone data is maintained in the form of NS
and (if necessary) glue A or AAAA RRs
internally, which can be seen by dumping zone
- databases by <span><strong class="command">rndc dumpdb -all</strong></span>.
+ databases by <span class="command"><strong>rndc dumpdb -all</strong></span>.
The configured RRs are considered local configuration
parameters rather than public data.
Non recursive queries (i.e., those with the RD
@@ -7597,22 +7677,22 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
<td>
<p>
A "forward zone" is a way to configure
- forwarding on a per-domain basis. A <span><strong class="command">zone</strong></span> statement
- of type <span><strong class="command">forward</strong></span> can
- contain a <span><strong class="command">forward</strong></span>
- and/or <span><strong class="command">forwarders</strong></span>
+ forwarding on a per-domain basis. A <span class="command"><strong>zone</strong></span> statement
+ of type <span class="command"><strong>forward</strong></span> can
+ contain a <span class="command"><strong>forward</strong></span>
+ and/or <span class="command"><strong>forwarders</strong></span>
statement,
which will apply to queries within the domain given by
the zone
- name. If no <span><strong class="command">forwarders</strong></span>
+ name. If no <span class="command"><strong>forwarders</strong></span>
statement is present or
- an empty list for <span><strong class="command">forwarders</strong></span> is given, then no
+ an empty list for <span class="command"><strong>forwarders</strong></span> is given, then no
forwarding will be done for the domain, canceling the
effects of
- any forwarders in the <span><strong class="command">options</strong></span> statement. Thus
+ any forwarders in the <span class="command"><strong>options</strong></span> statement. Thus
if you want to use this type of zone to change the
behavior of the
- global <span><strong class="command">forward</strong></span> option
+ global <span class="command"><strong>forward</strong></span> option
(that is, "forward first"
to, then "forward only", or vice versa, but want to
use the same
@@ -7654,7 +7734,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
queries when normal resolution would result in
NXDOMAIN being returned.
Only one redirect zone is supported
- per view. <span><strong class="command">allow-query</strong></span> can be
+ per view. <span class="command"><strong>allow-query</strong></span> can be
used to restrict which clients see these answers.
</p>
<p>
@@ -7691,10 +7771,10 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
zone lookup table with normal master and slave
zones. Consequently, it is not currently possible
to use
- <span><strong class="command">rndc reload
+ <span class="command"><strong>rndc reload
<em class="replaceable"><code>zonename</code></em></strong></span>
to reload a redirect zone. However, when using
- <span><strong class="command">rndc reload</strong></span> without specifying
+ <span class="command"><strong>rndc reload</strong></span> without specifying
a zone name, redirect zones will be reloaded along
with other zones.
</p>
@@ -7722,16 +7802,16 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
effect on answers received from forwarders.
</p>
<p>
- See caveats in <a href="Bv9ARM.ch06.html#root_delegation_only"><span><strong class="command">root-delegation-only</strong></span></a>.
+ See caveats in <a class="xref" href="Bv9ARM.ch06.html#root_delegation_only"><span class="command"><strong>root-delegation-only</strong></span></a>.
</p>
</td>
</tr>
</tbody>
</table></div>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2594150"></a>Class</h4></div></div></div>
+<a name="class"></a>Class</h4></div></div></div>
<p>
The zone's name may optionally be followed by a class. If
a class is not specified, class <code class="literal">IN</code> (for <code class="varname">Internet</code>),
@@ -7751,48 +7831,48 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
in the mid-1970s. Zone data for it can be specified with the <code class="literal">CHAOS</code> class.
</p>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2594183"></a>Zone Options</h4></div></div></div>
-<div class="variablelist"><dl>
-<dt><span class="term"><span><strong class="command">allow-notify</strong></span></span></dt>
+<a name="zone_options"></a>Zone Options</h4></div></div></div>
+<div class="variablelist"><dl class="variablelist">
+<dt><span class="term"><span class="command"><strong>allow-notify</strong></span></span></dt>
<dd><p>
See the description of
- <span><strong class="command">allow-notify</strong></span> in <a href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called &#8220;Access Control&#8221;</a>.
+ <span class="command"><strong>allow-notify</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called &#8220;Access Control&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">allow-query</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>allow-query</strong></span></span></dt>
<dd><p>
See the description of
- <span><strong class="command">allow-query</strong></span> in <a href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called &#8220;Access Control&#8221;</a>.
+ <span class="command"><strong>allow-query</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called &#8220;Access Control&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">allow-query-on</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>allow-query-on</strong></span></span></dt>
<dd><p>
See the description of
- <span><strong class="command">allow-query-on</strong></span> in <a href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called &#8220;Access Control&#8221;</a>.
+ <span class="command"><strong>allow-query-on</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called &#8220;Access Control&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">allow-transfer</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>allow-transfer</strong></span></span></dt>
<dd><p>
- See the description of <span><strong class="command">allow-transfer</strong></span>
- in <a href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called &#8220;Access Control&#8221;</a>.
+ See the description of <span class="command"><strong>allow-transfer</strong></span>
+ in <a class="xref" href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called &#8220;Access Control&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">allow-update</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>allow-update</strong></span></span></dt>
<dd><p>
- See the description of <span><strong class="command">allow-update</strong></span>
- in <a href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called &#8220;Access Control&#8221;</a>.
+ See the description of <span class="command"><strong>allow-update</strong></span>
+ in <a class="xref" href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called &#8220;Access Control&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">update-policy</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>update-policy</strong></span></span></dt>
<dd><p>
Specifies a "Simple Secure Update" policy. See
- <a href="Bv9ARM.ch06.html#dynamic_update_policies" title="Dynamic Update Policies">the section called &#8220;Dynamic Update Policies&#8221;</a>.
+ <a class="xref" href="Bv9ARM.ch06.html#dynamic_update_policies" title="Dynamic Update Policies">the section called &#8220;Dynamic Update Policies&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">allow-update-forwarding</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>allow-update-forwarding</strong></span></span></dt>
<dd><p>
- See the description of <span><strong class="command">allow-update-forwarding</strong></span>
- in <a href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called &#8220;Access Control&#8221;</a>.
+ See the description of <span class="command"><strong>allow-update-forwarding</strong></span>
+ in <a class="xref" href="Bv9ARM.ch06.html#access_control" title="Access Control">the section called &#8220;Access Control&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">also-notify</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>also-notify</strong></span></span></dt>
<dd><p>
- Only meaningful if <span><strong class="command">notify</strong></span>
+ Only meaningful if <span class="command"><strong>notify</strong></span>
is
active for this zone. The set of machines that will
receive a
@@ -7801,85 +7881,90 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
(other than
the primary master) for the zone plus any IP addresses
specified
- with <span><strong class="command">also-notify</strong></span>. A port
+ with <span class="command"><strong>also-notify</strong></span>. A port
may be specified
- with each <span><strong class="command">also-notify</strong></span>
+ with each <span class="command"><strong>also-notify</strong></span>
address to send the notify
messages to a port other than the default of 53.
A TSIG key may also be specified to cause the
<code class="literal">NOTIFY</code> to be signed by the
given key.
- <span><strong class="command">also-notify</strong></span> is not
+ <span class="command"><strong>also-notify</strong></span> is not
meaningful for stub zones.
The default is the empty list.
</p></dd>
-<dt><span class="term"><span><strong class="command">check-names</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>check-names</strong></span></span></dt>
<dd><p>
This option is used to restrict the character set and
syntax of
certain domain names in master files and/or DNS responses
received from the
- network. The default varies according to zone type. For <span><strong class="command">master</strong></span> zones the default is <span><strong class="command">fail</strong></span>. For <span><strong class="command">slave</strong></span>
- zones the default is <span><strong class="command">warn</strong></span>.
- It is not implemented for <span><strong class="command">hint</strong></span> zones.
+ network. The default varies according to zone type. For <span class="command"><strong>master</strong></span> zones the default is <span class="command"><strong>fail</strong></span>. For <span class="command"><strong>slave</strong></span>
+ zones the default is <span class="command"><strong>warn</strong></span>.
+ It is not implemented for <span class="command"><strong>hint</strong></span> zones.
</p></dd>
-<dt><span class="term"><span><strong class="command">check-mx</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>check-mx</strong></span></span></dt>
<dd><p>
See the description of
- <span><strong class="command">check-mx</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called &#8220;Boolean Options&#8221;</a>.
+ <span class="command"><strong>check-mx</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called &#8220;Boolean Options&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">check-spf</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>check-spf</strong></span></span></dt>
<dd><p>
See the description of
- <span><strong class="command">check-spf</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called &#8220;Boolean Options&#8221;</a>.
+ <span class="command"><strong>check-spf</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called &#8220;Boolean Options&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">check-wildcard</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>check-wildcard</strong></span></span></dt>
<dd><p>
See the description of
- <span><strong class="command">check-wildcard</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called &#8220;Boolean Options&#8221;</a>.
+ <span class="command"><strong>check-wildcard</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called &#8220;Boolean Options&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">check-integrity</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>check-integrity</strong></span></span></dt>
<dd><p>
See the description of
- <span><strong class="command">check-integrity</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called &#8220;Boolean Options&#8221;</a>.
+ <span class="command"><strong>check-integrity</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called &#8220;Boolean Options&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">check-sibling</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>check-sibling</strong></span></span></dt>
<dd><p>
See the description of
- <span><strong class="command">check-sibling</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called &#8220;Boolean Options&#8221;</a>.
+ <span class="command"><strong>check-sibling</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called &#8220;Boolean Options&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">zero-no-soa-ttl</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>zero-no-soa-ttl</strong></span></span></dt>
<dd><p>
See the description of
- <span><strong class="command">zero-no-soa-ttl</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called &#8220;Boolean Options&#8221;</a>.
+ <span class="command"><strong>zero-no-soa-ttl</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called &#8220;Boolean Options&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">update-check-ksk</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>update-check-ksk</strong></span></span></dt>
<dd><p>
See the description of
- <span><strong class="command">update-check-ksk</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called &#8220;Boolean Options&#8221;</a>.
+ <span class="command"><strong>update-check-ksk</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called &#8220;Boolean Options&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">dnssec-update-mode</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>dnssec-loadkeys-interval</strong></span></span></dt>
<dd><p>
See the description of
- <span><strong class="command">dnssec-update-mode</strong></span> in <a href="Bv9ARM.ch06.html#options" title="options Statement Definition and
- Usage">the section called &#8220;<span><strong class="command">options</strong></span> Statement Definition and
+ <span class="command"><strong>dnssec-loadkeys-interval</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#options" title="options Statement Definition and Usage">the section called &#8220;<span class="command"><strong>options</strong></span> Statement Definition and
Usage&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">dnssec-dnskey-kskonly</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>dnssec-update-mode</strong></span></span></dt>
<dd><p>
See the description of
- <span><strong class="command">dnssec-dnskey-kskonly</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called &#8220;Boolean Options&#8221;</a>.
+ <span class="command"><strong>dnssec-update-mode</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#options" title="options Statement Definition and Usage">the section called &#8220;<span class="command"><strong>options</strong></span> Statement Definition and
+ Usage&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">try-tcp-refresh</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>dnssec-dnskey-kskonly</strong></span></span></dt>
<dd><p>
See the description of
- <span><strong class="command">try-tcp-refresh</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called &#8220;Boolean Options&#8221;</a>.
+ <span class="command"><strong>dnssec-dnskey-kskonly</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called &#8220;Boolean Options&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">database</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>try-tcp-refresh</strong></span></span></dt>
+<dd><p>
+ See the description of
+ <span class="command"><strong>try-tcp-refresh</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called &#8220;Boolean Options&#8221;</a>.
+ </p></dd>
+<dt><span class="term"><span class="command"><strong>database</strong></span></span></dt>
<dd>
<p>
Specify the type of database to be used for storing the
- zone data. The string following the <span><strong class="command">database</strong></span> keyword
+ zone data. The string following the <span class="command"><strong>database</strong></span> keyword
is interpreted as a list of whitespace-delimited words.
The first word
identifies the database type, and any subsequent words are
@@ -7901,12 +7986,12 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
with the distribution but none are linked in by default.
</p>
</dd>
-<dt><span class="term"><span><strong class="command">dialup</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>dialup</strong></span></span></dt>
<dd><p>
See the description of
- <span><strong class="command">dialup</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called &#8220;Boolean Options&#8221;</a>.
+ <span class="command"><strong>dialup</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called &#8220;Boolean Options&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">delegation-only</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>delegation-only</strong></span></span></dt>
<dd>
<p>
The flag only applies to forward, hint and stub
@@ -7915,25 +8000,25 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
also a delegation-only type zone.
</p>
<p>
- See caveats in <a href="Bv9ARM.ch06.html#root_delegation_only"><span><strong class="command">root-delegation-only</strong></span></a>.
+ See caveats in <a class="xref" href="Bv9ARM.ch06.html#root_delegation_only"><span class="command"><strong>root-delegation-only</strong></span></a>.
</p>
</dd>
-<dt><span class="term"><span><strong class="command">forward</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>forward</strong></span></span></dt>
<dd><p>
Only meaningful if the zone has a forwarders
- list. The <span><strong class="command">only</strong></span> value causes
+ list. The <span class="command"><strong>only</strong></span> value causes
the lookup to fail
- after trying the forwarders and getting no answer, while <span><strong class="command">first</strong></span> would
+ after trying the forwarders and getting no answer, while <span class="command"><strong>first</strong></span> would
allow a normal lookup to be tried.
</p></dd>
-<dt><span class="term"><span><strong class="command">forwarders</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>forwarders</strong></span></span></dt>
<dd><p>
Used to override the list of global forwarders.
- If it is not specified in a zone of type <span><strong class="command">forward</strong></span>,
+ If it is not specified in a zone of type <span class="command"><strong>forward</strong></span>,
no forwarding is done for the zone and the global options are
not used.
</p></dd>
-<dt><span class="term"><span><strong class="command">ixfr-base</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>ixfr-base</strong></span></span></dt>
<dd><p>
Was used in <acronym class="acronym">BIND</acronym> 8 to
specify the name
@@ -7945,59 +8030,59 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
to the name of the
zone file.
</p></dd>
-<dt><span class="term"><span><strong class="command">ixfr-tmp-file</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>ixfr-tmp-file</strong></span></span></dt>
<dd><p>
Was an undocumented option in <acronym class="acronym">BIND</acronym> 8.
Ignored in <acronym class="acronym">BIND</acronym> 9.
</p></dd>
-<dt><span class="term"><span><strong class="command">journal</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>journal</strong></span></span></dt>
<dd><p>
Allow the default journal's filename to be overridden.
The default is the zone's filename with "<code class="filename">.jnl</code>" appended.
- This is applicable to <span><strong class="command">master</strong></span> and <span><strong class="command">slave</strong></span> zones.
+ This is applicable to <span class="command"><strong>master</strong></span> and <span class="command"><strong>slave</strong></span> zones.
</p></dd>
-<dt><span class="term"><span><strong class="command">max-journal-size</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>max-journal-size</strong></span></span></dt>
<dd><p>
See the description of
- <span><strong class="command">max-journal-size</strong></span> in <a href="Bv9ARM.ch06.html#server_resource_limits" title="Server Resource Limits">the section called &#8220;Server Resource Limits&#8221;</a>.
+ <span class="command"><strong>max-journal-size</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#server_resource_limits" title="Server Resource Limits">the section called &#8220;Server Resource Limits&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">max-transfer-time-in</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>max-transfer-time-in</strong></span></span></dt>
<dd><p>
See the description of
- <span><strong class="command">max-transfer-time-in</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called &#8220;Zone Transfers&#8221;</a>.
+ <span class="command"><strong>max-transfer-time-in</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called &#8220;Zone Transfers&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">max-transfer-idle-in</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>max-transfer-idle-in</strong></span></span></dt>
<dd><p>
See the description of
- <span><strong class="command">max-transfer-idle-in</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called &#8220;Zone Transfers&#8221;</a>.
+ <span class="command"><strong>max-transfer-idle-in</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called &#8220;Zone Transfers&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">max-transfer-time-out</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>max-transfer-time-out</strong></span></span></dt>
<dd><p>
See the description of
- <span><strong class="command">max-transfer-time-out</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called &#8220;Zone Transfers&#8221;</a>.
+ <span class="command"><strong>max-transfer-time-out</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called &#8220;Zone Transfers&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">max-transfer-idle-out</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>max-transfer-idle-out</strong></span></span></dt>
<dd><p>
See the description of
- <span><strong class="command">max-transfer-idle-out</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called &#8220;Zone Transfers&#8221;</a>.
+ <span class="command"><strong>max-transfer-idle-out</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called &#8220;Zone Transfers&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">notify</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>notify</strong></span></span></dt>
<dd><p>
See the description of
- <span><strong class="command">notify</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called &#8220;Boolean Options&#8221;</a>.
+ <span class="command"><strong>notify</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called &#8220;Boolean Options&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">notify-delay</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>notify-delay</strong></span></span></dt>
<dd><p>
See the description of
- <span><strong class="command">notify-delay</strong></span> in <a href="Bv9ARM.ch06.html#tuning" title="Tuning">the section called &#8220;Tuning&#8221;</a>.
+ <span class="command"><strong>notify-delay</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#tuning" title="Tuning">the section called &#8220;Tuning&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">notify-to-soa</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>notify-to-soa</strong></span></span></dt>
<dd><p>
See the description of
- <span><strong class="command">notify-to-soa</strong></span> in
- <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called &#8220;Boolean Options&#8221;</a>.
+ <span class="command"><strong>notify-to-soa</strong></span> in
+ <a class="xref" href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called &#8220;Boolean Options&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">pubkey</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>pubkey</strong></span></span></dt>
<dd><p>
In <acronym class="acronym">BIND</acronym> 8, this option was
intended for specifying
@@ -8006,15 +8091,14 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
zones when they are loaded from disk. <acronym class="acronym">BIND</acronym> 9 does not verify signatures
on load and ignores the option.
</p></dd>
-<dt><span class="term"><span><strong class="command">zone-statistics</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>zone-statistics</strong></span></span></dt>
<dd><p>
- If <strong class="userinput"><code>yes</code></strong>, the server will keep
- statistical
- information for this zone, which can be dumped to the
- <span><strong class="command">statistics-file</strong></span> defined in
- the server options.
+ See the description of
+ <span class="command"><strong>zone-statistics</strong></span> in
+ <a class="xref" href="Bv9ARM.ch06.html#options" title="options Statement Definition and Usage">the section called &#8220;<span class="command"><strong>options</strong></span> Statement Definition and
+ Usage&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">server-addresses</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>server-addresses</strong></span></span></dt>
<dd>
<p>
Only meaningful for static-stub zones.
@@ -8028,7 +8112,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
<p>
For example, if "example.com" is configured as a
static-stub zone with 192.0.2.1 and 2001:db8::1234
- in a <span><strong class="command">server-addresses</strong></span> option,
+ in a <span class="command"><strong>server-addresses</strong></span> option,
the following RRs will be internally configured.
</p>
<pre class="programlisting">example.com. NS example.com.
@@ -8043,7 +8127,7 @@ example.com. AAAA 2001:db8::1234</pre>
queries to 192.0.2.1 and/or 2001:db8::1234.
</p>
</dd>
-<dt><span class="term"><span><strong class="command">server-names</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>server-names</strong></span></span></dt>
<dd>
<p>
Only meaningful for static-stub zones.
@@ -8051,7 +8135,7 @@ example.com. AAAA 2001:db8::1234</pre>
act as authoritative servers of the static-stub
zone.
These names will be resolved to IP addresses when
- <span><strong class="command">named</strong></span> needs to send queries to
+ <span class="command"><strong>named</strong></span> needs to send queries to
these servers.
To make this supplemental resolution successful,
these names must not be a subdomain of the origin
@@ -8059,7 +8143,7 @@ example.com. AAAA 2001:db8::1234</pre>
That is, when "example.net" is the origin of a
static-stub zone, "ns.example" and
"master.example.com" can be specified in the
- <span><strong class="command">server-names</strong></span> option, but
+ <span class="command"><strong>server-names</strong></span> option, but
"ns.example.net" cannot, and will be rejected by
the configuration parser.
</p>
@@ -8069,7 +8153,7 @@ example.com. AAAA 2001:db8::1234</pre>
For example, if "example.com" is configured as a
static-stub zone with "ns1.example.net" and
"ns2.example.net"
- in a <span><strong class="command">server-names</strong></span> option,
+ in a <span class="command"><strong>server-names</strong></span> option,
the following RRs will be internally configured.
</p>
<pre class="programlisting">example.com. NS ns1.example.net.
@@ -8086,146 +8170,97 @@ example.com. NS ns2.example.net.
queries to (one or more of) these addresses.
</p>
</dd>
-<dt><span class="term"><span><strong class="command">sig-validity-interval</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>sig-validity-interval</strong></span></span></dt>
<dd><p>
See the description of
- <span><strong class="command">sig-validity-interval</strong></span> in <a href="Bv9ARM.ch06.html#tuning" title="Tuning">the section called &#8220;Tuning&#8221;</a>.
+ <span class="command"><strong>sig-validity-interval</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#tuning" title="Tuning">the section called &#8220;Tuning&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">sig-signing-nodes</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>sig-signing-nodes</strong></span></span></dt>
<dd><p>
See the description of
- <span><strong class="command">sig-signing-nodes</strong></span> in <a href="Bv9ARM.ch06.html#tuning" title="Tuning">the section called &#8220;Tuning&#8221;</a>.
+ <span class="command"><strong>sig-signing-nodes</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#tuning" title="Tuning">the section called &#8220;Tuning&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">sig-signing-signatures</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>sig-signing-signatures</strong></span></span></dt>
<dd><p>
See the description of
- <span><strong class="command">sig-signing-signatures</strong></span> in <a href="Bv9ARM.ch06.html#tuning" title="Tuning">the section called &#8220;Tuning&#8221;</a>.
+ <span class="command"><strong>sig-signing-signatures</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#tuning" title="Tuning">the section called &#8220;Tuning&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">sig-signing-type</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>sig-signing-type</strong></span></span></dt>
<dd><p>
See the description of
- <span><strong class="command">sig-signing-type</strong></span> in <a href="Bv9ARM.ch06.html#tuning" title="Tuning">the section called &#8220;Tuning&#8221;</a>.
+ <span class="command"><strong>sig-signing-type</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#tuning" title="Tuning">the section called &#8220;Tuning&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">transfer-source</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>transfer-source</strong></span></span></dt>
<dd><p>
See the description of
- <span><strong class="command">transfer-source</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called &#8220;Zone Transfers&#8221;</a>.
+ <span class="command"><strong>transfer-source</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called &#8220;Zone Transfers&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">transfer-source-v6</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>transfer-source-v6</strong></span></span></dt>
<dd><p>
See the description of
- <span><strong class="command">transfer-source-v6</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called &#8220;Zone Transfers&#8221;</a>.
+ <span class="command"><strong>transfer-source-v6</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called &#8220;Zone Transfers&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">alt-transfer-source</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>alt-transfer-source</strong></span></span></dt>
<dd><p>
See the description of
- <span><strong class="command">alt-transfer-source</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called &#8220;Zone Transfers&#8221;</a>.
+ <span class="command"><strong>alt-transfer-source</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called &#8220;Zone Transfers&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">alt-transfer-source-v6</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>alt-transfer-source-v6</strong></span></span></dt>
<dd><p>
See the description of
- <span><strong class="command">alt-transfer-source-v6</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called &#8220;Zone Transfers&#8221;</a>.
+ <span class="command"><strong>alt-transfer-source-v6</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called &#8220;Zone Transfers&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">use-alt-transfer-source</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>use-alt-transfer-source</strong></span></span></dt>
<dd><p>
See the description of
- <span><strong class="command">use-alt-transfer-source</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called &#8220;Zone Transfers&#8221;</a>.
+ <span class="command"><strong>use-alt-transfer-source</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called &#8220;Zone Transfers&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">notify-source</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>notify-source</strong></span></span></dt>
<dd><p>
See the description of
- <span><strong class="command">notify-source</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called &#8220;Zone Transfers&#8221;</a>.
+ <span class="command"><strong>notify-source</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called &#8220;Zone Transfers&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">notify-source-v6</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>notify-source-v6</strong></span></span></dt>
<dd><p>
See the description of
- <span><strong class="command">notify-source-v6</strong></span> in <a href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called &#8220;Zone Transfers&#8221;</a>.
+ <span class="command"><strong>notify-source-v6</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#zone_transfers" title="Zone Transfers">the section called &#8220;Zone Transfers&#8221;</a>.
</p></dd>
<dt>
-<span class="term"><span><strong class="command">min-refresh-time</strong></span>, </span><span class="term"><span><strong class="command">max-refresh-time</strong></span>, </span><span class="term"><span><strong class="command">min-retry-time</strong></span>, </span><span class="term"><span><strong class="command">max-retry-time</strong></span></span>
+<span class="term"><span class="command"><strong>min-refresh-time</strong></span>, </span><span class="term"><span class="command"><strong>max-refresh-time</strong></span>, </span><span class="term"><span class="command"><strong>min-retry-time</strong></span>, </span><span class="term"><span class="command"><strong>max-retry-time</strong></span></span>
</dt>
<dd><p>
- See the description in <a href="Bv9ARM.ch06.html#tuning" title="Tuning">the section called &#8220;Tuning&#8221;</a>.
+ See the description in <a class="xref" href="Bv9ARM.ch06.html#tuning" title="Tuning">the section called &#8220;Tuning&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">ixfr-from-differences</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>ixfr-from-differences</strong></span></span></dt>
<dd><p>
See the description of
- <span><strong class="command">ixfr-from-differences</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called &#8220;Boolean Options&#8221;</a>.
- (Note that the <span><strong class="command">ixfr-from-differences</strong></span>
+ <span class="command"><strong>ixfr-from-differences</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called &#8220;Boolean Options&#8221;</a>.
+ (Note that the <span class="command"><strong>ixfr-from-differences</strong></span>
<strong class="userinput"><code>master</code></strong> and
<strong class="userinput"><code>slave</code></strong> choices are not
available at the zone level.)
</p></dd>
-<dt><span class="term"><span><strong class="command">key-directory</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>key-directory</strong></span></span></dt>
<dd><p>
See the description of
- <span><strong class="command">key-directory</strong></span> in <a href="Bv9ARM.ch06.html#options" title="options Statement Definition and
- Usage">the section called &#8220;<span><strong class="command">options</strong></span> Statement Definition and
+ <span class="command"><strong>key-directory</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#options" title="options Statement Definition and Usage">the section called &#8220;<span class="command"><strong>options</strong></span> Statement Definition and
Usage&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">auto-dnssec</strong></span></span></dt>
-<dd>
-<p>
- Zones configured for dynamic DNS may also use this
- option to allow varying levels of automatic DNSSEC key
- management. There are three possible settings:
- </p>
-<p>
- <span><strong class="command">auto-dnssec allow;</strong></span> permits
- keys to be updated and the zone fully re-signed
- whenever the user issues the command <span><strong class="command">rndc sign
- <em class="replaceable"><code>zonename</code></em></strong></span>.
- </p>
-<p>
- <span><strong class="command">auto-dnssec maintain;</strong></span> includes the
- above, but also automatically adjusts the zone's DNSSEC
- keys on schedule, according to the keys' timing metadata
- (see <a href="man.dnssec-keygen.html" title="dnssec-keygen"><span class="refentrytitle"><span class="application">dnssec-keygen</span></span>(8)</a> and
- <a href="man.dnssec-settime.html" title="dnssec-settime"><span class="refentrytitle"><span class="application">dnssec-settime</span></span>(8)</a>). The command
- <span><strong class="command">rndc sign
- <em class="replaceable"><code>zonename</code></em></strong></span> causes
- <span><strong class="command">named</strong></span> to load keys from the key
- repository and sign the zone with all keys that are
- active.
- <span><strong class="command">rndc loadkeys
- <em class="replaceable"><code>zonename</code></em></strong></span> causes
- <span><strong class="command">named</strong></span> to load keys from the key
- repository and schedule key maintenance events to occur
- in the future, but it does not sign the full zone
- immediately. Note: once keys have been loaded for a
- zone the first time, the repository will be searched
- for changes periodically, regardless of whether
- <span><strong class="command">rndc loadkeys</strong></span> is used. The recheck
- interval is defined by
- <span><strong class="command">dnssec-loadkeys-interval</strong></span>.)
- </p>
-<p>
- The default setting is <span><strong class="command">auto-dnssec off</strong></span>.
- </p>
-</dd>
-<dt><span class="term"><span><strong class="command">serial-update-method</strong></span></span></dt>
-<dd>
-<p>
- Zones configured for dynamic DNS may use this
- option to set the update method that will be used for
- the zone serial number in the SOA record.
- </p>
-<p>
- With the default setting of
- <span><strong class="command">serial-update-method increment;</strong></span>, the
- SOA serial number will be incremented by one each time
- the zone is updated.
- </p>
-<p>
- When set to
- <span><strong class="command">serial-update-method unixtime;</strong></span>, the
- SOA serial number will be set to the number of seconds
- since the UNIX epoch, unless the serial number is
- already greater than or equal to that value, in which
- case it is simply incremented by one.
- </p>
-</dd>
-<dt><span class="term"><span><strong class="command">inline-signing</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>auto-dnssec</strong></span></span></dt>
+<dd><p>
+ See the description of
+ <span class="command"><strong>auto-dnssec</strong></span> in
+ <a class="xref" href="Bv9ARM.ch06.html#options" title="options Statement Definition and Usage">the section called &#8220;<span class="command"><strong>options</strong></span> Statement Definition and
+ Usage&#8221;</a>.
+ </p></dd>
+<dt><span class="term"><span class="command"><strong>serial-update-method</strong></span></span></dt>
+<dd><p>
+ See the description of
+ <span class="command"><strong>serial-update-method</strong></span> in
+ <a class="xref" href="Bv9ARM.ch06.html#options" title="options Statement Definition and Usage">the section called &#8220;<span class="command"><strong>options</strong></span> Statement Definition and
+ Usage&#8221;</a>.
+ </p></dd>
+<dt><span class="term"><span class="command"><strong>inline-signing</strong></span></span></dt>
<dd><p>
If <code class="literal">yes</code>, this enables
"bump in the wire" signing of a zone, where a
@@ -8234,40 +8269,40 @@ example.com. NS ns2.example.net.
with possibly, a different serial number. This
behaviour is disabled by default.
</p></dd>
-<dt><span class="term"><span><strong class="command">multi-master</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>multi-master</strong></span></span></dt>
<dd><p>
- See the description of <span><strong class="command">multi-master</strong></span> in
- <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called &#8220;Boolean Options&#8221;</a>.
+ See the description of <span class="command"><strong>multi-master</strong></span> in
+ <a class="xref" href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called &#8220;Boolean Options&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">masterfile-format</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>masterfile-format</strong></span></span></dt>
<dd><p>
- See the description of <span><strong class="command">masterfile-format</strong></span>
- in <a href="Bv9ARM.ch06.html#tuning" title="Tuning">the section called &#8220;Tuning&#8221;</a>.
+ See the description of <span class="command"><strong>masterfile-format</strong></span>
+ in <a class="xref" href="Bv9ARM.ch06.html#tuning" title="Tuning">the section called &#8220;Tuning&#8221;</a>.
</p></dd>
-<dt><span class="term"><span><strong class="command">dnssec-secure-to-insecure</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>dnssec-secure-to-insecure</strong></span></span></dt>
<dd><p>
See the description of
- <span><strong class="command">dnssec-secure-to-insecure</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called &#8220;Boolean Options&#8221;</a>.
+ <span class="command"><strong>dnssec-secure-to-insecure</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called &#8220;Boolean Options&#8221;</a>.
</p></dd>
</dl></div>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
<a name="dynamic_update_policies"></a>Dynamic Update Policies</h4></div></div></div>
<p><acronym class="acronym">BIND</acronym> 9 supports two alternative
methods of granting clients the right to perform
dynamic updates to a zone, configured by the
- <span><strong class="command">allow-update</strong></span> and
- <span><strong class="command">update-policy</strong></span> option, respectively.
+ <span class="command"><strong>allow-update</strong></span> and
+ <span class="command"><strong>update-policy</strong></span> option, respectively.
</p>
<p>
- The <span><strong class="command">allow-update</strong></span> clause works the
+ The <span class="command"><strong>allow-update</strong></span> clause works the
same way as in previous versions of <acronym class="acronym">BIND</acronym>.
It grants given clients the permission to update any
record of any name in the zone.
</p>
<p>
- The <span><strong class="command">update-policy</strong></span> clause
+ The <span class="command"><strong>update-policy</strong></span> clause
allows more fine-grained control over what updates are
allowed. A set of rules is specified, where each rule
either grants or denies permissions for one or more
@@ -8277,29 +8312,29 @@ example.com. NS ns2.example.net.
identity of the signer can be determined.
</p>
<p>
- Rules are specified in the <span><strong class="command">update-policy</strong></span>
+ Rules are specified in the <span class="command"><strong>update-policy</strong></span>
zone option, and are only meaningful for master zones.
- When the <span><strong class="command">update-policy</strong></span> statement
+ When the <span class="command"><strong>update-policy</strong></span> statement
is present, it is a configuration error for the
- <span><strong class="command">allow-update</strong></span> statement to be
- present. The <span><strong class="command">update-policy</strong></span> statement
+ <span class="command"><strong>allow-update</strong></span> statement to be
+ present. The <span class="command"><strong>update-policy</strong></span> statement
only examines the signer of a message; the source
address is not relevant.
</p>
<p>
- There is a pre-defined <span><strong class="command">update-policy</strong></span>
+ There is a pre-defined <span class="command"><strong>update-policy</strong></span>
rule which can be switched on with the command
- <span><strong class="command">update-policy local;</strong></span>.
+ <span class="command"><strong>update-policy local;</strong></span>.
Switching on this rule in a zone causes
- <span><strong class="command">named</strong></span> to generate a TSIG session
+ <span class="command"><strong>named</strong></span> to generate a TSIG session
key and place it in a file, and to allow that key
to update the zone. (By default, the file is
<code class="filename">/var/run/named/session.key</code>, the key
name is "local-ddns" and the key algorithm is HMAC-SHA256,
but these values are configurable with the
- <span><strong class="command">session-keyfile</strong></span>,
- <span><strong class="command">session-keyname</strong></span> and
- <span><strong class="command">session-keyalg</strong></span> options, respectively).
+ <span class="command"><strong>session-keyfile</strong></span>,
+ <span class="command"><strong>session-keyname</strong></span> and
+ <span class="command"><strong>session-keyalg</strong></span> options, respectively).
</p>
<p>
A client running on the local system, and with appropriate
@@ -8311,14 +8346,14 @@ example.com. NS ns2.example.net.
<pre class="programlisting">update-policy { grant local-ddns zonesub any; };
</pre>
<p>
- The command <span><strong class="command">nsupdate -l</strong></span> sends update
+ The command <span class="command"><strong>nsupdate -l</strong></span> sends update
requests to localhost, and signs them using the session key.
</p>
<p>
Other rule definitions look like this:
</p>
<pre class="programlisting">
-( <span><strong class="command">grant</strong></span> | <span><strong class="command">deny</strong></span> ) <em class="replaceable"><code>identity</code></em> <em class="replaceable"><code>nametype</code></em> [<span class="optional"> <em class="replaceable"><code>name</code></em> </span>] [<span class="optional"> <em class="replaceable"><code>types</code></em> </span>]
+( <span class="command"><strong>grant</strong></span> | <span class="command"><strong>deny</strong></span> ) <em class="replaceable"><code>identity</code></em> <em class="replaceable"><code>nametype</code></em> [<span class="optional"> <em class="replaceable"><code>name</code></em> </span>] [<span class="optional"> <em class="replaceable"><code>types</code></em> </span>]
</pre>
<p>
Each rule grants or denies privileges. Once a message has
@@ -8373,8 +8408,8 @@ example.com. NS ns2.example.net.
</p>
<div class="informaltable"><table border="1">
<colgroup>
-<col>
-<col>
+<col width="0.819in" class="1">
+<col width="3.681in" class="2">
</colgroup>
<tbody>
<tr>
@@ -8418,10 +8453,10 @@ example.com. NS ns2.example.net.
This rule is similar to subdomain, except that
it matches when the name being updated is a
subdomain of the zone in which the
- <span><strong class="command">update-policy</strong></span> statement
+ <span class="command"><strong>update-policy</strong></span> statement
appears. This obviates the need to type the zone
name twice, and enables the use of a standard
- <span><strong class="command">update-policy</strong></span> statement in
+ <span class="command"><strong>update-policy</strong></span> statement in
multiple zones without modification.
</p>
<p>
@@ -8441,7 +8476,7 @@ example.com. NS ns2.example.net.
The <em class="replaceable"><code>name</code></em> field
is subject to DNS wildcard expansion, and
this rule matches when the name being updated
- name is a valid expansion of the wildcard.
+ is a valid expansion of the wildcard.
</p>
</td>
</tr>
@@ -8614,7 +8649,7 @@ example.com. NS ns2.example.net.
</td>
<td>
<p>
- This rule allows <span><strong class="command">named</strong></span>
+ This rule allows <span class="command"><strong>named</strong></span>
to defer the decision of whether to allow a
given update to an external daemon.
</p>
@@ -8668,10 +8703,10 @@ example.com. NS ns2.example.net.
</div>
</div>
</div>
-<div class="sect1" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2597084"></a>Zone File</h2></div></div></div>
-<div class="sect2" lang="en">
+<a name="zone_file"></a>Zone File</h2></div></div></div>
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="types_of_resource_records_and_when_to_use_them"></a>Types of Resource Records and When to Use Them</h3></div></div></div>
<p>
@@ -8681,9 +8716,9 @@ example.com. NS ns2.example.net.
identified
and implemented in the DNS. These are also included.
</p>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2597102"></a>Resource Records</h4></div></div></div>
+<a name="id-1.7.6.2.3"></a>Resource Records</h4></div></div></div>
<p>
A domain name identifies a node. Each node has a set of
resource information, which may be empty. The set of resource
@@ -8692,15 +8727,15 @@ example.com. NS ns2.example.net.
need not be preserved by name servers, resolvers, or other
parts of the DNS. However, sorting of multiple RRs is
permitted for optimization purposes, for example, to specify
- that a particular nearby server be tried first. See <a href="Bv9ARM.ch06.html#the_sortlist_statement" title="The sortlist Statement">the section called &#8220;The <span><strong class="command">sortlist</strong></span> Statement&#8221;</a> and <a href="Bv9ARM.ch06.html#rrset_ordering" title="RRset Ordering">the section called &#8220;RRset Ordering&#8221;</a>.
+ that a particular nearby server be tried first. See <a class="xref" href="Bv9ARM.ch06.html#the_sortlist_statement" title="The sortlist Statement">the section called &#8220;The <span class="command"><strong>sortlist</strong></span> Statement&#8221;</a> and <a class="xref" href="Bv9ARM.ch06.html#rrset_ordering" title="RRset Ordering">the section called &#8220;RRset Ordering&#8221;</a>.
</p>
<p>
The components of a Resource Record are:
</p>
<div class="informaltable"><table border="1">
<colgroup>
-<col>
-<col>
+<col width="1.000in" class="1">
+<col width="3.500in" class="2">
</colgroup>
<tbody>
<tr>
@@ -8778,8 +8813,8 @@ example.com. NS ns2.example.net.
</p>
<div class="informaltable"><table border="1">
<colgroup>
-<col>
-<col>
+<col width="0.875in" class="1">
+<col width="3.625in" class="2">
</colgroup>
<tbody>
<tr>
@@ -8864,6 +8899,18 @@ example.com. NS ns2.example.net.
<tr>
<td>
<p>
+ AVC
+ </p>
+ </td>
+<td>
+ <p>
+ Application Visibility and Control record.
+ </p>
+ </td>
+</tr>
+<tr>
+<td>
+ <p>
CAA
</p>
</td>
@@ -8930,6 +8977,19 @@ example.com. NS ns2.example.net.
<tr>
<td>
<p>
+ CSYNC
+ </p>
+ </td>
+<td>
+ <p>
+ Child-to-Parent Synchronization in DNS as described
+ in RFC 7477.
+ </p>
+ </td>
+</tr>
+<tr>
+<td>
+ <p>
DHCID
</p>
</td>
@@ -9308,6 +9368,18 @@ example.com. NS ns2.example.net.
<tr>
<td>
<p>
+ NINFO
+ </p>
+ </td>
+<td>
+ <p>
+ Contains zone status information.
+ </p>
+ </td>
+</tr>
+<tr>
+<td>
+ <p>
NIMLOC
</p>
</td>
@@ -9478,6 +9550,18 @@ example.com. NS ns2.example.net.
<tr>
<td>
<p>
+ RKEY
+ </p>
+ </td>
+<td>
+ <p>
+ Resource key.
+ </p>
+ </td>
+</tr>
+<tr>
+<td>
+ <p>
RP
</p>
</td>
@@ -9534,6 +9618,30 @@ example.com. NS ns2.example.net.
<tr>
<td>
<p>
+ SINK
+ </p>
+ </td>
+<td>
+ <p>
+ The kitchen sink record.
+ </p>
+ </td>
+</tr>
+<tr>
+<td>
+ <p>
+ SMIMEA
+ </p>
+ </td>
+<td>
+ <p>
+ The S/MIME Security Certificate Association.
+ </p>
+ </td>
+</tr>
+<tr>
+<td>
+ <p>
SOA
</p>
</td>
@@ -9586,6 +9694,30 @@ example.com. NS ns2.example.net.
<tr>
<td>
<p>
+ TA
+ </p>
+ </td>
+<td>
+ <p>
+ Trust Anchor. Experimental.
+ </p>
+ </td>
+</tr>
+<tr>
+<td>
+ <p>
+ TALINK
+ </p>
+ </td>
+<td>
+ <p>
+ Trust Anchor Link. Experimental.
+ </p>
+ </td>
+</tr>
+<tr>
+<td>
+ <p>
TLSA
</p>
</td>
@@ -9691,8 +9823,8 @@ example.com. NS ns2.example.net.
</p>
<div class="informaltable"><table border="1">
<colgroup>
-<col>
-<col>
+<col width="0.875in" class="1">
+<col width="3.625in" class="2">
</colgroup>
<tbody>
<tr>
@@ -9781,9 +9913,9 @@ example.com. NS ns2.example.net.
used as "pointers" to other data in the DNS.
</p>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2599413"></a>Textual expression of RRs</h4></div></div></div>
+<a name="rr_text"></a>Textual expression of RRs</h4></div></div></div>
<p>
RRs are represented in binary form in the packets of the DNS
protocol, and are usually represented in highly encoded form
@@ -9823,9 +9955,9 @@ example.com. NS ns2.example.net.
</p>
<div class="informaltable"><table border="1">
<colgroup>
-<col>
-<col>
-<col>
+<col width="1.381in" class="1">
+<col width="1.020in" class="2">
+<col width="2.099in" class="3">
</colgroup>
<tbody>
<tr>
@@ -9941,9 +10073,9 @@ example.com. NS ns2.example.net.
</p>
<div class="informaltable"><table border="1">
<colgroup>
-<col>
-<col>
-<col>
+<col width="1.491in" class="1">
+<col width="1.067in" class="2">
+<col width="2.067in" class="3">
</colgroup>
<tbody>
<tr>
@@ -9984,9 +10116,9 @@ example.com. NS ns2.example.net.
</p>
</div>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2600002"></a>Discussion of MX Records</h3></div></div></div>
+<a name="mx_records"></a>Discussion of MX Records</h3></div></div></div>
<p>
As described above, domain servers store information as a
series of resource records, each of which contains a particular
@@ -10024,11 +10156,11 @@ example.com. NS ns2.example.net.
</p>
<div class="informaltable"><table border="1">
<colgroup>
-<col>
-<col>
-<col>
-<col>
-<col>
+<col width="1.708in" class="1">
+<col width="0.444in" class="2">
+<col width="0.444in" class="3">
+<col width="0.976in" class="4">
+<col width="1.553in" class="5">
</colgroup>
<tbody>
<tr>
@@ -10167,7 +10299,7 @@ example.com. NS ns2.example.net.
be attempted.
</p>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="Setting_TTLs"></a>Setting TTLs</h3></div></div></div>
<p>
@@ -10180,8 +10312,8 @@ example.com. NS ns2.example.net.
</p>
<div class="informaltable"><table border="1">
<colgroup>
-<col>
-<col>
+<col width="0.750in" class="1">
+<col width="4.375in" class="2">
</colgroup>
<tbody>
<tr>
@@ -10239,9 +10371,9 @@ example.com. NS ns2.example.net.
can be explicitly specified, for example, <code class="literal">1h30m</code>.
</p>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2600549"></a>Inverse Mapping in IPv4</h3></div></div></div>
+<a name="ipv4_reverse"></a>Inverse Mapping in IPv4</h3></div></div></div>
<p>
Reverse name resolution (that is, translation from IP address
to name) is achieved by means of the <span class="emphasis"><em>in-addr.arpa</em></span> domain
@@ -10259,8 +10391,8 @@ example.com. NS ns2.example.net.
</p>
<div class="informaltable"><table border="1">
<colgroup>
-<col>
-<col>
+<col width="1.125in" class="1">
+<col width="4.000in" class="2">
</colgroup>
<tbody>
<tr>
@@ -10292,7 +10424,7 @@ example.com. NS ns2.example.net.
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>
- The <span><strong class="command">$ORIGIN</strong></span> lines in the examples
+ The <span class="command"><strong>$ORIGIN</strong></span> lines in the examples
are for providing context to the examples only &#8212; they do not
necessarily
appear in the actual usage. They are only used here to indicate
@@ -10300,9 +10432,9 @@ example.com. NS ns2.example.net.
</p>
</div>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2600812"></a>Other Zone File Directives</h3></div></div></div>
+<a name="zone_directives"></a>Other Zone File Directives</h3></div></div></div>
<p>
The Master File Format was initially defined in RFC 1035 and
has subsequently been extended. While the Master File Format
@@ -10312,12 +10444,12 @@ example.com. NS ns2.example.net.
class.
</p>
<p>
- Master File Directives include <span><strong class="command">$ORIGIN</strong></span>, <span><strong class="command">$INCLUDE</strong></span>,
- and <span><strong class="command">$TTL.</strong></span>
+ Master File Directives include <span class="command"><strong>$ORIGIN</strong></span>, <span class="command"><strong>$INCLUDE</strong></span>,
+ and <span class="command"><strong>$TTL.</strong></span>
</p>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2600835"></a>The <span><strong class="command">@</strong></span> (at-sign)</h4></div></div></div>
+<a name="atsign"></a>The <span class="command"><strong>@</strong></span> (at-sign)</h4></div></div></div>
<p>
When used in the label (or name) field, the asperand or
at-sign (@) symbol represents the current origin.
@@ -10326,22 +10458,22 @@ example.com. NS ns2.example.net.
trailing dot).
</p>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2600851"></a>The <span><strong class="command">$ORIGIN</strong></span> Directive</h4></div></div></div>
+<a name="origin_directive"></a>The <span class="command"><strong>$ORIGIN</strong></span> Directive</h4></div></div></div>
<p>
- Syntax: <span><strong class="command">$ORIGIN</strong></span>
+ Syntax: <span class="command"><strong>$ORIGIN</strong></span>
<em class="replaceable"><code>domain-name</code></em>
[<span class="optional"><em class="replaceable"><code>comment</code></em></span>]
</p>
-<p><span><strong class="command">$ORIGIN</strong></span>
+<p><span class="command"><strong>$ORIGIN</strong></span>
sets the domain name that will be appended to any
unqualified records. When a zone is first read in there
- is an implicit <span><strong class="command">$ORIGIN</strong></span>
- &lt;<code class="varname">zone_name</code>&gt;<span><strong class="command">.</strong></span>
+ is an implicit <span class="command"><strong>$ORIGIN</strong></span>
+ &lt;<code class="varname">zone_name</code>&gt;<span class="command"><strong>.</strong></span>
(followed by trailing dot).
- The current <span><strong class="command">$ORIGIN</strong></span> is appended to
- the domain specified in the <span><strong class="command">$ORIGIN</strong></span>
+ The current <span class="command"><strong>$ORIGIN</strong></span> is appended to
+ the domain specified in the <span class="command"><strong>$ORIGIN</strong></span>
argument if it is not absolute.
</p>
<pre class="programlisting">
@@ -10355,11 +10487,11 @@ WWW CNAME MAIN-SERVER
WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
</pre>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2600912"></a>The <span><strong class="command">$INCLUDE</strong></span> Directive</h4></div></div></div>
+<a name="include_directive"></a>The <span class="command"><strong>$INCLUDE</strong></span> Directive</h4></div></div></div>
<p>
- Syntax: <span><strong class="command">$INCLUDE</strong></span>
+ Syntax: <span class="command"><strong>$INCLUDE</strong></span>
<em class="replaceable"><code>filename</code></em>
[<span class="optional">
<em class="replaceable"><code>origin</code></em> </span>]
@@ -10367,14 +10499,14 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
</p>
<p>
Read and process the file <code class="filename">filename</code> as
- if it were included into the file at this point. If <span><strong class="command">origin</strong></span> is
- specified the file is processed with <span><strong class="command">$ORIGIN</strong></span> set
- to that value, otherwise the current <span><strong class="command">$ORIGIN</strong></span> is
+ if it were included into the file at this point. If <span class="command"><strong>origin</strong></span> is
+ specified the file is processed with <span class="command"><strong>$ORIGIN</strong></span> set
+ to that value, otherwise the current <span class="command"><strong>$ORIGIN</strong></span> is
used.
</p>
<p>
The origin and the current domain name
- revert to the values they had prior to the <span><strong class="command">$INCLUDE</strong></span> once
+ revert to the values they had prior to the <span class="command"><strong>$INCLUDE</strong></span> once
the file has been read.
</p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
@@ -10382,7 +10514,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
<p>
RFC 1035 specifies that the current origin should be restored
after
- an <span><strong class="command">$INCLUDE</strong></span>, but it is silent
+ an <span class="command"><strong>$INCLUDE</strong></span>, but it is silent
on whether the current
domain name should also be restored. BIND 9 restores both of
them.
@@ -10391,11 +10523,11 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
</p>
</div>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2600981"></a>The <span><strong class="command">$TTL</strong></span> Directive</h4></div></div></div>
+<a name="ttl_directive"></a>The <span class="command"><strong>$TTL</strong></span> Directive</h4></div></div></div>
<p>
- Syntax: <span><strong class="command">$TTL</strong></span>
+ Syntax: <span class="command"><strong>$TTL</strong></span>
<em class="replaceable"><code>default-ttl</code></em>
[<span class="optional">
<em class="replaceable"><code>comment</code></em> </span>]
@@ -10405,16 +10537,16 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
with undefined TTLs. Valid TTLs are of the range 0-2147483647
seconds.
</p>
-<p><span><strong class="command">$TTL</strong></span>
+<p><span class="command"><strong>$TTL</strong></span>
is defined in RFC 2308.
</p>
</div>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2601017"></a><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</h3></div></div></div>
+<a name="generate_directive"></a><acronym class="acronym">BIND</acronym> Master File Extension: the <span class="command"><strong>$GENERATE</strong></span> Directive</h3></div></div></div>
<p>
- Syntax: <span><strong class="command">$GENERATE</strong></span>
+ Syntax: <span class="command"><strong>$GENERATE</strong></span>
<em class="replaceable"><code>range</code></em>
<em class="replaceable"><code>lhs</code></em>
[<span class="optional"><em class="replaceable"><code>ttl</code></em></span>]
@@ -10423,10 +10555,10 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
<em class="replaceable"><code>rhs</code></em>
[<span class="optional"><em class="replaceable"><code>comment</code></em></span>]
</p>
-<p><span><strong class="command">$GENERATE</strong></span>
+<p><span class="command"><strong>$GENERATE</strong></span>
is used to create a series of resource records that only
differ from each other by an
- iterator. <span><strong class="command">$GENERATE</strong></span> can be used to
+ iterator. <span class="command"><strong>$GENERATE</strong></span> can be used to
easily generate the sets of records required to support
sub /24 reverse delegations described in RFC 2317:
Classless IN-ADDR.ARPA delegation.
@@ -10468,13 +10600,13 @@ HOST-127.EXAMPLE. MX 0 .
</pre>
<div class="informaltable"><table border="1">
<colgroup>
-<col>
-<col>
+<col width="0.875in" class="1">
+<col width="4.250in" class="2">
</colgroup>
<tbody>
<tr>
<td>
- <p><span><strong class="command">range</strong></span></p>
+ <p><span class="command"><strong>range</strong></span></p>
</td>
<td>
<p>
@@ -10488,43 +10620,43 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">lhs</strong></span></p>
+ <p><span class="command"><strong>lhs</strong></span></p>
</td>
<td>
<p>This
describes the owner name of the resource records
- to be created. Any single <span><strong class="command">$</strong></span>
+ to be created. Any single <span class="command"><strong>$</strong></span>
(dollar sign)
- symbols within the <span><strong class="command">lhs</strong></span> string
+ symbols within the <span class="command"><strong>lhs</strong></span> string
are replaced by the iterator value.
To get a $ in the output, you need to escape the
- <span><strong class="command">$</strong></span> using a backslash
- <span><strong class="command">\</strong></span>,
- e.g. <span><strong class="command">\$</strong></span>. The
- <span><strong class="command">$</strong></span> may optionally be followed
+ <span class="command"><strong>$</strong></span> using a backslash
+ <span class="command"><strong>\</strong></span>,
+ e.g. <span class="command"><strong>\$</strong></span>. The
+ <span class="command"><strong>$</strong></span> may optionally be followed
by modifiers which change the offset from the
iterator, field width and base.
Modifiers are introduced by a
- <span><strong class="command">{</strong></span> (left brace) immediately following the
- <span><strong class="command">$</strong></span> as
- <span><strong class="command">${offset[,width[,base]]}</strong></span>.
- For example, <span><strong class="command">${-20,3,d}</strong></span>
+ <span class="command"><strong>{</strong></span> (left brace) immediately following the
+ <span class="command"><strong>$</strong></span> as
+ <span class="command"><strong>${offset[,width[,base]]}</strong></span>.
+ For example, <span class="command"><strong>${-20,3,d}</strong></span>
subtracts 20 from the current value, prints the
result as a decimal in a zero-padded field of
width 3.
Available output forms are decimal
- (<span><strong class="command">d</strong></span>), octal
- (<span><strong class="command">o</strong></span>), hexadecimal
- (<span><strong class="command">x</strong></span> or <span><strong class="command">X</strong></span>
+ (<span class="command"><strong>d</strong></span>), octal
+ (<span class="command"><strong>o</strong></span>), hexadecimal
+ (<span class="command"><strong>x</strong></span> or <span class="command"><strong>X</strong></span>
for uppercase) and nibble
- (<span><strong class="command">n</strong></span> or <span><strong class="command">N</strong></span>\
+ (<span class="command"><strong>n</strong></span> or <span class="command"><strong>N</strong></span>\
for uppercase). The default modifier is
- <span><strong class="command">${0,0,d}</strong></span>. If the
- <span><strong class="command">lhs</strong></span> is not absolute, the
- current <span><strong class="command">$ORIGIN</strong></span> is appended
+ <span class="command"><strong>${0,0,d}</strong></span>. If the
+ <span class="command"><strong>lhs</strong></span> is not absolute, the
+ current <span class="command"><strong>$ORIGIN</strong></span> is appended
to the name.
</p>
<p>
@@ -10536,14 +10668,14 @@ HOST-127.EXAMPLE. MX 0 .
</p>
<p>
For compatibility with earlier versions,
- <span><strong class="command">$$</strong></span> is still recognized as
+ <span class="command"><strong>$$</strong></span> is still recognized as
indicating a literal $ in the output.
</p>
</td>
</tr>
<tr>
<td>
- <p><span><strong class="command">ttl</strong></span></p>
+ <p><span class="command"><strong>ttl</strong></span></p>
</td>
<td>
<p>
@@ -10551,15 +10683,15 @@ HOST-127.EXAMPLE. MX 0 .
not specified this will be inherited using the
normal TTL inheritance rules.
</p>
- <p><span><strong class="command">class</strong></span>
- and <span><strong class="command">ttl</strong></span> can be
+ <p><span class="command"><strong>class</strong></span>
+ and <span class="command"><strong>ttl</strong></span> can be
entered in either order.
</p>
</td>
</tr>
<tr>
<td>
- <p><span><strong class="command">class</strong></span></p>
+ <p><span class="command"><strong>class</strong></span></p>
</td>
<td>
<p>
@@ -10567,15 +10699,15 @@ HOST-127.EXAMPLE. MX 0 .
This must match the zone class if it is
specified.
</p>
- <p><span><strong class="command">class</strong></span>
- and <span><strong class="command">ttl</strong></span> can be
+ <p><span class="command"><strong>class</strong></span>
+ and <span class="command"><strong>ttl</strong></span> can be
entered in either order.
</p>
</td>
</tr>
<tr>
<td>
- <p><span><strong class="command">type</strong></span></p>
+ <p><span class="command"><strong>type</strong></span></p>
</td>
<td>
<p>
@@ -10585,25 +10717,25 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">rhs</strong></span></p>
+ <p><span class="command"><strong>rhs</strong></span></p>
</td>
<td>
<p>
- <span><strong class="command">rhs</strong></span>, optionally, quoted string.
+ <span class="command"><strong>rhs</strong></span>, optionally, quoted string.
</p>
</td>
</tr>
</tbody>
</table></div>
<p>
- The <span><strong class="command">$GENERATE</strong></span> directive is a <acronym class="acronym">BIND</acronym> extension
+ The <span class="command"><strong>$GENERATE</strong></span> directive is a <acronym class="acronym">BIND</acronym> extension
and not part of the standard zone file format.
</p>
<p>
BIND 8 does not support the optional TTL and CLASS fields.
</p>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="zonefile_format"></a>Additional File Formats</h3></div></div></div>
<p>
@@ -10619,20 +10751,20 @@ HOST-127.EXAMPLE. MX 0 .
For a primary server, a zone file in the
<code class="constant">raw</code> format is expected to be
generated from a textual zone file by the
- <span><strong class="command">named-compilezone</strong></span> command. For a
+ <span class="command"><strong>named-compilezone</strong></span> command. For a
secondary server or for a dynamic zone, it is automatically
generated (if this format is specified by the
- <span><strong class="command">masterfile-format</strong></span> option) when
- <span><strong class="command">named</strong></span> dumps the zone contents after
+ <span class="command"><strong>masterfile-format</strong></span> option) when
+ <span class="command"><strong>named</strong></span> dumps the zone contents after
zone transfer or when applying prior updates.
</p>
<p>
If a zone file in a binary format needs manual modification,
it first must be converted to a textual form by the
- <span><strong class="command">named-compilezone</strong></span> command. All
+ <span class="command"><strong>named-compilezone</strong></span> command. All
necessary modification should go to the text file, which
should then be converted to the binary form by the
- <span><strong class="command">named-compilezone</strong></span> command again.
+ <span class="command"><strong>named-compilezone</strong></span> command again.
</p>
<p>
Although the <code class="constant">raw</code> format uses the
@@ -10646,7 +10778,7 @@ HOST-127.EXAMPLE. MX 0 .
</p>
</div>
</div>
-<div class="sect1" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="statistics"></a>BIND9 Statistics</h2></div></div></div>
<p>
@@ -10664,8 +10796,8 @@ HOST-127.EXAMPLE. MX 0 .
</p>
<div class="informaltable"><table border="1">
<colgroup>
-<col>
-<col>
+<col width="3.300in" class="1">
+<col width="2.625in" class="2">
</colgroup>
<tbody>
<tr>
@@ -10764,30 +10896,35 @@ HOST-127.EXAMPLE. MX 0 .
<p>
A subset of Name Server Statistics is collected and shown
per zone for which the server has the authority when
- <span><strong class="command">zone-statistics</strong></span> is set to
- <strong class="userinput"><code>yes</code></strong>.
- These statistics counters are shown with their zone and view
- names.
- In some cases the view names are omitted for the default view.
+ <span class="command"><strong>zone-statistics</strong></span> is set to
+ <strong class="userinput"><code>full</code></strong> (or <strong class="userinput"><code>yes</code></strong>
+ for backward compatibility. See the description of
+ <span class="command"><strong>zone-statistics</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#options" title="options Statement Definition and Usage">the section called &#8220;<span class="command"><strong>options</strong></span> Statement Definition and
+ Usage&#8221;</a>
+ for further details.
</p>
<p>
+ These statistics counters are shown with their zone and
+ view names. The view name is omitted when the server is
+ not configured with explicit views.</p>
+<p>
There are currently two user interfaces to get access to the
statistics.
One is in the plain text format dumped to the file specified
- by the <span><strong class="command">statistics-file</strong></span> configuration option.
+ by the <span class="command"><strong>statistics-file</strong></span> configuration option.
The other is remotely accessible via a statistics channel
- when the <span><strong class="command">statistics-channels</strong></span> statement
+ when the <span class="command"><strong>statistics-channels</strong></span> statement
is specified in the configuration file
- (see <a href="Bv9ARM.ch06.html#statschannels" title="statistics-channels Statement Grammar">the section called &#8220;<span><strong class="command">statistics-channels</strong></span> Statement Grammar&#8221;</a>.)
+ (see <a class="xref" href="Bv9ARM.ch06.html#statschannels" title="statistics-channels Statement Grammar">the section called &#8220;<span class="command"><strong>statistics-channels</strong></span> Statement Grammar&#8221;</a>.)
</p>
-<div class="sect3" lang="en">
-<div class="titlepage"><div><div><h4 class="title">
-<a name="statsfile"></a>The Statistics File</h4></div></div></div>
+<div class="section">
+<div class="titlepage"><div><div><h3 class="title">
+<a name="statsfile"></a>The Statistics File</h3></div></div></div>
<p>
The text format statistics dump begins with a line, like:
</p>
<p>
- <span><strong class="command">+++ Statistics Dump +++ (973798949)</strong></span>
+ <span class="command"><strong>+++ Statistics Dump +++ (973798949)</strong></span>
</p>
<p>
The number in parentheses is a standard
@@ -10799,7 +10936,7 @@ HOST-127.EXAMPLE. MX 0 .
Each section begins with a line, like:
</p>
<p>
- <span><strong class="command">++ Name Server Statistics ++</strong></span>
+ <span class="command"><strong>++ Name Server Statistics ++</strong></span>
</p>
<p>
Each section consists of lines, each containing the statistics
@@ -10813,10 +10950,10 @@ HOST-127.EXAMPLE. MX 0 .
number is identical to the number in the beginning line; for example:
</p>
<p>
- <span><strong class="command">--- Statistics Dump --- (973798949)</strong></span>
+ <span class="command"><strong>--- Statistics Dump --- (973798949)</strong></span>
</p>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="statistics_counters"></a>Statistics Counters</h3></div></div></div>
<p>
@@ -10835,14 +10972,14 @@ HOST-127.EXAMPLE. MX 0 .
it gives the corresponding counter name of the
<acronym class="acronym">BIND</acronym> 8 statistics, if applicable.
</p>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2602039"></a>Name Server Statistics Counters</h4></div></div></div>
+<a name="stats_counters"></a>Name Server Statistics Counters</h4></div></div></div>
<div class="informaltable"><table border="1">
<colgroup>
-<col>
-<col>
-<col>
+<col width="1.150in" class="1">
+<col width="1.150in" class="2">
+<col width="3.350in" class="3">
</colgroup>
<tbody>
<tr>
@@ -10864,10 +11001,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">Requestv4</strong></span></p>
+ <p><span class="command"><strong>Requestv4</strong></span></p>
</td>
<td>
- <p><span><strong class="command">RQ</strong></span></p>
+ <p><span class="command"><strong>RQ</strong></span></p>
</td>
<td>
<p>
@@ -10878,10 +11015,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">Requestv6</strong></span></p>
+ <p><span class="command"><strong>Requestv6</strong></span></p>
</td>
<td>
- <p><span><strong class="command">RQ</strong></span></p>
+ <p><span class="command"><strong>RQ</strong></span></p>
</td>
<td>
<p>
@@ -10892,10 +11029,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">ReqEdns0</strong></span></p>
+ <p><span class="command"><strong>ReqEdns0</strong></span></p>
</td>
<td>
- <p><span><strong class="command"></strong></span></p>
+ <p><span class="command"><strong></strong></span></p>
</td>
<td>
<p>
@@ -10905,10 +11042,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">ReqBadEDNSVer</strong></span></p>
+ <p><span class="command"><strong>ReqBadEDNSVer</strong></span></p>
</td>
<td>
- <p><span><strong class="command"></strong></span></p>
+ <p><span class="command"><strong></strong></span></p>
</td>
<td>
<p>
@@ -10918,10 +11055,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">ReqTSIG</strong></span></p>
+ <p><span class="command"><strong>ReqTSIG</strong></span></p>
</td>
<td>
- <p><span><strong class="command"></strong></span></p>
+ <p><span class="command"><strong></strong></span></p>
</td>
<td>
<p>
@@ -10931,10 +11068,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">ReqSIG0</strong></span></p>
+ <p><span class="command"><strong>ReqSIG0</strong></span></p>
</td>
<td>
- <p><span><strong class="command"></strong></span></p>
+ <p><span class="command"><strong></strong></span></p>
</td>
<td>
<p>
@@ -10944,10 +11081,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">ReqBadSIG</strong></span></p>
+ <p><span class="command"><strong>ReqBadSIG</strong></span></p>
</td>
<td>
- <p><span><strong class="command"></strong></span></p>
+ <p><span class="command"><strong></strong></span></p>
</td>
<td>
<p>
@@ -10957,10 +11094,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">ReqTCP</strong></span></p>
+ <p><span class="command"><strong>ReqTCP</strong></span></p>
</td>
<td>
- <p><span><strong class="command">RTCP</strong></span></p>
+ <p><span class="command"><strong>RTCP</strong></span></p>
</td>
<td>
<p>
@@ -10970,10 +11107,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">AuthQryRej</strong></span></p>
+ <p><span class="command"><strong>AuthQryRej</strong></span></p>
</td>
<td>
- <p><span><strong class="command">RUQ</strong></span></p>
+ <p><span class="command"><strong>RUQ</strong></span></p>
</td>
<td>
<p>
@@ -10983,10 +11120,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">RecQryRej</strong></span></p>
+ <p><span class="command"><strong>RecQryRej</strong></span></p>
</td>
<td>
- <p><span><strong class="command">RURQ</strong></span></p>
+ <p><span class="command"><strong>RURQ</strong></span></p>
</td>
<td>
<p>
@@ -10996,10 +11133,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">XfrRej</strong></span></p>
+ <p><span class="command"><strong>XfrRej</strong></span></p>
</td>
<td>
- <p><span><strong class="command">RUXFR</strong></span></p>
+ <p><span class="command"><strong>RUXFR</strong></span></p>
</td>
<td>
<p>
@@ -11009,10 +11146,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">UpdateRej</strong></span></p>
+ <p><span class="command"><strong>UpdateRej</strong></span></p>
</td>
<td>
- <p><span><strong class="command">RUUpd</strong></span></p>
+ <p><span class="command"><strong>RUUpd</strong></span></p>
</td>
<td>
<p>
@@ -11022,10 +11159,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">Response</strong></span></p>
+ <p><span class="command"><strong>Response</strong></span></p>
</td>
<td>
- <p><span><strong class="command">SAns</strong></span></p>
+ <p><span class="command"><strong>SAns</strong></span></p>
</td>
<td>
<p>
@@ -11035,10 +11172,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">RespTruncated</strong></span></p>
+ <p><span class="command"><strong>RespTruncated</strong></span></p>
</td>
<td>
- <p><span><strong class="command"></strong></span></p>
+ <p><span class="command"><strong></strong></span></p>
</td>
<td>
<p>
@@ -11048,10 +11185,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">RespEDNS0</strong></span></p>
+ <p><span class="command"><strong>RespEDNS0</strong></span></p>
</td>
<td>
- <p><span><strong class="command"></strong></span></p>
+ <p><span class="command"><strong></strong></span></p>
</td>
<td>
<p>
@@ -11061,10 +11198,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">RespTSIG</strong></span></p>
+ <p><span class="command"><strong>RespTSIG</strong></span></p>
</td>
<td>
- <p><span><strong class="command"></strong></span></p>
+ <p><span class="command"><strong></strong></span></p>
</td>
<td>
<p>
@@ -11074,10 +11211,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">RespSIG0</strong></span></p>
+ <p><span class="command"><strong>RespSIG0</strong></span></p>
</td>
<td>
- <p><span><strong class="command"></strong></span></p>
+ <p><span class="command"><strong></strong></span></p>
</td>
<td>
<p>
@@ -11087,10 +11224,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">QrySuccess</strong></span></p>
+ <p><span class="command"><strong>QrySuccess</strong></span></p>
</td>
<td>
- <p><span><strong class="command"></strong></span></p>
+ <p><span class="command"><strong></strong></span></p>
</td>
<td>
<p>
@@ -11098,7 +11235,7 @@ HOST-127.EXAMPLE. MX 0 .
This means the query which returns a NOERROR response
with at least one answer RR.
This corresponds to the
- <span><strong class="command">success</strong></span> counter
+ <span class="command"><strong>success</strong></span> counter
of previous versions of
<acronym class="acronym">BIND</acronym> 9.
</p>
@@ -11106,10 +11243,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">QryAuthAns</strong></span></p>
+ <p><span class="command"><strong>QryAuthAns</strong></span></p>
</td>
<td>
- <p><span><strong class="command"></strong></span></p>
+ <p><span class="command"><strong></strong></span></p>
</td>
<td>
<p>
@@ -11119,10 +11256,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">QryNoauthAns</strong></span></p>
+ <p><span class="command"><strong>QryNoauthAns</strong></span></p>
</td>
<td>
- <p><span><strong class="command">SNaAns</strong></span></p>
+ <p><span class="command"><strong>SNaAns</strong></span></p>
</td>
<td>
<p>
@@ -11132,16 +11269,16 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">QryReferral</strong></span></p>
+ <p><span class="command"><strong>QryReferral</strong></span></p>
</td>
<td>
- <p><span><strong class="command"></strong></span></p>
+ <p><span class="command"><strong></strong></span></p>
</td>
<td>
<p>
Queries resulted in referral answer.
This corresponds to the
- <span><strong class="command">referral</strong></span> counter
+ <span class="command"><strong>referral</strong></span> counter
of previous versions of
<acronym class="acronym">BIND</acronym> 9.
</p>
@@ -11149,16 +11286,16 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">QryNxrrset</strong></span></p>
+ <p><span class="command"><strong>QryNxrrset</strong></span></p>
</td>
<td>
- <p><span><strong class="command"></strong></span></p>
+ <p><span class="command"><strong></strong></span></p>
</td>
<td>
<p>
Queries resulted in NOERROR responses with no data.
This corresponds to the
- <span><strong class="command">nxrrset</strong></span> counter
+ <span class="command"><strong>nxrrset</strong></span> counter
of previous versions of
<acronym class="acronym">BIND</acronym> 9.
</p>
@@ -11166,10 +11303,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">QrySERVFAIL</strong></span></p>
+ <p><span class="command"><strong>QrySERVFAIL</strong></span></p>
</td>
<td>
- <p><span><strong class="command">SFail</strong></span></p>
+ <p><span class="command"><strong>SFail</strong></span></p>
</td>
<td>
<p>
@@ -11179,10 +11316,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">QryFORMERR</strong></span></p>
+ <p><span class="command"><strong>QryFORMERR</strong></span></p>
</td>
<td>
- <p><span><strong class="command">SFErr</strong></span></p>
+ <p><span class="command"><strong>SFErr</strong></span></p>
</td>
<td>
<p>
@@ -11192,16 +11329,16 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">QryNXDOMAIN</strong></span></p>
+ <p><span class="command"><strong>QryNXDOMAIN</strong></span></p>
</td>
<td>
- <p><span><strong class="command">SNXD</strong></span></p>
+ <p><span class="command"><strong>SNXD</strong></span></p>
</td>
<td>
<p>
Queries resulted in NXDOMAIN.
This corresponds to the
- <span><strong class="command">nxdomain</strong></span> counter
+ <span class="command"><strong>nxdomain</strong></span> counter
of previous versions of
<acronym class="acronym">BIND</acronym> 9.
</p>
@@ -11209,17 +11346,17 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">QryRecursion</strong></span></p>
+ <p><span class="command"><strong>QryRecursion</strong></span></p>
</td>
<td>
- <p><span><strong class="command">RFwdQ</strong></span></p>
+ <p><span class="command"><strong>RFwdQ</strong></span></p>
</td>
<td>
<p>
Queries which caused the server
to perform recursion in order to find the final answer.
This corresponds to the
- <span><strong class="command">recursion</strong></span> counter
+ <span class="command"><strong>recursion</strong></span> counter
of previous versions of
<acronym class="acronym">BIND</acronym> 9.
</p>
@@ -11227,10 +11364,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">QryDuplicate</strong></span></p>
+ <p><span class="command"><strong>QryDuplicate</strong></span></p>
</td>
<td>
- <p><span><strong class="command">RDupQ</strong></span></p>
+ <p><span class="command"><strong>RDupQ</strong></span></p>
</td>
<td>
<p>
@@ -11239,7 +11376,7 @@ HOST-127.EXAMPLE. MX 0 .
IP address, port, query ID, name, type and class
already being processed.
This corresponds to the
- <span><strong class="command">duplicate</strong></span> counter
+ <span class="command"><strong>duplicate</strong></span> counter
of previous versions of
<acronym class="acronym">BIND</acronym> 9.
</p>
@@ -11247,10 +11384,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">QryDropped</strong></span></p>
+ <p><span class="command"><strong>QryDropped</strong></span></p>
</td>
<td>
- <p><span><strong class="command"></strong></span></p>
+ <p><span class="command"><strong></strong></span></p>
</td>
<td>
<p>
@@ -11260,14 +11397,14 @@ HOST-127.EXAMPLE. MX 0 .
class and were subsequently dropped.
This is the number of dropped queries due to
the reason explained with the
- <span><strong class="command">clients-per-query</strong></span>
+ <span class="command"><strong>clients-per-query</strong></span>
and
- <span><strong class="command">max-clients-per-query</strong></span>
+ <span class="command"><strong>max-clients-per-query</strong></span>
options
(see the description about
- <a href="Bv9ARM.ch06.html#clients-per-query"><span><strong class="command">clients-per-query</strong></span></a>.)
+ <a class="xref" href="Bv9ARM.ch06.html#clients-per-query"><span class="command"><strong>clients-per-query</strong></span></a>.)
This corresponds to the
- <span><strong class="command">dropped</strong></span> counter
+ <span class="command"><strong>dropped</strong></span> counter
of previous versions of
<acronym class="acronym">BIND</acronym> 9.
</p>
@@ -11275,23 +11412,23 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">QryFailure</strong></span></p>
+ <p><span class="command"><strong>QryFailure</strong></span></p>
</td>
<td>
- <p><span><strong class="command"></strong></span></p>
+ <p><span class="command"><strong></strong></span></p>
</td>
<td>
<p>
Other query failures.
This corresponds to the
- <span><strong class="command">failure</strong></span> counter
+ <span class="command"><strong>failure</strong></span> counter
of previous versions of
<acronym class="acronym">BIND</acronym> 9.
Note: this counter is provided mainly for
backward compatibility with the previous versions.
Normally a more fine-grained counters such as
- <span><strong class="command">AuthQryRej</strong></span> and
- <span><strong class="command">RecQryRej</strong></span>
+ <span class="command"><strong>AuthQryRej</strong></span> and
+ <span class="command"><strong>RecQryRej</strong></span>
that would also fall into this counter are provided,
and so this counter would not be of much
interest in practice.
@@ -11300,10 +11437,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">XfrReqDone</strong></span></p>
+ <p><span class="command"><strong>XfrReqDone</strong></span></p>
</td>
<td>
- <p><span><strong class="command"></strong></span></p>
+ <p><span class="command"><strong></strong></span></p>
</td>
<td>
<p>
@@ -11313,10 +11450,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">UpdateReqFwd</strong></span></p>
+ <p><span class="command"><strong>UpdateReqFwd</strong></span></p>
</td>
<td>
- <p><span><strong class="command"></strong></span></p>
+ <p><span class="command"><strong></strong></span></p>
</td>
<td>
<p>
@@ -11326,10 +11463,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">UpdateRespFwd</strong></span></p>
+ <p><span class="command"><strong>UpdateRespFwd</strong></span></p>
</td>
<td>
- <p><span><strong class="command"></strong></span></p>
+ <p><span class="command"><strong></strong></span></p>
</td>
<td>
<p>
@@ -11339,10 +11476,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">UpdateFwdFail</strong></span></p>
+ <p><span class="command"><strong>UpdateFwdFail</strong></span></p>
</td>
<td>
- <p><span><strong class="command"></strong></span></p>
+ <p><span class="command"><strong></strong></span></p>
</td>
<td>
<p>
@@ -11352,10 +11489,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">UpdateDone</strong></span></p>
+ <p><span class="command"><strong>UpdateDone</strong></span></p>
</td>
<td>
- <p><span><strong class="command"></strong></span></p>
+ <p><span class="command"><strong></strong></span></p>
</td>
<td>
<p>
@@ -11365,10 +11502,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">UpdateFail</strong></span></p>
+ <p><span class="command"><strong>UpdateFail</strong></span></p>
</td>
<td>
- <p><span><strong class="command"></strong></span></p>
+ <p><span class="command"><strong></strong></span></p>
</td>
<td>
<p>
@@ -11378,10 +11515,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">UpdateBadPrereq</strong></span></p>
+ <p><span class="command"><strong>UpdateBadPrereq</strong></span></p>
</td>
<td>
- <p><span><strong class="command"></strong></span></p>
+ <p><span class="command"><strong></strong></span></p>
</td>
<td>
<p>
@@ -11391,10 +11528,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">RPZRewrites</strong></span></p>
+ <p><span class="command"><strong>RPZRewrites</strong></span></p>
</td>
<td>
- <p><span><strong class="command"></strong></span></p>
+ <p><span class="command"><strong></strong></span></p>
</td>
<td>
<p>
@@ -11404,10 +11541,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">RateDropped</strong></span></p>
+ <p><span class="command"><strong>RateDropped</strong></span></p>
</td>
<td>
- <p><span><strong class="command"></strong></span></p>
+ <p><span class="command"><strong></strong></span></p>
</td>
<td>
<p>
@@ -11417,10 +11554,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">RateSlipped</strong></span></p>
+ <p><span class="command"><strong>RateSlipped</strong></span></p>
</td>
<td>
- <p><span><strong class="command"></strong></span></p>
+ <p><span class="command"><strong></strong></span></p>
</td>
<td>
<p>
@@ -11431,13 +11568,13 @@ HOST-127.EXAMPLE. MX 0 .
</tbody>
</table></div>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2603745"></a>Zone Maintenance Statistics Counters</h4></div></div></div>
+<a name="zone_stats"></a>Zone Maintenance Statistics Counters</h4></div></div></div>
<div class="informaltable"><table border="1">
<colgroup>
-<col>
-<col>
+<col width="1.150in" class="1">
+<col width="3.350in" class="2">
</colgroup>
<tbody>
<tr>
@@ -11454,7 +11591,7 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">NotifyOutv4</strong></span></p>
+ <p><span class="command"><strong>NotifyOutv4</strong></span></p>
</td>
<td>
<p>
@@ -11464,7 +11601,7 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">NotifyOutv6</strong></span></p>
+ <p><span class="command"><strong>NotifyOutv6</strong></span></p>
</td>
<td>
<p>
@@ -11474,7 +11611,7 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">NotifyInv4</strong></span></p>
+ <p><span class="command"><strong>NotifyInv4</strong></span></p>
</td>
<td>
<p>
@@ -11484,7 +11621,7 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">NotifyInv6</strong></span></p>
+ <p><span class="command"><strong>NotifyInv6</strong></span></p>
</td>
<td>
<p>
@@ -11494,7 +11631,7 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">NotifyRej</strong></span></p>
+ <p><span class="command"><strong>NotifyRej</strong></span></p>
</td>
<td>
<p>
@@ -11504,7 +11641,7 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">SOAOutv4</strong></span></p>
+ <p><span class="command"><strong>SOAOutv4</strong></span></p>
</td>
<td>
<p>
@@ -11514,7 +11651,7 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">SOAOutv6</strong></span></p>
+ <p><span class="command"><strong>SOAOutv6</strong></span></p>
</td>
<td>
<p>
@@ -11524,7 +11661,7 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">AXFRReqv4</strong></span></p>
+ <p><span class="command"><strong>AXFRReqv4</strong></span></p>
</td>
<td>
<p>
@@ -11534,7 +11671,7 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">AXFRReqv6</strong></span></p>
+ <p><span class="command"><strong>AXFRReqv6</strong></span></p>
</td>
<td>
<p>
@@ -11544,7 +11681,7 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">IXFRReqv4</strong></span></p>
+ <p><span class="command"><strong>IXFRReqv4</strong></span></p>
</td>
<td>
<p>
@@ -11554,7 +11691,7 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">IXFRReqv6</strong></span></p>
+ <p><span class="command"><strong>IXFRReqv6</strong></span></p>
</td>
<td>
<p>
@@ -11564,7 +11701,7 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">XfrSuccess</strong></span></p>
+ <p><span class="command"><strong>XfrSuccess</strong></span></p>
</td>
<td>
<p>
@@ -11574,7 +11711,7 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">XfrFail</strong></span></p>
+ <p><span class="command"><strong>XfrFail</strong></span></p>
</td>
<td>
<p>
@@ -11585,14 +11722,14 @@ HOST-127.EXAMPLE. MX 0 .
</tbody>
</table></div>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2604128"></a>Resolver Statistics Counters</h4></div></div></div>
+<a name="resolver_stats"></a>Resolver Statistics Counters</h4></div></div></div>
<div class="informaltable"><table border="1">
<colgroup>
-<col>
-<col>
-<col>
+<col width="1.150in" class="1">
+<col width="1.150in" class="2">
+<col width="3.350in" class="3">
</colgroup>
<tbody>
<tr>
@@ -11614,10 +11751,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">Queryv4</strong></span></p>
+ <p><span class="command"><strong>Queryv4</strong></span></p>
</td>
<td>
- <p><span><strong class="command">SFwdQ</strong></span></p>
+ <p><span class="command"><strong>SFwdQ</strong></span></p>
</td>
<td>
<p>
@@ -11627,10 +11764,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">Queryv6</strong></span></p>
+ <p><span class="command"><strong>Queryv6</strong></span></p>
</td>
<td>
- <p><span><strong class="command">SFwdQ</strong></span></p>
+ <p><span class="command"><strong>SFwdQ</strong></span></p>
</td>
<td>
<p>
@@ -11640,10 +11777,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">Responsev4</strong></span></p>
+ <p><span class="command"><strong>Responsev4</strong></span></p>
</td>
<td>
- <p><span><strong class="command">RR</strong></span></p>
+ <p><span class="command"><strong>RR</strong></span></p>
</td>
<td>
<p>
@@ -11653,10 +11790,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">Responsev6</strong></span></p>
+ <p><span class="command"><strong>Responsev6</strong></span></p>
</td>
<td>
- <p><span><strong class="command">RR</strong></span></p>
+ <p><span class="command"><strong>RR</strong></span></p>
</td>
<td>
<p>
@@ -11666,10 +11803,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">NXDOMAIN</strong></span></p>
+ <p><span class="command"><strong>NXDOMAIN</strong></span></p>
</td>
<td>
- <p><span><strong class="command">RNXD</strong></span></p>
+ <p><span class="command"><strong>RNXD</strong></span></p>
</td>
<td>
<p>
@@ -11679,10 +11816,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">SERVFAIL</strong></span></p>
+ <p><span class="command"><strong>SERVFAIL</strong></span></p>
</td>
<td>
- <p><span><strong class="command">RFail</strong></span></p>
+ <p><span class="command"><strong>RFail</strong></span></p>
</td>
<td>
<p>
@@ -11692,10 +11829,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">FORMERR</strong></span></p>
+ <p><span class="command"><strong>FORMERR</strong></span></p>
</td>
<td>
- <p><span><strong class="command">RFErr</strong></span></p>
+ <p><span class="command"><strong>RFErr</strong></span></p>
</td>
<td>
<p>
@@ -11705,10 +11842,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">OtherError</strong></span></p>
+ <p><span class="command"><strong>OtherError</strong></span></p>
</td>
<td>
- <p><span><strong class="command">RErr</strong></span></p>
+ <p><span class="command"><strong>RErr</strong></span></p>
</td>
<td>
<p>
@@ -11718,10 +11855,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">EDNS0Fail</strong></span></p>
+ <p><span class="command"><strong>EDNS0Fail</strong></span></p>
</td>
<td>
- <p><span><strong class="command"></strong></span></p>
+ <p><span class="command"><strong></strong></span></p>
</td>
<td>
<p>
@@ -11731,10 +11868,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">Mismatch</strong></span></p>
+ <p><span class="command"><strong>Mismatch</strong></span></p>
</td>
<td>
- <p><span><strong class="command">RDupR</strong></span></p>
+ <p><span class="command"><strong>RDupR</strong></span></p>
</td>
<td>
<p>
@@ -11743,7 +11880,7 @@ HOST-127.EXAMPLE. MX 0 .
and/or the response's source port does not
match what was expected.
(The port must be 53 or as defined by
- the <span><strong class="command">port</strong></span> option.)
+ the <span class="command"><strong>port</strong></span> option.)
This may be an indication of a cache
poisoning attempt.
</p>
@@ -11751,10 +11888,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">Truncated</strong></span></p>
+ <p><span class="command"><strong>Truncated</strong></span></p>
</td>
<td>
- <p><span><strong class="command"></strong></span></p>
+ <p><span class="command"><strong></strong></span></p>
</td>
<td>
<p>
@@ -11764,10 +11901,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">Lame</strong></span></p>
+ <p><span class="command"><strong>Lame</strong></span></p>
</td>
<td>
- <p><span><strong class="command">RLame</strong></span></p>
+ <p><span class="command"><strong>RLame</strong></span></p>
</td>
<td>
<p>
@@ -11777,10 +11914,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">Retry</strong></span></p>
+ <p><span class="command"><strong>Retry</strong></span></p>
</td>
<td>
- <p><span><strong class="command">SDupQ</strong></span></p>
+ <p><span class="command"><strong>SDupQ</strong></span></p>
</td>
<td>
<p>
@@ -11790,10 +11927,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">QueryAbort</strong></span></p>
+ <p><span class="command"><strong>QueryAbort</strong></span></p>
</td>
<td>
- <p><span><strong class="command"></strong></span></p>
+ <p><span class="command"><strong></strong></span></p>
</td>
<td>
<p>
@@ -11803,10 +11940,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">QuerySockFail</strong></span></p>
+ <p><span class="command"><strong>QuerySockFail</strong></span></p>
</td>
<td>
- <p><span><strong class="command"></strong></span></p>
+ <p><span class="command"><strong></strong></span></p>
</td>
<td>
<p>
@@ -11819,10 +11956,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">QueryTimeout</strong></span></p>
+ <p><span class="command"><strong>QueryTimeout</strong></span></p>
</td>
<td>
- <p><span><strong class="command"></strong></span></p>
+ <p><span class="command"><strong></strong></span></p>
</td>
<td>
<p>
@@ -11832,10 +11969,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">GlueFetchv4</strong></span></p>
+ <p><span class="command"><strong>GlueFetchv4</strong></span></p>
</td>
<td>
- <p><span><strong class="command">SSysQ</strong></span></p>
+ <p><span class="command"><strong>SSysQ</strong></span></p>
</td>
<td>
<p>
@@ -11845,10 +11982,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">GlueFetchv6</strong></span></p>
+ <p><span class="command"><strong>GlueFetchv6</strong></span></p>
</td>
<td>
- <p><span><strong class="command">SSysQ</strong></span></p>
+ <p><span class="command"><strong>SSysQ</strong></span></p>
</td>
<td>
<p>
@@ -11858,10 +11995,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">GlueFetchv4Fail</strong></span></p>
+ <p><span class="command"><strong>GlueFetchv4Fail</strong></span></p>
</td>
<td>
- <p><span><strong class="command"></strong></span></p>
+ <p><span class="command"><strong></strong></span></p>
</td>
<td>
<p>
@@ -11871,10 +12008,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">GlueFetchv6Fail</strong></span></p>
+ <p><span class="command"><strong>GlueFetchv6Fail</strong></span></p>
</td>
<td>
- <p><span><strong class="command"></strong></span></p>
+ <p><span class="command"><strong></strong></span></p>
</td>
<td>
<p>
@@ -11884,10 +12021,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">ValAttempt</strong></span></p>
+ <p><span class="command"><strong>ValAttempt</strong></span></p>
</td>
<td>
- <p><span><strong class="command"></strong></span></p>
+ <p><span class="command"><strong></strong></span></p>
</td>
<td>
<p>
@@ -11897,10 +12034,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">ValOk</strong></span></p>
+ <p><span class="command"><strong>ValOk</strong></span></p>
</td>
<td>
- <p><span><strong class="command"></strong></span></p>
+ <p><span class="command"><strong></strong></span></p>
</td>
<td>
<p>
@@ -11910,10 +12047,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">ValNegOk</strong></span></p>
+ <p><span class="command"><strong>ValNegOk</strong></span></p>
</td>
<td>
- <p><span><strong class="command"></strong></span></p>
+ <p><span class="command"><strong></strong></span></p>
</td>
<td>
<p>
@@ -11923,10 +12060,10 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">ValFail</strong></span></p>
+ <p><span class="command"><strong>ValFail</strong></span></p>
</td>
<td>
- <p><span><strong class="command"></strong></span></p>
+ <p><span class="command"><strong></strong></span></p>
</td>
<td>
<p>
@@ -11936,60 +12073,60 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">QryRTTnn</strong></span></p>
+ <p><span class="command"><strong>QryRTTnn</strong></span></p>
</td>
<td>
- <p><span><strong class="command"></strong></span></p>
+ <p><span class="command"><strong></strong></span></p>
</td>
<td>
<p>
Frequency table on round trip times (RTTs) of
queries.
- Each <span><strong class="command">nn</strong></span> specifies the corresponding
+ Each <span class="command"><strong>nn</strong></span> specifies the corresponding
frequency.
In the sequence of
- <span><strong class="command">nn_1</strong></span>,
- <span><strong class="command">nn_2</strong></span>,
+ <span class="command"><strong>nn_1</strong></span>,
+ <span class="command"><strong>nn_2</strong></span>,
...,
- <span><strong class="command">nn_m</strong></span>,
- the value of <span><strong class="command">nn_i</strong></span> is the
+ <span class="command"><strong>nn_m</strong></span>,
+ the value of <span class="command"><strong>nn_i</strong></span> is the
number of queries whose RTTs are between
- <span><strong class="command">nn_(i-1)</strong></span> (inclusive) and
- <span><strong class="command">nn_i</strong></span> (exclusive) milliseconds.
+ <span class="command"><strong>nn_(i-1)</strong></span> (inclusive) and
+ <span class="command"><strong>nn_i</strong></span> (exclusive) milliseconds.
For the sake of convenience we define
- <span><strong class="command">nn_0</strong></span> to be 0.
+ <span class="command"><strong>nn_0</strong></span> to be 0.
The last entry should be represented as
- <span><strong class="command">nn_m+</strong></span>, which means the
+ <span class="command"><strong>nn_m+</strong></span>, which means the
number of queries whose RTTs are equal to or over
- <span><strong class="command">nn_m</strong></span> milliseconds.
+ <span class="command"><strong>nn_m</strong></span> milliseconds.
</p>
</td>
</tr>
</tbody>
</table></div>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2605149"></a>Socket I/O Statistics Counters</h4></div></div></div>
+<a name="socket_stats"></a>Socket I/O Statistics Counters</h4></div></div></div>
<p>
Socket I/O statistics counters are defined per socket
types, which are
- <span><strong class="command">UDP4</strong></span> (UDP/IPv4),
- <span><strong class="command">UDP6</strong></span> (UDP/IPv6),
- <span><strong class="command">TCP4</strong></span> (TCP/IPv4),
- <span><strong class="command">TCP6</strong></span> (TCP/IPv6),
- <span><strong class="command">Unix</strong></span> (Unix Domain), and
- <span><strong class="command">FDwatch</strong></span> (sockets opened outside the
+ <span class="command"><strong>UDP4</strong></span> (UDP/IPv4),
+ <span class="command"><strong>UDP6</strong></span> (UDP/IPv6),
+ <span class="command"><strong>TCP4</strong></span> (TCP/IPv4),
+ <span class="command"><strong>TCP6</strong></span> (TCP/IPv6),
+ <span class="command"><strong>Unix</strong></span> (Unix Domain), and
+ <span class="command"><strong>FDwatch</strong></span> (sockets opened outside the
socket module).
- In the following table <span><strong class="command">&lt;TYPE&gt;</strong></span>
+ In the following table <span class="command"><strong>&lt;TYPE&gt;</strong></span>
represents a socket type.
Not all counters are available for all socket types;
exceptions are noted in the description field.
</p>
<div class="informaltable"><table border="1">
<colgroup>
-<col>
-<col>
+<col width="1.150in" class="1">
+<col width="3.350in" class="2">
</colgroup>
<tbody>
<tr>
@@ -12006,31 +12143,31 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">&lt;TYPE&gt;Open</strong></span></p>
+ <p><span class="command"><strong>&lt;TYPE&gt;Open</strong></span></p>
</td>
<td>
<p>
Sockets opened successfully.
This counter is not applicable to the
- <span><strong class="command">FDwatch</strong></span> type.
+ <span class="command"><strong>FDwatch</strong></span> type.
</p>
</td>
</tr>
<tr>
<td>
- <p><span><strong class="command">&lt;TYPE&gt;OpenFail</strong></span></p>
+ <p><span class="command"><strong>&lt;TYPE&gt;OpenFail</strong></span></p>
</td>
<td>
<p>
Failures of opening sockets.
This counter is not applicable to the
- <span><strong class="command">FDwatch</strong></span> type.
+ <span class="command"><strong>FDwatch</strong></span> type.
</p>
</td>
</tr>
<tr>
<td>
- <p><span><strong class="command">&lt;TYPE&gt;Close</strong></span></p>
+ <p><span class="command"><strong>&lt;TYPE&gt;Close</strong></span></p>
</td>
<td>
<p>
@@ -12040,7 +12177,7 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">&lt;TYPE&gt;BindFail</strong></span></p>
+ <p><span class="command"><strong>&lt;TYPE&gt;BindFail</strong></span></p>
</td>
<td>
<p>
@@ -12050,7 +12187,7 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">&lt;TYPE&gt;ConnFail</strong></span></p>
+ <p><span class="command"><strong>&lt;TYPE&gt;ConnFail</strong></span></p>
</td>
<td>
<p>
@@ -12060,7 +12197,7 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">&lt;TYPE&gt;Conn</strong></span></p>
+ <p><span class="command"><strong>&lt;TYPE&gt;Conn</strong></span></p>
</td>
<td>
<p>
@@ -12070,46 +12207,46 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
<tr>
<td>
- <p><span><strong class="command">&lt;TYPE&gt;AcceptFail</strong></span></p>
+ <p><span class="command"><strong>&lt;TYPE&gt;AcceptFail</strong></span></p>
</td>
<td>
<p>
Failures of accepting incoming connection requests.
This counter is not applicable to the
- <span><strong class="command">UDP</strong></span> and
- <span><strong class="command">FDwatch</strong></span> types.
+ <span class="command"><strong>UDP</strong></span> and
+ <span class="command"><strong>FDwatch</strong></span> types.
</p>
</td>
</tr>
<tr>
<td>
- <p><span><strong class="command">&lt;TYPE&gt;Accept</strong></span></p>
+ <p><span class="command"><strong>&lt;TYPE&gt;Accept</strong></span></p>
</td>
<td>
<p>
Incoming connections successfully accepted.
This counter is not applicable to the
- <span><strong class="command">UDP</strong></span> and
- <span><strong class="command">FDwatch</strong></span> types.
+ <span class="command"><strong>UDP</strong></span> and
+ <span class="command"><strong>FDwatch</strong></span> types.
</p>
</td>
</tr>
<tr>
<td>
- <p><span><strong class="command">&lt;TYPE&gt;SendErr</strong></span></p>
+ <p><span class="command"><strong>&lt;TYPE&gt;SendErr</strong></span></p>
</td>
<td>
<p>
Errors in socket send operations.
This counter corresponds
- to <span><strong class="command">SErr</strong></span> counter of
- <span><strong class="command">BIND</strong></span> 8.
+ to <span class="command"><strong>SErr</strong></span> counter of
+ <span class="command"><strong>BIND</strong></span> 8.
</p>
</td>
</tr>
<tr>
<td>
- <p><span><strong class="command">&lt;TYPE&gt;RecvErr</strong></span></p>
+ <p><span class="command"><strong>&lt;TYPE&gt;RecvErr</strong></span></p>
</td>
<td>
<p>
@@ -12123,36 +12260,36 @@ HOST-127.EXAMPLE. MX 0 .
</tbody>
</table></div>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2605523"></a>Compatibility with <span class="emphasis"><em>BIND</em></span> 8 Counters</h4></div></div></div>
+<a name="bind8_compatibility"></a>Compatibility with <span class="emphasis"><em>BIND</em></span> 8 Counters</h4></div></div></div>
<p>
Most statistics counters that were available
- in <span><strong class="command">BIND</strong></span> 8 are also supported in
- <span><strong class="command">BIND</strong></span> 9 as shown in the above tables.
+ in <span class="command"><strong>BIND</strong></span> 8 are also supported in
+ <span class="command"><strong>BIND</strong></span> 9 as shown in the above tables.
Here are notes about other counters that do not appear
in these tables.
</p>
-<div class="variablelist"><dl>
-<dt><span class="term"><span><strong class="command">RFwdR,SFwdR</strong></span></span></dt>
+<div class="variablelist"><dl class="variablelist">
+<dt><span class="term"><span class="command"><strong>RFwdR,SFwdR</strong></span></span></dt>
<dd><p>
These counters are not supported
- because <span><strong class="command">BIND</strong></span> 9 does not adopt
+ because <span class="command"><strong>BIND</strong></span> 9 does not adopt
the notion of <span class="emphasis"><em>forwarding</em></span>
- as <span><strong class="command">BIND</strong></span> 8 did.
+ as <span class="command"><strong>BIND</strong></span> 8 did.
</p></dd>
-<dt><span class="term"><span><strong class="command">RAXFR</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>RAXFR</strong></span></span></dt>
<dd><p>
This counter is accessible in the Incoming Queries section.
</p></dd>
-<dt><span class="term"><span><strong class="command">RIQ</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>RIQ</strong></span></span></dt>
<dd><p>
This counter is accessible in the Incoming Requests section.
</p></dd>
-<dt><span class="term"><span><strong class="command">ROpts</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>ROpts</strong></span></span></dt>
<dd><p>
This counter is not supported
- because <span><strong class="command">BIND</strong></span> 9 does not care
+ because <span class="command"><strong>BIND</strong></span> 9 does not care
about IP options in the first place.
</p></dd>
</dl></div>
@@ -12177,6 +12314,6 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.9.8-P4 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/Bv9ARM.ch07.html b/doc/arm/Bv9ARM.ch07.html
index bdfca511662a..95aa52f2f0bd 100644
--- a/doc/arm/Bv9ARM.ch07.html
+++ b/doc/arm/Bv9ARM.ch07.html
@@ -14,13 +14,12 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Chapter 7. BIND 9 Security Considerations</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
+<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="prev" href="Bv9ARM.ch06.html" title="Chapter 6. BIND 9 Configuration Reference">
<link rel="next" href="Bv9ARM.ch08.html" title="Chapter 8. Troubleshooting">
@@ -39,30 +38,30 @@
</table>
<hr>
</div>
-<div class="chapter" lang="en">
-<div class="titlepage"><div><div><h2 class="title">
-<a name="Bv9ARM.ch07"></a>Chapter 7. <acronym class="acronym">BIND</acronym> 9 Security Considerations</h2></div></div></div>
+<div class="chapter">
+<div class="titlepage"><div><div><h1 class="title">
+<a name="Bv9ARM.ch07"></a>Chapter 7. <acronym class="acronym">BIND</acronym> 9 Security Considerations</h1></div></div></div>
<div class="toc">
<p><b>Table of Contents</b></p>
-<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2605750"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
+<dl class="toc">
+<dt><span class="section"><a href="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch07.html#chroot_and_setuid"><span class="command"><strong>Chroot</strong></span> and <span class="command"><strong>Setuid</strong></span></a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2605831">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2605959">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch07.html#chroot">The <span class="command"><strong>chroot</strong></span> Environment</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch07.html#setuid">Using the <span class="command"><strong>setuid</strong></span> Function</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch07.html#dynamic_update_security">Dynamic Update Security</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch07.html#dynamic_update_security">Dynamic Update Security</a></span></dt>
</dl>
</div>
-<div class="sect1" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="Access_Control_Lists"></a>Access Control Lists</h2></div></div></div>
<p>
Access Control Lists (ACLs) are address match lists that
- you can set up and nickname for future use in <span><strong class="command">allow-notify</strong></span>,
- <span><strong class="command">allow-query</strong></span>, <span><strong class="command">allow-query-on</strong></span>,
- <span><strong class="command">allow-recursion</strong></span>, <span><strong class="command">allow-recursion-on</strong></span>,
- <span><strong class="command">blackhole</strong></span>, <span><strong class="command">allow-transfer</strong></span>,
+ you can set up and nickname for future use in <span class="command"><strong>allow-notify</strong></span>,
+ <span class="command"><strong>allow-query</strong></span>, <span class="command"><strong>allow-query-on</strong></span>,
+ <span class="command"><strong>allow-recursion</strong></span>, <span class="command"><strong>allow-recursion-on</strong></span>,
+ <span class="command"><strong>blackhole</strong></span>, <span class="command"><strong>allow-transfer</strong></span>,
etc.
</p>
<p>
@@ -112,15 +111,15 @@ zone "example.com" {
unless recursion has been previously disabled.
</p>
</div>
-<div class="sect1" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2605750"></a><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span>
+<a name="chroot_and_setuid"></a><span class="command"><strong>Chroot</strong></span> and <span class="command"><strong>Setuid</strong></span>
</h2></div></div></div>
<p>
On UNIX servers, it is possible to run <acronym class="acronym">BIND</acronym>
in a <span class="emphasis"><em>chrooted</em></span> environment (using
- the <span><strong class="command">chroot()</strong></span> function) by specifying
- the "<code class="option">-t</code>" option for <span><strong class="command">named</strong></span>.
+ the <span class="command"><strong>chroot()</strong></span> function) by specifying
+ the "<code class="option">-t</code>" option for <span class="command"><strong>named</strong></span>.
This can help improve system security by placing
<acronym class="acronym">BIND</acronym> in a "sandbox", which will limit
the damage done if a server is compromised.
@@ -128,21 +127,21 @@ zone "example.com" {
<p>
Another useful feature in the UNIX version of <acronym class="acronym">BIND</acronym> is the
ability to run the daemon as an unprivileged user ( <code class="option">-u</code> <em class="replaceable"><code>user</code></em> ).
- We suggest running as an unprivileged user when using the <span><strong class="command">chroot</strong></span> feature.
+ We suggest running as an unprivileged user when using the <span class="command"><strong>chroot</strong></span> feature.
</p>
<p>
- Here is an example command line to load <acronym class="acronym">BIND</acronym> in a <span><strong class="command">chroot</strong></span> sandbox,
- <span><strong class="command">/var/named</strong></span>, and to run <span><strong class="command">named</strong></span> <span><strong class="command">setuid</strong></span> to
+ Here is an example command line to load <acronym class="acronym">BIND</acronym> in a <span class="command"><strong>chroot</strong></span> sandbox,
+ <span class="command"><strong>/var/named</strong></span>, and to run <span class="command"><strong>named</strong></span> <span class="command"><strong>setuid</strong></span> to
user 202:
</p>
<p>
<strong class="userinput"><code>/usr/local/sbin/named -u 202 -t /var/named</code></strong>
</p>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2605831"></a>The <span><strong class="command">chroot</strong></span> Environment</h3></div></div></div>
+<a name="chroot"></a>The <span class="command"><strong>chroot</strong></span> Environment</h3></div></div></div>
<p>
- In order for a <span><strong class="command">chroot</strong></span> environment
+ In order for a <span class="command"><strong>chroot</strong></span> environment
to
work properly in a particular directory
(for example, <code class="filename">/var/named</code>),
@@ -151,12 +150,12 @@ zone "example.com" {
From <acronym class="acronym">BIND</acronym>'s point of view, <code class="filename">/var/named</code> is
the root of the filesystem. You will need to adjust the values of
options like
- like <span><strong class="command">directory</strong></span> and <span><strong class="command">pid-file</strong></span> to account
+ like <span class="command"><strong>directory</strong></span> and <span class="command"><strong>pid-file</strong></span> to account
for this.
</p>
<p>
Unlike with earlier versions of BIND, you typically will
- <span class="emphasis"><em>not</em></span> need to compile <span><strong class="command">named</strong></span>
+ <span class="emphasis"><em>not</em></span> need to compile <span class="command"><strong>named</strong></span>
statically nor install shared libraries under the new root.
However, depending on your operating system, you may need
to set up things like
@@ -166,15 +165,15 @@ zone "example.com" {
<code class="filename">/etc/localtime</code>.
</p>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2605959"></a>Using the <span><strong class="command">setuid</strong></span> Function</h3></div></div></div>
+<a name="setuid"></a>Using the <span class="command"><strong>setuid</strong></span> Function</h3></div></div></div>
<p>
- Prior to running the <span><strong class="command">named</strong></span> daemon,
+ Prior to running the <span class="command"><strong>named</strong></span> daemon,
use
- the <span><strong class="command">touch</strong></span> utility (to change file
+ the <span class="command"><strong>touch</strong></span> utility (to change file
access and
- modification times) or the <span><strong class="command">chown</strong></span>
+ modification times) or the <span class="command"><strong>chown</strong></span>
utility (to
set the user id and/or group id) on files
to which you want <acronym class="acronym">BIND</acronym>
@@ -182,13 +181,15 @@ zone "example.com" {
</p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
- Note that if the <span><strong class="command">named</strong></span> daemon is running as an
+<p>
+ If the <span class="command"><strong>named</strong></span> daemon is running as an
unprivileged user, it will not be able to bind to new restricted
ports if the server is reloaded.
- </div>
+ </p>
+</div>
</div>
</div>
-<div class="sect1" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="dynamic_update_security"></a>Dynamic Update Security</h2></div></div></div>
<p>
@@ -198,12 +199,12 @@ zone "example.com" {
based on the IP
address of the host requesting the update, by listing an IP address
or
- network prefix in the <span><strong class="command">allow-update</strong></span>
+ network prefix in the <span class="command"><strong>allow-update</strong></span>
zone option.
This method is insecure since the source address of the update UDP
packet
is easily forged. Also note that if the IP addresses allowed by the
- <span><strong class="command">allow-update</strong></span> option include the
+ <span class="command"><strong>allow-update</strong></span> option include the
address of a slave
server which performs forwarding of dynamic updates, the master can
be
@@ -214,10 +215,10 @@ zone "example.com" {
<p>
For these reasons, we strongly recommend that updates be
cryptographically authenticated by means of transaction signatures
- (TSIG). That is, the <span><strong class="command">allow-update</strong></span>
+ (TSIG). That is, the <span class="command"><strong>allow-update</strong></span>
option should
list only TSIG key names, not IP addresses or network
- prefixes. Alternatively, the new <span><strong class="command">update-policy</strong></span>
+ prefixes. Alternatively, the new <span class="command"><strong>update-policy</strong></span>
option can be used.
</p>
<p>
@@ -247,6 +248,6 @@ zone "example.com" {
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.9.8-P4 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/Bv9ARM.ch08.html b/doc/arm/Bv9ARM.ch08.html
index 8a25488b22b2..4120cfc426f3 100644
--- a/doc/arm/Bv9ARM.ch08.html
+++ b/doc/arm/Bv9ARM.ch08.html
@@ -14,13 +14,12 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Chapter 8. Troubleshooting</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
+<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="prev" href="Bv9ARM.ch07.html" title="Chapter 7. BIND 9 Security Considerations">
<link rel="next" href="Bv9ARM.ch09.html" title="Appendix A. Release Notes">
@@ -39,24 +38,24 @@
</table>
<hr>
</div>
-<div class="chapter" lang="en">
-<div class="titlepage"><div><div><h2 class="title">
-<a name="Bv9ARM.ch08"></a>Chapter 8. Troubleshooting</h2></div></div></div>
+<div class="chapter">
+<div class="titlepage"><div><div><h1 class="title">
+<a name="Bv9ARM.ch08"></a>Chapter 8. Troubleshooting</h1></div></div></div>
<div class="toc">
<p><b>Table of Contents</b></p>
-<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2606107">Common Problems</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2606113">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2606124">Incrementing and Changing the Serial Number</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2606141">Where Can I Get Help?</a></span></dt>
+<dl class="toc">
+<dt><span class="section"><a href="Bv9ARM.ch08.html#common_problems">Common Problems</a></span></dt>
+<dd><dl><dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2.2">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
+<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.3">Incrementing and Changing the Serial Number</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch08.html#more_help">Where Can I Get Help?</a></span></dt>
</dl>
</div>
-<div class="sect1" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2606107"></a>Common Problems</h2></div></div></div>
-<div class="sect2" lang="en">
+<a name="common_problems"></a>Common Problems</h2></div></div></div>
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2606113"></a>It's not working; how can I figure out what's wrong?</h3></div></div></div>
+<a name="id-1.9.2.2"></a>It's not working; how can I figure out what's wrong?</h3></div></div></div>
<p>
The best solution to solving installation and
configuration issues is to take preventative measures by setting
@@ -66,9 +65,9 @@
</p>
</div>
</div>
-<div class="sect1" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2606124"></a>Incrementing and Changing the Serial Number</h2></div></div></div>
+<a name="id-1.9.3"></a>Incrementing and Changing the Serial Number</h2></div></div></div>
<p>
Zone serial numbers are just numbers &#8212; they aren't
date related. A lot of people set them to a number that
@@ -93,9 +92,9 @@
it to be, and reload the zone again.
</p>
</div>
-<div class="sect1" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2606141"></a>Where Can I Get Help?</h2></div></div></div>
+<a name="more_help"></a>Where Can I Get Help?</h2></div></div></div>
<p>
The Internet Systems Consortium
(<acronym class="acronym">ISC</acronym>) offers a wide range
@@ -111,9 +110,9 @@
</p>
<p>
To discuss arrangements for support, contact
- <a href="mailto:info@isc.org" target="_top">info@isc.org</a> or visit the
+ <a class="link" href="mailto:info@isc.org" target="_top">info@isc.org</a> or visit the
<acronym class="acronym">ISC</acronym> web page at
- <a href="http://www.isc.org/services/support/" target="_top">http://www.isc.org/services/support/</a>
+ <a class="link" href="http://www.isc.org/services/support/" target="_top">http://www.isc.org/services/support/</a>
to read more.
</p>
</div>
@@ -135,6 +134,6 @@
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.9.8-P4 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html
index 706fb8b602b9..08d15df68710 100644
--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -14,13 +14,12 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Appendix A. Release Notes</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
+<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="prev" href="Bv9ARM.ch08.html" title="Chapter 8. Troubleshooting">
<link rel="next" href="Bv9ARM.ch10.html" title="Appendix B. A Brief History of the DNS and BIND">
@@ -39,136 +38,130 @@
</table>
<hr>
</div>
-<div class="appendix" lang="en">
-<div class="titlepage"><div><div><h2 class="title">
-<a name="Bv9ARM.ch09"></a>Appendix A. Release Notes</h2></div></div></div>
+<div class="appendix">
+<div class="titlepage"><div><div><h1 class="title">
+<a name="Bv9ARM.ch09"></a>Release Notes</h1></div></div></div>
<div class="toc">
<p><b>Table of Contents</b></p>
-<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2563593">Release Notes for BIND Version 9.9.8-P4</a></span></dt>
+<dl class="toc">
+<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.9.9-P3</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_security">Security Fixes</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_features">New Features</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_changes">Feature Changes</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_bugs">Bug Fixes</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#end_of_life">End of Life</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_thanks">Thank You</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_security">Security Fixes</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_features">New Features</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_changes">Feature Changes</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_port">Porting Changes</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_bugs">Bug Fixes</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#end_of_life">End of Life</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_thanks">Thank You</a></span></dt>
</dl></dd>
</dl>
</div>
-<div class="sect1" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2563593"></a>Release Notes for BIND Version 9.9.8-P4</h2></div></div></div>
-<div class="sect2" lang="en">
+<a name="id-1.10.2"></a>Release Notes for BIND Version 9.9.9-P3</h2></div></div></div>
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_intro"></a>Introduction</h3></div></div></div>
<p>
- This document summarizes changes since BIND 9.9.8:
+ This document summarizes changes since BIND 9.9.9:
</p>
<p>
- BIND 9.9.8-P4 addresses the security issues described in
- CVE-2016-1285 and CVE-2016-1286.
+ BIND 9.10.9-P3 addresses the security issue described in
+ CVE-2016-2776.
</p>
<p>
- BIND 9.9.8-P3 addresses the security issue described in CVE-2015-8704.
- It also fixes a serious regression in authoritative server selection
- that was introduced in 9.9.8.
+ BIND 9.9.9-P2 addresses the security issue described in
+ CVE-2016-2775.
</p>
<p>
- BIND 9.9.8-P2 addresses security issues described in CVE-2015-3193
- (OpenSSL), CVE-2015-8000 and CVE-2015-8461.
- </p>
-<p>
- BIND 9.9.8-P1 was incomplete and was withdrawn prior to publication.
+ BIND 9.9.9-P1 addresses Windows installation issues and a race
+ condition in the rbt/rbtdb implementation resulting in named
+ exiting due to assertion failures being detected.
</p>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_download"></a>Download</h3></div></div></div>
<p>
The latest versions of BIND 9 software can always be found at
- <a href="http://www.isc.org/downloads/" target="_top">http://www.isc.org/downloads/</a>.
+ <a class="link" href="http://www.isc.org/downloads/" target="_top">http://www.isc.org/downloads/</a>.
There you will find additional information about each release,
source code, and pre-compiled versions for Microsoft Windows
operating systems.
</p>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
-<div class="itemizedlist"><ul type="disc">
-<li><p>
- The resolver could abort with an assertion failure due to
- improper DNAME handling when parsing fetch reply
- messages. This flaw is disclosed in CVE-2016-1286. [RT #41753]
- </p></li>
-<li><p>
- Malformed control messages can trigger assertions in named
- and rndc. This flaw is disclosed in CVE-2016-1285. [RT
- #41666]
- </p></li>
-<li><p>
- Specific APL data could trigger an INSIST. This flaw
- is disclosed in CVE-2015-8704. [RT #41396]
+<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem"><p>
+ It was possible to trigger a assertion when rendering a
+ message using a specially crafted request. This flaw is
+ disclosed in CVE-2016-2776. [RT #43139]
</p></li>
-<li><p>
- Named is potentially vulnerable to the OpenSSL vulnerability
- described in CVE-2015-3193.
- </p></li>
-<li><p>
- Incorrect reference counting could result in an INSIST
- failure if a socket error occurred while performing a
- lookup. This flaw is disclosed in CVE-2015-8461. [RT#40945]
- </p></li>
-<li><p>
- Insufficient testing when parsing a message allowed
- records with an incorrect class to be be accepted,
- triggering a REQUIRE failure when those records
- were subsequently cached. This flaw is disclosed
- in CVE-2015-8000. [RT #40987]
+<li class="listitem"><p>
+ getrrsetbyname with a non absolute name could trigger an
+ infinite recursion bug in lwresd and named with lwres
+ configured if when combined with a search list entry the
+ resulting name is too long. This flaw is disclosed in
+ CVE-2016-2775. [RT #42694]
</p></li>
</ul></div>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_features"></a>New Features</h3></div></div></div>
-<div class="itemizedlist"><ul type="disc"><li><p>None</p></li></ul></div>
+<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
+ None.
+ </p></li></ul></div>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
-<div class="itemizedlist"><ul type="disc"><li><p>
- Updated the compiled in addresses for H.ROOT-SERVERS.NET.
+<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
+ None.
</p></li></ul></div>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
-<div class="itemizedlist"><ul type="disc"><li><p>
- Authoritative servers that were marked as bogus (e.g. blackholed
- in configuration or with invalid addresses) were being queried
- anyway. [RT #41321]
+<a name="relnotes_port"></a>Porting Changes</h3></div></div></div>
+<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
+ None.
</p></li></ul></div>
</div>
-<div class="sect2" lang="en">
+<div class="section">
+<div class="titlepage"><div><div><h3 class="title">
+<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
+<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem"><p>
+ Windows installs were failing due to triggering UAC without
+ the installation binary being signed.
+ </p></li>
+<li class="listitem"><p>
+ A race condition in rbt/rbtdb was leading to INSISTs being
+ triggered.
+ </p></li>
+</ul></div>
+</div>
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="end_of_life"></a>End of Life</h3></div></div></div>
<p>
- The BIND 9.9 (Extended Support Version) will be supported until
+ BIND 9.9 (Extended Support Version) will be supported until
December, 2017.
- <a href="https://www.isc.org/downloads/software-support-policy/" target="_top">https://www.isc.org/downloads/software-support-policy/</a>
+ <a class="link" href="https://www.isc.org/downloads/software-support-policy/" target="_top">https://www.isc.org/downloads/software-support-policy/</a>
</p>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_thanks"></a>Thank You</h3></div></div></div>
<p>
Thank you to everyone who assisted us in making this release possible.
If you would like to contribute to ISC to assist us in continuing to
make quality open source software, please visit our donations page at
- <a href="http://www.isc.org/donate/" target="_top">http://www.isc.org/donate/</a>.
+ <a class="link" href="http://www.isc.org/donate/" target="_top">http://www.isc.org/donate/</a>.
</p>
</div>
</div>
@@ -191,6 +184,6 @@
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.9.8-P4 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/Bv9ARM.ch10.html b/doc/arm/Bv9ARM.ch10.html
index 763d446cd404..e2c60355c34f 100644
--- a/doc/arm/Bv9ARM.ch10.html
+++ b/doc/arm/Bv9ARM.ch10.html
@@ -14,13 +14,12 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Appendix B. A Brief History of the DNS and BIND</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
+<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="prev" href="Bv9ARM.ch09.html" title="Appendix A. Release Notes">
<link rel="next" href="Bv9ARM.ch11.html" title="Appendix C. General DNS Reference Information">
@@ -40,111 +39,104 @@
</table>
<hr>
</div>
-<div class="appendix" lang="en">
-<div class="titlepage"><div><div><h2 class="title">
-<a name="Bv9ARM.ch10"></a>Appendix B. A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym>
-</h2></div></div></div>
-<div class="toc">
-<p><b>Table of Contents</b></p>
-<dl><dt><span class="sect1"><a href="Bv9ARM.ch10.html#historical_dns_information"></a></span></dt></dl>
-</div>
-<div class="sect1" lang="en">
-<div class="titlepage"></div>
-<p>
- Although the "official" beginning of the Domain Name
- System occurred in 1984 with the publication of RFC 920, the
- core of the new system was described in 1983 in RFCs 882 and
- 883. From 1984 to 1987, the ARPAnet (the precursor to today's
- Internet) became a testbed of experimentation for developing the
- new naming/addressing scheme in a rapidly expanding,
- operational network environment. New RFCs were written and
- published in 1987 that modified the original documents to
- incorporate improvements based on the working model. RFC 1034,
- "Domain Names-Concepts and Facilities", and RFC 1035, "Domain
- Names-Implementation and Specification" were published and
- became the standards upon which all <acronym class="acronym">DNS</acronym> implementations are
- built.
- </p>
+<div class="appendix">
+<div class="titlepage"><div><div><h1 class="title">
+<a name="Bv9ARM.ch10"></a>A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym>
+</h1></div></div></div>
+<p><a name="historical_dns_information"></a>
+ Although the "official" beginning of the Domain Name
+ System occurred in 1984 with the publication of RFC 920, the
+ core of the new system was described in 1983 in RFCs 882 and
+ 883. From 1984 to 1987, the ARPAnet (the precursor to today's
+ Internet) became a testbed of experimentation for developing the
+ new naming/addressing scheme in a rapidly expanding,
+ operational network environment. New RFCs were written and
+ published in 1987 that modified the original documents to
+ incorporate improvements based on the working model. RFC 1034,
+ "Domain Names-Concepts and Facilities", and RFC 1035, "Domain
+ Names-Implementation and Specification" were published and
+ became the standards upon which all <acronym class="acronym">DNS</acronym> implementations are
+ built.
+ </p>
<p>
- The first working domain name server, called "Jeeves", was
- written in 1983-84 by Paul Mockapetris for operation on DEC
- Tops-20
- machines located at the University of Southern California's
- Information
- Sciences Institute (USC-ISI) and SRI International's Network
- Information
- Center (SRI-NIC). A <acronym class="acronym">DNS</acronym> server for
- Unix machines, the Berkeley Internet
- Name Domain (<acronym class="acronym">BIND</acronym>) package, was
- written soon after by a group of
- graduate students at the University of California at Berkeley
- under
- a grant from the US Defense Advanced Research Projects
- Administration
- (DARPA).
- </p>
+ The first working domain name server, called "Jeeves", was
+ written in 1983-84 by Paul Mockapetris for operation on DEC
+ Tops-20
+ machines located at the University of Southern California's
+ Information
+ Sciences Institute (USC-ISI) and SRI International's Network
+ Information
+ Center (SRI-NIC). A <acronym class="acronym">DNS</acronym> server for
+ Unix machines, the Berkeley Internet
+ Name Domain (<acronym class="acronym">BIND</acronym>) package, was
+ written soon after by a group of
+ graduate students at the University of California at Berkeley
+ under
+ a grant from the US Defense Advanced Research Projects
+ Administration
+ (DARPA).
+ </p>
<p>
- Versions of <acronym class="acronym">BIND</acronym> through
- 4.8.3 were maintained by the Computer
- Systems Research Group (CSRG) at UC Berkeley. Douglas Terry, Mark
- Painter, David Riggle and Songnian Zhou made up the initial <acronym class="acronym">BIND</acronym>
- project team. After that, additional work on the software package
- was done by Ralph Campbell. Kevin Dunlap, a Digital Equipment
- Corporation
- employee on loan to the CSRG, worked on <acronym class="acronym">BIND</acronym> for 2 years, from 1985
- to 1987. Many other people also contributed to <acronym class="acronym">BIND</acronym> development
- during that time: Doug Kingston, Craig Partridge, Smoot
- Carl-Mitchell,
- Mike Muuss, Jim Bloom and Mike Schwartz. <acronym class="acronym">BIND</acronym> maintenance was subsequently
- handled by Mike Karels and Øivind Kure.
- </p>
+ Versions of <acronym class="acronym">BIND</acronym> through
+ 4.8.3 were maintained by the Computer
+ Systems Research Group (CSRG) at UC Berkeley. Douglas Terry, Mark
+ Painter, David Riggle and Songnian Zhou made up the initial <acronym class="acronym">BIND</acronym>
+ project team. After that, additional work on the software package
+ was done by Ralph Campbell. Kevin Dunlap, a Digital Equipment
+ Corporation
+ employee on loan to the CSRG, worked on <acronym class="acronym">BIND</acronym> for 2 years, from 1985
+ to 1987. Many other people also contributed to <acronym class="acronym">BIND</acronym> development
+ during that time: Doug Kingston, Craig Partridge, Smoot
+ Carl-Mitchell,
+ Mike Muuss, Jim Bloom and Mike Schwartz. <acronym class="acronym">BIND</acronym> maintenance was subsequently
+ handled by Mike Karels and Øivind Kure.
+ </p>
<p>
- <acronym class="acronym">BIND</acronym> versions 4.9 and 4.9.1 were
- released by Digital Equipment
- Corporation (now Compaq Computer Corporation). Paul Vixie, then
- a DEC employee, became <acronym class="acronym">BIND</acronym>'s
- primary caretaker. He was assisted
- by Phil Almquist, Robert Elz, Alan Barrett, Paul Albitz, Bryan
- Beecher, Andrew
- Partan, Andy Cherenson, Tom Limoncelli, Berthold Paffrath, Fuat
- Baran, Anant Kumar, Art Harkin, Win Treese, Don Lewis, Christophe
- Wolfhugel, and others.
- </p>
+ <acronym class="acronym">BIND</acronym> versions 4.9 and 4.9.1 were
+ released by Digital Equipment
+ Corporation (now Compaq Computer Corporation). Paul Vixie, then
+ a DEC employee, became <acronym class="acronym">BIND</acronym>'s
+ primary caretaker. He was assisted
+ by Phil Almquist, Robert Elz, Alan Barrett, Paul Albitz, Bryan
+ Beecher, Andrew
+ Partan, Andy Cherenson, Tom Limoncelli, Berthold Paffrath, Fuat
+ Baran, Anant Kumar, Art Harkin, Win Treese, Don Lewis, Christophe
+ Wolfhugel, and others.
+ </p>
<p>
- In 1994, <acronym class="acronym">BIND</acronym> version 4.9.2 was sponsored by
- Vixie Enterprises. Paul
- Vixie became <acronym class="acronym">BIND</acronym>'s principal
- architect/programmer.
- </p>
+ In 1994, <acronym class="acronym">BIND</acronym> version 4.9.2 was sponsored by
+ Vixie Enterprises. Paul
+ Vixie became <acronym class="acronym">BIND</acronym>'s principal
+ architect/programmer.
+ </p>
<p>
- <acronym class="acronym">BIND</acronym> versions from 4.9.3 onward
- have been developed and maintained
- by the Internet Systems Consortium and its predecessor,
- the Internet Software Consortium, with support being provided
- by ISC's sponsors.
- </p>
+ <acronym class="acronym">BIND</acronym> versions from 4.9.3 onward
+ have been developed and maintained
+ by the Internet Systems Consortium and its predecessor,
+ the Internet Software Consortium, with support being provided
+ by ISC's sponsors.
+ </p>
<p>
- As co-architects/programmers, Bob Halley and
- Paul Vixie released the first production-ready version of
- <acronym class="acronym">BIND</acronym> version 8 in May 1997.
- </p>
+ As co-architects/programmers, Bob Halley and
+ Paul Vixie released the first production-ready version of
+ <acronym class="acronym">BIND</acronym> version 8 in May 1997.
+ </p>
<p>
- BIND version 9 was released in September 2000 and is a
- major rewrite of nearly all aspects of the underlying
- BIND architecture.
- </p>
+ BIND version 9 was released in September 2000 and is a
+ major rewrite of nearly all aspects of the underlying
+ BIND architecture.
+ </p>
<p>
- BIND versions 4 and 8 are officially deprecated.
- No additional development is done
- on BIND version 4 or BIND version 8.
- </p>
+ BIND versions 4 and 8 are officially deprecated.
+ No additional development is done
+ on BIND version 4 or BIND version 8.
+ </p>
<p>
- <acronym class="acronym">BIND</acronym> development work is made
- possible today by the sponsorship
- of several corporations, and by the tireless work efforts of
- numerous individuals.
- </p>
-</div>
+ <acronym class="acronym">BIND</acronym> development work is made
+ possible today by the sponsorship
+ of several corporations, and by the tireless work efforts of
+ numerous individuals.
+ </p>
</div>
<div class="navfooter">
<hr>
@@ -163,6 +155,6 @@
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.9.8-P4 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/Bv9ARM.ch11.html b/doc/arm/Bv9ARM.ch11.html
index 207760ace378..c842b29f629e 100644
--- a/doc/arm/Bv9ARM.ch11.html
+++ b/doc/arm/Bv9ARM.ch11.html
@@ -14,13 +14,12 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Appendix C. General DNS Reference Information</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
+<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="prev" href="Bv9ARM.ch10.html" title="Appendix B. A Brief History of the DNS and BIND">
<link rel="next" href="Bv9ARM.ch12.html" title="Appendix D. BIND 9 DNS Library Support">
@@ -39,22 +38,22 @@
</table>
<hr>
</div>
-<div class="appendix" lang="en">
-<div class="titlepage"><div><div><h2 class="title">
-<a name="Bv9ARM.ch11"></a>Appendix C. General <acronym class="acronym">DNS</acronym> Reference Information</h2></div></div></div>
+<div class="appendix">
+<div class="titlepage"><div><div><h1 class="title">
+<a name="Bv9ARM.ch11"></a>General <acronym class="acronym">DNS</acronym> Reference Information</h1></div></div></div>
<div class="toc">
<p><b>Table of Contents</b></p>
-<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch11.html#ipv6addresses">IPv6 addresses (AAAA)</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch11.html#bibliography">Bibliography (and Suggested Reading)</a></span></dt>
+<dl class="toc">
+<dt><span class="section"><a href="Bv9ARM.ch11.html#ipv6addresses">IPv6 addresses (AAAA)</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch11.html#bibliography">Bibliography (and Suggested Reading)</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch11.html#rfcs">Request for Comments (RFCs)</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch11.html#internet_drafts">Internet Drafts</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch11.html#id2609865">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch11.html#rfcs">Request for Comments (RFCs)</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch11.html#internet_drafts">Internet Drafts</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch11.html#more_about_bind">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
</dl></dd>
</dl>
</div>
-<div class="sect1" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="ipv6addresses"></a>IPv6 addresses (AAAA)</h2></div></div></div>
<p>
@@ -101,7 +100,7 @@
implementation, although it is usually possible to
override the default setting if necessary. A typical IPv6
address might look like:
- <span><strong class="command">2001:db8:201:9:a00:20ff:fe81:2b32</strong></span>
+ <span class="command"><strong>2001:db8:201:9:a00:20ff:fe81:2b32</strong></span>
</p>
<p>
IPv6 address specifications often contain long strings
@@ -112,10 +111,10 @@
of zeros that can fit, and can be used only once in an address.
</p>
</div>
-<div class="sect1" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="bibliography"></a>Bibliography (and Suggested Reading)</h2></div></div></div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="rfcs"></a>Request for Comments (RFCs)</h3></div></div></div>
<p>
@@ -127,7 +126,7 @@
Engineering Steering Group (IESG). RFCs can be obtained online via FTP at:
</p>
<p>
- <a href="ftp://www.isi.edu/in-notes/" target="_top">
+ <a class="link" href="ftp://www.isi.edu/in-notes/" target="_top">
ftp://www.isi.edu/in-notes/RFC<em class="replaceable"><code>xxxx</code></em>.txt
</a>
</p>
@@ -136,238 +135,224 @@
the number of the RFC). RFCs are also available via the Web at:
</p>
<p>
- <a href="http://www.ietf.org/rfc/" target="_top">http://www.ietf.org/rfc/</a>.
+ <a class="link" href="http://www.ietf.org/rfc/" target="_top">http://www.ietf.org/rfc/</a>.
</p>
<div class="bibliography">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2606773"></a>Bibliography</h4></div></div></div>
+<a name="id-1.12.3.2.6"></a>Bibliography</h4></div></div></div>
<div class="bibliodiv">
-<h3 class="title">Standards</h3>
<div class="biblioentry">
-<a name="id2606784"></a><p>[<abbr class="abbrev">RFC974</abbr>] <span class="author"><span class="firstname">C.</span> <span class="surname">Partridge</span>. </span><span class="title"><i>Mail Routing and the Domain System</i>. </span><span class="pubdate">January 1986. </span></p>
+<a name="id-1.12.3.2.6.1.2"></a><p>[<abbr class="abbrev">RFC974</abbr>] <span class="author"><span class="firstname">C.</span> <span class="surname">Partridge</span>. </span><span class="citetitle"><em class="citetitle">Mail Routing and the Domain System</em>. </span><span class="pubdate">January 1986. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606807"></a><p>[<abbr class="abbrev">RFC1034</abbr>] <span class="author"><span class="firstname">P.V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Concepts and Facilities</i>. </span><span class="pubdate">November 1987. </span></p>
+<a name="id-1.12.3.2.6.1.3"></a><p>[<abbr class="abbrev">RFC1034</abbr>] <span class="author"><span class="firstname">P.V.</span> <span class="surname">Mockapetris</span>. </span><span class="citetitle"><em class="citetitle">Domain Names &#8212; Concepts and Facilities</em>. </span><span class="pubdate">November 1987. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606830"></a><p>[<abbr class="abbrev">RFC1035</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Implementation and
- Specification</i>. </span><span class="pubdate">November 1987. </span></p>
+<a name="id-1.12.3.2.6.1.4"></a><p>[<abbr class="abbrev">RFC1035</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="citetitle"><em class="citetitle">Domain Names &#8212; Implementation and
+ Specification</em>. </span><span class="pubdate">November 1987. </span></p>
</div>
</div>
<div class="bibliodiv">
-<h3 class="title">
-<a name="proposed_standards"></a>Proposed Standards</h3>
<div class="biblioentry">
-<a name="id2606867"></a><p>[<abbr class="abbrev">RFC2181</abbr>] <span class="author"><span class="firstname">R., R. Bush</span> <span class="surname">Elz</span>. </span><span class="title"><i>Clarifications to the <acronym class="acronym">DNS</acronym>
- Specification</i>. </span><span class="pubdate">July 1997. </span></p>
+<a name="id-1.12.3.2.6.2.2"></a><p>[<abbr class="abbrev">RFC2181</abbr>] <span class="author"><span class="firstname">R., R. Bush</span> <span class="surname">Elz</span>. </span><span class="citetitle"><em class="citetitle">Clarifications to the <acronym class="acronym">DNS</acronym>
+ Specification</em>. </span><span class="pubdate">July 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606893"></a><p>[<abbr class="abbrev">RFC2308</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Andrews</span>. </span><span class="title"><i>Negative Caching of <acronym class="acronym">DNS</acronym>
- Queries</i>. </span><span class="pubdate">March 1998. </span></p>
+<a name="id-1.12.3.2.6.2.3"></a><p>[<abbr class="abbrev">RFC2308</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Andrews</span>. </span><span class="citetitle"><em class="citetitle">Negative Caching of <acronym class="acronym">DNS</acronym>
+ Queries</em>. </span><span class="pubdate">March 1998. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606919"></a><p>[<abbr class="abbrev">RFC1995</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Ohta</span>. </span><span class="title"><i>Incremental Zone Transfer in <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">August 1996. </span></p>
+<a name="id-1.12.3.2.6.2.4"></a><p>[<abbr class="abbrev">RFC1995</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Ohta</span>. </span><span class="citetitle"><em class="citetitle">Incremental Zone Transfer in <acronym class="acronym">DNS</acronym></em>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606944"></a><p>[<abbr class="abbrev">RFC1996</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A Mechanism for Prompt Notification of Zone Changes</i>. </span><span class="pubdate">August 1996. </span></p>
+<a name="id-1.12.3.2.6.2.5"></a><p>[<abbr class="abbrev">RFC1996</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="citetitle"><em class="citetitle">A Mechanism for Prompt Notification of Zone Changes</em>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606967"></a><p>[<abbr class="abbrev">RFC2136</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">Y.</span> <span class="surname">Rekhter</span>, and <span class="firstname">J.</span> <span class="surname">Bound</span>. </span><span class="title"><i>Dynamic Updates in the Domain Name System</i>. </span><span class="pubdate">April 1997. </span></p>
+<a name="id-1.12.3.2.6.2.6"></a><p>[<abbr class="abbrev">RFC2136</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">Y.</span> <span class="surname">Rekhter</span>, and <span class="firstname">J.</span> <span class="surname">Bound</span>. </span><span class="citetitle"><em class="citetitle">Dynamic Updates in the Domain Name System</em>. </span><span class="pubdate">April 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2607022"></a><p>[<abbr class="abbrev">RFC2671</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Extension Mechanisms for DNS (EDNS0)</i>. </span><span class="pubdate">August 1997. </span></p>
+<a name="id-1.12.3.2.6.2.7"></a><p>[<abbr class="abbrev">RFC2671</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="citetitle"><em class="citetitle">Extension Mechanisms for DNS (EDNS0)</em>. </span><span class="pubdate">August 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2607049"></a><p>[<abbr class="abbrev">RFC2672</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Non-Terminal DNS Name Redirection</i>. </span><span class="pubdate">August 1999. </span></p>
+<a name="id-1.12.3.2.6.2.8"></a><p>[<abbr class="abbrev">RFC2672</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="citetitle"><em class="citetitle">Non-Terminal DNS Name Redirection</em>. </span><span class="pubdate">August 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2607076"></a><p>[<abbr class="abbrev">RFC2845</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>, <span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, and <span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secret Key Transaction Authentication for <acronym class="acronym">DNS</acronym> (TSIG)</i>. </span><span class="pubdate">May 2000. </span></p>
+<a name="id-1.12.3.2.6.2.9"></a><p>[<abbr class="abbrev">RFC2845</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>, <span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, and <span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="citetitle"><em class="citetitle">Secret Key Transaction Authentication for <acronym class="acronym">DNS</acronym> (TSIG)</em>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2607138"></a><p>[<abbr class="abbrev">RFC2930</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secret Key Establishment for DNS (TKEY RR)</i>. </span><span class="pubdate">September 2000. </span></p>
+<a name="id-1.12.3.2.6.2.10"></a><p>[<abbr class="abbrev">RFC2930</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="citetitle"><em class="citetitle">Secret Key Establishment for DNS (TKEY RR)</em>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2607168"></a><p>[<abbr class="abbrev">RFC2931</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DNS Request and Transaction Signatures (SIG(0)s)</i>. </span><span class="pubdate">September 2000. </span></p>
+<a name="id-1.12.3.2.6.2.11"></a><p>[<abbr class="abbrev">RFC2931</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="citetitle"><em class="citetitle">DNS Request and Transaction Signatures (SIG(0)s)</em>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2607197"></a><p>[<abbr class="abbrev">RFC3007</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secure Domain Name System (DNS) Dynamic Update</i>. </span><span class="pubdate">November 2000. </span></p>
+<a name="id-1.12.3.2.6.2.12"></a><p>[<abbr class="abbrev">RFC3007</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="citetitle"><em class="citetitle">Secure Domain Name System (DNS) Dynamic Update</em>. </span><span class="pubdate">November 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2607224"></a><p>[<abbr class="abbrev">RFC3645</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Kwan</span>, <span class="firstname">P.</span> <span class="surname">Garg</span>, <span class="firstname">J.</span> <span class="surname">Gilroy</span>, <span class="firstname">L.</span> <span class="surname">Esibov</span>, <span class="firstname">J.</span> <span class="surname">Westhead</span>, and <span class="firstname">R.</span> <span class="surname">Hall</span>. </span><span class="title"><i>Generic Security Service Algorithm for Secret
+<a name="id-1.12.3.2.6.2.13"></a><p>[<abbr class="abbrev">RFC3645</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Kwan</span>, <span class="firstname">P.</span> <span class="surname">Garg</span>, <span class="firstname">J.</span> <span class="surname">Gilroy</span>, <span class="firstname">L.</span> <span class="surname">Esibov</span>, <span class="firstname">J.</span> <span class="surname">Westhead</span>, and <span class="firstname">R.</span> <span class="surname">Hall</span>. </span><span class="citetitle"><em class="citetitle">Generic Security Service Algorithm for Secret
Key Transaction Authentication for DNS
- (GSS-TSIG)</i>. </span><span class="pubdate">October 2003. </span></p>
+ (GSS-TSIG)</em>. </span><span class="pubdate">October 2003. </span></p>
</div>
</div>
<div class="bibliodiv">
-<h3 class="title">
-<acronym class="acronym">DNS</acronym> Security Proposed Standards</h3>
<div class="biblioentry">
-<a name="id2607306"></a><p>[<abbr class="abbrev">RFC3225</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Conrad</span>. </span><span class="title"><i>Indicating Resolver Support of DNSSEC</i>. </span><span class="pubdate">December 2001. </span></p>
+<a name="id-1.12.3.2.6.3.2"></a><p>[<abbr class="abbrev">RFC3225</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Conrad</span>. </span><span class="citetitle"><em class="citetitle">Indicating Resolver Support of DNSSEC</em>. </span><span class="pubdate">December 2001. </span></p>
</div>
<div class="biblioentry">
-<a name="id2607333"></a><p>[<abbr class="abbrev">RFC3833</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Atkins</span> and <span class="firstname">R.</span> <span class="surname">Austein</span>. </span><span class="title"><i>Threat Analysis of the Domain Name System (DNS)</i>. </span><span class="pubdate">August 2004. </span></p>
+<a name="id-1.12.3.2.6.3.3"></a><p>[<abbr class="abbrev">RFC3833</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Atkins</span> and <span class="firstname">R.</span> <span class="surname">Austein</span>. </span><span class="citetitle"><em class="citetitle">Threat Analysis of the Domain Name System (DNS)</em>. </span><span class="pubdate">August 2004. </span></p>
</div>
<div class="biblioentry">
-<a name="id2607369"></a><p>[<abbr class="abbrev">RFC4033</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>DNS Security Introduction and Requirements</i>. </span><span class="pubdate">March 2005. </span></p>
+<a name="id-1.12.3.2.6.3.4"></a><p>[<abbr class="abbrev">RFC4033</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="citetitle"><em class="citetitle">DNS Security Introduction and Requirements</em>. </span><span class="pubdate">March 2005. </span></p>
</div>
<div class="biblioentry">
-<a name="id2607434"></a><p>[<abbr class="abbrev">RFC4034</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Resource Records for the DNS Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
+<a name="id-1.12.3.2.6.3.5"></a><p>[<abbr class="abbrev">RFC4034</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="citetitle"><em class="citetitle">Resource Records for the DNS Security Extensions</em>. </span><span class="pubdate">March 2005. </span></p>
</div>
<div class="biblioentry">
-<a name="id2607499"></a><p>[<abbr class="abbrev">RFC4035</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Protocol Modifications for the DNS
- Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
+<a name="id-1.12.3.2.6.3.6"></a><p>[<abbr class="abbrev">RFC4035</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="citetitle"><em class="citetitle">Protocol Modifications for the DNS
+ Security Extensions</em>. </span><span class="pubdate">March 2005. </span></p>
</div>
</div>
<div class="bibliodiv">
-<h3 class="title">Other Important RFCs About <acronym class="acronym">DNS</acronym>
- Implementation</h3>
<div class="biblioentry">
-<a name="id2607573"></a><p>[<abbr class="abbrev">RFC1535</abbr>] <span class="author"><span class="firstname">E.</span> <span class="surname">Gavron</span>. </span><span class="title"><i>A Security Problem and Proposed Correction With Widely
- Deployed <acronym class="acronym">DNS</acronym> Software.</i>. </span><span class="pubdate">October 1993. </span></p>
+<a name="id-1.12.3.2.6.4.2"></a><p>[<abbr class="abbrev">RFC1535</abbr>] <span class="author"><span class="firstname">E.</span> <span class="surname">Gavron</span>. </span><span class="citetitle"><em class="citetitle">A Security Problem and Proposed Correction With Widely
+ Deployed <acronym class="acronym">DNS</acronym> Software.</em>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
-<a name="id2607598"></a><p>[<abbr class="abbrev">RFC1536</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Kumar</span>, <span class="firstname">J.</span> <span class="surname">Postel</span>, <span class="firstname">C.</span> <span class="surname">Neuman</span>, <span class="firstname">P.</span> <span class="surname">Danzig</span>, and <span class="firstname">S.</span> <span class="surname">Miller</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Implementation
- Errors and Suggested Fixes</i>. </span><span class="pubdate">October 1993. </span></p>
+<a name="id-1.12.3.2.6.4.3"></a><p>[<abbr class="abbrev">RFC1536</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Kumar</span>, <span class="firstname">J.</span> <span class="surname">Postel</span>, <span class="firstname">C.</span> <span class="surname">Neuman</span>, <span class="firstname">P.</span> <span class="surname">Danzig</span>, and <span class="firstname">S.</span> <span class="surname">Miller</span>. </span><span class="citetitle"><em class="citetitle">Common <acronym class="acronym">DNS</acronym> Implementation
+ Errors and Suggested Fixes</em>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
-<a name="id2607667"></a><p>[<abbr class="abbrev">RFC1982</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Elz</span> and <span class="firstname">R.</span> <span class="surname">Bush</span>. </span><span class="title"><i>Serial Number Arithmetic</i>. </span><span class="pubdate">August 1996. </span></p>
+<a name="id-1.12.3.2.6.4.4"></a><p>[<abbr class="abbrev">RFC1982</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Elz</span> and <span class="firstname">R.</span> <span class="surname">Bush</span>. </span><span class="citetitle"><em class="citetitle">Serial Number Arithmetic</em>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2607702"></a><p>[<abbr class="abbrev">RFC4074</abbr>] <span class="authorgroup"><span class="firstname">Y.</span> <span class="surname">Morishita</span> and <span class="firstname">T.</span> <span class="surname">Jinmei</span>. </span><span class="title"><i>Common Misbehaviour Against <acronym class="acronym">DNS</acronym>
- Queries for IPv6 Addresses</i>. </span><span class="pubdate">May 2005. </span></p>
+<a name="id-1.12.3.2.6.4.5"></a><p>[<abbr class="abbrev">RFC4074</abbr>] <span class="authorgroup"><span class="firstname">Y.</span> <span class="surname">Morishita</span> and <span class="firstname">T.</span> <span class="surname">Jinmei</span>. </span><span class="citetitle"><em class="citetitle">Common Misbehaviour Against <acronym class="acronym">DNS</acronym>
+ Queries for IPv6 Addresses</em>. </span><span class="pubdate">May 2005. </span></p>
</div>
</div>
<div class="bibliodiv">
-<h3 class="title">Resource Record Types</h3>
<div class="biblioentry">
-<a name="id2607748"></a><p>[<abbr class="abbrev">RFC1183</abbr>] <span class="authorgroup"><span class="firstname">C.F.</span> <span class="surname">Everhart</span>, <span class="firstname">L. A.</span> <span class="surname">Mamakos</span>, <span class="firstname">R.</span> <span class="surname">Ullmann</span>, and <span class="firstname">P.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>New <acronym class="acronym">DNS</acronym> RR Definitions</i>. </span><span class="pubdate">October 1990. </span></p>
+<a name="id-1.12.3.2.6.5.2"></a><p>[<abbr class="abbrev">RFC1183</abbr>] <span class="authorgroup"><span class="firstname">C.F.</span> <span class="surname">Everhart</span>, <span class="firstname">L. A.</span> <span class="surname">Mamakos</span>, <span class="firstname">R.</span> <span class="surname">Ullmann</span>, and <span class="firstname">P.</span> <span class="surname">Mockapetris</span>. </span><span class="citetitle"><em class="citetitle">New <acronym class="acronym">DNS</acronym> RR Definitions</em>. </span><span class="pubdate">October 1990. </span></p>
</div>
<div class="biblioentry">
-<a name="id2607874"></a><p>[<abbr class="abbrev">RFC1706</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">R.</span> <span class="surname">Colella</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> NSAP Resource Records</i>. </span><span class="pubdate">October 1994. </span></p>
+<a name="id-1.12.3.2.6.5.3"></a><p>[<abbr class="abbrev">RFC1706</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">R.</span> <span class="surname">Colella</span>. </span><span class="citetitle"><em class="citetitle"><acronym class="acronym">DNS</acronym> NSAP Resource Records</em>. </span><span class="pubdate">October 1994. </span></p>
</div>
<div class="biblioentry">
-<a name="id2607911"></a><p>[<abbr class="abbrev">RFC2168</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Daniel</span> and <span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="title"><i>Resolution of Uniform Resource Identifiers using
- the Domain Name System</i>. </span><span class="pubdate">June 1997. </span></p>
+<a name="id-1.12.3.2.6.5.4"></a><p>[<abbr class="abbrev">RFC2168</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Daniel</span> and <span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="citetitle"><em class="citetitle">Resolution of Uniform Resource Identifiers using
+ the Domain Name System</em>. </span><span class="pubdate">June 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2607946"></a><p>[<abbr class="abbrev">RFC1876</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Davis</span>, <span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">T.</span>, and <span class="firstname">I.</span> <span class="surname">Dickinson</span>. </span><span class="title"><i>A Means for Expressing Location Information in the
+<a name="id-1.12.3.2.6.5.5"></a><p>[<abbr class="abbrev">RFC1876</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Davis</span>, <span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">T.</span>, and <span class="firstname">I.</span> <span class="surname">Dickinson</span>. </span><span class="citetitle"><em class="citetitle">A Means for Expressing Location Information in the
Domain
- Name System</i>. </span><span class="pubdate">January 1996. </span></p>
+ Name System</em>. </span><span class="pubdate">January 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2608001"></a><p>[<abbr class="abbrev">RFC2052</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A <acronym class="acronym">DNS</acronym> RR for Specifying the
+<a name="id-1.12.3.2.6.5.6"></a><p>[<abbr class="abbrev">RFC2052</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="citetitle"><em class="citetitle">A <acronym class="acronym">DNS</acronym> RR for Specifying the
Location of
- Services.</i>. </span><span class="pubdate">October 1996. </span></p>
+ Services.</em>. </span><span class="pubdate">October 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2608039"></a><p>[<abbr class="abbrev">RFC2163</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Allocchio</span>. </span><span class="title"><i>Using the Internet <acronym class="acronym">DNS</acronym> to
+<a name="id-1.12.3.2.6.5.7"></a><p>[<abbr class="abbrev">RFC2163</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Allocchio</span>. </span><span class="citetitle"><em class="citetitle">Using the Internet <acronym class="acronym">DNS</acronym> to
Distribute MIXER
- Conformant Global Address Mapping</i>. </span><span class="pubdate">January 1998. </span></p>
+ Conformant Global Address Mapping</em>. </span><span class="pubdate">January 1998. </span></p>
</div>
<div class="biblioentry">
-<a name="id2608065"></a><p>[<abbr class="abbrev">RFC2230</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Atkinson</span>. </span><span class="title"><i>Key Exchange Delegation Record for the <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">October 1997. </span></p>
+<a name="id-1.12.3.2.6.5.8"></a><p>[<abbr class="abbrev">RFC2230</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Atkinson</span>. </span><span class="citetitle"><em class="citetitle">Key Exchange Delegation Record for the <acronym class="acronym">DNS</acronym></em>. </span><span class="pubdate">October 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2608090"></a><p>[<abbr class="abbrev">RFC2536</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DSA KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id-1.12.3.2.6.5.9"></a><p>[<abbr class="abbrev">RFC2536</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="citetitle"><em class="citetitle">DSA KEYs and SIGs in the Domain Name System (DNS)</em>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2608117"></a><p>[<abbr class="abbrev">RFC2537</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id-1.12.3.2.6.5.10"></a><p>[<abbr class="abbrev">RFC2537</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="citetitle"><em class="citetitle">RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)</em>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2608144"></a><p>[<abbr class="abbrev">RFC2538</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Storing Certificates in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id-1.12.3.2.6.5.11"></a><p>[<abbr class="abbrev">RFC2538</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="citetitle"><em class="citetitle">Storing Certificates in the Domain Name System (DNS)</em>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2608183"></a><p>[<abbr class="abbrev">RFC2539</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Storage of Diffie-Hellman Keys in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id-1.12.3.2.6.5.12"></a><p>[<abbr class="abbrev">RFC2539</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="citetitle"><em class="citetitle">Storage of Diffie-Hellman Keys in the Domain Name System (DNS)</em>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2608213"></a><p>[<abbr class="abbrev">RFC2540</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Detached Domain Name System (DNS) Information</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id-1.12.3.2.6.5.13"></a><p>[<abbr class="abbrev">RFC2540</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="citetitle"><em class="citetitle">Detached Domain Name System (DNS) Information</em>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2608243"></a><p>[<abbr class="abbrev">RFC2782</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span>. </span><span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="author"><span class="firstname">L.</span> <span class="surname">Esibov</span>. </span><span class="title"><i>A DNS RR for specifying the location of services (DNS SRV)</i>. </span><span class="pubdate">February 2000. </span></p>
+<a name="id-1.12.3.2.6.5.14"></a><p>[<abbr class="abbrev">RFC2782</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span>. </span><span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="author"><span class="firstname">L.</span> <span class="surname">Esibov</span>. </span><span class="citetitle"><em class="citetitle">A DNS RR for specifying the location of services (DNS SRV)</em>. </span><span class="pubdate">February 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2608285"></a><p>[<abbr class="abbrev">RFC2915</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="author"><span class="firstname">R.</span> <span class="surname">Daniel</span>. </span><span class="title"><i>The Naming Authority Pointer (NAPTR) DNS Resource Record</i>. </span><span class="pubdate">September 2000. </span></p>
+<a name="id-1.12.3.2.6.5.15"></a><p>[<abbr class="abbrev">RFC2915</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="author"><span class="firstname">R.</span> <span class="surname">Daniel</span>. </span><span class="citetitle"><em class="citetitle">The Naming Authority Pointer (NAPTR) DNS Resource Record</em>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2608318"></a><p>[<abbr class="abbrev">RFC3110</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)</i>. </span><span class="pubdate">May 2001. </span></p>
+<a name="id-1.12.3.2.6.5.16"></a><p>[<abbr class="abbrev">RFC3110</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="citetitle"><em class="citetitle">RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)</em>. </span><span class="pubdate">May 2001. </span></p>
</div>
<div class="biblioentry">
-<a name="id2608345"></a><p>[<abbr class="abbrev">RFC3123</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Koch</span>. </span><span class="title"><i>A DNS RR Type for Lists of Address Prefixes (APL RR)</i>. </span><span class="pubdate">June 2001. </span></p>
+<a name="id-1.12.3.2.6.5.17"></a><p>[<abbr class="abbrev">RFC3123</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Koch</span>. </span><span class="citetitle"><em class="citetitle">A DNS RR Type for Lists of Address Prefixes (APL RR)</em>. </span><span class="pubdate">June 2001. </span></p>
</div>
<div class="biblioentry">
-<a name="id2608369"></a><p>[<abbr class="abbrev">RFC3596</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">C.</span> <span class="surname">Huitema</span>, <span class="firstname">V.</span> <span class="surname">Ksinant</span>, and <span class="firstname">M.</span> <span class="surname">Souissi</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Extensions to support IP
- version 6</i>. </span><span class="pubdate">October 2003. </span></p>
+<a name="id-1.12.3.2.6.5.18"></a><p>[<abbr class="abbrev">RFC3596</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">C.</span> <span class="surname">Huitema</span>, <span class="firstname">V.</span> <span class="surname">Ksinant</span>, and <span class="firstname">M.</span> <span class="surname">Souissi</span>. </span><span class="citetitle"><em class="citetitle"><acronym class="acronym">DNS</acronym> Extensions to support IP
+ version 6</em>. </span><span class="pubdate">October 2003. </span></p>
</div>
<div class="biblioentry">
-<a name="id2608426"></a><p>[<abbr class="abbrev">RFC3597</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gustafsson</span>. </span><span class="title"><i>Handling of Unknown DNS Resource Record (RR) Types</i>. </span><span class="pubdate">September 2003. </span></p>
+<a name="id-1.12.3.2.6.5.19"></a><p>[<abbr class="abbrev">RFC3597</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gustafsson</span>. </span><span class="citetitle"><em class="citetitle">Handling of Unknown DNS Resource Record (RR) Types</em>. </span><span class="pubdate">September 2003. </span></p>
</div>
</div>
<div class="bibliodiv">
-<h3 class="title">
-<acronym class="acronym">DNS</acronym> and the Internet</h3>
<div class="biblioentry">
-<a name="id2608458"></a><p>[<abbr class="abbrev">RFC1101</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Network Names
- and Other Types</i>. </span><span class="pubdate">April 1989. </span></p>
+<a name="id-1.12.3.2.6.6.2"></a><p>[<abbr class="abbrev">RFC1101</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="citetitle"><em class="citetitle"><acronym class="acronym">DNS</acronym> Encoding of Network Names
+ and Other Types</em>. </span><span class="pubdate">April 1989. </span></p>
</div>
<div class="biblioentry">
-<a name="id2608552"></a><p>[<abbr class="abbrev">RFC1123</abbr>] <span class="author"><span class="surname">Braden</span>. </span><span class="title"><i>Requirements for Internet Hosts - Application and
- Support</i>. </span><span class="pubdate">October 1989. </span></p>
+<a name="id-1.12.3.2.6.6.3"></a><p>[<abbr class="abbrev">RFC1123</abbr>] <span class="author"><span class="surname">Braden</span>. </span><span class="citetitle"><em class="citetitle">Requirements for Internet Hosts - Application and
+ Support</em>. </span><span class="pubdate">October 1989. </span></p>
</div>
<div class="biblioentry">
-<a name="id2608574"></a><p>[<abbr class="abbrev">RFC1591</abbr>] <span class="author"><span class="firstname">J.</span> <span class="surname">Postel</span>. </span><span class="title"><i>Domain Name System Structure and Delegation</i>. </span><span class="pubdate">March 1994. </span></p>
+<a name="id-1.12.3.2.6.6.4"></a><p>[<abbr class="abbrev">RFC1591</abbr>] <span class="author"><span class="firstname">J.</span> <span class="surname">Postel</span>. </span><span class="citetitle"><em class="citetitle">Domain Name System Structure and Delegation</em>. </span><span class="pubdate">March 1994. </span></p>
</div>
<div class="biblioentry">
-<a name="id2608598"></a><p>[<abbr class="abbrev">RFC2317</abbr>] <span class="authorgroup"><span class="firstname">H.</span> <span class="surname">Eidnes</span>, <span class="firstname">G.</span> <span class="surname">de Groot</span>, and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Classless IN-ADDR.ARPA Delegation</i>. </span><span class="pubdate">March 1998. </span></p>
+<a name="id-1.12.3.2.6.6.5"></a><p>[<abbr class="abbrev">RFC2317</abbr>] <span class="authorgroup"><span class="firstname">H.</span> <span class="surname">Eidnes</span>, <span class="firstname">G.</span> <span class="surname">de Groot</span>, and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="citetitle"><em class="citetitle">Classless IN-ADDR.ARPA Delegation</em>. </span><span class="pubdate">March 1998. </span></p>
</div>
<div class="biblioentry">
-<a name="id2608712"></a><p>[<abbr class="abbrev">RFC2826</abbr>] <span class="authorgroup"><span class="surname">Internet Architecture Board</span>. </span><span class="title"><i>IAB Technical Comment on the Unique DNS Root</i>. </span><span class="pubdate">May 2000. </span></p>
+<a name="id-1.12.3.2.6.6.6"></a><p>[<abbr class="abbrev">RFC2826</abbr>] <span class="authorgroup"><span class="surname">Internet Architecture Board</span>. </span><span class="citetitle"><em class="citetitle">IAB Technical Comment on the Unique DNS Root</em>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2608736"></a><p>[<abbr class="abbrev">RFC2929</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, <span class="firstname">E.</span> <span class="surname">Brunner-Williams</span>, and <span class="firstname">B.</span> <span class="surname">Manning</span>. </span><span class="title"><i>Domain Name System (DNS) IANA Considerations</i>. </span><span class="pubdate">September 2000. </span></p>
+<a name="id-1.12.3.2.6.6.7"></a><p>[<abbr class="abbrev">RFC2929</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, <span class="firstname">E.</span> <span class="surname">Brunner-Williams</span>, and <span class="firstname">B.</span> <span class="surname">Manning</span>. </span><span class="citetitle"><em class="citetitle">Domain Name System (DNS) IANA Considerations</em>. </span><span class="pubdate">September 2000. </span></p>
</div>
</div>
<div class="bibliodiv">
-<h3 class="title">
-<acronym class="acronym">DNS</acronym> Operations</h3>
<div class="biblioentry">
-<a name="id2608793"></a><p>[<abbr class="abbrev">RFC1033</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Lottor</span>. </span><span class="title"><i>Domain administrators operations guide.</i>. </span><span class="pubdate">November 1987. </span></p>
+<a name="id-1.12.3.2.6.7.2"></a><p>[<abbr class="abbrev">RFC1033</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Lottor</span>. </span><span class="citetitle"><em class="citetitle">Domain administrators operations guide.</em>. </span><span class="pubdate">November 1987. </span></p>
</div>
<div class="biblioentry">
-<a name="id2608817"></a><p>[<abbr class="abbrev">RFC1537</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Beertema</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Data File
- Configuration Errors</i>. </span><span class="pubdate">October 1993. </span></p>
+<a name="id-1.12.3.2.6.7.3"></a><p>[<abbr class="abbrev">RFC1537</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Beertema</span>. </span><span class="citetitle"><em class="citetitle">Common <acronym class="acronym">DNS</acronym> Data File
+ Configuration Errors</em>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
-<a name="id2608843"></a><p>[<abbr class="abbrev">RFC1912</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Barr</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Operational and
- Configuration Errors</i>. </span><span class="pubdate">February 1996. </span></p>
+<a name="id-1.12.3.2.6.7.4"></a><p>[<abbr class="abbrev">RFC1912</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Barr</span>. </span><span class="citetitle"><em class="citetitle">Common <acronym class="acronym">DNS</acronym> Operational and
+ Configuration Errors</em>. </span><span class="pubdate">February 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2608870"></a><p>[<abbr class="abbrev">RFC2010</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Operational Criteria for Root Name Servers.</i>. </span><span class="pubdate">October 1996. </span></p>
+<a name="id-1.12.3.2.6.7.5"></a><p>[<abbr class="abbrev">RFC2010</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="citetitle"><em class="citetitle">Operational Criteria for Root Name Servers.</em>. </span><span class="pubdate">October 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2608906"></a><p>[<abbr class="abbrev">RFC2219</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Hamilton</span> and <span class="firstname">R.</span> <span class="surname">Wright</span>. </span><span class="title"><i>Use of <acronym class="acronym">DNS</acronym> Aliases for
- Network Services.</i>. </span><span class="pubdate">October 1997. </span></p>
+<a name="id-1.12.3.2.6.7.6"></a><p>[<abbr class="abbrev">RFC2219</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Hamilton</span> and <span class="firstname">R.</span> <span class="surname">Wright</span>. </span><span class="citetitle"><em class="citetitle">Use of <acronym class="acronym">DNS</acronym> Aliases for
+ Network Services.</em>. </span><span class="pubdate">October 1997. </span></p>
</div>
</div>
<div class="bibliodiv">
-<h3 class="title">Internationalized Domain Names</h3>
<div class="biblioentry">
-<a name="id2608952"></a><p>[<abbr class="abbrev">RFC2825</abbr>] <span class="authorgroup"><span class="surname">IAB</span> and <span class="firstname">R.</span> <span class="surname">Daigle</span>. </span><span class="title"><i>A Tangled Web: Issues of I18N, Domain Names,
- and the Other Internet protocols</i>. </span><span class="pubdate">May 2000. </span></p>
+<a name="id-1.12.3.2.6.8.2"></a><p>[<abbr class="abbrev">RFC2825</abbr>] <span class="authorgroup"><span class="surname">IAB</span> and <span class="firstname">R.</span> <span class="surname">Daigle</span>. </span><span class="citetitle"><em class="citetitle">A Tangled Web: Issues of I18N, Domain Names,
+ and the Other Internet protocols</em>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2608984"></a><p>[<abbr class="abbrev">RFC3490</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Faltstrom</span>, <span class="firstname">P.</span> <span class="surname">Hoffman</span>, and <span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Internationalizing Domain Names in Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
+<a name="id-1.12.3.2.6.8.3"></a><p>[<abbr class="abbrev">RFC3490</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Faltstrom</span>, <span class="firstname">P.</span> <span class="surname">Hoffman</span>, and <span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="citetitle"><em class="citetitle">Internationalizing Domain Names in Applications (IDNA)</em>. </span><span class="pubdate">March 2003. </span></p>
</div>
<div class="biblioentry">
-<a name="id2609030"></a><p>[<abbr class="abbrev">RFC3491</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Hoffman</span> and <span class="firstname">M.</span> <span class="surname">Blanchet</span>. </span><span class="title"><i>Nameprep: A Stringprep Profile for Internationalized Domain Names</i>. </span><span class="pubdate">March 2003. </span></p>
+<a name="id-1.12.3.2.6.8.4"></a><p>[<abbr class="abbrev">RFC3491</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Hoffman</span> and <span class="firstname">M.</span> <span class="surname">Blanchet</span>. </span><span class="citetitle"><em class="citetitle">Nameprep: A Stringprep Profile for Internationalized Domain Names</em>. </span><span class="pubdate">March 2003. </span></p>
</div>
<div class="biblioentry">
-<a name="id2609065"></a><p>[<abbr class="abbrev">RFC3492</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Punycode: A Bootstring encoding of Unicode
+<a name="id-1.12.3.2.6.8.5"></a><p>[<abbr class="abbrev">RFC3492</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="citetitle"><em class="citetitle">Punycode: A Bootstring encoding of Unicode
for Internationalized Domain Names in
- Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
+ Applications (IDNA)</em>. </span><span class="pubdate">March 2003. </span></p>
</div>
</div>
<div class="bibliodiv">
-<h3 class="title">Other <acronym class="acronym">DNS</acronym>-related RFCs</h3>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>
@@ -377,52 +362,50 @@
</p>
</div>
<div class="biblioentry">
-<a name="id2609110"></a><p>[<abbr class="abbrev">RFC1464</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Rosenbaum</span>. </span><span class="title"><i>Using the Domain Name System To Store Arbitrary String
- Attributes</i>. </span><span class="pubdate">May 1993. </span></p>
+<a name="id-1.12.3.2.6.9.3"></a><p>[<abbr class="abbrev">RFC1464</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Rosenbaum</span>. </span><span class="citetitle"><em class="citetitle">Using the Domain Name System To Store Arbitrary String
+ Attributes</em>. </span><span class="pubdate">May 1993. </span></p>
</div>
<div class="biblioentry">
-<a name="id2609132"></a><p>[<abbr class="abbrev">RFC1713</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Romao</span>. </span><span class="title"><i>Tools for <acronym class="acronym">DNS</acronym> Debugging</i>. </span><span class="pubdate">November 1994. </span></p>
+<a name="id-1.12.3.2.6.9.4"></a><p>[<abbr class="abbrev">RFC1713</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Romao</span>. </span><span class="citetitle"><em class="citetitle">Tools for <acronym class="acronym">DNS</acronym> Debugging</em>. </span><span class="pubdate">November 1994. </span></p>
</div>
<div class="biblioentry">
-<a name="id2609158"></a><p>[<abbr class="abbrev">RFC1794</abbr>] <span class="author"><span class="firstname">T.</span> <span class="surname">Brisco</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Support for Load
- Balancing</i>. </span><span class="pubdate">April 1995. </span></p>
+<a name="id-1.12.3.2.6.9.5"></a><p>[<abbr class="abbrev">RFC1794</abbr>] <span class="author"><span class="firstname">T.</span> <span class="surname">Brisco</span>. </span><span class="citetitle"><em class="citetitle"><acronym class="acronym">DNS</acronym> Support for Load
+ Balancing</em>. </span><span class="pubdate">April 1995. </span></p>
</div>
<div class="biblioentry">
-<a name="id2609184"></a><p>[<abbr class="abbrev">RFC2240</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Legal Basis for Domain Name Allocation</i>. </span><span class="pubdate">November 1997. </span></p>
+<a name="id-1.12.3.2.6.9.6"></a><p>[<abbr class="abbrev">RFC2240</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="citetitle"><em class="citetitle">A Legal Basis for Domain Name Allocation</em>. </span><span class="pubdate">November 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2609207"></a><p>[<abbr class="abbrev">RFC2345</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>, <span class="firstname">T.</span> <span class="surname">Wolf</span>, and <span class="firstname">G.</span> <span class="surname">Oglesby</span>. </span><span class="title"><i>Domain Names and Company Name Retrieval</i>. </span><span class="pubdate">May 1998. </span></p>
+<a name="id-1.12.3.2.6.9.7"></a><p>[<abbr class="abbrev">RFC2345</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>, <span class="firstname">T.</span> <span class="surname">Wolf</span>, and <span class="firstname">G.</span> <span class="surname">Oglesby</span>. </span><span class="citetitle"><em class="citetitle">Domain Names and Company Name Retrieval</em>. </span><span class="pubdate">May 1998. </span></p>
</div>
<div class="biblioentry">
-<a name="id2609253"></a><p>[<abbr class="abbrev">RFC2352</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Convention For Using Legal Names as Domain Names</i>. </span><span class="pubdate">May 1998. </span></p>
+<a name="id-1.12.3.2.6.9.8"></a><p>[<abbr class="abbrev">RFC2352</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="citetitle"><em class="citetitle">A Convention For Using Legal Names as Domain Names</em>. </span><span class="pubdate">May 1998. </span></p>
</div>
<div class="biblioentry">
-<a name="id2609276"></a><p>[<abbr class="abbrev">RFC3071</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>. </span><span class="title"><i>Reflections on the DNS, RFC 1591, and Categories of Domains</i>. </span><span class="pubdate">February 2001. </span></p>
+<a name="id-1.12.3.2.6.9.9"></a><p>[<abbr class="abbrev">RFC3071</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>. </span><span class="citetitle"><em class="citetitle">Reflections on the DNS, RFC 1591, and Categories of Domains</em>. </span><span class="pubdate">February 2001. </span></p>
</div>
<div class="biblioentry">
-<a name="id2609303"></a><p>[<abbr class="abbrev">RFC3258</abbr>] <span class="authorgroup"><span class="firstname">T.</span> <span class="surname">Hardie</span>. </span><span class="title"><i>Distributing Authoritative Name Servers via
- Shared Unicast Addresses</i>. </span><span class="pubdate">April 2002. </span></p>
+<a name="id-1.12.3.2.6.9.10"></a><p>[<abbr class="abbrev">RFC3258</abbr>] <span class="authorgroup"><span class="firstname">T.</span> <span class="surname">Hardie</span>. </span><span class="citetitle"><em class="citetitle">Distributing Authoritative Name Servers via
+ Shared Unicast Addresses</em>. </span><span class="pubdate">April 2002. </span></p>
</div>
<div class="biblioentry">
-<a name="id2609329"></a><p>[<abbr class="abbrev">RFC3901</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Durand</span> and <span class="firstname">J.</span> <span class="surname">Ihren</span>. </span><span class="title"><i>DNS IPv6 Transport Operational Guidelines</i>. </span><span class="pubdate">September 2004. </span></p>
+<a name="id-1.12.3.2.6.9.11"></a><p>[<abbr class="abbrev">RFC3901</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Durand</span> and <span class="firstname">J.</span> <span class="surname">Ihren</span>. </span><span class="citetitle"><em class="citetitle">DNS IPv6 Transport Operational Guidelines</em>. </span><span class="pubdate">September 2004. </span></p>
</div>
</div>
<div class="bibliodiv">
-<h3 class="title">Obsolete and Unimplemented Experimental RFC</h3>
<div class="biblioentry">
-<a name="id2609372"></a><p>[<abbr class="abbrev">RFC1712</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Farrell</span>, <span class="firstname">M.</span> <span class="surname">Schulze</span>, <span class="firstname">S.</span> <span class="surname">Pleitner</span>, and <span class="firstname">D.</span> <span class="surname">Baldoni</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Geographical
- Location</i>. </span><span class="pubdate">November 1994. </span></p>
+<a name="id-1.12.3.2.6.10.2"></a><p>[<abbr class="abbrev">RFC1712</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Farrell</span>, <span class="firstname">M.</span> <span class="surname">Schulze</span>, <span class="firstname">S.</span> <span class="surname">Pleitner</span>, and <span class="firstname">D.</span> <span class="surname">Baldoni</span>. </span><span class="citetitle"><em class="citetitle"><acronym class="acronym">DNS</acronym> Encoding of Geographical
+ Location</em>. </span><span class="pubdate">November 1994. </span></p>
</div>
<div class="biblioentry">
-<a name="id2609430"></a><p>[<abbr class="abbrev">RFC2673</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Binary Labels in the Domain Name System</i>. </span><span class="pubdate">August 1999. </span></p>
+<a name="id-1.12.3.2.6.10.3"></a><p>[<abbr class="abbrev">RFC2673</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="citetitle"><em class="citetitle">Binary Labels in the Domain Name System</em>. </span><span class="pubdate">August 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2609457"></a><p>[<abbr class="abbrev">RFC2874</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span> and <span class="firstname">C.</span> <span class="surname">Huitema</span>. </span><span class="title"><i>DNS Extensions to Support IPv6 Address Aggregation
- and Renumbering</i>. </span><span class="pubdate">July 2000. </span></p>
+<a name="id-1.12.3.2.6.10.4"></a><p>[<abbr class="abbrev">RFC2874</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span> and <span class="firstname">C.</span> <span class="surname">Huitema</span>. </span><span class="citetitle"><em class="citetitle">DNS Extensions to Support IPv6 Address Aggregation
+ and Renumbering</em>. </span><span class="pubdate">July 2000. </span></p>
</div>
</div>
<div class="bibliodiv">
-<h3 class="title">Obsoleted DNS Security RFCs</h3>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>
@@ -431,44 +414,44 @@
</p>
</div>
<div class="biblioentry">
-<a name="id2609505"></a><p>[<abbr class="abbrev">RFC2065</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">C.</span> <span class="surname">Kaufman</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">January 1997. </span></p>
+<a name="id-1.12.3.2.6.11.3"></a><p>[<abbr class="abbrev">RFC2065</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">C.</span> <span class="surname">Kaufman</span>. </span><span class="citetitle"><em class="citetitle">Domain Name System Security Extensions</em>. </span><span class="pubdate">January 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2609544"></a><p>[<abbr class="abbrev">RFC2137</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secure Domain Name System Dynamic Update</i>. </span><span class="pubdate">April 1997. </span></p>
+<a name="id-1.12.3.2.6.11.4"></a><p>[<abbr class="abbrev">RFC2137</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="citetitle"><em class="citetitle">Secure Domain Name System Dynamic Update</em>. </span><span class="pubdate">April 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2609571"></a><p>[<abbr class="abbrev">RFC2535</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id-1.12.3.2.6.11.5"></a><p>[<abbr class="abbrev">RFC2535</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="citetitle"><em class="citetitle">Domain Name System Security Extensions</em>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2609601"></a><p>[<abbr class="abbrev">RFC3008</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Domain Name System Security (DNSSEC)
- Signing Authority</i>. </span><span class="pubdate">November 2000. </span></p>
+<a name="id-1.12.3.2.6.11.6"></a><p>[<abbr class="abbrev">RFC3008</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="citetitle"><em class="citetitle">Domain Name System Security (DNSSEC)
+ Signing Authority</em>. </span><span class="pubdate">November 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2609626"></a><p>[<abbr class="abbrev">RFC3090</abbr>] <span class="authorgroup"><span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>DNS Security Extension Clarification on Zone Status</i>. </span><span class="pubdate">March 2001. </span></p>
+<a name="id-1.12.3.2.6.11.7"></a><p>[<abbr class="abbrev">RFC3090</abbr>] <span class="authorgroup"><span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="citetitle"><em class="citetitle">DNS Security Extension Clarification on Zone Status</em>. </span><span class="pubdate">March 2001. </span></p>
</div>
<div class="biblioentry">
-<a name="id2609653"></a><p>[<abbr class="abbrev">RFC3445</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Massey</span> and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Limiting the Scope of the KEY Resource Record (RR)</i>. </span><span class="pubdate">December 2002. </span></p>
+<a name="id-1.12.3.2.6.11.8"></a><p>[<abbr class="abbrev">RFC3445</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Massey</span> and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="citetitle"><em class="citetitle">Limiting the Scope of the KEY Resource Record (RR)</em>. </span><span class="pubdate">December 2002. </span></p>
</div>
<div class="biblioentry">
-<a name="id2609689"></a><p>[<abbr class="abbrev">RFC3655</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Redefinition of DNS Authenticated Data (AD) bit</i>. </span><span class="pubdate">November 2003. </span></p>
+<a name="id-1.12.3.2.6.11.9"></a><p>[<abbr class="abbrev">RFC3655</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="citetitle"><em class="citetitle">Redefinition of DNS Authenticated Data (AD) bit</em>. </span><span class="pubdate">November 2003. </span></p>
</div>
<div class="biblioentry">
-<a name="id2609725"></a><p>[<abbr class="abbrev">RFC3658</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Delegation Signer (DS) Resource Record (RR)</i>. </span><span class="pubdate">December 2003. </span></p>
+<a name="id-1.12.3.2.6.11.10"></a><p>[<abbr class="abbrev">RFC3658</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="citetitle"><em class="citetitle">Delegation Signer (DS) Resource Record (RR)</em>. </span><span class="pubdate">December 2003. </span></p>
</div>
<div class="biblioentry">
-<a name="id2609752"></a><p>[<abbr class="abbrev">RFC3755</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Weiler</span>. </span><span class="title"><i>Legacy Resolver Compatibility for Delegation Signer (DS)</i>. </span><span class="pubdate">May 2004. </span></p>
+<a name="id-1.12.3.2.6.11.11"></a><p>[<abbr class="abbrev">RFC3755</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Weiler</span>. </span><span class="citetitle"><em class="citetitle">Legacy Resolver Compatibility for Delegation Signer (DS)</em>. </span><span class="pubdate">May 2004. </span></p>
</div>
<div class="biblioentry">
-<a name="id2609779"></a><p>[<abbr class="abbrev">RFC3757</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Kolkman</span>, <span class="firstname">J.</span> <span class="surname">Schlyter</span>, and <span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>Domain Name System KEY (DNSKEY) Resource Record
- (RR) Secure Entry Point (SEP) Flag</i>. </span><span class="pubdate">April 2004. </span></p>
+<a name="id-1.12.3.2.6.11.12"></a><p>[<abbr class="abbrev">RFC3757</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Kolkman</span>, <span class="firstname">J.</span> <span class="surname">Schlyter</span>, and <span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="citetitle"><em class="citetitle">Domain Name System KEY (DNSKEY) Resource Record
+ (RR) Secure Entry Point (SEP) Flag</em>. </span><span class="pubdate">April 2004. </span></p>
</div>
<div class="biblioentry">
-<a name="id2609824"></a><p>[<abbr class="abbrev">RFC3845</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Schlyter</span>. </span><span class="title"><i>DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format</i>. </span><span class="pubdate">August 2004. </span></p>
+<a name="id-1.12.3.2.6.11.13"></a><p>[<abbr class="abbrev">RFC3845</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Schlyter</span>. </span><span class="citetitle"><em class="citetitle">DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format</em>. </span><span class="pubdate">August 2004. </span></p>
</div>
</div>
</div>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="internet_drafts"></a>Internet Drafts</h3></div></div></div>
<p>
@@ -482,16 +465,16 @@
after which they are deleted unless updated by their authors.
</p>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2609865"></a>Other Documents About <acronym class="acronym">BIND</acronym>
+<a name="more_about_bind"></a>Other Documents About <acronym class="acronym">BIND</acronym>
</h3></div></div></div>
<p></p>
<div class="bibliography">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2609875"></a>Bibliography</h4></div></div></div>
+<a name="id-1.12.3.4.3"></a>Bibliography</h4></div></div></div>
<div class="biblioentry">
-<a name="id2609877"></a><p><span class="authorgroup"><span class="firstname">Paul</span> <span class="surname">Albitz</span> and <span class="firstname">Cricket</span> <span class="surname">Liu</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></i>. </span><span class="copyright">Copyright © 1998 Sebastopol, CA: O'Reilly and Associates. </span></p>
+<a name="id-1.12.3.4.3.1"></a><p><span class="authorgroup"><span class="firstname">Paul</span> <span class="surname">Albitz</span> and <span class="firstname">Cricket</span> <span class="surname">Liu</span>. </span><span class="citetitle"><em class="citetitle"><acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></em>. </span><span class="copyright">Copyright © 1998 Sebastopol, CA: O'Reilly and Associates. </span></p>
</div>
</div>
</div>
@@ -514,6 +497,6 @@
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.9.8-P4 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/Bv9ARM.ch12.html b/doc/arm/Bv9ARM.ch12.html
index 8228d9722d5d..ccce85620416 100644
--- a/doc/arm/Bv9ARM.ch12.html
+++ b/doc/arm/Bv9ARM.ch12.html
@@ -14,13 +14,12 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Appendix D. BIND 9 DNS Library Support</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
+<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="prev" href="Bv9ARM.ch11.html" title="Appendix C. General DNS Reference Information">
<link rel="next" href="Bv9ARM.ch13.html" title="Manual pages">
@@ -39,25 +38,25 @@
</table>
<hr>
</div>
-<div class="appendix" lang="en">
-<div class="titlepage"><div><div><h2 class="title">
-<a name="Bv9ARM.ch12"></a>Appendix D. BIND 9 DNS Library Support</h2></div></div></div>
+<div class="appendix">
+<div class="titlepage"><div><div><h1 class="title">
+<a name="Bv9ARM.ch12"></a>BIND 9 DNS Library Support</h1></div></div></div>
<div class="toc">
<p><b>Table of Contents</b></p>
-<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch12.html#bind9.library">BIND 9 DNS Library Support</a></span></dt>
+<dl class="toc">
+<dt><span class="section"><a href="Bv9ARM.ch12.html#bind9.library">BIND 9 DNS Library Support</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2611557">Prerequisite</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2611566">Compilation</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2611591">Installation</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2611827">Known Defects/Restrictions</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2611904">The dns.conf File</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2611930">Sample Applications</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2612698">Library References</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch12.html#id-1.13.2.4">Prerequisite</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch12.html#id-1.13.2.5">Compilation</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch12.html#id-1.13.2.6">Installation</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch12.html#id-1.13.2.7">Known Defects/Restrictions</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch12.html#id-1.13.2.8">The dns.conf File</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch12.html#id-1.13.2.9">Sample Applications</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch12.html#id-1.13.2.10">Library References</a></span></dt>
</dl></dd>
</dl>
</div>
-<div class="sect1" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="bind9.library"></a>BIND 9 DNS Library Support</h2></div></div></div>
<p>This version of BIND 9 "exports" its internal libraries so
@@ -65,40 +64,40 @@
call them "export" libraries in this document). In addition to
all major DNS-related APIs BIND 9 is currently using, the export
libraries provide the following features:</p>
-<div class="itemizedlist"><ul type="disc">
-<li><p>The newly created "DNS client" module. This is a higher
+<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem"><p>The newly created "DNS client" module. This is a higher
level API that provides an interface to name resolution,
single DNS transaction with a particular server, and dynamic
update. Regarding name resolution, it supports advanced
features such as DNSSEC validation and caching. This module
supports both synchronous and asynchronous mode.</p></li>
-<li><p>The new "IRS" (Information Retrieval System) library.
+<li class="listitem"><p>The new "IRS" (Information Retrieval System) library.
It provides an interface to parse the traditional resolv.conf
file and more advanced, DNS-specific configuration file for
the rest of this package (see the description for the
dns.conf file below).</p></li>
-<li><p>As part of the IRS library, newly implemented standard
+<li class="listitem"><p>As part of the IRS library, newly implemented standard
address-name mapping functions, getaddrinfo() and
getnameinfo(), are provided. They use the DNSSEC-aware
validating resolver backend, and could use other advanced
features of the BIND 9 libraries such as caching. The
getaddrinfo() function resolves both A and AAAA RRs
concurrently (when the address family is unspecified).</p></li>
-<li><p>An experimental framework to support other event
+<li class="listitem"><p>An experimental framework to support other event
libraries than BIND 9's internal event task system.</p></li>
</ul></div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2611557"></a>Prerequisite</h3></div></div></div>
+<a name="id-1.13.2.4"></a>Prerequisite</h3></div></div></div>
<p>GNU make is required to build the export libraries (other
part of BIND 9 can still be built with other types of make). In
the reminder of this document, "make" means GNU make. Note that
in some platforms you may need to invoke a different command name
than "make" (e.g. "gmake") to indicate it's GNU make.</p>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2611566"></a>Compilation</h3></div></div></div>
+<a name="id-1.13.2.5"></a>Compilation</h3></div></div></div>
<pre class="screen">
$ <strong class="userinput"><code>./configure --enable-exportlib <em class="replaceable"><code>[other flags]</code></em></code></strong>
$ <strong class="userinput"><code>make</code></strong>
@@ -111,9 +110,9 @@ $ <strong class="userinput"><code>make</code></strong>
programs using the libraries will also be built under the
lib/export/samples directory (see below).</p>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2611591"></a>Installation</h3></div></div></div>
+<a name="id-1.13.2.6"></a>Installation</h3></div></div></div>
<pre class="screen">
$ <strong class="userinput"><code>cd lib/export</code></strong>
$ <strong class="userinput"><code>make install</code></strong>
@@ -125,7 +124,7 @@ $ <strong class="userinput"><code>make install</code></strong>
specified by the --with-export-includedir configure option
(default: PREFIX/include/bind9).
Root privilege is normally required.
- "<span><strong class="command">make install</strong></span>" at the top directory will do the
+ "<span class="command"><strong>make install</strong></span>" at the top directory will do the
same.
</p>
<p>
@@ -133,17 +132,17 @@ $ <strong class="userinput"><code>make install</code></strong>
application after the installation, see
<code class="filename">lib/export/samples/Makefile-postinstall.in</code>.</p>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2611827"></a>Known Defects/Restrictions</h3></div></div></div>
-<div class="itemizedlist"><ul type="disc">
-<li><p>Currently, win32 is not supported for the export
+<a name="id-1.13.2.7"></a>Known Defects/Restrictions</h3></div></div></div>
+<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem"><p>Currently, win32 is not supported for the export
library. (Normal BIND 9 application can be built as
before).</p></li>
-<li>
+<li class="listitem">
<p>The "fixed" RRset order is not (currently) supported in
the export library. If you want to use "fixed" RRset order
- for, e.g. <span><strong class="command">named</strong></span> while still building the
+ for, e.g. <span class="command"><strong>named</strong></span> while still building the
export library even without the fixed order support, build
them separately:
</p>
@@ -157,25 +156,25 @@ $ <strong class="userinput"><code>make</code></strong>
<p>
</p>
</li>
-<li><p>The client module and the IRS library currently do not
+<li class="listitem"><p>The client module and the IRS library currently do not
support DNSSEC validation using DLV (the underlying modules
can handle it, but there is no tunable interface to enable
the feature).</p></li>
-<li><p>RFC 5011 is not supported in the validating stub
+<li class="listitem"><p>RFC 5011 is not supported in the validating stub
resolver of the export library. In fact, it is not clear
whether it should: trust anchors would be a system-wide
configuration which would be managed by an administrator,
while the stub resolver will be used by ordinary applications
run by a normal user.</p></li>
-<li><p>Not all common <code class="filename">/etc/resolv.conf</code>
+<li class="listitem"><p>Not all common <code class="filename">/etc/resolv.conf</code>
options are supported
in the IRS library. The only available options in this
version are "debug" and "ndots".</p></li>
</ul></div>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2611904"></a>The dns.conf File</h3></div></div></div>
+<a name="id-1.13.2.8"></a>The dns.conf File</h3></div></div></div>
<p>The IRS library supports an "advanced" configuration file
related to the DNS library for configuration parameters that
would be beyond the capability of the
@@ -186,21 +185,21 @@ $ <strong class="userinput"><code>make</code></strong>
This module is very
experimental and the configuration syntax or library interfaces
may change in future versions. Currently, only the
- <span><strong class="command">trusted-keys</strong></span>
+ <span class="command"><strong>trusted-keys</strong></span>
statement is supported, whose syntax is the same as the same name
of statement for <code class="filename">named.conf</code>. (See
- <a href="Bv9ARM.ch06.html#trusted-keys" title="trusted-keys Statement Grammar">the section called &#8220;<span><strong class="command">trusted-keys</strong></span> Statement Grammar&#8221;</a> for details.)</p>
+ <a class="xref" href="Bv9ARM.ch06.html#trusted-keys" title="trusted-keys Statement Grammar">the section called &#8220;<span class="command"><strong>trusted-keys</strong></span> Statement Grammar&#8221;</a> for details.)</p>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2611930"></a>Sample Applications</h3></div></div></div>
+<a name="id-1.13.2.9"></a>Sample Applications</h3></div></div></div>
<p>Some sample application programs using this API are
provided for reference. The following is a brief description of
these applications.
</p>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2611939"></a>sample: a simple stub resolver utility</h4></div></div></div>
+<a name="id-1.13.2.9.3"></a>sample: a simple stub resolver utility</h4></div></div></div>
<p>
It sends a query of a given name (of a given optional RR type) to a
specified recursive server, and prints the result as a list of
@@ -212,59 +211,59 @@ $ <strong class="userinput"><code>make</code></strong>
<p>
Options and Arguments:
</p>
-<div class="variablelist"><dl>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">
-t RRtype
</span></dt>
<dd><p>
- specify the RR type of the query. The default is the A RR.
+ specify the RR type of the query. The default is the A RR.
</p></dd>
<dt><span class="term">
[-a algorithm] [-e] -k keyname -K keystring
</span></dt>
<dd>
<p>
- specify a command-line DNS key to validate the answer. For
- example, to specify the following DNSKEY of example.com:
+ specify a command-line DNS key to validate the answer. For
+ example, to specify the following DNSKEY of example.com:
</p>
<div class="literallayout"><p><br>
-                example.com. 3600 IN DNSKEY 257 3 5 xxx<br>
+ example.com. 3600 IN DNSKEY 257 3 5 xxx<br>
</p></div>
<p>
- specify the options as follows:
+ specify the options as follows:
</p>
<pre class="screen">
<strong class="userinput"><code>
- -e -k example.com -K "xxx"
+ -e -k example.com -K "xxx"
</code></strong>
</pre>
<p>
- -e means that this key is a zone's "key signing key" (as known
- as "secure Entry point").
- When -a is omitted rsasha1 will be used by default.
+ -e means that this key is a zone's "key signing key" (as known
+ as "secure Entry point").
+ When -a is omitted rsasha1 will be used by default.
</p>
</dd>
<dt><span class="term">
-s domain:alt_server_address
</span></dt>
<dd><p>
- specify a separate recursive server address for the specific
- "domain". Example: -s example.com:2001:db8::1234
+ specify a separate recursive server address for the specific
+ "domain". Example: -s example.com:2001:db8::1234
</p></dd>
<dt><span class="term">server_address</span></dt>
<dd><p>
- an IP(v4/v6) address of the recursive server to which queries
- are sent.
+ an IP(v4/v6) address of the recursive server to which queries
+ are sent.
</p></dd>
<dt><span class="term">hostname</span></dt>
<dd><p>
- the domain name for the query
+ the domain name for the query
</p></dd>
</dl></div>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2612029"></a>sample-async: a simple stub resolver, working asynchronously</h4></div></div></div>
+<a name="id-1.13.2.9.4"></a>sample-async: a simple stub resolver, working asynchronously</h4></div></div></div>
<p>
Similar to "sample", but accepts a list
of (query) domain names as a separate file and resolves the names
@@ -274,7 +273,7 @@ $ <strong class="userinput"><code>make</code></strong>
<p>
Options and Arguments:
</p>
-<div class="variablelist"><dl>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">
-s server_address
</span></dt>
@@ -303,9 +302,9 @@ $ <strong class="userinput"><code>make</code></strong>
</dd>
</dl></div>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2612083"></a>sample-request: a simple DNS transaction client</h4></div></div></div>
+<a name="id-1.13.2.9.5"></a>sample-request: a simple DNS transaction client</h4></div></div></div>
<p>
It sends a query to a specified server, and
prints the response with minimal processing. It doesn't act as a
@@ -313,7 +312,7 @@ $ <strong class="userinput"><code>make</code></strong>
response from the server, whether it's a referral or an alias
(CNAME or DNAME) that would require further queries to get the
ultimate answer. In other words, this utility acts as a very
- simplified <span><strong class="command">dig</strong></span>.
+ simplified <span class="command"><strong>dig</strong></span>.
</p>
<p>
Usage: sample-request [-t RRtype] server_address hostname
@@ -321,7 +320,7 @@ $ <strong class="userinput"><code>make</code></strong>
<p>
Options and Arguments:
</p>
-<div class="variablelist"><dl>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">
-t RRtype
</span></dt>
@@ -344,9 +343,9 @@ $ <strong class="userinput"><code>make</code></strong>
</p></dd>
</dl></div>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2612147"></a>sample-gai: getaddrinfo() and getnameinfo() test code</h4></div></div></div>
+<a name="id-1.13.2.9.6"></a>sample-gai: getaddrinfo() and getnameinfo() test code</h4></div></div></div>
<p>
This is a test program
to check getaddrinfo() and getnameinfo() behavior. It takes a
@@ -361,14 +360,14 @@ $ <strong class="userinput"><code>make</code></strong>
Usage: sample-gai hostname
</p>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2612162"></a>sample-update: a simple dynamic update client program</h4></div></div></div>
+<a name="id-1.13.2.9.7"></a>sample-update: a simple dynamic update client program</h4></div></div></div>
<p>
It accepts a single update command as a
command-line argument, sends an update request message to the
authoritative server, and shows the response from the server. In
- other words, this is a simplified <span><strong class="command">nsupdate</strong></span>.
+ other words, this is a simplified <span class="command"><strong>nsupdate</strong></span>.
</p>
<p>
Usage: sample-update [options] (add|delete) "update data"
@@ -376,60 +375,60 @@ $ <strong class="userinput"><code>make</code></strong>
<p>
Options and Arguments:
</p>
-<div class="variablelist"><dl>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">
-a auth_server
</span></dt>
<dd><p>
- An IP address of the authoritative server that has authority
- for the zone containing the update name. This should normally
- be the primary authoritative server that accepts dynamic
- updates. It can also be a secondary server that is configured
- to forward update requests to the primary server.
+ An IP address of the authoritative server that has authority
+ for the zone containing the update name. This should normally
+ be the primary authoritative server that accepts dynamic
+ updates. It can also be a secondary server that is configured
+ to forward update requests to the primary server.
</p></dd>
<dt><span class="term">
-k keyfile
</span></dt>
<dd><p>
- A TSIG key file to secure the update transaction. The keyfile
- format is the same as that for the nsupdate utility.
+ A TSIG key file to secure the update transaction. The keyfile
+ format is the same as that for the nsupdate utility.
</p></dd>
<dt><span class="term">
-p prerequisite
</span></dt>
<dd><p>
- A prerequisite for the update (only one prerequisite can be
- specified). The prerequisite format is the same as that is
- accepted by the nsupdate utility.
+ A prerequisite for the update (only one prerequisite can be
+ specified). The prerequisite format is the same as that is
+ accepted by the nsupdate utility.
</p></dd>
<dt><span class="term">
-r recursive_server
</span></dt>
<dd><p>
- An IP address of a recursive server that this utility will
- use. A recursive server may be necessary to identify the
- authoritative server address to which the update request is
- sent.
+ An IP address of a recursive server that this utility will
+ use. A recursive server may be necessary to identify the
+ authoritative server address to which the update request is
+ sent.
</p></dd>
<dt><span class="term">
-z zonename
</span></dt>
<dd><p>
- The domain name of the zone that contains
+ The domain name of the zone that contains
</p></dd>
<dt><span class="term">
(add|delete)
</span></dt>
<dd><p>
- Specify the type of update operation. Either "add" or "delete"
- must be specified.
+ Specify the type of update operation. Either "add" or "delete"
+ must be specified.
</p></dd>
<dt><span class="term">
"update data"
</span></dt>
<dd><p>
- Specify the data to be updated. A typical example of the data
- would look like "name TTL RRtype RDATA".
+ Specify the data to be updated. A typical example of the data
+ would look like "name TTL RRtype RDATA".
</p></dd>
</dl></div>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
@@ -450,15 +449,15 @@ $ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mm
<p>
removes all A RRs for foo.dynamic.example.com using the given key.
</p>
-<pre class="screen">
+<pre class="screen">
$ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mmmm.key delete "foo.dynamic.example.com"</code></strong></pre>
<p>
removes all RRs for foo.dynamic.example.com using the given key.
</p>
</div>
-<div class="sect3" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2612634"></a>nsprobe: domain/name server checker in terms of RFC 4074</h4></div></div></div>
+<a name="id-1.13.2.9.8"></a>nsprobe: domain/name server checker in terms of RFC 4074</h4></div></div></div>
<p>
It checks a set
of domains to see the name servers of the domains behave
@@ -472,50 +471,50 @@ $ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mm
<p>
Options
</p>
-<div class="variablelist"><dl>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">
-d
</span></dt>
<dd><p>
- run in the "debug" mode. with this option nsprobe will dump
- every RRs it receives.
+ run in the "debug" mode. with this option nsprobe will dump
+ every RRs it receives.
</p></dd>
<dt><span class="term">
-v
</span></dt>
<dd><p>
- increase verbosity of other normal log messages. This can be
- specified multiple times
+ increase verbosity of other normal log messages. This can be
+ specified multiple times
</p></dd>
<dt><span class="term">
-c cache_address
</span></dt>
<dd><p>
- specify an IP address of a recursive (caching) name server.
- nsprobe uses this server to get the NS RRset of each domain and
- the A and/or AAAA RRsets for the name servers. The default
- value is 127.0.0.1.
+ specify an IP address of a recursive (caching) name server.
+ nsprobe uses this server to get the NS RRset of each domain and
+ the A and/or AAAA RRsets for the name servers. The default
+ value is 127.0.0.1.
</p></dd>
<dt><span class="term">
input_file
</span></dt>
<dd><p>
- a file name containing a list of domain (zone) names to be
- probed. when omitted the standard input will be used. Each
- line of the input file specifies a single domain name such as
- "example.com". In general this domain name must be the apex
- name of some DNS zone (unlike normal "host names" such as
- "www.example.com"). nsprobe first identifies the NS RRsets for
- the given domain name, and sends A and AAAA queries to these
- servers for some "widely used" names under the zone;
- specifically, adding "www" and "ftp" to the zone name.
+ a file name containing a list of domain (zone) names to be
+ probed. when omitted the standard input will be used. Each
+ line of the input file specifies a single domain name such as
+ "example.com". In general this domain name must be the apex
+ name of some DNS zone (unlike normal "host names" such as
+ "www.example.com"). nsprobe first identifies the NS RRsets for
+ the given domain name, and sends A and AAAA queries to these
+ servers for some "widely used" names under the zone;
+ specifically, adding "www" and "ftp" to the zone name.
</p></dd>
</dl></div>
</div>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2612698"></a>Library References</h3></div></div></div>
+<a name="id-1.13.2.10"></a>Library References</h3></div></div></div>
<p>As of this writing, there is no formal "manual" of the
libraries, except this document, header files (some of them
provide pretty detailed explanations), and sample application
@@ -540,6 +539,6 @@ $ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mm
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.9.8-P4 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/Bv9ARM.ch13.html b/doc/arm/Bv9ARM.ch13.html
index 175515f9f537..474badc3fec0 100644
--- a/doc/arm/Bv9ARM.ch13.html
+++ b/doc/arm/Bv9ARM.ch13.html
@@ -14,13 +14,12 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Manual pages</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
+<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="prev" href="Bv9ARM.ch12.html" title="Appendix D. BIND 9 DNS Library Support">
<link rel="next" href="man.dig.html" title="dig">
@@ -39,7 +38,7 @@
</table>
<hr>
</div>
-<div class="reference" lang="en">
+<div class="reference">
<div class="titlepage">
<div><div><h1 class="title">
<a name="Bv9ARM.ch13"></a>Manual pages</h1></div></div>
@@ -47,7 +46,7 @@
</div>
<div class="toc">
<p><b>Table of Contents</b></p>
-<dl>
+<dl class="toc">
<dt>
<span class="refentrytitle"><a href="man.dig.html">dig</a></span><span class="refpurpose"> &#8212; DNS lookup utility</span>
</dt>
@@ -64,6 +63,9 @@
<span class="refentrytitle"><a href="man.dnssec-dsfromkey.html"><span class="application">dnssec-dsfromkey</span></a></span><span class="refpurpose"> &#8212; DNSSEC DS RR generation tool</span>
</dt>
<dt>
+<span class="refentrytitle"><a href="man.dnssec-importkey.html"><span class="application">dnssec-importkey</span></a></span><span class="refpurpose"> &#8212; Import DNSKEY records from external systems so they can be managed.</span>
+</dt>
+<dt>
<span class="refentrytitle"><a href="man.dnssec-keyfromlabel.html"><span class="application">dnssec-keyfromlabel</span></a></span><span class="refpurpose"> &#8212; DNSSEC key generation tool</span>
</dt>
<dt>
@@ -91,6 +93,12 @@
<span class="refentrytitle"><a href="man.named.html"><span class="application">named</span></a></span><span class="refpurpose"> &#8212; Internet domain name server</span>
</dt>
<dt>
+<span class="refentrytitle"><a href="man.named.conf.html"><code class="filename">named.conf</code></a></span><span class="refpurpose"> &#8212; configuration file for named</span>
+</dt>
+<dt>
+<span class="refentrytitle"><a href="man.lwresd.html"><span class="application">lwresd</span></a></span><span class="refpurpose"> &#8212; lightweight resolver daemon</span>
+</dt>
+<dt>
<span class="refentrytitle"><a href="man.named-journalprint.html"><span class="application">named-journalprint</span></a></span><span class="refpurpose"> &#8212; print zone journal in human-readable form</span>
</dt>
<dt>
@@ -140,6 +148,6 @@
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.9.8-P4 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/Bv9ARM.conf b/doc/arm/Bv9ARM.conf
new file mode 100644
index 000000000000..cf095caa9212
--- /dev/null
+++ b/doc/arm/Bv9ARM.conf
@@ -0,0 +1,3 @@
+TexInputs: ../tex//
+TexStyle: armstyle
+XslParam: ../xsl/arm-param.xsl
diff --git a/doc/arm/Bv9ARM.html b/doc/arm/Bv9ARM.html
index b2288026ea67..3eb4077193b8 100644
--- a/doc/arm/Bv9ARM.html
+++ b/doc/arm/Bv9ARM.html
@@ -14,13 +14,12 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>BIND 9 Administrator Reference Manual</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
+<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="next" href="Bv9ARM.ch01.html" title="Chapter 1. Introduction">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
@@ -36,12 +35,12 @@
</table>
<hr>
</div>
-<div class="book" lang="en">
+<div class="book">
<div class="titlepage">
<div>
<div><h1 class="title">
-<a name="id2563180"></a>BIND 9 Administrator Reference Manual</h1></div>
-<div><p class="releaseinfo">BIND Version 9.9.8-P4</p></div>
+<a name="id-1"></a>BIND 9 Administrator Reference Manual</h1></div>
+<div><p class="releaseinfo">BIND Version 9.9.9-P3</p></div>
<div><p class="copyright">Copyright © 2004-2015 Internet Systems Consortium, Inc. ("ISC")</p></div>
<div><p class="copyright">Copyright © 2000-2003 Internet Software Consortium.</p></div>
</div>
@@ -49,226 +48,226 @@
</div>
<div class="toc">
<p><b>Table of Contents</b></p>
-<dl>
+<dl class="toc">
<dt><span class="chapter"><a href="Bv9ARM.ch01.html">1. Introduction</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2563509">Scope of Document</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2563533">Organization of This Document</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564629">Conventions Used in This Document</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564810">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch01.html#doc_scope">Scope of Document</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch01.html#organization">Organization of This Document</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch01.html#conventions">Conventions Used in This Document</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch01.html#dns_overview">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564832">DNS Fundamentals</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564934">Domains and Domain Names</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567271">Zones</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567348">Authoritative Name Servers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567589">Caching Name Servers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567651">Name Servers in Multiple Roles</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch01.html#dns_fundamentals">DNS Fundamentals</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch01.html#domain_names">Domains and Domain Names</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch01.html#zones">Zones</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch01.html#auth_servers">Authoritative Name Servers</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch01.html#cache_servers">Caching Name Servers</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch01.html#multi_role">Name Servers in Multiple Roles</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch02.html">2. <acronym class="acronym">BIND</acronym> Resource Requirements</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567685">Hardware requirements</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567712">CPU Requirements</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567793">Memory Requirements</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567819">Name Server Intensive Environment Issues</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567830">Supported Operating Systems</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch02.html#hw_req">Hardware requirements</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch02.html#cpu_req">CPU Requirements</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch02.html#mem_req">Memory Requirements</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch02.html#intensive_env">Name Server Intensive Environment Issues</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch02.html#supported_os">Supported Operating Systems</a></span></dt>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch03.html">3. Name Server Configuration</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch03.html#sample_configuration">Sample Configurations</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch03.html#sample_configuration">Sample Configurations</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567998">A Caching-only Name Server</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568014">An Authoritative-only Name Server</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch03.html#cache_only_sample">A Caching-only Name Server</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch03.html#auth_only_sample">An Authoritative-only Name Server</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568037">Load Balancing</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568391">Name Server Operations</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch03.html#load_balancing">Load Balancing</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch03.html#ns_operations">Name Server Operations</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568396">Tools for Use With the Name Server Daemon</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2569449">Signals</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch03.html#tools">Tools for Use With the Name Server Daemon</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch03.html#signals">Signals</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch04.html">4. Advanced DNS Features</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#notify">Notify</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dynamic_update">Dynamic Update</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#journal">The journal file</a></span></dt></dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#incremental_zone_transfers">Incremental Zone Transfers (IXFR)</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2564237">Split DNS</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564256">Example split DNS setup</a></span></dt></dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#tsig">TSIG</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#notify">Notify</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#dynamic_update">Dynamic Update</a></span></dt>
+<dd><dl><dt><span class="section"><a href="Bv9ARM.ch04.html#journal">The journal file</a></span></dt></dl></dd>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#incremental_zone_transfers">Incremental Zone Transfers (IXFR)</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#split_dns">Split DNS</a></span></dt>
+<dd><dl><dt><span class="section"><a href="Bv9ARM.ch04.html#split_dns_sample">Example split DNS setup</a></span></dt></dl></dd>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#tsig">TSIG</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570560">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570701">Copying the Shared Secret to Both Machines</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570712">Informing the Servers of the Key's Existence</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570748">Instructing the Server to Use the Key</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570806">TSIG Key Based Access Control</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570855">Errors</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.6.5">Generating a Shared Key</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.6.6">Loading A New Key</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.6.7">Instructing the Server to Use a Key</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.6.8">TSIG-Based Access Control</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.6.9">Errors</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570869">TKEY</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570918">SIG(0)</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#DNSSEC">DNSSEC</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#tkey">TKEY</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#sig0">SIG(0)</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#DNSSEC">DNSSEC</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571054">Generating Keys</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571270">Signing the Zone</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571351">Configuring Servers</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#dnssec_keys">Generating Keys</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#dnssec_signing">Signing the Zone</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#dnssec_config">Configuring Servers</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dnssec.dynamic.zones">DNSSEC, Dynamic Zones, and Automatic Signing</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#dnssec.dynamic.zones">DNSSEC, Dynamic Zones, and Automatic Signing</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2610615">Converting from insecure to secure</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2610652">Dynamic DNS update method</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563653">Fully automatic zone signing</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563900">Private-type records</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563938">DNSKEY rollovers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563950">Dynamic DNS update method</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564052">Automatic key rollovers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564078">NSEC3PARAM rollovers via UPDATE</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564088">Converting from NSEC to NSEC3</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2569832">Converting from NSEC3 to NSEC</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2569845">Converting from secure to insecure</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2569882">Periodic re-signing</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2569892">NSEC3 and OPTOUT</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.10.3">Converting from insecure to secure</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.10.8">Dynamic DNS update method</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.10.16">Fully automatic zone signing</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.10.25">Private-type records</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.10.32">DNSKEY rollovers</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.10.34">Dynamic DNS update method</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.10.39">Automatic key rollovers</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.10.41">NSEC3PARAM rollovers via UPDATE</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.10.43">Converting from NSEC to NSEC3</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.10.45">Converting from NSEC3 to NSEC</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.10.47">Converting from secure to insecure</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.10.51">Periodic re-signing</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.10.53">NSEC3 and OPTOUT</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#rfc5011.support">Dynamic Trust Anchor Management</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#rfc5011.support">Dynamic Trust Anchor Management</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2610129">Validating Resolver</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2610151">Authoritative Server</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.11.3">Validating Resolver</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.11.4">Authoritative Server</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#pkcs11">PKCS #11 (Cryptoki) support</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#pkcs11">PKCS #11 (Cryptoki) support</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2613326">Prerequisites</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2611166">Building BIND 9 with PKCS#11</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2613408">PKCS #11 Tools</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2613438">Using the HSM</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2637735">Specifying the engine on the command line</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2637781">Running named with automatic zone re-signing</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.12.4">Prerequisites</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.12.5">Building BIND 9 with PKCS#11</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.12.6">PKCS #11 Tools</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.12.7">Using the HSM</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.12.8">Specifying the engine on the command line</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.12.9">Running named with automatic zone re-signing</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571571">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#ipv6">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571837">Address Lookups Using AAAA Records</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571859">Address to Name Lookups Using Nibble Format</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.13.6">Address Lookups Using AAAA Records</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch04.html#id-1.5.13.7">Address to Name Lookups Using Nibble Format</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch05.html">5. The <acronym class="acronym">BIND</acronym> 9 Lightweight Resolver</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2571892">The Lightweight Resolver Library</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch05.html#lwresd">Running a Resolver Daemon</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch05.html#lightweight_resolver">The Lightweight Resolver Library</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch05.html#lwresd">Running a Resolver Daemon</a></span></dt>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch06.html">6. <acronym class="acronym">BIND</acronym> 9 Configuration Reference</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch06.html#configuration_file_elements">Configuration File Elements</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#configuration_file_elements">Configuration File Elements</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#address_match_lists">Address Match Lists</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2573374">Comment Syntax</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#address_match_lists">Address Match Lists</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#comment_syntax">Comment Syntax</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch06.html#Configuration_File_Grammar">Configuration File Grammar</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#Configuration_File_Grammar">Configuration File Grammar</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574035"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#acl"><span><strong class="command">acl</strong></span> Statement Definition and
+<dt><span class="section"><a href="Bv9ARM.ch06.html#acl_grammar"><span class="command"><strong>acl</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#acl"><span class="command"><strong>acl</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574225"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage"><span><strong class="command">controls</strong></span> Statement Definition and
+<dt><span class="section"><a href="Bv9ARM.ch06.html#controls_grammar"><span class="command"><strong>controls</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage"><span class="command"><strong>controls</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574584"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574601"><span><strong class="command">include</strong></span> Statement Definition and
+<dt><span class="section"><a href="Bv9ARM.ch06.html#include_grammar"><span class="command"><strong>include</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#include_statement"><span class="command"><strong>include</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#key_grammar"><span class="command"><strong>key</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#key_statement"><span class="command"><strong>key</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#logging_grammar"><span class="command"><strong>logging</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#logging_statement"><span class="command"><strong>logging</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#lwres_grammar"><span class="command"><strong>lwres</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#lwres_statement"><span class="command"><strong>lwres</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#masters_grammar"><span class="command"><strong>masters</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#masters_statement"><span class="command"><strong>masters</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574761"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574785"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574875"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575001"><span><strong class="command">logging</strong></span> Statement Definition and
+<dt><span class="section"><a href="Bv9ARM.ch06.html#options_grammar"><span class="command"><strong>options</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#options"><span class="command"><strong>options</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577236"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577309"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577373"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577417"><span><strong class="command">masters</strong></span> Statement Definition and
- Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577438"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#options"><span><strong class="command">options</strong></span> Statement Definition and
- Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_grammar"><span><strong class="command">server</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_definition_and_usage"><span><strong class="command">server</strong></span> Statement Definition and
+<dt><span class="section"><a href="Bv9ARM.ch06.html#server_statement_grammar"><span class="command"><strong>server</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#server_statement_definition_and_usage"><span class="command"><strong>server</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#statschannels"><span><strong class="command">statistics-channels</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590832"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
+<dt><span class="section"><a href="Bv9ARM.ch06.html#statschannels"><span class="command"><strong>statistics-channels</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#statistics_channels"><span class="command"><strong>statistics-channels</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#trusted-keys"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591139"><span><strong class="command">trusted-keys</strong></span> Statement Definition
+<dt><span class="section"><a href="Bv9ARM.ch06.html#trusted-keys"><span class="command"><strong>trusted-keys</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#trusted_keys"><span class="command"><strong>trusted-keys</strong></span> Statement Definition
and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591186"><span><strong class="command">managed-keys</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#managed-keys"><span><strong class="command">managed-keys</strong></span> Statement Definition
+<dt><span class="section"><a href="Bv9ARM.ch06.html#managed_keys"><span class="command"><strong>managed-keys</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#managed-keys"><span class="command"><strong>managed-keys</strong></span> Statement Definition
and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#view_statement_grammar"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591553"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span><strong class="command">zone</strong></span>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#view_statement_grammar"><span class="command"><strong>view</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#view_statement"><span class="command"><strong>view</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span class="command"><strong>zone</strong></span>
Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593398"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#zone_statement"><span class="command"><strong>zone</strong></span> Statement Definition and Usage</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2597084">Zone File</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#zone_file">Zone File</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2600002">Discussion of MX Records</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2600549">Inverse Mapping in IPv4</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2600812">Other Zone File Directives</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2601017"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zonefile_format">Additional File Formats</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#mx_records">Discussion of MX Records</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#ipv4_reverse">Inverse Mapping in IPv4</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#zone_directives">Other Zone File Directives</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#generate_directive"><acronym class="acronym">BIND</acronym> Master File Extension: the <span class="command"><strong>$GENERATE</strong></span> Directive</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#zonefile_format">Additional File Formats</a></span></dt>
+</dl></dd>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#statistics">BIND9 Statistics</a></span></dt>
+<dd><dl>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#statsfile">The Statistics File</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch06.html#statistics_counters">Statistics Counters</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch06.html#statistics">BIND9 Statistics</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch06.html#statistics_counters">Statistics Counters</a></span></dt></dl></dd>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch07.html">7. <acronym class="acronym">BIND</acronym> 9 Security Considerations</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2605750"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch07.html#chroot_and_setuid"><span class="command"><strong>Chroot</strong></span> and <span class="command"><strong>Setuid</strong></span></a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2605831">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2605959">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch07.html#chroot">The <span class="command"><strong>chroot</strong></span> Environment</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch07.html#setuid">Using the <span class="command"><strong>setuid</strong></span> Function</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch07.html#dynamic_update_security">Dynamic Update Security</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch07.html#dynamic_update_security">Dynamic Update Security</a></span></dt>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch08.html">8. Troubleshooting</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2606107">Common Problems</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2606113">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2606124">Incrementing and Changing the Serial Number</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2606141">Where Can I Get Help?</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch08.html#common_problems">Common Problems</a></span></dt>
+<dd><dl><dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2.2">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
+<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.3">Incrementing and Changing the Serial Number</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch08.html#more_help">Where Can I Get Help?</a></span></dt>
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch09.html">A. Release Notes</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2563593">Release Notes for BIND Version 9.9.8-P4</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.9.9-P3</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_security">Security Fixes</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_features">New Features</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_changes">Feature Changes</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_bugs">Bug Fixes</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#end_of_life">End of Life</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_thanks">Thank You</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_security">Security Fixes</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_features">New Features</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_changes">Feature Changes</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_port">Porting Changes</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_bugs">Bug Fixes</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#end_of_life">End of Life</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_thanks">Thank You</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch10.html">B. A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></a></span></dt>
-<dd><dl><dt><span class="sect1"><a href="Bv9ARM.ch10.html#historical_dns_information"></a></span></dt></dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch11.html">C. General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch11.html#ipv6addresses">IPv6 addresses (AAAA)</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch11.html#bibliography">Bibliography (and Suggested Reading)</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch11.html#ipv6addresses">IPv6 addresses (AAAA)</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch11.html#bibliography">Bibliography (and Suggested Reading)</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch11.html#rfcs">Request for Comments (RFCs)</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch11.html#internet_drafts">Internet Drafts</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch11.html#id2609865">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch11.html#rfcs">Request for Comments (RFCs)</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch11.html#internet_drafts">Internet Drafts</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch11.html#more_about_bind">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch12.html">D. BIND 9 DNS Library Support</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch12.html#bind9.library">BIND 9 DNS Library Support</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch12.html#bind9.library">BIND 9 DNS Library Support</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2611557">Prerequisite</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2611566">Compilation</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2611591">Installation</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2611827">Known Defects/Restrictions</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2611904">The dns.conf File</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2611930">Sample Applications</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2612698">Library References</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch12.html#id-1.13.2.4">Prerequisite</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch12.html#id-1.13.2.5">Compilation</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch12.html#id-1.13.2.6">Installation</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch12.html#id-1.13.2.7">Known Defects/Restrictions</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch12.html#id-1.13.2.8">The dns.conf File</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch12.html#id-1.13.2.9">Sample Applications</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch12.html#id-1.13.2.10">Library References</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="reference"><a href="Bv9ARM.ch13.html">I. Manual pages</a></span></dt>
@@ -289,6 +288,9 @@
<span class="refentrytitle"><a href="man.dnssec-dsfromkey.html"><span class="application">dnssec-dsfromkey</span></a></span><span class="refpurpose"> &#8212; DNSSEC DS RR generation tool</span>
</dt>
<dt>
+<span class="refentrytitle"><a href="man.dnssec-importkey.html"><span class="application">dnssec-importkey</span></a></span><span class="refpurpose"> &#8212; Import DNSKEY records from external systems so they can be managed.</span>
+</dt>
+<dt>
<span class="refentrytitle"><a href="man.dnssec-keyfromlabel.html"><span class="application">dnssec-keyfromlabel</span></a></span><span class="refpurpose"> &#8212; DNSSEC key generation tool</span>
</dt>
<dt>
@@ -316,6 +318,12 @@
<span class="refentrytitle"><a href="man.named.html"><span class="application">named</span></a></span><span class="refpurpose"> &#8212; Internet domain name server</span>
</dt>
<dt>
+<span class="refentrytitle"><a href="man.named.conf.html"><code class="filename">named.conf</code></a></span><span class="refpurpose"> &#8212; configuration file for named</span>
+</dt>
+<dt>
+<span class="refentrytitle"><a href="man.lwresd.html"><span class="application">lwresd</span></a></span><span class="refpurpose"> &#8212; lightweight resolver daemon</span>
+</dt>
+<dt>
<span class="refentrytitle"><a href="man.named-journalprint.html"><span class="application">named-journalprint</span></a></span><span class="refpurpose"> &#8212; print zone journal in human-readable form</span>
</dt>
<dt>
@@ -365,6 +373,6 @@
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.9.8-P4 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/Bv9ARM.pdf b/doc/arm/Bv9ARM.pdf
index 294d17910191..5dd76894943f 100644
--- a/doc/arm/Bv9ARM.pdf
+++ b/doc/arm/Bv9ARM.pdf
Binary files differ
diff --git a/doc/arm/Makefile.in b/doc/arm/Makefile.in
index 501133e0db39..2baf3a32fc47 100644
--- a/doc/arm/Makefile.in
+++ b/doc/arm/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004-2007, 2009, 2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2007, 2009, 2012, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2001, 2002 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -13,18 +13,12 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.22 2009/02/12 23:47:56 tbox Exp $
-
srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
@BIND9_MAKE_RULES@
-@BIND9_VERSION@
-
-PKGVERSION = @PACKAGE_VERSION@
-
MANOBJS = Bv9ARM.html notes.html
PDFOBJS = Bv9ARM.pdf notes.pdf
@@ -33,69 +27,39 @@ doc man:: ${MANOBJS} ${PDFOBJS}
clean::
rm -f Bv9ARM.aux Bv9ARM.brf Bv9ARM.glo Bv9ARM.idx Bv9ARM.toc
- rm -f Bv9ARM.log Bv9ARM.out Bv9ARM.tex Bv9ARM.tex.tmp
+ rm -f Bv9ARM.log Bv9ARM.out
rm -f notes.aux notes.brf notes.glo notes.idx notes.toc
- rm -f notes.log notes.out notes.tex notes.tex.tmp
+ rm -f notes.log notes.out
docclean manclean maintainer-clean:: clean
rm -f *.html ${PDFOBJS}
-docclean manclean maintainer-clean distclean::
+maintainer-clean distclean::
rm -f releaseinfo.xml
rm -f pkgversion.xml
rm -f noteversion.xml
+# use xmllint to process include
notes.html: notes-wrapper.xml notes.xml releaseinfo.xml pkgversion.xml noteversion.xml
- expand notes-wrapper.xml | \
- ${XSLTPROC} --stringparam generate.toc "" ../xsl/isc-notes-html.xsl - |\
- @PERL@ html-fixup.pl > notes.html
+ expand notes-wrapper.xml | ${XMLLINT} --xinclude - | \
+ ${XSLTPROC} --stringparam generate.toc "" ../xsl/isc-notes-html.xsl - > notes.html
-notes.tex: notes-wrapper.xml notes.xml releaseinfo.xml pkgversion.xml noteversion.xml
- expand notes-wrapper.xml | \
- ${XSLTPROC} --stringparam generate.toc "book toc" ${top_srcdir}/doc/xsl/pre-latex.xsl - | \
- ${XSLTPROC} ${top_srcdir}/doc/xsl/isc-notes-latex.xsl - | \
- @PERL@ latex-fixup.pl >$@.tmp
- if test -s $@.tmp; then mv $@.tmp $@; else rm -f $@.tmp; exit 1; fi
-
-notes.pdf: notes.tex releaseinfo.xml pkgversion.xml noteversion.xml
- rm -f notes-wrapper.aux notes.pdf notes.log
- ${PDFLATEX} '\batchmode\input notes.tex' || (rm -f $@ ; exit 1)
+notes.pdf: notes-wrapper.xml notes.xml releaseinfo.xml pkgversion.xml noteversion.xml
+ ${XSLTPROC} ${top_srcdir}/doc/xsl/pre-latex.xsl notes-wrapper.xml | \
+ ${DBLATEX} -c notes.conf -Pdoc.layout="mainmatter" -o notes.pdf -
+# use xmllint to process include
Bv9ARM.html: Bv9ARM-book.xml releaseinfo.xml pkgversion.xml noteversion.xml
- expand Bv9ARM-book.xml | \
+ expand Bv9ARM-book.xml | ${XMLLINT} --xinclude - | \
${XSLTPROC} --stringparam root.filename Bv9ARM \
${top_srcdir}/doc/xsl/isc-docbook-chunk.xsl -
+# use xmllint to process include
Bv9ARM-all.html: Bv9ARM-book.xml releaseinfo.xml pkgversion.xml noteversion.xml
- expand Bv9ARM-book.xml | \
+ expand Bv9ARM-book.xml | ${XMLLINT} --xinclude - |\
${XSLTPROC} -o Bv9ARM-all.html ../xsl/isc-docbook-html.xsl -
-Bv9ARM.tex: Bv9ARM-book.xml releaseinfo.xml pkgversion.xml noteversion.xml
+Bv9ARM.pdf: Bv9ARM-book.xml releaseinfo.xml pkgversion.xml noteversion.xml
expand Bv9ARM-book.xml | \
${XSLTPROC} ${top_srcdir}/doc/xsl/pre-latex.xsl - | \
- ${XSLTPROC} ${top_srcdir}/doc/xsl/isc-docbook-latex.xsl - | \
- @PERL@ latex-fixup.pl >$@.tmp
- if test -s $@.tmp; then mv $@.tmp $@; else rm -f $@.tmp; exit 1; fi
-
-Bv9ARM.dvi: Bv9ARM.tex releaseinfo.xml pkgversion.xml noteversion.xml
- rm -f Bv9ARM-book.aux Bv9ARM-book.dvi Bv9ARM-book.log
- ${LATEX} '\batchmode\input Bv9ARM.tex' || (rm -f $@ ; exit 1)
- ${LATEX} '\batchmode\input Bv9ARM.tex' || (rm -f $@ ; exit 1)
- ${LATEX} '\batchmode\input Bv9ARM.tex' || (rm -f $@ ; exit 1)
-
-Bv9ARM.pdf: Bv9ARM.tex releaseinfo.xml pkgversion.xml noteversion.xml
- rm -f Bv9ARM-book.aux Bv9ARM-book.pdf Bv9ARM-book.log
- ${PDFLATEX} '\batchmode\input Bv9ARM.tex' || (rm -f $@ ; exit 1)
- ${PDFLATEX} '\batchmode\input Bv9ARM.tex' || (rm -f $@ ; exit 1)
- ${PDFLATEX} '\batchmode\input Bv9ARM.tex' || (rm -f $@ ; exit 1)
-
-FORCE:
-
-releaseinfo.xml: FORCE
- echo >$@ '<releaseinfo>BIND Version ${VERSION}</releaseinfo>'
-
-noteversion.xml: FORCE
- echo >$@ '<title>Release Notes for BIND Version ${VERSION}</title>'
-
-pkgversion.xml: FORCE
- echo >$@ ' <para>This version of the manual corresponds to BIND version ${PKGVERSION}.</para>'
+ ${DBLATEX} -c Bv9ARM.conf -o Bv9ARM.pdf -
diff --git a/doc/arm/README-SGML b/doc/arm/README-SGML
index e33c937e4b87..a7c347c654bd 100644
--- a/doc/arm/README-SGML
+++ b/doc/arm/README-SGML
@@ -1,32 +1,45 @@
-Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+Copyright (C) 2004, 2015 Internet Systems Consortium, Inc. ("ISC")
Copyright (C) 2000, 2001 Internet Software Consortium.
See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
-The BIND v9 ARM master document is now kept in DocBook XML format.
+The BIND v9 ARM master document is now kept in DocBook 5 XML format.
-Version: $Id: README-SGML,v 1.17 2004/03/05 05:04:43 marka Exp $
+Most of the ARM is in the single file "Bv9ARM-book.xml", with certain
+other files included into it:
-The entire ARM is in the single file:
+ - dlz.xml
+ - dnssec.xml
+ - libdns.xml
+ - logging-categories.xml
+ - managed-keys.xml
+ - notes.xml
+ - pkcs11.xml
+ - BIND man pages
- Bv9ARM-book.xml
+All of the published ARM formats - HTML, PDF, etc - are generated from
+this master source.
-All of the other documents - HTML, PDF, etc - are generated from this
-master source.
+The file "notes.xml" contains the release notes for the current release. In
+addition to being included in the ARM as an appendix, it is also built into
+a stand-alone document: "notes.pdf" and "notes.html".
-This file attempts to describe what tools are necessary for the
-maintenance of this document as well as the generation of the
-alternate formats of this document.
+Building these these files requires DocBook 5 and dblatex. These are
+available as packages in many OS distributes; in debian, for example:
-This file will also spend a very little time describing the XML and
-SGML headers so you can understand a bit what you may need to do to be
-able to work with this document in any fashion other than simply
-editing it.
+ $ sudo apt-get install docbook5-xml docbook-xml docbook-xsl-ns \
+ docbook-utils dblatex
-We will spend almost no time on the actual tags and how to write an
-XML DocBook compliant document. If you are at all familiar with SGML
-or HTML it will be very evident. You only need to know what the tags
-are and how to use them. You can find a good resource either for this
-either online or in printed form:
+To build all documentation, run "make doc".
+
+When committing changes or submitting patches, it is only necessary to
+edit the XML source (i.e., the files with ".docbook" or ".xml" suffixes);
+the files in HTML and man page format are built from the XML source by a
+cron job.
+
+If you are familiar with SGML or HTML, editing the DocBook XML is quite
+straightforward. You only need to know what the tags are and how to use
+them. You can find a good resource either for this either online or in
+printed form:
DocBook: The Definitive Guide
By Norman Walsh and Leonard Muellner
@@ -38,292 +51,5 @@ The book is available online in HTML format:
http://docbook.org/
-and buried in:
-
- http://www.nwalsh.com/docbook/defguide/index.html
-
-A lot of useful stuff is at NWalsh's site in general. You may also
-want to look at:
-
- http://www.xml.com/
-
-The BIND v9 ARM is based on the XML 4.0 DocBook DTD. Every XML and
-SGML document begins with a prefix that tells where to find the file
-that describes the meaning and structure of the tags used in the rest
-of the document.
-
-For our XML DocBook 4.0 based document this prefix looks like this:
-
- <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
- "/usr/local/share/xml/dtd/docbook/docbookx.dtd">
-
-This "DOCTYPE" statement has three parts, of which we are only using
-two:
-
-o The highest level term that represents this document (in this case
- it is "book"
-
-o The identifier that tells us which DTD to use. This identifier has
- two parts, the "Formal Public Identifier" (or FPI) and the system
- identifier. In SGML you can have either a FPI or a SYSTEM identifier
- but you have to have at least one of them. In XML you have to have a
- SYSTEM identifier.
-
-FP & SYSTEM identifiers - These are names/lookups for the actual
-DTD. The FPI is a globally unique name that should, on a properly
-configured system, tell you exactly what DTD to use. The SYSTEM
-identifier gives an absolute location for the DTD. In XML these are
-supposed to be properly formatted URL's.
-
-SGML has these things called "catalogs" that are files that map FPI's
-in to actual files. A "catalog" can also be used to remap a SYSTEM
-identifier so you can say something like: "http://www.oasis.org/foo"
-is actually "/usr/local/share/xml/foo.dtd"
-
-When you use various SGML/XML tools they need to be configured to look
-at the same "catalog" files so that as you move from tool to tool they
-all refer to the same DTD for the same document.
-
-We will be spending most of our configuration time making sure our
-tools use the same "catalog" files and that we have the same DTD's
-installed on our machines. XML's requirement of the SYSTEM identifier
-over the FPI will probably lead to more problems as it does not
-guarantee that everyone is using the same DTD.
-
-I did my initial work with the "sgmltools" the XML 4.0 DocBook DTD and
-"jade" or "openjade."
-
-You can get the 4.0 XML DocBook DTD from:
-
- http://www.docbook.org/xml/4.0/
-
-(download the .zip file.) NOTE: We will eventually be changing the
-SYSTEM identifier to the recommended value of:
-
- http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd
-
-NOTE: Under FreeBSD this is the package:
-
- /usr/ports/textproc/docbook-xml
-
-NetBSD instructions are coming soon.
-
-With packages listed below installed under FreeBSD the "catalog" file
-that all the tools refer to at least one is in:
-
- /usr/local/share/sgml/catalog
-
-In order for our SYSTEM identifier for the XML DocBook dtd to be found
-I create a new catalog file at the top of the XML directory created on
-FreeBSD:
-
- /usr/local/share/xml/catalog
-
-This file has one line:
-
- SYSTEM "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd" "/usr/local/share/xml/dtd/docbook/docbookx.dtd"
-
-Then in the main "catalog" I have it include this XML catalog:
-
- CATALOG "/usr/local/share/xml/catalog"
-
-
-On your systems you need to replace "/usr/local/share" with your
-prefix root (probably /usr/pkg under NetBSD.)
-
-NOTE: The URL used above is supposed to the be the proper one for this
-XML DocBook DTD... but there is nothing at that URL so you really do
-need the "SYSTEM" identifier mapping in your catalog (or make the
-SYSTEM identifier in your document refer to the real location of the
-file on your local system.)
-
-HOW TO VALIDATE A DOCUMENT:
-
-I use the sgmltools "nsgmls" document validator. Since we are using
-XML we need to use the XML declarations, which are installed as part
-of the modular DSSL style sheets:
-
- nsgmls -sv /usr/local/share/sgml/docbook/dsssl/modular/dtds/decls/xml.dcl \
- Bv9ARM-book.xml
-
-A convenient shell script "validate.sh" is now generated by configure
-to invoke the above command with the correct system-dependent paths.
-
-The SGML tools can be found at:
-
- ftp://ftp.us.sgmltools.org/pub/SGMLtools/v2.0/source/ \
- ftp://ftp.nllgg.nl/pub/SGMLtools/v2.0/source/
-
-FreeBSD package for these is:
-
- /usr/ports/textproc/sgmltools
-
-HOW TO RENDER A DOCUMENT AS HTML or TeX:
-
-o Generate html doc with:
-
- openjade -v -d ./nominum-docbook-html.dsl \
- -t sgml \
- /usr/local/share/sgml/docbook/dsssl/modular/dtds/decls/xml.dcl \
- Bv9ARM-book.xml
-
-A convenient shell script "genhtml.sh" is now generated by configure to
-invoke the above command with the correct system-dependent paths.
-
-On NetBSD there is no port for "openjade" however "jade" does still
-work. However you need to specify the "catalog" file to use for style
-sheets on the command line AND you need to have a default "catalog"
-mapping where to find various DTDs. It seems that "jade" installed out
-of the box on NetBSD does not use a globally defined "catalog" file
-for mapping PUBLIC identifiers in to SYSTEM identifiers.
-
-So you need to have a "catalog" file in your current working directory
-that has in it this: (these are probably more entries than you need!)
-
- CATALOG "/usr/pkg/share/sgml/iso8879/catalog"
- CATALOG "/usr/pkg/share/sgml/docbook/2.4.1/catalog"
- CATALOG "/usr/pkg/share/sgml/docbook/3.0/catalog"
- CATALOG "/usr/pkg/share/sgml/docbook/3.1/catalog"
- CATALOG "/usr/pkg/share/sgml/jade/catalog"
- CATALOG "/usr/local/share/xml/catalog"
-
-(These would all be "/usr/local" on FreeBSD)
-
-So the command for jade on NetBSD will look like this:
-
-jade -v -c /usr/pkg/share/sgml/catalog -t sgml \
- -d ./nominum-docbook-html.dsl \
- /usr/pkg/share/sgml/docbook/dsssl/modular/dtds/decls/xml.dcl \
- ./Bv9ARM-book.xml
-
-Furthermore, since the style sheet subset we define has in it a hard
-coded path to the style sheet is based, it is actually generated by
-configure from a .in file so that it will contain the correct
-system-dependent path: where on FreeBSD the second line reads:
-
- <!ENTITY dbstyle SYSTEM "/usr/local/share/sgml/docbook/dsssl/modular/html/docbook.dsl" CDATA DSSSL>
-
-On NetBSD it needs to read:
-
- <!ENTITY dbstyle SYSTEM "/usr/pkg/share/sgml/docbook/dsssl/modular/html/docbook.dsl" CDATA DSSSL>
-
-NOTE: This is usually solved by having this style sheet modification
-be installed in a system directory and have it reference the style
-sheet it is based on via a relative path.
-
-o Generate TeX documentation:
-
-openjade -d ./nominum-docbook-print.dsl -t tex -v \
- /usr/local/share/sgml/docbook/dsssl/modular/dtds/decls/xml.dcl \
- Bv9ARM-book.xml
-
-If you have "jade" installed instead of "openjade" then use that as
-the command. There is little difference, openjade has some bug fixes
-and is in more active development.
-
-To convert the resulting TeX file in to a DVI file you need to do:
-
- tex "&jadetex" Bv9ARM-book.tex
-
-You can also directly generate the pdf file via:
-
- pdftex "&pdfjadetex" Bv9ARM-book.tex
-
-The scripts "genpdf.sh" and "gendvi." have been added to simply
-generating the PDF and DVI output. These substitute the correct paths
-of NetBSD & FreeBSD. You still need to have TeX, jadeTeX, and pdfTeX
-installed and configured properly for these to work.
-
-You will need to up both the "pool_size" and "hash_extra" variables in
-your texmf.cnf file and regenerate them. See below.
-
-You can see that I am using a DSSSL style sheet for DocBook. Actually
-two different ones - one for rendering html, and one for 'print'
-media.
-
-NOTE: For HTML we are using a Nominum DSSSL style instead of the
-default one (all it does is change the chunking to the chapter level
-and makes the files end with ".html" instead of ".htm" so far.) If you
-want to use the plain jane DSSSL style sheet replace the:
-
- -d ./nominum-docbook-html.dsl
-
-with
-
- -d /usr/local/share/sgml/docbook/dsssl/modular/html/docbook.dsl
-
-This style sheet will attempt to reference the one above.
-
-I am currently working on fixing these up so that it works the same on
-our various systems. The main trick is knowing which DTD's and DSSSL
-stylesheets you have installed, installing the right ones, and
-configuring a CATALOG that refers to them in the same way. We will
-probably end up putting our CATALOG's in the same place and then we
-should be able to generate and validate our documents with a minimal
-number of command line arguments.
-
-When running these commands you will get a lot of messages about a
-bunch of general entities not being defined and having no default
-entity. You can ignore those for now.
-
-Also with the style sheets we have and jade as it is you will get
-messages about "xref to title" being unsupported. You can ignore these
-for now as well.
-
-=== Getting the various tools installed on FreeBSD
-(NetBSD coming soon..)
-
-o On freebsd you need to install the following packages:
- o print/teTeX
- o textproc/openjade
- o textproc/docbook
- o textproc/docbook-xml
- o textproc/dsssl-docbook-modular
- o textproc/dtd-catalogs
-
-o on freebsd you need to make some entities visible to the docbook xml
- dtd by making a symlink (can probably be done with a catalog too)
- ln -s /usr/local/share/xml/entity /usr/local/share/xml/dtd/docbook/ent
-
-o you may need to edit /usr/local/share/sgml/catalog and add the line:
-
- CATALOG "/usr/local/share/sgml/openjade/catalog"
-
-o add "hugelatex," Enlarge pool sizes, install the jadetex TeX driver
- file.
-
- cd /usr/local/share/texmf/web2c/
- sudo cp texmf.cnf texmf.cnf.bak
-
- o edit the lines in texmf.cnf with these keys to these values:
-
- main_memory = 1100000
- hash_extra = 15000
- pool_size = 500000
- string_vacancies = 45000
- max_strings = 55000
- pool_free = 47500
- nest_size = 500
- param_size = 1500
- save_size = 5000
- stack_size = 1500
-
- sudo tex -ini -progname=hugelatex -fmt=hugelatex latex.ltx
- sudo texconfig init
- sudo texhash
-
- o For the jadetex macros you will need I recommend you get a more
- current version than what is packaged with openjade or jade.
-
- Checkout http://www.tug.org/applications/jadetex/
-
- Unzip the file you get from there (should be jadetex-2.20 or
- newer.)
-
- In the directory you unzip:
-
- sudo make install
- sudo texhash
-
- NOTE: In the most uptodate "ports" for FreeBSD, jadetext is 2.20+
- so on this platform you should be set as of 2001.01.08.
+After editing documentation, it is useful to check the correctness of the
+XML; this can be done using the "xmllint" utility.
diff --git a/doc/arm/dnssec.xml b/doc/arm/dnssec.xml
index 4b058eb8b0e5..467bc725fe8b 100644
--- a/doc/arm/dnssec.xml
+++ b/doc/arm/dnssec.xml
@@ -1,4 +1,3 @@
-<?xml version="1.0" encoding="utf-8"?>
<!--
- Copyright (C) 2010, 2011, 2015 Internet Systems Consortium, Inc. ("ISC")
-
@@ -15,24 +14,25 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<sect1 id="dnssec.dynamic.zones">
- <title>DNSSEC, Dynamic Zones, and Automatic Signing</title>
+<!-- Converted by db4-upgrade version 1.0 -->
+<section xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="dnssec.dynamic.zones"><info><title>DNSSEC, Dynamic Zones, and Automatic Signing</title></info>
+
<para>As of BIND 9.7.0 it is possible to change a dynamic zone
from insecure to signed and back again. A secure zone can use
either NSEC or NSEC3 chains.</para>
- <sect2>
- <title>Converting from insecure to secure</title>
- </sect2>
+ <section><info><title>Converting from insecure to secure</title></info>
+
+ </section>
<para>Changing a zone from insecure to secure can be done in two
- ways: using a dynamic DNS update, or the
+ ways: using a dynamic DNS update, or the
<command>auto-dnssec</command> zone option.</para>
- <para>For either method, you need to configure
- <command>named</command> so that it can see the
+ <para>For either method, you need to configure
+ <command>named</command> so that it can see the
<filename>K*</filename> files which contain the public and private
parts of the keys that will be used to sign the zone. These files
- will have been generated by
+ will have been generated by
<command>dnssec-keygen</command>. You can do this by placing them
- in the key-directory, as specified in
+ in the key-directory, as specified in
<filename>named.conf</filename>:</para>
<programlisting>
zone example.net {
@@ -47,9 +47,9 @@
with the ZSK, and the DNSKEY RRset to be signed with the KSK as
well. An NSEC chain will be generated as part of the initial
signing process.</para>
- <sect2>
- <title>Dynamic DNS update method</title>
- </sect2>
+ <section><info><title>Dynamic DNS update method</title></info>
+
+ </section>
<para>To insert the keys via dynamic update:</para>
<screen>
% nsupdate
@@ -59,7 +59,7 @@
&gt; send
</screen>
<para>While the update request will complete almost immediately,
- the zone will not be completely signed until
+ the zone will not be completely signed until
<command>named</command> has had time to walk the zone and
generate the NSEC and RRSIG records. The NSEC record at the apex
will be added last, to signal that there is a complete NSEC
@@ -77,27 +77,27 @@
&gt; send
</screen>
<para>Again, this update request will complete almost
- immediately; however, the record won't show up until
+ immediately; however, the record won't show up until
<command>named</command> has had a chance to build/remove the
relevant chain. A private type record will be created to record
the state of the operation (see below for more details), and will
be removed once the operation completes.</para>
<para>While the initial signing and NSEC/NSEC3 chain generation
is happening, other updates are possible as well.</para>
- <sect2>
- <title>Fully automatic zone signing</title>
- </sect2>
- <para>To enable automatic signing, add the
- <command>auto-dnssec</command> option to the zone statement in
- <filename>named.conf</filename>.
- <command>auto-dnssec</command> has two possible arguments:
- <constant>allow</constant> or
+ <section><info><title>Fully automatic zone signing</title></info>
+
+ </section>
+ <para>To enable automatic signing, add the
+ <command>auto-dnssec</command> option to the zone statement in
+ <filename>named.conf</filename>.
+ <command>auto-dnssec</command> has two possible arguments:
+ <constant>allow</constant> or
<constant>maintain</constant>.</para>
- <para>With
- <command>auto-dnssec allow</command>,
+ <para>With
+ <command>auto-dnssec allow</command>,
<command>named</command> can search the key directory for keys
matching the zone, insert them into the zone, and use them to
- sign the zone. It will do so only when it receives an
+ sign the zone. It will do so only when it receives an
<command>rndc sign &lt;zonename&gt;</command>.</para>
<para>
<!-- TODO: this is repeated in the ARM -->
@@ -105,7 +105,7 @@
functionality, but will also automatically adjust the zone's
DNSKEY records on schedule according to the keys' timing metadata.
(See <xref linkend="man.dnssec-keygen"/> and
- <xref linkend="man.dnssec-settime"/> for more information.)
+ <xref linkend="man.dnssec-settime"/> for more information.)
</para>
<para>
<command>named</command> will periodically search the key directory
@@ -119,7 +119,7 @@
</para>
<para>
If keys are present in the key directory the first time the zone
- is loaded, the zone will be signed immediately, without waiting for an
+ is loaded, the zone will be signed immediately, without waiting for an
<command>rndc sign</command> or <command>rndc loadkeys</command>
command. (Those commands can still be used when there are unscheduled
key changes, however.)
@@ -141,16 +141,16 @@
the zone is signed and the NSEC3 chain is completed, the NSEC3PARAM
record will appear in the zone.
</para>
- <para>Using the
+ <para>Using the
<command>auto-dnssec</command> option requires the zone to be
- configured to allow dynamic updates, by adding an
- <command>allow-update</command> or
+ configured to allow dynamic updates, by adding an
+ <command>allow-update</command> or
<command>update-policy</command> statement to the zone
configuration. If this has not been done, the configuration will
fail.</para>
- <sect2>
- <title>Private-type records</title>
- </sect2>
+ <section><info><title>Private-type records</title></info>
+
+ </section>
<para>The state of the signing process is signaled by
private-type records (with a default type value of 65534). When
signing is complete, these records will have a nonzero value for
@@ -186,19 +186,19 @@
0x20 NONSEC
</literallayout>
</para>
- <sect2>
- <title>DNSKEY rollovers</title>
- </sect2>
+ <section><info><title>DNSKEY rollovers</title></info>
+
+ </section>
<para>As with insecure-to-secure conversions, rolling DNSSEC
- keys can be done in two ways: using a dynamic DNS update, or the
+ keys can be done in two ways: using a dynamic DNS update, or the
<command>auto-dnssec</command> zone option.</para>
- <sect2>
- <title>Dynamic DNS update method</title>
- </sect2>
+ <section><info><title>Dynamic DNS update method</title></info>
+
+ </section>
<para> To perform key rollovers via dynamic update, you need to add
- the <filename>K*</filename> files for the new keys so that
+ the <filename>K*</filename> files for the new keys so that
<command>named</command> can find them. You can then add the new
- DNSKEY RRs via dynamic update.
+ DNSKEY RRs via dynamic update.
<command>named</command> will then cause the zone to be signed
with the new keys. When the signing is complete the private type
records will be updated so that the last octet is non
@@ -212,15 +212,15 @@
be able to verify at least one signature when you remove the old
DNSKEY.</para>
<para>The old DNSKEY can be removed via UPDATE. Take care to
- specify the correct key.
+ specify the correct key.
<command>named</command> will clean out any signatures generated
by the old key after the update completes.</para>
- <sect2>
- <title>Automatic key rollovers</title>
- </sect2>
+ <section><info><title>Automatic key rollovers</title></info>
+
+ </section>
<para>When a new key reaches its activation date (as set by
<command>dnssec-keygen</command> or <command>dnssec-settime</command>),
- if the <command>auto-dnssec</command> zone option is set to
+ if the <command>auto-dnssec</command> zone option is set to
<constant>maintain</constant>, <command>named</command> will
automatically carry out the key rollover. If the key's algorithm
has not previously been used to sign the zone, then the zone will
@@ -231,64 +231,64 @@
signature validity periods expire. By default, this rollover
completes in 30 days, after which it will be safe to remove the
old key from the DNSKEY RRset.</para>
- <sect2>
- <title>NSEC3PARAM rollovers via UPDATE</title>
- </sect2>
+ <section><info><title>NSEC3PARAM rollovers via UPDATE</title></info>
+
+ </section>
<para>Add the new NSEC3PARAM record via dynamic update. When the
new NSEC3 chain has been generated, the NSEC3PARAM flag field
will be zero. At this point you can remove the old NSEC3PARAM
record. The old chain will be removed after the update request
completes.</para>
- <sect2>
- <title>Converting from NSEC to NSEC3</title>
- </sect2>
+ <section><info><title>Converting from NSEC to NSEC3</title></info>
+
+ </section>
<para>To do this, you just need to add an NSEC3PARAM record. When
the conversion is complete, the NSEC chain will have been removed
and the NSEC3PARAM record will have a zero flag field. The NSEC3
chain will be generated before the NSEC chain is
destroyed.</para>
- <sect2>
- <title>Converting from NSEC3 to NSEC</title>
- </sect2>
+ <section><info><title>Converting from NSEC3 to NSEC</title></info>
+
+ </section>
<para>To do this, use <command>nsupdate</command> to
remove all NSEC3PARAM records with a zero flag
field. The NSEC chain will be generated before the NSEC3 chain is
removed.</para>
- <sect2>
- <title>Converting from secure to insecure</title>
- </sect2>
+ <section><info><title>Converting from secure to insecure</title></info>
+
+ </section>
<para>To convert a signed zone to unsigned using dynamic DNS,
delete all the DNSKEY records from the zone apex using
<command>nsupdate</command>. All signatures, NSEC or NSEC3 chains,
and associated NSEC3PARAM records will be removed automatically.
This will take place after the update request completes.</para>
- <para> This requires the
- <command>dnssec-secure-to-insecure</command> option to be set to
- <userinput>yes</userinput> in
+ <para> This requires the
+ <command>dnssec-secure-to-insecure</command> option to be set to
+ <userinput>yes</userinput> in
<filename>named.conf</filename>.</para>
<para>In addition, if the <command>auto-dnssec maintain</command>
zone statement is used, it should be removed or changed to
<command>allow</command> instead (or it will re-sign).
</para>
- <sect2>
- <title>Periodic re-signing</title>
- </sect2>
+ <section><info><title>Periodic re-signing</title></info>
+
+ </section>
<para>In any secure zone which supports dynamic updates, named
will periodically re-sign RRsets which have not been re-signed as
a result of some update action. The signature lifetimes will be
adjusted so as to spread the re-sign load over time rather than
all at once.</para>
- <sect2>
- <title>NSEC3 and OPTOUT</title>
- </sect2>
+ <section><info><title>NSEC3 and OPTOUT</title></info>
+
+ </section>
<para>
<command>named</command> only supports creating new NSEC3 chains
where all the NSEC3 records in the zone have the same OPTOUT
- state.
+ state.
<command>named</command> supports UPDATES to zones where the NSEC3
- records in the chain have mixed OPTOUT state.
+ records in the chain have mixed OPTOUT state.
<command>named</command> does not support changing the OPTOUT
state of an individual NSEC3 record, the entire chain needs to be
changed if the OPTOUT state of an individual NSEC3 needs to be
changed.</para>
-</sect1>
+</section>
diff --git a/doc/arm/html-fixup.pl b/doc/arm/html-fixup.pl
deleted file mode 100755
index 276381360139..000000000000
--- a/doc/arm/html-fixup.pl
+++ /dev/null
@@ -1,20 +0,0 @@
-#!/usr/bin/perl -w
-#
-# Copyright (C) 2015 Internet Systems Consortium, Inc. ("ISC")
-#
-# Permission to use, copy, modify, and/or distribute this software for any
-# purpose with or without fee is hereby granted, provided that the above
-# copyright notice and this permission notice appear in all copies.
-#
-# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-# PERFORMANCE OF THIS SOFTWARE.
-
-while (<>) {
- s/&#50102;/&ouml;/;
- print;
-}
diff --git a/doc/arm/libdns.xml b/doc/arm/libdns.xml
index 6b5e81739d8b..dc8655763175 100644
--- a/doc/arm/libdns.xml
+++ b/doc/arm/libdns.xml
@@ -1,6 +1,5 @@
-<?xml version="1.0" encoding="utf-8"?>
<!--
- - Copyright (C) 2010, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2010, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -15,8 +14,9 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<sect1 id="bind9.library">
- <title>BIND 9 DNS Library Support</title>
+<!-- Converted by db4-upgrade version 1.0 -->
+<section xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="bind9.library"><info><title>BIND 9 DNS Library Support</title></info>
+
<para>This version of BIND 9 "exports" its internal libraries so
that they can be used by third-party applications more easily (we
call them "export" libraries in this document). In addition to
@@ -52,16 +52,16 @@
libraries than BIND 9's internal event task system.</para>
</listitem>
</itemizedlist>
- <sect2>
- <title>Prerequisite</title>
+ <section><info><title>Prerequisite</title></info>
+
<para>GNU make is required to build the export libraries (other
part of BIND 9 can still be built with other types of make). In
the reminder of this document, "make" means GNU make. Note that
in some platforms you may need to invoke a different command name
than "make" (e.g. "gmake") to indicate it's GNU make.</para>
- </sect2>
- <sect2>
- <title>Compilation</title>
+ </section>
+ <section><info><title>Compilation</title></info>
+
<screen>
$ <userinput>./configure --enable-exportlib <replaceable>[other flags]</replaceable></userinput>
$ <userinput>make</userinput>
@@ -73,9 +73,9 @@ $ <userinput>make</userinput>
export version of the BIND 9 DNS library. Sample application
programs using the libraries will also be built under the
lib/export/samples directory (see below).</para>
- </sect2>
- <sect2>
- <title>Installation</title>
+ </section>
+ <section><info><title>Installation</title></info>
+
<screen>
$ <userinput>cd lib/export</userinput>
$ <userinput>make install</userinput>
@@ -94,9 +94,9 @@ $ <userinput>make install</userinput>
To see how to build your own
application after the installation, see
<filename>lib/export/samples/Makefile-postinstall.in</filename>.</para>
- </sect2>
- <sect2>
- <title>Known Defects/Restrictions</title>
+ </section>
+ <section><info><title>Known Defects/Restrictions</title></info>
+
<itemizedlist>
<listitem>
<!-- TODO: what about AIX? -->
@@ -140,9 +140,9 @@ $ <userinput>make</userinput>
version are "debug" and "ndots".</para>
</listitem>
</itemizedlist>
- </sect2>
- <sect2>
- <title>The dns.conf File</title>
+ </section>
+ <section><info><title>The dns.conf File</title></info>
+
<para>The IRS library supports an "advanced" configuration file
related to the DNS library for configuration parameters that
would be beyond the capability of the
@@ -156,16 +156,16 @@ $ <userinput>make</userinput>
<command>trusted-keys</command>
statement is supported, whose syntax is the same as the same name
of statement for <filename>named.conf</filename>. (See
- <xref linkend="trusted-keys" /> for details.)</para>
- </sect2>
- <sect2>
- <title>Sample Applications</title>
+ <xref linkend="trusted-keys"/> for details.)</para>
+ </section>
+ <section><info><title>Sample Applications</title></info>
+
<para>Some sample application programs using this API are
provided for reference. The following is a brief description of
these applications.
</para>
- <sect3>
- <title>sample: a simple stub resolver utility</title>
+ <section><info><title>sample: a simple stub resolver utility</title></info>
+
<para>
It sends a query of a given name (of a given optional RR type) to a
specified recursive server, and prints the result as a list of
@@ -183,7 +183,7 @@ $ <userinput>make</userinput>
-t RRtype
</term>
<listitem><para>
- specify the RR type of the query. The default is the A RR.
+ specify the RR type of the query. The default is the A RR.
</para></listitem>
</varlistentry>
<varlistentry>
@@ -191,20 +191,20 @@ $ <userinput>make</userinput>
[-a algorithm] [-e] -k keyname -K keystring
</term>
<listitem><para>
- specify a command-line DNS key to validate the answer. For
- example, to specify the following DNSKEY of example.com:
+ specify a command-line DNS key to validate the answer. For
+ example, to specify the following DNSKEY of example.com:
<literallayout>
- example.com. 3600 IN DNSKEY 257 3 5 xxx
+ example.com. 3600 IN DNSKEY 257 3 5 xxx
</literallayout>
- specify the options as follows:
+ specify the options as follows:
<screen>
<userinput>
- -e -k example.com -K "xxx"
+ -e -k example.com -K "xxx"
</userinput>
</screen>
- -e means that this key is a zone's "key signing key" (as known
- as "secure Entry point").
- When -a is omitted rsasha1 will be used by default.
+ -e means that this key is a zone's "key signing key" (as known
+ as "secure Entry point").
+ When -a is omitted rsasha1 will be used by default.
</para></listitem>
</varlistentry>
<varlistentry>
@@ -212,27 +212,27 @@ $ <userinput>make</userinput>
-s domain:alt_server_address
</term>
<listitem><para>
- specify a separate recursive server address for the specific
- "domain". Example: -s example.com:2001:db8::1234
+ specify a separate recursive server address for the specific
+ "domain". Example: -s example.com:2001:db8::1234
</para></listitem>
</varlistentry>
<varlistentry>
<term>server_address</term>
<listitem><para>
- an IP(v4/v6) address of the recursive server to which queries
- are sent.
+ an IP(v4/v6) address of the recursive server to which queries
+ are sent.
</para></listitem>
</varlistentry>
<varlistentry>
<term>hostname</term>
<listitem><para>
- the domain name for the query
+ the domain name for the query
</para></listitem>
</varlistentry>
</variablelist>
- </sect3>
- <sect3>
- <title>sample-async: a simple stub resolver, working asynchronously</title>
+ </section>
+ <section><info><title>sample-async: a simple stub resolver, working asynchronously</title></info>
+
<para>
Similar to "sample", but accepts a list
of (query) domain names as a separate file and resolves the names
@@ -276,9 +276,9 @@ $ <userinput>make</userinput>
</listitem>
</varlistentry>
</variablelist>
- </sect3>
- <sect3>
- <title>sample-request: a simple DNS transaction client</title>
+ </section>
+ <section><info><title>sample-request: a simple DNS transaction client</title></info>
+
<para>
It sends a query to a specified server, and
prints the response with minimal processing. It doesn't act as a
@@ -328,9 +328,9 @@ $ <userinput>make</userinput>
</listitem>
</varlistentry>
</variablelist>
- </sect3>
- <sect3>
- <title>sample-gai: getaddrinfo() and getnameinfo() test code</title>
+ </section>
+ <section><info><title>sample-gai: getaddrinfo() and getnameinfo() test code</title></info>
+
<para>
This is a test program
to check getaddrinfo() and getnameinfo() behavior. It takes a
@@ -344,9 +344,9 @@ $ <userinput>make</userinput>
<para>
Usage: sample-gai hostname
</para>
- </sect3>
- <sect3>
- <title>sample-update: a simple dynamic update client program</title>
+ </section>
+ <section><info><title>sample-update: a simple dynamic update client program</title></info>
+
<para>
It accepts a single update command as a
command-line argument, sends an update request message to the
@@ -365,11 +365,11 @@ $ <userinput>make</userinput>
-a auth_server
</term>
<listitem><para>
- An IP address of the authoritative server that has authority
- for the zone containing the update name. This should normally
- be the primary authoritative server that accepts dynamic
- updates. It can also be a secondary server that is configured
- to forward update requests to the primary server.
+ An IP address of the authoritative server that has authority
+ for the zone containing the update name. This should normally
+ be the primary authoritative server that accepts dynamic
+ updates. It can also be a secondary server that is configured
+ to forward update requests to the primary server.
</para></listitem>
</varlistentry>
<varlistentry>
@@ -377,8 +377,8 @@ $ <userinput>make</userinput>
-k keyfile
</term>
<listitem><para>
- A TSIG key file to secure the update transaction. The keyfile
- format is the same as that for the nsupdate utility.
+ A TSIG key file to secure the update transaction. The keyfile
+ format is the same as that for the nsupdate utility.
</para></listitem>
</varlistentry>
<varlistentry>
@@ -386,9 +386,9 @@ $ <userinput>make</userinput>
-p prerequisite
</term>
<listitem><para>
- A prerequisite for the update (only one prerequisite can be
- specified). The prerequisite format is the same as that is
- accepted by the nsupdate utility.
+ A prerequisite for the update (only one prerequisite can be
+ specified). The prerequisite format is the same as that is
+ accepted by the nsupdate utility.
</para></listitem>
</varlistentry>
<varlistentry>
@@ -396,10 +396,10 @@ $ <userinput>make</userinput>
-r recursive_server
</term>
<listitem><para>
- An IP address of a recursive server that this utility will
- use. A recursive server may be necessary to identify the
- authoritative server address to which the update request is
- sent.
+ An IP address of a recursive server that this utility will
+ use. A recursive server may be necessary to identify the
+ authoritative server address to which the update request is
+ sent.
</para></listitem>
</varlistentry>
<varlistentry>
@@ -407,7 +407,7 @@ $ <userinput>make</userinput>
-z zonename
</term>
<listitem><para>
- The domain name of the zone that contains
+ The domain name of the zone that contains
</para></listitem>
</varlistentry>
<varlistentry>
@@ -415,8 +415,8 @@ $ <userinput>make</userinput>
(add|delete)
</term>
<listitem><para>
- Specify the type of update operation. Either "add" or "delete"
- must be specified.
+ Specify the type of update operation. Either "add" or "delete"
+ must be specified.
</para></listitem>
</varlistentry>
<varlistentry>
@@ -424,8 +424,8 @@ $ <userinput>make</userinput>
"update data"
</term>
<listitem><para>
- Specify the data to be updated. A typical example of the data
- would look like "name TTL RRtype RDATA".
+ Specify the data to be updated. A typical example of the data
+ would look like "name TTL RRtype RDATA".
</para></listitem>
</varlistentry>
</variablelist>
@@ -448,14 +448,14 @@ $ <userinput>sample-update -a sample-update -k Kxxx.+nnn+mmmm.key delete "foo.dy
<para>
removes all A RRs for foo.dynamic.example.com using the given key.
</para>
- <screen>
+ <screen>
$ <userinput>sample-update -a sample-update -k Kxxx.+nnn+mmmm.key delete "foo.dynamic.example.com"</userinput></screen>
<para>
removes all RRs for foo.dynamic.example.com using the given key.
</para>
- </sect3>
- <sect3>
- <title>nsprobe: domain/name server checker in terms of RFC 4074</title>
+ </section>
+ <section><info><title>nsprobe: domain/name server checker in terms of RFC 4074</title></info>
+
<para>
It checks a set
of domains to see the name servers of the domains behave
@@ -476,8 +476,8 @@ $ <userinput>sample-update -a sample-update -k Kxxx.+nnn+mmmm.key delete "foo.dy
-d
</term>
<listitem><para>
- run in the "debug" mode. with this option nsprobe will dump
- every RRs it receives.
+ run in the "debug" mode. with this option nsprobe will dump
+ every RRs it receives.
</para></listitem>
</varlistentry>
<varlistentry>
@@ -485,8 +485,8 @@ $ <userinput>sample-update -a sample-update -k Kxxx.+nnn+mmmm.key delete "foo.dy
-v
</term>
<listitem><para>
- increase verbosity of other normal log messages. This can be
- specified multiple times
+ increase verbosity of other normal log messages. This can be
+ specified multiple times
</para></listitem>
</varlistentry>
<varlistentry>
@@ -494,10 +494,10 @@ $ <userinput>sample-update -a sample-update -k Kxxx.+nnn+mmmm.key delete "foo.dy
-c cache_address
</term>
<listitem><para>
- specify an IP address of a recursive (caching) name server.
- nsprobe uses this server to get the NS RRset of each domain and
- the A and/or AAAA RRsets for the name servers. The default
- value is 127.0.0.1.
+ specify an IP address of a recursive (caching) name server.
+ nsprobe uses this server to get the NS RRset of each domain and
+ the A and/or AAAA RRsets for the name servers. The default
+ value is 127.0.0.1.
</para></listitem>
</varlistentry>
<varlistentry>
@@ -505,26 +505,25 @@ $ <userinput>sample-update -a sample-update -k Kxxx.+nnn+mmmm.key delete "foo.dy
input_file
</term>
<listitem><para>
- a file name containing a list of domain (zone) names to be
- probed. when omitted the standard input will be used. Each
- line of the input file specifies a single domain name such as
- "example.com". In general this domain name must be the apex
- name of some DNS zone (unlike normal "host names" such as
- "www.example.com"). nsprobe first identifies the NS RRsets for
- the given domain name, and sends A and AAAA queries to these
- servers for some "widely used" names under the zone;
- specifically, adding "www" and "ftp" to the zone name.
+ a file name containing a list of domain (zone) names to be
+ probed. when omitted the standard input will be used. Each
+ line of the input file specifies a single domain name such as
+ "example.com". In general this domain name must be the apex
+ name of some DNS zone (unlike normal "host names" such as
+ "www.example.com"). nsprobe first identifies the NS RRsets for
+ the given domain name, and sends A and AAAA queries to these
+ servers for some "widely used" names under the zone;
+ specifically, adding "www" and "ftp" to the zone name.
</para></listitem>
</varlistentry>
</variablelist>
- </sect3>
- </sect2>
- <sect2>
- <title>Library References</title>
+ </section>
+ </section>
+ <section><info><title>Library References</title></info>
+
<para>As of this writing, there is no formal "manual" of the
libraries, except this document, header files (some of them
provide pretty detailed explanations), and sample application
programs.</para>
- </sect2>
-</sect1>
-<!-- $Id: libdns.xml,v 1.3 2010/02/03 23:49:07 tbox Exp $ -->
+ </section>
+</section>
diff --git a/doc/arm/logging-categories.xml b/doc/arm/logging-categories.xml
new file mode 100644
index 000000000000..d54d5cf9589c
--- /dev/null
+++ b/doc/arm/logging-categories.xml
@@ -0,0 +1,378 @@
+<!--
+ - Copyright (C) 2015 Internet Systems Consortium, Inc. ("ISC")
+ -
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+
+<!-- Converted by db4-upgrade version 1.0 -->
+<informaltable xmlns="http://docbook.org/ns/docbook" version="5.0" colsep="0" rowsep="0">
+ <tgroup cols="2" colsep="0" rowsep="0" tgroupstyle="4Level-table">
+ <colspec colname="1" colnum="1" colsep="0" colwidth="1.150in"/>
+ <colspec colname="2" colnum="2" colsep="0" colwidth="3.350in"/>
+ <tbody>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>client</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Processing of client requests.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>cname</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Logs nameservers that are skipped due to them being
+ a CNAME rather than A / AAAA records.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>config</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Configuration file parsing and processing.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>database</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Messages relating to the databases used
+ internally by the name server to store zone and cache
+ data.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>default</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ The default category defines the logging
+ options for those categories where no specific
+ configuration has been
+ defined.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>delegation-only</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Delegation only. Logs queries that have been
+ forced to NXDOMAIN as the result of a
+ delegation-only zone or a
+ <command>delegation-only</command> in a
+ forward, hint or stub zone declaration.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>dispatch</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Dispatching of incoming packets to the
+ server modules where they are to be processed.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>dnssec</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ DNSSEC and TSIG protocol processing.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>edns-disabled</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Log queries that have been forced to use plain
+ DNS due to timeouts. This is often due to
+ the remote servers not being RFC 1034 compliant
+ (not always returning FORMERR or similar to
+ EDNS queries and other extensions to the DNS
+ when they are not understood). In other words, this is
+ targeted at servers that fail to respond to
+ DNS queries that they don't understand.
+ </para>
+ <para>
+ Note: the log message can also be due to
+ packet loss. Before reporting servers for
+ non-RFC 1034 compliance they should be re-tested
+ to determine the nature of the non-compliance.
+ This testing should prevent or reduce the
+ number of false-positive reports.
+ </para>
+ <para>
+ Note: eventually <command>named</command> will have to stop
+ treating such timeouts as due to RFC 1034 non
+ compliance and start treating it as plain
+ packet loss. Falsely classifying packet
+ loss as due to RFC 1034 non compliance impacts
+ on DNSSEC validation which requires EDNS for
+ the DNSSEC records to be returned.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>general</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ The catch-all. Many things still aren't
+ classified into categories, and they all end up here.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>lame-servers</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Lame servers. These are misconfigurations
+ in remote servers, discovered by BIND 9 when trying to
+ query those servers during resolution.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>network</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Network operations.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>notify</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ The NOTIFY protocol.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>queries</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Specify where queries should be logged to.
+ </para>
+ <para>
+ At startup, specifying the category <command>queries</command> will also
+ enable query logging unless <command>querylog</command> option has been
+ specified.
+ </para>
+
+ <para>
+ The query log entry reports the client's IP
+ address and port number, and the query name,
+ class and type. Next it reports whether the
+ Recursion Desired flag was set (+ if set, -
+ if not set), if the query was signed (S),
+ EDNS was in use (E), if TCP was used (T), if
+ DO (DNSSEC Ok) was set (D), or if CD (Checking
+ Disabled) was set (C). After this the
+ destination address the query was sent to is
+ reported.
+ </para>
+
+ <para>
+ <computeroutput>client 127.0.0.1#62536 (www.example.com): query: www.example.com IN AAAA +SE</computeroutput>
+ </para>
+ <para>
+ <computeroutput>client ::1#62537 (www.example.net): query: www.example.net IN AAAA -SE</computeroutput>
+ </para>
+ <para>
+ (The first part of this log message, showing the
+ client address/port number and query name, is
+ repeated in all subsequent log messages related
+ to the same query.)
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>query-errors</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Information about queries that resulted in some
+ failure.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>rate-limit</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ (Only available when <acronym>BIND</acronym> 9 is
+ configured with the <userinput>--enable-rrl</userinput>
+ option at compile time.)
+ </para>
+ <para>
+ The start, periodic, and final notices of the
+ rate limiting of a stream of responses are logged at
+ <command>info</command> severity in this category.
+ These messages include a hash value of the domain name
+ of the response and the name itself,
+ except when there is insufficient memory to record
+ the name for the final notice
+ The final notice is normally delayed until about one
+ minute after rate limit stops.
+ A lack of memory can hurry the final notice,
+ in which case it starts with an asterisk (*).
+ Various internal events are logged at debug 1 level
+ and higher.
+ </para>
+ <para>
+ Rate limiting of individual requests
+ is logged in the <command>query-errors</command> category.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>resolver</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ DNS resolution, such as the recursive
+ lookups performed on behalf of clients by a caching name
+ server.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>rpz</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Information about errors in response policy zone files,
+ rewritten responses, and at the highest
+ <command>debug</command> levels, mere rewriting
+ attempts.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>security</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Approval and denial of requests.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>spill</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Logs queries that have been terminated, either by dropping
+ or responding with SERVFAIL, as a result of a fetchlimit
+ quota being exceeded.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>unmatched</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Messages that <command>named</command> was unable to determine the
+ class of or for which there was no matching <command>view</command>.
+ A one line summary is also logged to the <command>client</command> category.
+ This category is best sent to a file or stderr, by
+ default it is sent to
+ the <command>null</command> channel.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>update</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Dynamic updates.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>update-security</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Approval and denial of update requests.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>xfer-in</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Zone transfers the server is receiving.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para><command>xfer-out</command></para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Zone transfers the server is sending.
+ </para>
+ </entry>
+ </row>
+ </tbody>
+ </tgroup>
+</informaltable>
diff --git a/doc/arm/man.arpaname.html b/doc/arm/man.arpaname.html
index 06449e19fd30..c05cbf11abfe 100644
--- a/doc/arm/man.arpaname.html
+++ b/doc/arm/man.arpaname.html
@@ -14,13 +14,12 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>arpaname</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
+<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
<link rel="prev" href="man.ddns-confgen.html" title="ddns-confgen">
<link rel="next" href="man.genrandom.html" title="genrandom">
@@ -39,7 +38,7 @@
</table>
<hr>
</div>
-<div class="refentry" lang="en">
+<div class="refentry">
<a name="man.arpaname"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -49,24 +48,19 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">arpaname</code> {<em class="replaceable"><code>ipaddress </code></em>...}</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2618811"></a><h2>DESCRIPTION</h2>
+<div class="refsection">
+<a name="id-1.14.25.7"></a><h2>DESCRIPTION</h2>
<p>
- <span><strong class="command">arpaname</strong></span> translates IP addresses (IPv4 and
+ <span class="command"><strong>arpaname</strong></span> translates IP addresses (IPv4 and
IPv6) to the corresponding IN-ADDR.ARPA or IP6.ARPA names.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2618826"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.14.25.8"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2618840"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
- </p>
-</div>
</div>
<div class="navfooter">
<hr>
@@ -87,6 +81,6 @@
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.9.8-P4 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.ddns-confgen.html b/doc/arm/man.ddns-confgen.html
index aef19fe485be..3b2f7e472a0a 100644
--- a/doc/arm/man.ddns-confgen.html
+++ b/doc/arm/man.ddns-confgen.html
@@ -14,13 +14,12 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>ddns-confgen</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
+<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
<link rel="prev" href="man.rndc-confgen.html" title="rndc-confgen">
<link rel="next" href="man.arpaname.html" title="arpaname">
@@ -39,7 +38,7 @@
</table>
<hr>
</div>
-<div class="refentry" lang="en">
+<div class="refentry">
<a name="man.ddns-confgen"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -49,36 +48,36 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">ddns-confgen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [ -s <em class="replaceable"><code>name</code></em> | -z <em class="replaceable"><code>zone</code></em> ] [<code class="option">-q</code>] [name]</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2650372"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">ddns-confgen</strong></span>
- generates a key for use by <span><strong class="command">nsupdate</strong></span>
- and <span><strong class="command">named</strong></span>. It simplifies configuration
+<div class="refsection">
+<a name="id-1.14.24.7"></a><h2>DESCRIPTION</h2>
+<p><span class="command"><strong>ddns-confgen</strong></span>
+ generates a key for use by <span class="command"><strong>nsupdate</strong></span>
+ and <span class="command"><strong>named</strong></span>. It simplifies configuration
of dynamic zones by generating a key and providing the
- <span><strong class="command">nsupdate</strong></span> and <span><strong class="command">named.conf</strong></span>
+ <span class="command"><strong>nsupdate</strong></span> and <span class="command"><strong>named.conf</strong></span>
syntax that will be needed to use it, including an example
- <span><strong class="command">update-policy</strong></span> statement.
+ <span class="command"><strong>update-policy</strong></span> statement.
</p>
<p>
If a domain name is specified on the command line, it will
be used in the name of the generated key and in the sample
- <span><strong class="command">named.conf</strong></span> syntax. For example,
- <span><strong class="command">ddns-confgen example.com</strong></span> would
+ <span class="command"><strong>named.conf</strong></span> syntax. For example,
+ <span class="command"><strong>ddns-confgen example.com</strong></span> would
generate a key called "ddns-key.example.com", and sample
- <span><strong class="command">named.conf</strong></span> command that could be used
+ <span class="command"><strong>named.conf</strong></span> command that could be used
in the zone definition for "example.com".
</p>
<p>
- Note that <span><strong class="command">named</strong></span> itself can configure a
- local DDNS key for use with <span><strong class="command">nsupdate -l</strong></span>.
- <span><strong class="command">ddns-confgen</strong></span> is only needed when a
+ Note that <span class="command"><strong>named</strong></span> itself can configure a
+ local DDNS key for use with <span class="command"><strong>nsupdate -l</strong></span>.
+ <span class="command"><strong>ddns-confgen</strong></span> is only needed when a
more elaborate configuration is required: for instance, if
- <span><strong class="command">nsupdate</strong></span> is to be used from a remote system.
+ <span class="command"><strong>nsupdate</strong></span> is to be used from a remote system.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2650459"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
+<div class="refsection">
+<a name="id-1.14.24.8"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd><p>
Specifies the algorithm to use for the TSIG key. Available
@@ -88,7 +87,7 @@
<dt><span class="term">-h</span></dt>
<dd><p>
Prints a short summary of the options and arguments to
- <span><strong class="command">ddns-confgen</strong></span>.
+ <span class="command"><strong>ddns-confgen</strong></span>.
</p></dd>
<dt><span class="term">-k <em class="replaceable"><code>keyname</code></em></span></dt>
<dd><p>
@@ -121,7 +120,7 @@
</p></dd>
<dt><span class="term">-s <em class="replaceable"><code>name</code></em></span></dt>
<dd><p>
- Single host mode: The example <span><strong class="command">named.conf</strong></span> text
+ Single host mode: The example <span class="command"><strong>named.conf</strong></span> text
shows how to set an update policy for the specified
<em class="replaceable"><code>name</code></em>
using the "name" nametype.
@@ -133,7 +132,7 @@
</p></dd>
<dt><span class="term">-z <em class="replaceable"><code>zone</code></em></span></dt>
<dd><p>
- zone mode: The example <span><strong class="command">named.conf</strong></span> text
+ zone mode: The example <span class="command"><strong>named.conf</strong></span> text
shows how to set an update policy for the specified
<em class="replaceable"><code>zone</code></em>
using the "zonesub" nametype, allowing updates to all subdomain
@@ -143,19 +142,14 @@
</p></dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2658715"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.14.24.9"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">nsupdate</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2658754"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
- </p>
-</div>
</div>
<div class="navfooter">
<hr>
@@ -176,6 +170,6 @@
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.9.8-P4 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.dig.html b/doc/arm/man.dig.html
index 44cc60bbedac..25496707aed0 100644
--- a/doc/arm/man.dig.html
+++ b/doc/arm/man.dig.html
@@ -14,13 +14,12 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>dig</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
+<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
<link rel="prev" href="Bv9ARM.ch13.html" title="Manual pages">
<link rel="next" href="man.host.html" title="host">
@@ -39,7 +38,7 @@
</table>
<hr>
</div>
-<div class="refentry" lang="en">
+<div class="refentry">
<a name="man.dig"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -51,41 +50,41 @@
<div class="cmdsynopsis"><p><code class="command">dig</code> [<code class="option">-h</code>]</p></div>
<div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2613030"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">dig</strong></span>
+<div class="refsection">
+<a name="id-1.14.2.7"></a><h2>DESCRIPTION</h2>
+<p><span class="command"><strong>dig</strong></span>
(domain information groper) is a flexible tool
for interrogating DNS name servers. It performs DNS lookups and
displays the answers that are returned from the name server(s) that
- were queried. Most DNS administrators use <span><strong class="command">dig</strong></span> to
+ were queried. Most DNS administrators use <span class="command"><strong>dig</strong></span> to
troubleshoot DNS problems because of its flexibility, ease of use and
clarity of output. Other lookup tools tend to have less functionality
- than <span><strong class="command">dig</strong></span>.
+ than <span class="command"><strong>dig</strong></span>.
</p>
<p>
- Although <span><strong class="command">dig</strong></span> is normally used with
+ Although <span class="command"><strong>dig</strong></span> is normally used with
command-line
arguments, it also has a batch mode of operation for reading lookup
requests from a file. A brief summary of its command-line arguments
and options is printed when the <code class="option">-h</code> option is given.
Unlike earlier versions, the BIND 9 implementation of
- <span><strong class="command">dig</strong></span> allows multiple lookups to be issued
+ <span class="command"><strong>dig</strong></span> allows multiple lookups to be issued
from the
command line.
</p>
<p>
Unless it is told to query a specific name server,
- <span><strong class="command">dig</strong></span> will try each of the servers listed in
+ <span class="command"><strong>dig</strong></span> will try each of the servers listed in
<code class="filename">/etc/resolv.conf</code>. If no usable server addresses
- are found, <span><strong class="command">dig</strong></span> will send the query to the local
+ are found, <span class="command"><strong>dig</strong></span> will send the query to the local
host.
</p>
<p>
When no command line arguments or options are given,
- <span><strong class="command">dig</strong></span> will perform an NS query for "." (the root).
+ <span class="command"><strong>dig</strong></span> will perform an NS query for "." (the root).
</p>
<p>
- It is possible to set per-user defaults for <span><strong class="command">dig</strong></span> via
+ It is possible to set per-user defaults for <span class="command"><strong>dig</strong></span> via
<code class="filename">${HOME}/.digrc</code>. This file is read and
any options in it
are applied before the command line arguments.
@@ -93,22 +92,22 @@
<p>
The IN and CH class names overlap with the IN and CH top level
domain names. Either use the <code class="option">-t</code> and
- <code class="option">-c</code> options to specify the type and class,
+ <code class="option">-c</code> options to specify the type and class,
use the <code class="option">-q</code> the specify the domain name, or
use "IN." and "CH." when looking up these top level domains.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2613269"></a><h2>SIMPLE USAGE</h2>
+<div class="refsection">
+<a name="id-1.14.2.8"></a><h2>SIMPLE USAGE</h2>
<p>
- A typical invocation of <span><strong class="command">dig</strong></span> looks like:
+ A typical invocation of <span class="command"><strong>dig</strong></span> looks like:
</p>
<pre class="programlisting"> dig @server name type </pre>
<p>
where:
</p>
-<div class="variablelist"><dl>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term"><code class="constant">server</code></span></dt>
<dd>
<p>
@@ -116,19 +115,19 @@
can be an IPv4 address in dotted-decimal notation or an IPv6
address in colon-delimited notation. When the supplied
<em class="parameter"><code>server</code></em> argument is a hostname,
- <span><strong class="command">dig</strong></span> resolves that name before querying
+ <span class="command"><strong>dig</strong></span> resolves that name before querying
that name server.
</p>
<p>
If no <em class="parameter"><code>server</code></em> argument is
- provided, <span><strong class="command">dig</strong></span> consults
+ provided, <span class="command"><strong>dig</strong></span> consults
<code class="filename">/etc/resolv.conf</code>; if an
address is found there, it queries the name server at
that address. If either of the <code class="option">-4</code> or
<code class="option">-6</code> options are in use, then
only addresses for the corresponding transport
will be tried. If no usable addresses are found,
- <span><strong class="command">dig</strong></span> will send the query to the
+ <span class="command"><strong>dig</strong></span> will send the query to the
local host. The reply from the name server that
responds is displayed.
</p>
@@ -144,16 +143,16 @@
<em class="parameter"><code>type</code></em> can be any valid query
type. If no
<em class="parameter"><code>type</code></em> argument is supplied,
- <span><strong class="command">dig</strong></span> will perform a lookup for an
+ <span class="command"><strong>dig</strong></span> will perform a lookup for an
A record.
</p></dd>
</dl></div>
<p>
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2613600"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
+<div class="refsection">
+<a name="id-1.14.2.9"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-4</span></dt>
<dd><p>
Use IPv4 only.
@@ -177,12 +176,12 @@
</p></dd>
<dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt>
<dd><p>
- Batch mode: <span><strong class="command">dig</strong></span> reads a list of lookup
+ Batch mode: <span class="command"><strong>dig</strong></span> reads a list of lookup
requests to process from the
given <em class="parameter"><code>file</code></em>. Each line in the file
should be organized in the same way they would be
presented as queries to
- <span><strong class="command">dig</strong></span> using the command-line interface.
+ <span class="command"><strong>dig</strong></span> using the command-line interface.
</p></dd>
<dt><span class="term">-i</span></dt>
<dd><p>
@@ -195,11 +194,11 @@
Sign queries using TSIG using a key read from the given file.
Key files can be generated using
<span class="citerefentry"><span class="refentrytitle">tsig-keygen</span>(8)</span>.
- When using TSIG authentication with <span><strong class="command">dig</strong></span>,
+ When using TSIG authentication with <span class="command"><strong>dig</strong></span>,
the name server that is queried needs to know the key and
algorithm that is being used. In BIND, this is done by
- providing appropriate <span><strong class="command">key</strong></span>
- and <span><strong class="command">server</strong></span> statements in
+ providing appropriate <span class="command"><strong>key</strong></span>
+ and <span class="command"><strong>server</strong></span> statements in
<code class="filename">named.conf</code>.
</p></dd>
<dt><span class="term">-m</span></dt>
@@ -246,7 +245,7 @@
need to provide
the <em class="parameter"><code>name</code></em>, <em class="parameter"><code>class</code></em>
and <em class="parameter"><code>type</code></em>
- arguments. <span><strong class="command">dig</strong></span> automatically performs a
+ arguments. <span class="command"><strong>dig</strong></span> automatically performs a
lookup for a name like
<code class="literal">94.2.0.192.in-addr.arpa</code> and sets the
query type and class to PTR and IN respectively. IPv6
@@ -279,9 +278,9 @@
</dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2665793"></a><h2>QUERY OPTIONS</h2>
-<p><span><strong class="command">dig</strong></span>
+<div class="refsection">
+<a name="id-1.14.2.10"></a><h2>QUERY OPTIONS</h2>
+<p><span class="command"><strong>dig</strong></span>
provides a number of query options which affect
the way in which lookups are made and the results displayed. Some of
these set or reset flag bits in the query header, some determine which
@@ -302,7 +301,7 @@
The query options are:
</p>
-<div class="variablelist"><dl>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term"><code class="option">+[no]aaflag</code></span></dt>
<dd><p>
A synonym for <em class="parameter"><code>+[no]aaonly</code></em>.
@@ -371,7 +370,7 @@
<dt><span class="term"><code class="option">+[no]cmd</code></span></dt>
<dd><p>
Toggles the printing of the initial comment in the
- output identifying the version of <span><strong class="command">dig</strong></span>
+ output identifying the version of <span class="command"><strong>dig</strong></span>
and the query options that have been applied. This
comment is printed by default.
</p></dd>
@@ -395,7 +394,7 @@
<dd><p>
Set the search list to contain the single domain
<em class="parameter"><code>somename</code></em>, as if specified in
- a <span><strong class="command">domain</strong></span> directive in
+ a <span class="command"><strong>domain</strong></span> directive in
<code class="filename">/etc/resolv.conf</code>, and enable
search list processing as if the
<em class="parameter"><code>+search</code></em> option were given.
@@ -439,7 +438,7 @@
Print records like the SOA records in a verbose
multi-line format with human-readable comments. The
default is to print each record on a single line, to
- facilitate machine parsing of the <span><strong class="command">dig</strong></span>
+ facilitate machine parsing of the <span class="command"><strong>dig</strong></span>
output.
</p></dd>
<dt><span class="term"><code class="option">+ndots=D</code></span></dt>
@@ -463,7 +462,7 @@
</p></dd>
<dt><span class="term"><code class="option">+[no]nssearch</code></span></dt>
<dd><p>
- When this option is set, <span><strong class="command">dig</strong></span>
+ When this option is set, <span class="command"><strong>dig</strong></span>
attempts to find the authoritative name servers for
the zone containing the name being looked up and
display the SOA record that each name server has for
@@ -494,7 +493,7 @@
<dd><p>
Toggle the setting of the RD (recursion desired) bit
in the query. This bit is set by default, which means
- <span><strong class="command">dig</strong></span> normally sends recursive
+ <span class="command"><strong>dig</strong></span> normally sends recursive
queries. Recursion is automatically disabled when
the <em class="parameter"><code>+nssearch</code></em> or
<em class="parameter"><code>+trace</code></em> query options are used.
@@ -591,7 +590,7 @@
Toggle tracing of the delegation path from the root
name servers for the name being looked up. Tracing
is disabled by default. When tracing is enabled,
- <span><strong class="command">dig</strong></span> makes iterative queries to
+ <span class="command"><strong>dig</strong></span> makes iterative queries to
resolve the name being looked up. It will follow
referrals from the root servers, showing the answer
from each server that was used to resolve the lookup.
@@ -601,7 +600,7 @@
initial query for the root zone name servers.
</p>
<p>
- <span><strong class="command">+dnssec</strong></span> is also set when +trace
+ <span class="command"><strong>+dnssec</strong></span> is also set when +trace
is set to better emulate the default queries from a
nameserver.
</p>
@@ -622,7 +621,7 @@
must be on its own line.
</p>
<p>
- If not specified, <span><strong class="command">dig</strong></span> will look
+ If not specified, <span class="command"><strong>dig</strong></span> will look
for <code class="filename">/etc/trusted-key.key</code> then
<code class="filename">trusted-key.key</code> in the current
directory.
@@ -648,10 +647,10 @@
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2666872"></a><h2>MULTIPLE QUERIES</h2>
+<div class="refsection">
+<a name="id-1.14.2.11"></a><h2>MULTIPLE QUERIES</h2>
<p>
- The BIND 9 implementation of <span><strong class="command">dig </strong></span>
+ The BIND 9 implementation of <span class="command"><strong>dig </strong></span>
supports
specifying multiple queries on the command line (in addition to
supporting the <code class="option">-f</code> batch file option). Each of those
@@ -678,7 +677,7 @@
dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</pre>
<p>
- shows how <span><strong class="command">dig</strong></span> could be used from the
+ shows how <span class="command"><strong>dig</strong></span> could be used from the
command line
to make three lookups: an ANY query for <code class="literal">www.isc.org</code>, a
reverse lookup of 127.0.0.1 and a query for the NS records of
@@ -686,45 +685,45 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
A global query option of <em class="parameter"><code>+qr</code></em> is
applied, so
- that <span><strong class="command">dig</strong></span> shows the initial query it made
+ that <span class="command"><strong>dig</strong></span> shows the initial query it made
for each
lookup. The final query has a local query option of
- <em class="parameter"><code>+noqr</code></em> which means that <span><strong class="command">dig</strong></span>
+ <em class="parameter"><code>+noqr</code></em> which means that <span class="command"><strong>dig</strong></span>
will not print the initial query when it looks up the NS records for
<code class="literal">isc.org</code>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2667026"></a><h2>IDN SUPPORT</h2>
+<div class="refsection">
+<a name="id-1.14.2.12"></a><h2>IDN SUPPORT</h2>
<p>
- If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized
+ If <span class="command"><strong>dig</strong></span> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
- <span><strong class="command">dig</strong></span> appropriately converts character encoding of
+ <span class="command"><strong>dig</strong></span> appropriately converts character encoding of
domain name before sending a request to DNS server or displaying a
reply from the server.
If you'd like to turn off the IDN support for some reason, defines
the <code class="envar">IDN_DISABLE</code> environment variable.
- The IDN support is disabled if the variable is set when
- <span><strong class="command">dig</strong></span> runs.
+ The IDN support is disabled if the variable is set when
+ <span class="command"><strong>dig</strong></span> runs.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2667123"></a><h2>FILES</h2>
+<div class="refsection">
+<a name="id-1.14.2.13"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
<p><code class="filename">${HOME}/.digrc</code>
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2667144"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.14.2.14"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<em class="citetitle">RFC1035</em>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2667181"></a><h2>BUGS</h2>
+<div class="refsection">
+<a name="id-1.14.2.15"></a><h2>BUGS</h2>
<p>
There are probably too many query options.
</p>
@@ -747,6 +746,6 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.9.8-P4 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.dnssec-checkds.html b/doc/arm/man.dnssec-checkds.html
index 9965a076d5cd..c11e1b4f220a 100644
--- a/doc/arm/man.dnssec-checkds.html
+++ b/doc/arm/man.dnssec-checkds.html
@@ -14,13 +14,12 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>dnssec-checkds</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
+<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
<link rel="prev" href="man.host.html" title="host">
<link rel="next" href="man.dnssec-coverage.html" title="dnssec-coverage">
@@ -39,7 +38,7 @@
</table>
<hr>
</div>
-<div class="refentry" lang="en">
+<div class="refentry">
<a name="man.dnssec-checkds"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -50,17 +49,17 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-checkds</code> [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>dig path</code></em></code>] [<code class="option">-D <em class="replaceable"><code>dsfromkey path</code></em></code>] {zone}</p></div>
<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>dig path</code></em></code>] [<code class="option">-D <em class="replaceable"><code>dsfromkey path</code></em></code>] {zone}</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2614701"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">dnssec-checkds</strong></span>
+<div class="refsection">
+<a name="id-1.14.4.7"></a><h2>DESCRIPTION</h2>
+<p><span class="command"><strong>dnssec-checkds</strong></span>
verifies the correctness of Delegation Signer (DS) or DNSSEC
Lookaside Validation (DLV) resource records for keys in a specified
zone.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2614715"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
+<div class="refsection">
+<a name="id-1.14.4.8"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt>
<dd><p>
If a <code class="option">file</code> is specified, then the zone is
@@ -69,36 +68,31 @@
</p></dd>
<dt><span class="term">-l <em class="replaceable"><code>domain</code></em></span></dt>
<dd><p>
- Check for a DLV record in the specified lookaside domain,
+ Check for a DLV record in the specified lookaside domain,
instead of checking for a DS record in the zone's parent.
For example, to check for DLV records for "example.com"
in ISC's DLV zone, use:
- <span><strong class="command">dnssec-checkds -l dlv.isc.org example.com</strong></span>
+ <span class="command"><strong>dnssec-checkds -l dlv.isc.org example.com</strong></span>
</p></dd>
<dt><span class="term">-d <em class="replaceable"><code>dig path</code></em></span></dt>
<dd><p>
- Specifies a path to a <span><strong class="command">dig</strong></span> binary. Used
+ Specifies a path to a <span class="command"><strong>dig</strong></span> binary. Used
for testing.
</p></dd>
<dt><span class="term">-D <em class="replaceable"><code>dsfromkey path</code></em></span></dt>
<dd><p>
- Specifies a path to a <span><strong class="command">dnssec-dsfromkey</strong></span> binary.
+ Specifies a path to a <span class="command"><strong>dnssec-dsfromkey</strong></span> binary.
Used for testing.
</p></dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2614818"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.14.4.9"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-dsfromkey</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2614852"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
- </p>
-</div>
</div>
<div class="navfooter">
<hr>
@@ -118,6 +112,6 @@
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.9.8-P4 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.dnssec-coverage.html b/doc/arm/man.dnssec-coverage.html
index 7ecaed3c68b2..6cd24c947031 100644
--- a/doc/arm/man.dnssec-coverage.html
+++ b/doc/arm/man.dnssec-coverage.html
@@ -14,13 +14,12 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>dnssec-coverage</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
+<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
<link rel="prev" href="man.dnssec-checkds.html" title="dnssec-checkds">
<link rel="next" href="man.dnssec-dsfromkey.html" title="dnssec-dsfromkey">
@@ -39,7 +38,7 @@
</table>
<hr>
</div>
-<div class="refentry" lang="en">
+<div class="refentry">
<a name="man.dnssec-coverage"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -49,9 +48,9 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">dnssec-coverage</code> [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>DNSKEY TTL</code></em></code>] [<code class="option">-m <em class="replaceable"><code>max TTL</code></em></code>] [<code class="option">-r <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-c <em class="replaceable"><code>compilezone path</code></em></code>] [zone]</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2615900"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">dnssec-coverage</strong></span>
+<div class="refsection">
+<a name="id-1.14.5.7"></a><h2>DESCRIPTION</h2>
+<p><span class="command"><strong>dnssec-coverage</strong></span>
verifies that the DNSSEC keys for a given zone or a set of zones
have timing metadata set properly to ensure no future lapses in DNSSEC
coverage.
@@ -77,9 +76,9 @@
share the same TTL parameters.)
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2615927"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
+<div class="refsection">
+<a name="id-1.14.5.8"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt>
<dd><p>
If a <code class="option">file</code> is specified, then the zone is
@@ -137,7 +136,7 @@
This option is mandatory unless the <code class="option">-f</code> has
been used to specify a zone file, or a default key TTL was
set with the <code class="option">-L</code> to
- <span><strong class="command">dnssec-keygen</strong></span>. (If either of those is true,
+ <span class="command"><strong>dnssec-keygen</strong></span>. (If either of those is true,
this option may still be used; it will override the value found
in the zone or key file.)
</p>
@@ -149,7 +148,7 @@
or zones being analyzed when determining whether there is a
possibility of validation failure. This value defaults to
22.5 days, which is also the default in
- <span><strong class="command">named</strong></span>. However, if it has been changed
+ <span class="command"><strong>named</strong></span>. However, if it has been changed
by the <code class="option">sig-validity-interval</code> option in
<code class="filename">named.conf</code>, then it should also be
changed here.
@@ -162,13 +161,13 @@
</dd>
<dt><span class="term">-c <em class="replaceable"><code>compilezone path</code></em></span></dt>
<dd><p>
- Specifies a path to a <span><strong class="command">named-compilezone</strong></span> binary.
+ Specifies a path to a <span class="command"><strong>named-compilezone</strong></span> binary.
Used for testing.
</p></dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2616382"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.14.5.9"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">dnssec-checkds</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-dsfromkey</span>(8)</span>,
@@ -176,11 +175,6 @@
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2616494"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
- </p>
-</div>
</div>
<div class="navfooter">
<hr>
@@ -201,6 +195,6 @@
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.9.8-P4 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.dnssec-dsfromkey.html b/doc/arm/man.dnssec-dsfromkey.html
index 46425f9fb649..c4006a824eab 100644
--- a/doc/arm/man.dnssec-dsfromkey.html
+++ b/doc/arm/man.dnssec-dsfromkey.html
@@ -14,16 +14,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>dnssec-dsfromkey</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
+<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
<link rel="prev" href="man.dnssec-coverage.html" title="dnssec-coverage">
-<link rel="next" href="man.dnssec-keyfromlabel.html" title="dnssec-keyfromlabel">
+<link rel="next" href="man.dnssec-importkey.html" title="dnssec-importkey">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
<div class="navheader">
@@ -33,13 +32,13 @@
<td width="20%" align="left">
<a accesskey="p" href="man.dnssec-coverage.html">Prev</a> </td>
<th width="60%" align="center">Manual pages</th>
-<td width="20%" align="right"> <a accesskey="n" href="man.dnssec-keyfromlabel.html">Next</a>
+<td width="20%" align="right"> <a accesskey="n" href="man.dnssec-importkey.html">Next</a>
</td>
</tr>
</table>
<hr>
</div>
-<div class="refentry" lang="en">
+<div class="refentry">
<a name="man.dnssec-dsfromkey"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -51,16 +50,16 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> {-s} [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-s</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-T <em class="replaceable"><code>TTL</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-A</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {dnsname}</p></div>
<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> [<code class="option">-h</code>] [<code class="option">-V</code>]</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2617147"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">dnssec-dsfromkey</strong></span>
+<div class="refsection">
+<a name="id-1.14.6.7"></a><h2>DESCRIPTION</h2>
+<p><span class="command"><strong>dnssec-dsfromkey</strong></span>
outputs the Delegation Signer (DS) resource record (RR), as defined in
RFC 3658 and RFC 4509, for the given key(s).
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2617161"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
+<div class="refsection">
+<a name="id-1.14.6.8"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-1</span></dt>
<dd><p>
Use SHA-1 as the digest algorithm (the default is to use
@@ -103,7 +102,7 @@
<p>
If <code class="option">file</code> is set to <code class="literal">"-"</code>, then
the zone data is read from the standard input. This makes it
- possible to use the output of the <span><strong class="command">dig</strong></span>
+ possible to use the output of the <span class="command"><strong>dig</strong></span>
command as input, as in:
</p>
<p>
@@ -114,7 +113,7 @@
<dd><p>
Include ZSK's when generating DS records. Without this option,
only keys which have the KSK flag set will be converted to DS
- records and printed. Useful only in zone file mode.
+ records and printed. Useful only in zone file mode.
</p></dd>
<dt><span class="term">-l <em class="replaceable"><code>domain</code></em></span></dt>
<dd><p>
@@ -149,8 +148,8 @@
</p></dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2617914"></a><h2>EXAMPLE</h2>
+<div class="refsection">
+<a name="id-1.14.6.9"></a><h2>EXAMPLE</h2>
<p>
To build the SHA-256 DS RR from the
<strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
@@ -164,8 +163,8 @@
<p><strong class="userinput"><code>example.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94</code></strong>
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2617950"></a><h2>FILES</h2>
+<div class="refsection">
+<a name="id-1.14.6.10"></a><h2>FILES</h2>
<p>
The keyfile can be designed by the key identification
<code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
@@ -178,14 +177,14 @@
<code class="option">dnsname</code>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2617992"></a><h2>CAVEAT</h2>
+<div class="refsection">
+<a name="id-1.14.6.11"></a><h2>CAVEAT</h2>
<p>
A keyfile error can give a "file not found" even if the file exists.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2618002"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.14.6.12"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@@ -194,11 +193,6 @@
<em class="citetitle">RFC 4509</em>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2619065"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
- </p>
-</div>
</div>
<div class="navfooter">
<hr>
@@ -207,18 +201,18 @@
<td width="40%" align="left">
<a accesskey="p" href="man.dnssec-coverage.html">Prev</a> </td>
<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch13.html">Up</a></td>
-<td width="40%" align="right"> <a accesskey="n" href="man.dnssec-keyfromlabel.html">Next</a>
+<td width="40%" align="right"> <a accesskey="n" href="man.dnssec-importkey.html">Next</a>
</td>
</tr>
<tr>
<td width="40%" align="left" valign="top">
<span class="application">dnssec-coverage</span> </td>
<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
-<td width="40%" align="right" valign="top"> <span class="application">dnssec-keyfromlabel</span>
+<td width="40%" align="right" valign="top"> <span class="application">dnssec-importkey</span>
</td>
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.9.8-P4 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.dnssec-importkey.html b/doc/arm/man.dnssec-importkey.html
new file mode 100644
index 000000000000..f24553ed4dd6
--- /dev/null
+++ b/doc/arm/man.dnssec-importkey.html
@@ -0,0 +1,182 @@
+<!--
+ - Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2003 Internet Software Consortium.
+ -
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>dnssec-importkey</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
+<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
+<link rel="prev" href="man.dnssec-dsfromkey.html" title="dnssec-dsfromkey">
+<link rel="next" href="man.dnssec-keyfromlabel.html" title="dnssec-keyfromlabel">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
+<div class="navheader">
+<table width="100%" summary="Navigation header">
+<tr><th colspan="3" align="center"><span class="application">dnssec-importkey</span></th></tr>
+<tr>
+<td width="20%" align="left">
+<a accesskey="p" href="man.dnssec-dsfromkey.html">Prev</a> </td>
+<th width="60%" align="center">Manual pages</th>
+<td width="20%" align="right"> <a accesskey="n" href="man.dnssec-keyfromlabel.html">Next</a>
+</td>
+</tr>
+</table>
+<hr>
+</div>
+<div class="refentry">
+<a name="man.dnssec-importkey"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p><span class="application">dnssec-importkey</span> &#8212; Import DNSKEY records from external systems so they can be managed.</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">dnssec-importkey</code> [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] {<code class="option">keyfile</code>}</p></div>
+<div class="cmdsynopsis"><p><code class="command">dnssec-importkey</code> {<code class="option">-f <em class="replaceable"><code>filename</code></em></code>} [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">dnsname</code>]</p></div>
+</div>
+<div class="refsection">
+<a name="id-1.14.7.7"></a><h2>DESCRIPTION</h2>
+<p><span class="command"><strong>dnssec-importkey</strong></span>
+ reads a public DNSKEY record and generates a pair of
+ .key/.private files. The DNSKEY record may be read from an
+ existing .key file, in which case a corresponding .private file
+ will be generated, or it may be read from any other file or
+ from the standard input, in which case both .key and .private
+ files will be generated.
+ </p>
+<p>
+ The newly-created .private file does <span class="emphasis"><em>not</em></span>
+ contain private key data, and cannot be used for signing.
+ However, having a .private file makes it possible to set
+ publication (<code class="option">-P</code>) and deletion
+ (<code class="option">-D</code>) times for the key, which means the
+ public key can be added to and removed from the DNSKEY RRset
+ on schedule even if the true private key is stored offline.
+ </p>
+</div>
+<div class="refsection">
+<a name="id-1.14.7.8"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl class="variablelist">
+<dt><span class="term">-f <em class="replaceable"><code>filename</code></em></span></dt>
+<dd>
+<p>
+ Zone file mode: instead of a public keyfile name, the argument
+ is the DNS domain name of a zone master file, which can be read
+ from <code class="option">file</code>. If the domain name is the same as
+ <code class="option">file</code>, then it may be omitted.
+ </p>
+<p>
+ If <code class="option">file</code> is set to <code class="literal">"-"</code>, then
+ the zone data is read from the standard input.
+ </p>
+</dd>
+<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
+<dd><p>
+ Sets the directory in which the key files are to reside.
+ </p></dd>
+<dt><span class="term">-L <em class="replaceable"><code>ttl</code></em></span></dt>
+<dd><p>
+ Sets the default TTL to use for this key when it is converted
+ into a DNSKEY RR. If the key is imported into a zone,
+ this is the TTL that will be used for it, unless there was
+ already a DNSKEY RRset in place, in which case the existing TTL
+ would take precedence. Setting the default TTL to
+ <code class="literal">0</code> or <code class="literal">none</code> removes it.
+ </p></dd>
+<dt><span class="term">-h</span></dt>
+<dd><p>
+ Emit usage message and exit.
+ </p></dd>
+<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
+<dd><p>
+ Sets the debugging level.
+ </p></dd>
+<dt><span class="term">-V</span></dt>
+<dd><p>
+ Prints version information.
+ </p></dd>
+</dl></div>
+</div>
+<div class="refsection">
+<a name="id-1.14.7.9"></a><h2>TIMING OPTIONS</h2>
+<p>
+ Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
+ If the argument begins with a '+' or '-', it is interpreted as
+ an offset from the present time. For convenience, if such an offset
+ is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi',
+ then the offset is computed in years (defined as 365 24-hour days,
+ ignoring leap years), months (defined as 30 24-hour days), weeks,
+ days, hours, or minutes, respectively. Without a suffix, the offset
+ is computed in seconds. To explicitly prevent a date from being
+ set, use 'none' or 'never'.
+ </p>
+<div class="variablelist"><dl class="variablelist">
+<dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>
+<dd><p>
+ Sets the date on which a key is to be published to the zone.
+ After that date, the key will be included in the zone but will
+ not be used to sign it.
+ </p></dd>
+<dt><span class="term">-D <em class="replaceable"><code>date/offset</code></em></span></dt>
+<dd><p>
+ Sets the date on which the key is to be deleted. After that
+ date, the key will no longer be included in the zone. (It
+ may remain in the key repository, however.)
+ </p></dd>
+</dl></div>
+</div>
+<div class="refsection">
+<a name="id-1.14.7.10"></a><h2>FILES</h2>
+<p>
+ A keyfile can be designed by the key identification
+ <code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
+ <code class="filename">Knnnn.+aaa+iiiii.key</code> as generated by
+ <span class="refentrytitle">dnssec-keygen</span>(8).
+ </p>
+</div>
+<div class="refsection">
+<a name="id-1.14.7.11"></a><h2>SEE ALSO</h2>
+<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
+ <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
+ <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
+ <em class="citetitle">RFC 5011</em>.
+ </p>
+</div>
+</div>
+<div class="navfooter">
+<hr>
+<table width="100%" summary="Navigation footer">
+<tr>
+<td width="40%" align="left">
+<a accesskey="p" href="man.dnssec-dsfromkey.html">Prev</a> </td>
+<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch13.html">Up</a></td>
+<td width="40%" align="right"> <a accesskey="n" href="man.dnssec-keyfromlabel.html">Next</a>
+</td>
+</tr>
+<tr>
+<td width="40%" align="left" valign="top">
+<span class="application">dnssec-dsfromkey</span> </td>
+<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
+<td width="40%" align="right" valign="top"> <span class="application">dnssec-keyfromlabel</span>
+</td>
+</tr>
+</table>
+</div>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
+</body>
+</html>
diff --git a/doc/arm/man.dnssec-keyfromlabel.html b/doc/arm/man.dnssec-keyfromlabel.html
index 535b8c3be195..8931f8d21ef2 100644
--- a/doc/arm/man.dnssec-keyfromlabel.html
+++ b/doc/arm/man.dnssec-keyfromlabel.html
@@ -14,15 +14,14 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>dnssec-keyfromlabel</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
+<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
-<link rel="prev" href="man.dnssec-dsfromkey.html" title="dnssec-dsfromkey">
+<link rel="prev" href="man.dnssec-importkey.html" title="dnssec-importkey">
<link rel="next" href="man.dnssec-keygen.html" title="dnssec-keygen">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
@@ -31,7 +30,7 @@
<tr><th colspan="3" align="center"><span class="application">dnssec-keyfromlabel</span></th></tr>
<tr>
<td width="20%" align="left">
-<a accesskey="p" href="man.dnssec-dsfromkey.html">Prev</a> </td>
+<a accesskey="p" href="man.dnssec-importkey.html">Prev</a> </td>
<th width="60%" align="center">Manual pages</th>
<td width="20%" align="right"> <a accesskey="n" href="man.dnssec-keygen.html">Next</a>
</td>
@@ -39,7 +38,7 @@
</table>
<hr>
</div>
-<div class="refentry" lang="en">
+<div class="refentry">
<a name="man.dnssec-keyfromlabel"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -49,13 +48,13 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code> {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-3</code>] [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-k</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-S <em class="replaceable"><code>key</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y</code>] {name}</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2618380"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">dnssec-keyfromlabel</strong></span>
+<div class="refsection">
+<a name="id-1.14.8.7"></a><h2>DESCRIPTION</h2>
+<p><span class="command"><strong>dnssec-keyfromlabel</strong></span>
generates a key pair of files that referencing a key object stored
in a cryptographic hardware service module (HSM). The private key
file can be used for DNSSEC signing of zone data as if it were a
- conventional signing key created by <span><strong class="command">dnssec-keygen</strong></span>,
+ conventional signing key created by <span class="command"><strong>dnssec-keygen</strong></span>,
but the key material is stored within the HSM, and the actual signing
takes place there.
</p>
@@ -65,9 +64,9 @@
being generated.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2618406"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
+<div class="refsection">
+<a name="id-1.14.8.8"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
<p>
@@ -122,7 +121,7 @@
<dt><span class="term">-C</span></dt>
<dd><p>
Compatibility mode: generates an old-style key, without
- any metadata. By default, <span><strong class="command">dnssec-keyfromlabel</strong></span>
+ any metadata. By default, <span class="command"><strong>dnssec-keyfromlabel</strong></span>
will include the key's creation date in the metadata stored
with the private key, and other dates may be set there as well
(publication date, activation date, etc). Keys that include
@@ -147,7 +146,7 @@
<dt><span class="term">-h</span></dt>
<dd><p>
Prints a short summary of the options and arguments to
- <span><strong class="command">dnssec-keyfromlabel</strong></span>.
+ <span class="command"><strong>dnssec-keyfromlabel</strong></span>.
</p></dd>
<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
<dd><p>
@@ -208,8 +207,8 @@
</p></dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2670988"></a><h2>TIMING OPTIONS</h2>
+<div class="refsection">
+<a name="id-1.14.8.9"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@@ -221,7 +220,7 @@
is computed in seconds. To explicitly prevent a date from being
set, use 'none' or 'never'.
</p>
-<div class="variablelist"><dl>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>
<dd><p>
Sets the date on which a key is to be published to the zone.
@@ -267,7 +266,7 @@
</p>
<p>
If the key is being created as an explicit successor to another
- key, then the default prepublication interval is 30 days;
+ key, then the default prepublication interval is 30 days;
otherwise it is zero.
</p>
<p>
@@ -280,26 +279,26 @@
</dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2671178"></a><h2>GENERATED KEY FILES</h2>
+<div class="refsection">
+<a name="id-1.14.8.10"></a><h2>GENERATED KEY FILES</h2>
<p>
- When <span><strong class="command">dnssec-keyfromlabel</strong></span> completes
+ When <span class="command"><strong>dnssec-keyfromlabel</strong></span> completes
successfully,
it prints a string of the form <code class="filename">Knnnn.+aaa+iiiii</code>
to the standard output. This is an identification string for
the key files it has generated.
</p>
-<div class="itemizedlist"><ul type="disc">
-<li><p><code class="filename">nnnn</code> is the key name.
+<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem"><p><code class="filename">nnnn</code> is the key name.
</p></li>
-<li><p><code class="filename">aaa</code> is the numeric representation
+<li class="listitem"><p><code class="filename">aaa</code> is the numeric representation
of the algorithm.
</p></li>
-<li><p><code class="filename">iiiii</code> is the key identifier (or
+<li class="listitem"><p><code class="filename">iiiii</code> is the key identifier (or
footprint).
</p></li>
</ul></div>
-<p><span><strong class="command">dnssec-keyfromlabel</strong></span>
+<p><span class="command"><strong>dnssec-keyfromlabel</strong></span>
creates two files, with names based
on the printed string. <code class="filename">Knnnn.+aaa+iiiii.key</code>
contains the public key, and
@@ -319,39 +318,34 @@
general read permission.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2671340"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.14.8.11"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 4034</em>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2671373"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
- </p>
-</div>
</div>
<div class="navfooter">
<hr>
<table width="100%" summary="Navigation footer">
<tr>
<td width="40%" align="left">
-<a accesskey="p" href="man.dnssec-dsfromkey.html">Prev</a> </td>
+<a accesskey="p" href="man.dnssec-importkey.html">Prev</a> </td>
<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch13.html">Up</a></td>
<td width="40%" align="right"> <a accesskey="n" href="man.dnssec-keygen.html">Next</a>
</td>
</tr>
<tr>
<td width="40%" align="left" valign="top">
-<span class="application">dnssec-dsfromkey</span> </td>
+<span class="application">dnssec-importkey</span> </td>
<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
<td width="40%" align="right" valign="top"> <span class="application">dnssec-keygen</span>
</td>
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.9.8-P4 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.dnssec-keygen.html b/doc/arm/man.dnssec-keygen.html
index d3252e94120e..dd46bf33ea7b 100644
--- a/doc/arm/man.dnssec-keygen.html
+++ b/doc/arm/man.dnssec-keygen.html
@@ -14,13 +14,12 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>dnssec-keygen</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
+<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
<link rel="prev" href="man.dnssec-keyfromlabel.html" title="dnssec-keyfromlabel">
<link rel="next" href="man.dnssec-revoke.html" title="dnssec-revoke">
@@ -39,7 +38,7 @@
</table>
<hr>
</div>
-<div class="refentry" lang="en">
+<div class="refentry">
<a name="man.dnssec-keygen"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -49,9 +48,9 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-3</code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-C</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-k</code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-q</code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S <em class="replaceable"><code>key</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-z</code>] {name}</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2619564"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">dnssec-keygen</strong></span>
+<div class="refsection">
+<a name="id-1.14.9.7"></a><h2>DESCRIPTION</h2>
+<p><span class="command"><strong>dnssec-keygen</strong></span>
generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
and RFC 4034. It can also generate keys for use with
TSIG (Transaction Signatures) as defined in RFC 2845, or TKEY
@@ -63,9 +62,9 @@
which the key is being generated.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2619585"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
+<div class="refsection">
+<a name="id-1.14.9.8"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
<p>
@@ -138,7 +137,7 @@
<dt><span class="term">-C</span></dt>
<dd><p>
Compatibility mode: generates an old-style key, without
- any metadata. By default, <span><strong class="command">dnssec-keygen</strong></span>
+ any metadata. By default, <span class="command"><strong>dnssec-keygen</strong></span>
will include the key's creation date in the metadata stored
with the private key, and other dates may be set there as well
(publication date, activation date, etc). Keys that include
@@ -177,7 +176,7 @@
<dt><span class="term">-h</span></dt>
<dd><p>
Prints a short summary of the options and arguments to
- <span><strong class="command">dnssec-keygen</strong></span>.
+ <span class="command"><strong>dnssec-keygen</strong></span>.
</p></dd>
<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
<dd><p>
@@ -209,7 +208,7 @@
<dd><p>
Quiet mode: Suppresses unnecessary output, including
progress indication. Without this option, when
- <span><strong class="command">dnssec-keygen</strong></span> is run interactively
+ <span class="command"><strong>dnssec-keygen</strong></span> is run interactively
to generate an RSA or DSA key pair, it will print a string
of symbols to <code class="filename">stderr</code> indicating the
progress of the key generation. A '.' indicates that a
@@ -279,8 +278,8 @@
</p></dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2671876"></a><h2>TIMING OPTIONS</h2>
+<div class="refsection">
+<a name="id-1.14.9.9"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@@ -292,7 +291,7 @@
is computed in seconds. To explicitly prevent a date from being
set, use 'none' or 'never'.
</p>
-<div class="variablelist"><dl>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>
<dd><p>
Sets the date on which a key is to be published to the zone.
@@ -340,7 +339,7 @@
</p>
<p>
If the key is being created as an explicit successor to another
- key, then the default prepublication interval is 30 days;
+ key, then the default prepublication interval is 30 days;
otherwise it is zero.
</p>
<p>
@@ -353,27 +352,27 @@
</dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2672066"></a><h2>GENERATED KEYS</h2>
+<div class="refsection">
+<a name="id-1.14.9.10"></a><h2>GENERATED KEYS</h2>
<p>
- When <span><strong class="command">dnssec-keygen</strong></span> completes
+ When <span class="command"><strong>dnssec-keygen</strong></span> completes
successfully,
it prints a string of the form <code class="filename">Knnnn.+aaa+iiiii</code>
to the standard output. This is an identification string for
the key it has generated.
</p>
-<div class="itemizedlist"><ul type="disc">
-<li><p><code class="filename">nnnn</code> is the key name.
+<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem"><p><code class="filename">nnnn</code> is the key name.
</p></li>
-<li><p><code class="filename">aaa</code> is the numeric representation
+<li class="listitem"><p><code class="filename">aaa</code> is the numeric representation
of the
algorithm.
</p></li>
-<li><p><code class="filename">iiiii</code> is the key identifier (or
+<li class="listitem"><p><code class="filename">iiiii</code> is the key identifier (or
footprint).
</p></li>
</ul></div>
-<p><span><strong class="command">dnssec-keygen</strong></span>
+<p><span class="command"><strong>dnssec-keygen</strong></span>
creates two files, with names based
on the printed string. <code class="filename">Knnnn.+aaa+iiiii.key</code>
contains the public key, and
@@ -399,8 +398,8 @@
HMAC-MD5, even though the public and private key are equivalent.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2672310"></a><h2>EXAMPLE</h2>
+<div class="refsection">
+<a name="id-1.14.9.11"></a><h2>EXAMPLE</h2>
<p>
To generate a 768-bit DSA key for the domain
<strong class="userinput"><code>example.com</code></strong>, the following command would be
@@ -414,14 +413,14 @@
<p><strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
</p>
<p>
- In this example, <span><strong class="command">dnssec-keygen</strong></span> creates
+ In this example, <span class="command"><strong>dnssec-keygen</strong></span> creates
the files <code class="filename">Kexample.com.+003+26160.key</code>
and
<code class="filename">Kexample.com.+003+26160.private</code>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2672435"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.14.9.12"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 2539</em>,
@@ -429,11 +428,6 @@
<em class="citetitle">RFC 4034</em>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2672466"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
- </p>
-</div>
</div>
<div class="navfooter">
<hr>
@@ -454,6 +448,6 @@
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.9.8-P4 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.dnssec-revoke.html b/doc/arm/man.dnssec-revoke.html
index 43c5ad091752..2adbbb403440 100644
--- a/doc/arm/man.dnssec-revoke.html
+++ b/doc/arm/man.dnssec-revoke.html
@@ -14,13 +14,12 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>dnssec-revoke</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
+<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
<link rel="prev" href="man.dnssec-keygen.html" title="dnssec-keygen">
<link rel="next" href="man.dnssec-settime.html" title="dnssec-settime">
@@ -39,7 +38,7 @@
</table>
<hr>
</div>
-<div class="refentry" lang="en">
+<div class="refentry">
<a name="man.dnssec-revoke"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -49,17 +48,17 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">dnssec-revoke</code> [<code class="option">-hr</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f</code>] [<code class="option">-R</code>] {keyfile}</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2620151"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">dnssec-revoke</strong></span>
+<div class="refsection">
+<a name="id-1.14.10.6"></a><h2>DESCRIPTION</h2>
+<p><span class="command"><strong>dnssec-revoke</strong></span>
reads a DNSSEC key file, sets the REVOKED bit on the key as defined
in RFC 5011, and creates a new pair of key files containing the
now-revoked key.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2620165"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
+<div class="refsection">
+<a name="id-1.14.10.7"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-h</span></dt>
<dd><p>
Emit usage message and exit.
@@ -88,7 +87,7 @@
</p></dd>
<dt><span class="term">-f</span></dt>
<dd><p>
- Force overwrite: Causes <span><strong class="command">dnssec-revoke</strong></span> to
+ Force overwrite: Causes <span class="command"><strong>dnssec-revoke</strong></span> to
write the new key pair even if a file already exists matching
the algorithm and key ID of the revoked key.
</p></dd>
@@ -99,18 +98,13 @@
</p></dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2620299"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.14.10.8"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 5011</em>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2620324"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
- </p>
-</div>
</div>
<div class="navfooter">
<hr>
@@ -131,6 +125,6 @@
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.9.8-P4 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.dnssec-settime.html b/doc/arm/man.dnssec-settime.html
index fd4fa7c3b7a3..2d4afe24a099 100644
--- a/doc/arm/man.dnssec-settime.html
+++ b/doc/arm/man.dnssec-settime.html
@@ -14,13 +14,12 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>dnssec-settime</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
+<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
<link rel="prev" href="man.dnssec-revoke.html" title="dnssec-revoke">
<link rel="next" href="man.dnssec-signzone.html" title="dnssec-signzone">
@@ -39,7 +38,7 @@
</table>
<hr>
</div>
-<div class="refentry" lang="en">
+<div class="refentry">
<a name="man.dnssec-settime"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -49,20 +48,20 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">dnssec-settime</code> [<code class="option">-f</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-V</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] {keyfile}</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2621125"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">dnssec-settime</strong></span>
+<div class="refsection">
+<a name="id-1.14.11.7"></a><h2>DESCRIPTION</h2>
+<p><span class="command"><strong>dnssec-settime</strong></span>
reads a DNSSEC private key file and sets the key timing metadata
as specified by the <code class="option">-P</code>, <code class="option">-A</code>,
<code class="option">-R</code>, <code class="option">-I</code>, and <code class="option">-D</code>
options. The metadata can then be used by
- <span><strong class="command">dnssec-signzone</strong></span> or other signing software to
+ <span class="command"><strong>dnssec-signzone</strong></span> or other signing software to
determine when a key is to be published, whether it should be
used for signing a zone, etc.
</p>
<p>
If none of these options is set on the command line,
- then <span><strong class="command">dnssec-settime</strong></span> simply prints the key timing
+ then <span class="command"><strong>dnssec-settime</strong></span> simply prints the key timing
metadata already stored in the key.
</p>
<p>
@@ -75,18 +74,18 @@
inaccessible to anyone other than the owner (mode 0600).
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2621252"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
+<div class="refsection">
+<a name="id-1.14.11.8"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-f</span></dt>
<dd><p>
Force an update of an old-format key with no metadata fields.
- Without this option, <span><strong class="command">dnssec-settime</strong></span> will
+ Without this option, <span class="command"><strong>dnssec-settime</strong></span> will
fail when attempting to update a legacy key. With this option,
the key will be recreated in the new format, but with the
original key data retained. The key's creation date will be
- set to the present time. If no other values are specified,
- then the key's publication and activation dates will also
+ set to the present time. If no other values are specified,
+ then the key's publication and activation dates will also
be set to the present time.
</p></dd>
<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
@@ -123,8 +122,8 @@
</p></dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2621525"></a><h2>TIMING OPTIONS</h2>
+<div class="refsection">
+<a name="id-1.14.11.9"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@@ -135,7 +134,7 @@
days, hours, or minutes, respectively. Without a suffix, the offset
is computed in seconds. To unset a date, use 'none' or 'never'.
</p>
-<div class="variablelist"><dl>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>
<dd><p>
Sets the date on which a key is to be published to the zone.
@@ -189,7 +188,7 @@
</p>
<p>
If the key is being set to be an explicit successor to another
- key, then the default prepublication interval is 30 days;
+ key, then the default prepublication interval is 30 days;
otherwise it is zero.
</p>
<p>
@@ -202,13 +201,13 @@
</dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2622005"></a><h2>PRINTING OPTIONS</h2>
+<div class="refsection">
+<a name="id-1.14.11.10"></a><h2>PRINTING OPTIONS</h2>
<p>
- <span><strong class="command">dnssec-settime</strong></span> can also be used to print the
+ <span class="command"><strong>dnssec-settime</strong></span> can also be used to print the
timing metadata associated with a key.
</p>
-<div class="variablelist"><dl>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-u</span></dt>
<dd><p>
Print times in UNIX epoch format.
@@ -228,19 +227,14 @@
</p></dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2622153"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.14.11.11"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 5011</em>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2622186"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
- </p>
-</div>
</div>
<div class="navfooter">
<hr>
@@ -261,6 +255,6 @@
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.9.8-P4 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.dnssec-signzone.html b/doc/arm/man.dnssec-signzone.html
index 489b0c7a601a..0a387d41f622 100644
--- a/doc/arm/man.dnssec-signzone.html
+++ b/doc/arm/man.dnssec-signzone.html
@@ -14,13 +14,12 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>dnssec-signzone</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
+<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
<link rel="prev" href="man.dnssec-settime.html" title="dnssec-settime">
<link rel="next" href="man.dnssec-verify.html" title="dnssec-verify">
@@ -39,7 +38,7 @@
</table>
<hr>
</div>
-<div class="refentry" lang="en">
+<div class="refentry">
<a name="man.dnssec-signzone"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -49,9 +48,9 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-P</code>] [<code class="option">-p</code>] [<code class="option">-R</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S</code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-T <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-t</code>] [<code class="option">-u</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-X <em class="replaceable"><code>extended end-time</code></em></code>] [<code class="option">-x</code>] [<code class="option">-z</code>] [<code class="option">-3 <em class="replaceable"><code>salt</code></em></code>] [<code class="option">-H <em class="replaceable"><code>iterations</code></em></code>] [<code class="option">-A</code>] {zonefile} [key...]</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2635306"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">dnssec-signzone</strong></span>
+<div class="refsection">
+<a name="id-1.14.12.7"></a><h2>DESCRIPTION</h2>
+<p><span class="command"><strong>dnssec-signzone</strong></span>
signs a zone. It generates
NSEC and RRSIG records and produces a signed version of the
zone. The security status of delegations from the signed zone
@@ -60,9 +59,9 @@
<code class="filename">keyset</code> file for each child zone.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2635325"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
+<div class="refsection">
+<a name="id-1.14.12.8"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-a</span></dt>
<dd><p>
Verify all generated signatures.
@@ -78,7 +77,7 @@
file in addition to
<code class="filename">dsset-<em class="replaceable"><code>zonename</code></em></code>
when signing a zone, for use by older versions of
- <span><strong class="command">dnssec-signzone</strong></span>.
+ <span class="command"><strong>dnssec-signzone</strong></span>.
</p></dd>
<dt><span class="term">-d <em class="replaceable"><code>directory</code></em></span></dt>
<dd><p>
@@ -88,11 +87,11 @@
<dt><span class="term">-D</span></dt>
<dd><p>
Output only those record types automatically managed by
- <span><strong class="command">dnssec-signzone</strong></span>, i.e. RRSIG, NSEC,
+ <span class="command"><strong>dnssec-signzone</strong></span>, i.e. RRSIG, NSEC,
NSEC3 and NSEC3PARAM records. If smart signing
(<code class="option">-S</code>) is used, DNSKEY records are also
included. The resulting file can be included in the original
- zone file with <span><strong class="command">$INCLUDE</strong></span>. This option
+ zone file with <span class="command"><strong>$INCLUDE</strong></span>. This option
cannot be combined with <code class="option">-O raw</code> or serial
number updating.
</p></dd>
@@ -181,7 +180,7 @@
<dt><span class="term">-h</span></dt>
<dd><p>
Prints a short summary of the options and arguments to
- <span><strong class="command">dnssec-signzone</strong></span>.
+ <span class="command"><strong>dnssec-signzone</strong></span>.
</p></dd>
<dt><span class="term">-V</span></dt>
<dd><p>
@@ -201,7 +200,7 @@
The default cycle interval is one quarter of the difference
between the signature end and start times. So if neither
<code class="option">end-time</code> or <code class="option">start-time</code>
- are specified, <span><strong class="command">dnssec-signzone</strong></span>
+ are specified, <span class="command"><strong>dnssec-signzone</strong></span>
generates
signatures that are valid for 30 days, with a cycle
interval of 7.5 days. Therefore, if any existing RRSIG records
@@ -212,8 +211,8 @@
<dt><span class="term">-I <em class="replaceable"><code>input-format</code></em></span></dt>
<dd><p>
The format of the input zone file.
- Possible formats are <span><strong class="command">"text"</strong></span> (default)
- and <span><strong class="command">"raw"</strong></span>.
+ Possible formats are <span class="command"><strong>"text"</strong></span> (default)
+ and <span class="command"><strong>"raw"</strong></span>.
This option is primarily intended to be used for dynamic
signed zones so that the dumped zone file in a non-text
format containing updates can be signed directly.
@@ -243,7 +242,7 @@
</dd>
<dt><span class="term">-L <em class="replaceable"><code>serial</code></em></span></dt>
<dd><p>
- When writing a signed zone to 'raw' format, set the "source serial"
+ When writing a signed zone to 'raw' format, set the "source serial"
value in the header to the specified serial number. (This is
expected to be used primarily for testing purposes.)
</p></dd>
@@ -256,17 +255,17 @@
<dd>
<p>
The SOA serial number format of the signed zone.
- Possible formats are <span><strong class="command">"keep"</strong></span> (default),
- <span><strong class="command">"increment"</strong></span> and
- <span><strong class="command">"unixtime"</strong></span>.
+ Possible formats are <span class="command"><strong>"keep"</strong></span> (default),
+ <span class="command"><strong>"increment"</strong></span> and
+ <span class="command"><strong>"unixtime"</strong></span>.
</p>
-<div class="variablelist"><dl>
-<dt><span class="term"><span><strong class="command">"keep"</strong></span></span></dt>
+<div class="variablelist"><dl class="variablelist">
+<dt><span class="term"><span class="command"><strong>"keep"</strong></span></span></dt>
<dd><p>Do not modify the SOA serial number.</p></dd>
-<dt><span class="term"><span><strong class="command">"increment"</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>"increment"</strong></span></span></dt>
<dd><p>Increment the SOA serial number using RFC 1982
arithmetics.</p></dd>
-<dt><span class="term"><span><strong class="command">"unixtime"</strong></span></span></dt>
+<dt><span class="term"><span class="command"><strong>"unixtime"</strong></span></span></dt>
<dd><p>Set the SOA serial number to the number of seconds
since epoch.</p></dd>
</dl></div>
@@ -279,15 +278,15 @@
<dt><span class="term">-O <em class="replaceable"><code>output-format</code></em></span></dt>
<dd><p>
The format of the output file containing the signed zone.
- Possible formats are <span><strong class="command">"text"</strong></span> (default)
- <span><strong class="command">"full"</strong></span>, which is text output in a
+ Possible formats are <span class="command"><strong>"text"</strong></span> (default)
+ <span class="command"><strong>"full"</strong></span>, which is text output in a
format suitable for processing by external scripts,
- and <span><strong class="command">"raw"</strong></span> or <span><strong class="command">"raw=N"</strong></span>,
+ and <span class="command"><strong>"raw"</strong></span> or <span class="command"><strong>"raw=N"</strong></span>,
which store the zone in a binary format for rapid loading
- by <span><strong class="command">named</strong></span>. <span><strong class="command">"raw=N"</strong></span>
+ by <span class="command"><strong>named</strong></span>. <span class="command"><strong>"raw=N"</strong></span>
specifies the format version of the raw zone file: if N
is 0, the raw file can be read by any version of
- <span><strong class="command">named</strong></span>; if N is 1, the file can be
+ <span class="command"><strong>named</strong></span>; if N is 1, the file can be
read by release 9.9.0 or higher. The default is 1.
</p></dd>
<dt><span class="term">-p</span></dt>
@@ -318,11 +317,11 @@
<p>
Normally, when a previously-signed zone is passed as input
to the signer, and a DNSKEY record has been removed and
- replaced with a new one, signatures from the old key
+ replaced with a new one, signatures from the old key
that are still within their validity period are retained.
This allows the zone to continue to validate with cached
copies of the old DNSKEY RRset. The <code class="option">-Q</code>
- forces <span><strong class="command">dnssec-signzone</strong></span> to remove
+ forces <span class="command"><strong>dnssec-signzone</strong></span> to remove
signatures from keys that are no longer active. This
enables ZSK rollover using the procedure described in
RFC 4641, section 4.2.1.1 ("Pre-Publish Key Rollover").
@@ -335,7 +334,7 @@
</p>
<p>
This option is similar to <code class="option">-Q</code>, except it
- forces <span><strong class="command">dnssec-signzone</strong></span> to signatures from
+ forces <span class="command"><strong>dnssec-signzone</strong></span> to signatures from
keys that are no longer published. This enables ZSK rollover
using the procedure described in RFC 4641, section 4.2.1.2
("Double Signature Zone Signing Key Rollover").
@@ -356,7 +355,7 @@
<dt><span class="term">-S</span></dt>
<dd>
<p>
- Smart signing: Instructs <span><strong class="command">dnssec-signzone</strong></span> to
+ Smart signing: Instructs <span class="command"><strong>dnssec-signzone</strong></span> to
search the key repository for keys that match the zone being
signed, and to include them in the zone if appropriate.
</p>
@@ -366,7 +365,7 @@
rules. Each successive rule takes priority over the prior
ones:
</p>
-<div class="variablelist"><dl>
+<div class="variablelist"><dl class="variablelist">
<dt></dt>
<dd><p>
If no timing metadata has been set for the key, the key is
@@ -381,7 +380,7 @@
<dd><p>
If the key's activation date is set and in the past, the
key is published (regardless of publication date) and
- used to sign the zone.
+ used to sign the zone.
</p></dd>
<dt></dt>
<dd><p>
@@ -421,7 +420,7 @@
zone. With this option, a zone signed with NSEC can be
switched to NSEC3, or a zone signed with NSEC3 can
be switch to NSEC or to NSEC3 with different parameters.
- Without this option, <span><strong class="command">dnssec-signzone</strong></span> will
+ Without this option, <span class="command"><strong>dnssec-signzone</strong></span> will
retain the existing chain when re-signing.
</p></dd>
<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
@@ -432,16 +431,16 @@
<dd><p>
Only sign the DNSKEY RRset with key-signing keys, and omit
signatures from zone-signing keys. (This is similar to the
- <span><strong class="command">dnssec-dnskey-kskonly yes;</strong></span> zone option in
- <span><strong class="command">named</strong></span>.)
+ <span class="command"><strong>dnssec-dnskey-kskonly yes;</strong></span> zone option in
+ <span class="command"><strong>named</strong></span>.)
</p></dd>
<dt><span class="term">-z</span></dt>
<dd><p>
Ignore KSK flag on key when determining what to sign. This
causes KSK-flagged keys to sign all records, not just the
DNSKEY RRset. (This is similar to the
- <span><strong class="command">update-check-ksk no;</strong></span> zone option in
- <span><strong class="command">named</strong></span>.)
+ <span class="command"><strong>update-check-ksk no;</strong></span> zone option in
+ <span class="command"><strong>named</strong></span>.)
</p></dd>
<dt><span class="term">-3 <em class="replaceable"><code>salt</code></em></span></dt>
<dd><p>
@@ -482,23 +481,23 @@
</p></dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2677686"></a><h2>EXAMPLE</h2>
+<div class="refsection">
+<a name="id-1.14.12.9"></a><h2>EXAMPLE</h2>
<p>
The following command signs the <strong class="userinput"><code>example.com</code></strong>
- zone with the DSA key generated by <span><strong class="command">dnssec-keygen</strong></span>
- (Kexample.com.+003+17247). Because the <span><strong class="command">-S</strong></span> option
+ zone with the DSA key generated by <span class="command"><strong>dnssec-keygen</strong></span>
+ (Kexample.com.+003+17247). Because the <span class="command"><strong>-S</strong></span> option
is not being used, the zone's keys must be in the master file
(<code class="filename">db.example.com</code>). This invocation looks
for <code class="filename">dsset</code> files, in the current directory,
- so that DS records can be imported from them (<span><strong class="command">-g</strong></span>).
+ so that DS records can be imported from them (<span class="command"><strong>-g</strong></span>).
</p>
<pre class="programlisting">% dnssec-signzone -g -o example.com db.example.com \
Kexample.com.+003+17247
db.example.com.signed
%</pre>
<p>
- In the above example, <span><strong class="command">dnssec-signzone</strong></span> creates
+ In the above example, <span class="command"><strong>dnssec-signzone</strong></span> creates
the file <code class="filename">db.example.com.signed</code>. This
file should be referenced in a zone statement in a
<code class="filename">named.conf</code> file.
@@ -512,18 +511,13 @@ db.example.com.signed
db.example.com.signed
%</pre>
</div>
-<div class="refsect1" lang="en">
-<a name="id2677765"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.14.12.10"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 4033</em>, <em class="citetitle">RFC 4641</em>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2677793"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
- </p>
-</div>
</div>
<div class="navfooter">
<hr>
@@ -544,6 +538,6 @@ db.example.com.signed
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.9.8-P4 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.dnssec-verify.html b/doc/arm/man.dnssec-verify.html
index be68c50abb56..3d1bb32254a9 100644
--- a/doc/arm/man.dnssec-verify.html
+++ b/doc/arm/man.dnssec-verify.html
@@ -14,13 +14,12 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>dnssec-verify</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
+<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
<link rel="prev" href="man.dnssec-signzone.html" title="dnssec-signzone">
<link rel="next" href="man.named-checkconf.html" title="named-checkconf">
@@ -39,7 +38,7 @@
</table>
<hr>
</div>
-<div class="refentry" lang="en">
+<div class="refentry">
<a name="man.dnssec-verify"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -49,17 +48,17 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">dnssec-verify</code> [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-x</code>] [<code class="option">-z</code>] {zonefile}</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2630077"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">dnssec-verify</strong></span>
+<div class="refsection">
+<a name="id-1.14.13.7"></a><h2>DESCRIPTION</h2>
+<p><span class="command"><strong>dnssec-verify</strong></span>
verifies that a zone is fully signed for each algorithm found
in the DNSKEY RRset for the zone, and that the NSEC / NSEC3
chains are complete.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2630091"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
+<div class="refsection">
+<a name="id-1.14.13.8"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
<dd><p>
Specifies the DNS class of the zone.
@@ -67,8 +66,8 @@
<dt><span class="term">-I <em class="replaceable"><code>input-format</code></em></span></dt>
<dd><p>
The format of the input zone file.
- Possible formats are <span><strong class="command">"text"</strong></span> (default)
- and <span><strong class="command">"raw"</strong></span>.
+ Possible formats are <span class="command"><strong>"text"</strong></span> (default)
+ and <span class="command"><strong>"raw"</strong></span>.
This option is primarily intended to be used for dynamic
signed zones so that the dumped zone file in a non-text
format containing updates can be verified independently.
@@ -95,7 +94,7 @@
will be signed by all active keys. When this flag is set,
it will not be an error if the DNSKEY RRset is not signed
by zone-signing keys. This corresponds to the <code class="option">-x</code>
- option in <span><strong class="command">dnssec-signzone</strong></span>.
+ option in <span class="command"><strong>dnssec-signzone</strong></span>.
</p></dd>
<dt><span class="term">-z</span></dt>
<dd>
@@ -114,7 +113,7 @@
will be signed by a non-revoked key for the same algorithm
that includes the self-signed key; the same key may be used
for both purposes. This corresponds to the <code class="option">-z</code>
- option in <span><strong class="command">dnssec-signzone</strong></span>.
+ option in <span class="command"><strong>dnssec-signzone</strong></span>.
</p>
</dd>
<dt><span class="term">zonefile</span></dt>
@@ -123,19 +122,14 @@
</p></dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2635511"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.14.13.9"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 4033</em>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2635537"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
- </p>
-</div>
</div>
<div class="navfooter">
<hr>
@@ -156,6 +150,6 @@
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.9.8-P4 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.genrandom.html b/doc/arm/man.genrandom.html
index 5a8530d185f2..9552a57c7aa5 100644
--- a/doc/arm/man.genrandom.html
+++ b/doc/arm/man.genrandom.html
@@ -14,13 +14,12 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>genrandom</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
+<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
<link rel="prev" href="man.arpaname.html" title="arpaname">
<link rel="next" href="man.isc-hmac-fixup.html" title="isc-hmac-fixup">
@@ -39,7 +38,7 @@
</table>
<hr>
</div>
-<div class="refentry" lang="en">
+<div class="refentry">
<a name="man.genrandom"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -49,18 +48,18 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">genrandom</code> [<code class="option">-n <em class="replaceable"><code>number</code></em></code>] {<em class="replaceable"><code>size</code></em>} {<em class="replaceable"><code>filename</code></em>}</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2658873"></a><h2>DESCRIPTION</h2>
+<div class="refsection">
+<a name="id-1.14.26.7"></a><h2>DESCRIPTION</h2>
<p>
- <span><strong class="command">genrandom</strong></span>
+ <span class="command"><strong>genrandom</strong></span>
generates a file or a set of files containing a specified quantity
of pseudo-random data, which can be used as a source of entropy for
other commands on systems with no random device.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2658888"></a><h2>ARGUMENTS</h2>
-<div class="variablelist"><dl>
+<div class="refsection">
+<a name="id-1.14.26.8"></a><h2>ARGUMENTS</h2>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-n <em class="replaceable"><code>number</code></em></span></dt>
<dd><p>
In place of generating one file, generates <code class="option">number</code>
@@ -76,18 +75,13 @@
</p></dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2658949"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.14.26.9"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">rand</span>(3)</span>,
<span class="citerefentry"><span class="refentrytitle">arc4random</span>(3)</span>
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2658976"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
- </p>
-</div>
</div>
<div class="navfooter">
<hr>
@@ -108,6 +102,6 @@
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.9.8-P4 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.host.html b/doc/arm/man.host.html
index e36dba36545b..393de1676ca3 100644
--- a/doc/arm/man.host.html
+++ b/doc/arm/man.host.html
@@ -14,13 +14,12 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>host</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
+<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
<link rel="prev" href="man.dig.html" title="dig">
<link rel="next" href="man.dnssec-checkds.html" title="dnssec-checkds">
@@ -39,7 +38,7 @@
</table>
<hr>
</div>
-<div class="refentry" lang="en">
+<div class="refentry">
<a name="man.host"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -49,34 +48,34 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">host</code> [<code class="option">-aCdlnrsTwv</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>] [<code class="option">-R <em class="replaceable"><code>number</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-v</code>] [<code class="option">-V</code>] {name} [server]</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2613877"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">host</strong></span>
+<div class="refsection">
+<a name="id-1.14.3.7"></a><h2>DESCRIPTION</h2>
+<p><span class="command"><strong>host</strong></span>
is a simple utility for performing DNS lookups.
It is normally used to convert names to IP addresses and vice versa.
When no arguments or options are given,
- <span><strong class="command">host</strong></span>
+ <span class="command"><strong>host</strong></span>
prints a short summary of its command line arguments and options.
</p>
<p><em class="parameter"><code>name</code></em> is the domain name that is to be
looked
up. It can also be a dotted-decimal IPv4 address or a colon-delimited
- IPv6 address, in which case <span><strong class="command">host</strong></span> will by
+ IPv6 address, in which case <span class="command"><strong>host</strong></span> will by
default
perform a reverse lookup for that address.
<em class="parameter"><code>server</code></em> is an optional argument which
is either
- the name or IP address of the name server that <span><strong class="command">host</strong></span>
+ the name or IP address of the name server that <span class="command"><strong>host</strong></span>
should query instead of the server or servers listed in
<code class="filename">/etc/resolv.conf</code>.
</p>
<p>
The <code class="option">-a</code> (all) option is equivalent to setting the
- <code class="option">-v</code> option and asking <span><strong class="command">host</strong></span> to make
+ <code class="option">-v</code> option and asking <span class="command"><strong>host</strong></span> to make
a query of type ANY.
</p>
<p>
- When the <code class="option">-C</code> option is used, <span><strong class="command">host</strong></span>
+ When the <code class="option">-C</code> option is used, <span class="command"><strong>host</strong></span>
will attempt to display the SOA records for zone
<em class="parameter"><code>name</code></em> from all the listed
authoritative name
@@ -90,7 +89,7 @@
Chaosnet class resource records. The default class is IN (Internet).
</p>
<p>
- Verbose output is generated by <span><strong class="command">host</strong></span> when
+ Verbose output is generated by <span class="command"><strong>host</strong></span> when
the
<code class="option">-d</code> or <code class="option">-v</code> option is used. The two
options are equivalent. They have been provided for backwards
@@ -100,7 +99,7 @@
</p>
<p>
List mode is selected by the <code class="option">-l</code> option. This makes
- <span><strong class="command">host</strong></span> perform a zone transfer for zone
+ <span class="command"><strong>host</strong></span> perform a zone transfer for zone
<em class="parameter"><code>name</code></em>. Transfer the zone printing out
the NS, PTR
and address records (A/AAAA). If combined with <code class="option">-a</code>
@@ -128,7 +127,7 @@
The number of UDP retries for a lookup can be changed with the
<code class="option">-R</code> option. <em class="parameter"><code>number</code></em>
indicates
- how many times <span><strong class="command">host</strong></span> will repeat a query
+ how many times <span class="command"><strong>host</strong></span> will repeat a query
that does
not get answered. The default number of retries is 1. If
<em class="parameter"><code>number</code></em> is negative or zero, the
@@ -138,39 +137,39 @@
<p>
Non-recursive queries can be made via the <code class="option">-r</code> option.
Setting this option clears the <span class="type">RD</span> &#8212; recursion
- desired &#8212; bit in the query which <span><strong class="command">host</strong></span> makes.
+ desired &#8212; bit in the query which <span class="command"><strong>host</strong></span> makes.
This should mean that the name server receiving the query will not
attempt to resolve <em class="parameter"><code>name</code></em>. The
- <code class="option">-r</code> option enables <span><strong class="command">host</strong></span>
+ <code class="option">-r</code> option enables <span class="command"><strong>host</strong></span>
to mimic
the behavior of a name server by making non-recursive queries and
expecting to receive answers to those queries that are usually
referrals to other name servers.
</p>
<p>
- By default, <span><strong class="command">host</strong></span> uses UDP when making
+ By default, <span class="command"><strong>host</strong></span> uses UDP when making
queries. The
<code class="option">-T</code> option makes it use a TCP connection when querying
the name server. TCP will be automatically selected for queries that
require it, such as zone transfer (AXFR) requests.
</p>
<p>
- The <code class="option">-4</code> option forces <span><strong class="command">host</strong></span> to only
+ The <code class="option">-4</code> option forces <span class="command"><strong>host</strong></span> to only
use IPv4 query transport. The <code class="option">-6</code> option forces
- <span><strong class="command">host</strong></span> to only use IPv6 query transport.
+ <span class="command"><strong>host</strong></span> to only use IPv6 query transport.
</p>
<p>
The <code class="option">-t</code> option is used to select the query type.
<em class="parameter"><code>type</code></em> can be any recognized query
type: CNAME,
NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified,
- <span><strong class="command">host</strong></span> automatically selects an appropriate
+ <span class="command"><strong>host</strong></span> automatically selects an appropriate
query
type. By default, it looks for A, AAAA, and MX records, but if the
<code class="option">-C</code> option was given, queries will be made for SOA
records, and if <em class="parameter"><code>name</code></em> is a
dotted-decimal IPv4
- address or colon-delimited IPv6 address, <span><strong class="command">host</strong></span> will
+ address or colon-delimited IPv6 address, <span class="command"><strong>host</strong></span> will
query for PTR records. If a query type of IXFR is chosen the starting
serial number can be specified by appending an equal followed by the
starting serial number (e.g. -t IXFR=12345678).
@@ -178,18 +177,18 @@
<p>
The time to wait for a reply can be controlled through the
<code class="option">-W</code> and <code class="option">-w</code> options. The
- <code class="option">-W</code> option makes <span><strong class="command">host</strong></span>
+ <code class="option">-W</code> option makes <span class="command"><strong>host</strong></span>
wait for
<em class="parameter"><code>wait</code></em> seconds. If <em class="parameter"><code>wait</code></em>
is less than one, the wait interval is set to one second. When the
- <code class="option">-w</code> option is used, <span><strong class="command">host</strong></span>
+ <code class="option">-w</code> option is used, <span class="command"><strong>host</strong></span>
will
effectively wait forever for a reply. The time to wait for a response
will be set to the number of seconds given by the hardware's maximum
value for an integer quantity.
</p>
<p>
- The <code class="option">-s</code> option tells <span><strong class="command">host</strong></span>
+ The <code class="option">-s</code> option tells <span class="command"><strong>host</strong></span>
<span class="emphasis"><em>not</em></span> to send the query to the next nameserver
if any server responds with a SERVFAIL response, which is the
reverse of normal stub resolver behavior.
@@ -201,31 +200,31 @@
<em class="parameter"><code>trace</code></em>.
</p>
<p>
- The <code class="option">-V</code> option causes <span><strong class="command">host</strong></span>
+ The <code class="option">-V</code> option causes <span class="command"><strong>host</strong></span>
to print the version number and exit.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2614336"></a><h2>IDN SUPPORT</h2>
+<div class="refsection">
+<a name="id-1.14.3.8"></a><h2>IDN SUPPORT</h2>
<p>
- If <span><strong class="command">host</strong></span> has been built with IDN (internationalized
- domain name) support, it can accept and display non-ASCII domain names.
- <span><strong class="command">host</strong></span> appropriately converts character encoding of
+ If <span class="command"><strong>host</strong></span> has been built with IDN (internationalized
+ domain name) support, it can accept and display non-ASCII domain names.
+ <span class="command"><strong>host</strong></span> appropriately converts character encoding of
domain name before sending a request to DNS server or displaying a
reply from the server.
If you'd like to turn off the IDN support for some reason, defines
the <code class="envar">IDN_DISABLE</code> environment variable.
The IDN support is disabled if the variable is set when
- <span><strong class="command">host</strong></span> runs.
+ <span class="command"><strong>host</strong></span> runs.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2614433"></a><h2>FILES</h2>
+<div class="refsection">
+<a name="id-1.14.3.9"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2614446"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.14.3.10"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
</p>
@@ -249,6 +248,6 @@
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.9.8-P4 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.isc-hmac-fixup.html b/doc/arm/man.isc-hmac-fixup.html
index 20367ea677fd..ca78b731ef22 100644
--- a/doc/arm/man.isc-hmac-fixup.html
+++ b/doc/arm/man.isc-hmac-fixup.html
@@ -14,13 +14,12 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>isc-hmac-fixup</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
+<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
<link rel="prev" href="man.genrandom.html" title="genrandom">
<link rel="next" href="man.nsec3hash.html" title="nsec3hash">
@@ -39,7 +38,7 @@
</table>
<hr>
</div>
-<div class="refentry" lang="en">
+<div class="refentry">
<a name="man.isc-hmac-fixup"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -49,8 +48,8 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">isc-hmac-fixup</code> {<em class="replaceable"><code>algorithm</code></em>} {<em class="replaceable"><code>secret</code></em>}</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2619915"></a><h2>DESCRIPTION</h2>
+<div class="refsection">
+<a name="id-1.14.27.7"></a><h2>DESCRIPTION</h2>
<p>
Versions of BIND 9 up to and including BIND 9.6 had a bug causing
HMAC-SHA* TSIG keys which were longer than the digest length of the
@@ -62,11 +61,11 @@
<p>
This bug has been fixed in BIND 9.7. However, the fix may
cause incompatibility between older and newer versions of
- BIND, when using long keys. <span><strong class="command">isc-hmac-fixup</strong></span>
+ BIND, when using long keys. <span class="command"><strong>isc-hmac-fixup</strong></span>
modifies those keys to restore compatibility.
</p>
<p>
- To modify a key, run <span><strong class="command">isc-hmac-fixup</strong></span> and
+ To modify a key, run <span class="command"><strong>isc-hmac-fixup</strong></span> and
specify the key's algorithm and secret on the command line. If the
secret is longer than the digest length of the algorithm (64 bytes
for SHA1 through SHA256, or 128 bytes for SHA384 and SHA512), then a
@@ -75,10 +74,10 @@
printed without modification.)
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2659333"></a><h2>SECURITY CONSIDERATIONS</h2>
+<div class="refsection">
+<a name="id-1.14.27.8"></a><h2>SECURITY CONSIDERATIONS</h2>
<p>
- Secrets that have been converted by <span><strong class="command">isc-hmac-fixup</strong></span>
+ Secrets that have been converted by <span class="command"><strong>isc-hmac-fixup</strong></span>
are shortened, but as this is how the HMAC protocol works in
operation anyway, it does not affect security. RFC 2104 notes,
"Keys longer than [the digest length] are acceptable but the
@@ -86,18 +85,13 @@
strength."
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2659349"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.14.27.9"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 2104</em>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2659366"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
- </p>
-</div>
</div>
<div class="navfooter">
<hr>
@@ -118,6 +112,6 @@
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.9.8-P4 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.lwresd.html b/doc/arm/man.lwresd.html
new file mode 100644
index 000000000000..f62e50157a25
--- /dev/null
+++ b/doc/arm/man.lwresd.html
@@ -0,0 +1,258 @@
+<!--
+ - Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2003 Internet Software Consortium.
+ -
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>lwresd</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
+<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
+<link rel="prev" href="man.named.conf.html" title="named.conf">
+<link rel="next" href="man.named-journalprint.html" title="named-journalprint">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
+<div class="navheader">
+<table width="100%" summary="Navigation header">
+<tr><th colspan="3" align="center"><span class="application">lwresd</span></th></tr>
+<tr>
+<td width="20%" align="left">
+<a accesskey="p" href="man.named.conf.html">Prev</a> </td>
+<th width="60%" align="center">Manual pages</th>
+<td width="20%" align="right"> <a accesskey="n" href="man.named-journalprint.html">Next</a>
+</td>
+</tr>
+</table>
+<hr>
+</div>
+<div class="refentry">
+<a name="man.lwresd"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p><span class="application">lwresd</span> &#8212; lightweight resolver daemon</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">lwresd</code> [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-C <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-i <em class="replaceable"><code>pid-file</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-P <em class="replaceable"><code>port</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-4</code>] [<code class="option">-6</code>]</p></div>
+</div>
+<div class="refsection">
+<a name="id-1.14.18.7"></a><h2>DESCRIPTION</h2>
+<p><span class="command"><strong>lwresd</strong></span>
+ is the daemon providing name lookup
+ services to clients that use the BIND 9 lightweight resolver
+ library. It is essentially a stripped-down, caching-only name
+ server that answers queries using the BIND 9 lightweight
+ resolver protocol rather than the DNS protocol.
+ </p>
+<p><span class="command"><strong>lwresd</strong></span>
+ listens for resolver queries on a
+ UDP port on the IPv4 loopback interface, 127.0.0.1. This
+ means that <span class="command"><strong>lwresd</strong></span> can only be used by
+ processes running on the local machine. By default, UDP port
+ number 921 is used for lightweight resolver requests and
+ responses.
+ </p>
+<p>
+ Incoming lightweight resolver requests are decoded by the
+ server which then resolves them using the DNS protocol. When
+ the DNS lookup completes, <span class="command"><strong>lwresd</strong></span> encodes
+ the answers in the lightweight resolver format and returns
+ them to the client that made the request.
+ </p>
+<p>
+ If <code class="filename">/etc/resolv.conf</code> contains any
+ <code class="option">nameserver</code> entries, <span class="command"><strong>lwresd</strong></span>
+ sends recursive DNS queries to those servers. This is similar
+ to the use of forwarders in a caching name server. If no
+ <code class="option">nameserver</code> entries are present, or if
+ forwarding fails, <span class="command"><strong>lwresd</strong></span> resolves the
+ queries autonomously starting at the root name servers, using
+ a built-in list of root server hints.
+ </p>
+</div>
+<div class="refsection">
+<a name="id-1.14.18.8"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl class="variablelist">
+<dt><span class="term">-4</span></dt>
+<dd><p>
+ Use IPv4 only even if the host machine is capable of IPv6.
+ <code class="option">-4</code> and <code class="option">-6</code> are mutually
+ exclusive.
+ </p></dd>
+<dt><span class="term">-6</span></dt>
+<dd><p>
+ Use IPv6 only even if the host machine is capable of IPv4.
+ <code class="option">-4</code> and <code class="option">-6</code> are mutually
+ exclusive.
+ </p></dd>
+<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt>
+<dd><p>
+ Use <em class="replaceable"><code>config-file</code></em> as the
+ configuration file instead of the default,
+ <code class="filename">/etc/lwresd.conf</code>.
+
+ <code class="option">-c</code> can not be used with <code class="option">-C</code>.
+ </p></dd>
+<dt><span class="term">-C <em class="replaceable"><code>config-file</code></em></span></dt>
+<dd><p>
+ Use <em class="replaceable"><code>config-file</code></em> as the
+ configuration file instead of the default,
+ <code class="filename">/etc/resolv.conf</code>.
+ <code class="option">-C</code> can not be used with <code class="option">-c</code>.
+ </p></dd>
+<dt><span class="term">-d <em class="replaceable"><code>debug-level</code></em></span></dt>
+<dd><p>
+ Set the daemon's debug level to <em class="replaceable"><code>debug-level</code></em>.
+ Debugging traces from <span class="command"><strong>lwresd</strong></span> become
+ more verbose as the debug level increases.
+ </p></dd>
+<dt><span class="term">-f</span></dt>
+<dd><p>
+ Run the server in the foreground (i.e. do not daemonize).
+ </p></dd>
+<dt><span class="term">-g</span></dt>
+<dd><p>
+ Run the server in the foreground and force all logging
+ to <code class="filename">stderr</code>.
+ </p></dd>
+<dt><span class="term">-i <em class="replaceable"><code>pid-file</code></em></span></dt>
+<dd><p>
+ Use <em class="replaceable"><code>pid-file</code></em> as the
+ PID file instead of the default,
+ <code class="filename">/var/run/lwresd/lwresd.pid</code>.
+ </p></dd>
+<dt><span class="term">-m <em class="replaceable"><code>flag</code></em></span></dt>
+<dd><p>
+ Turn on memory usage debugging flags. Possible flags are
+ <em class="replaceable"><code>usage</code></em>,
+ <em class="replaceable"><code>trace</code></em>,
+ <em class="replaceable"><code>record</code></em>,
+ <em class="replaceable"><code>size</code></em>, and
+ <em class="replaceable"><code>mctx</code></em>.
+ These correspond to the ISC_MEM_DEBUGXXXX flags described in
+ <code class="filename">&lt;isc/mem.h&gt;</code>.
+ </p></dd>
+<dt><span class="term">-n <em class="replaceable"><code>#cpus</code></em></span></dt>
+<dd><p>
+ Create <em class="replaceable"><code>#cpus</code></em> worker threads
+ to take advantage of multiple CPUs. If not specified,
+ <span class="command"><strong>lwresd</strong></span> will try to determine the
+ number of CPUs present and create one thread per CPU.
+ If it is unable to determine the number of CPUs, a
+ single worker thread will be created.
+ </p></dd>
+<dt><span class="term">-P <em class="replaceable"><code>port</code></em></span></dt>
+<dd><p>
+ Listen for lightweight resolver queries on port
+ <em class="replaceable"><code>port</code></em>. If
+ not specified, the default is port 921.
+ </p></dd>
+<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
+<dd><p>
+ Send DNS lookups to port <em class="replaceable"><code>port</code></em>. If not
+ specified, the default is port 53. This provides a
+ way of testing the lightweight resolver daemon with a
+ name server that listens for queries on a non-standard
+ port number.
+ </p></dd>
+<dt><span class="term">-s</span></dt>
+<dd>
+<p>
+ Write memory usage statistics to <code class="filename">stdout</code>
+ on exit.
+ </p>
+<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
+<h3 class="title">Note</h3>
+<p>
+ This option is mainly of interest to BIND 9 developers
+ and may be removed or changed in a future release.
+ </p>
+</div>
+</dd>
+<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
+<dd>
+<p>Chroot
+ to <em class="replaceable"><code>directory</code></em> after
+ processing the command line arguments, but before
+ reading the configuration file.
+ </p>
+<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
+<h3 class="title">Warning</h3>
+<p>
+ This option should be used in conjunction with the
+ <code class="option">-u</code> option, as chrooting a process
+ running as root doesn't enhance security on most
+ systems; the way <code class="function">chroot(2)</code> is
+ defined allows a process with root privileges to
+ escape a chroot jail.
+ </p>
+</div>
+</dd>
+<dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt>
+<dd><p>Setuid
+ to <em class="replaceable"><code>user</code></em> after completing
+ privileged operations, such as creating sockets that
+ listen on privileged ports.
+ </p></dd>
+<dt><span class="term">-v</span></dt>
+<dd><p>
+ Report the version number and exit.
+ </p></dd>
+</dl></div>
+</div>
+<div class="refsection">
+<a name="id-1.14.18.9"></a><h2>FILES</h2>
+<div class="variablelist"><dl class="variablelist">
+<dt><span class="term"><code class="filename">/etc/resolv.conf</code></span></dt>
+<dd><p>
+ The default configuration file.
+ </p></dd>
+<dt><span class="term"><code class="filename">/var/run/lwresd.pid</code></span></dt>
+<dd><p>
+ The default process-id file.
+ </p></dd>
+</dl></div>
+</div>
+<div class="refsection">
+<a name="id-1.14.18.10"></a><h2>SEE ALSO</h2>
+<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
+ <span class="citerefentry"><span class="refentrytitle">lwres</span>(3)</span>,
+ <span class="citerefentry"><span class="refentrytitle">resolver</span>(5)</span>.
+ </p>
+</div>
+</div>
+<div class="navfooter">
+<hr>
+<table width="100%" summary="Navigation footer">
+<tr>
+<td width="40%" align="left">
+<a accesskey="p" href="man.named.conf.html">Prev</a> </td>
+<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch13.html">Up</a></td>
+<td width="40%" align="right"> <a accesskey="n" href="man.named-journalprint.html">Next</a>
+</td>
+</tr>
+<tr>
+<td width="40%" align="left" valign="top">
+<code class="filename">named.conf</code> </td>
+<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
+<td width="40%" align="right" valign="top"> <span class="application">named-journalprint</span>
+</td>
+</tr>
+</table>
+</div>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
+</body>
+</html>
diff --git a/doc/arm/man.named-checkconf.html b/doc/arm/man.named-checkconf.html
index 0c888027eb3e..37495c1fdb9b 100644
--- a/doc/arm/man.named-checkconf.html
+++ b/doc/arm/man.named-checkconf.html
@@ -14,13 +14,12 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>named-checkconf</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
+<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
<link rel="prev" href="man.dnssec-verify.html" title="dnssec-verify">
<link rel="next" href="man.named-checkzone.html" title="named-checkzone">
@@ -39,7 +38,7 @@
</table>
<hr>
</div>
-<div class="refentry" lang="en">
+<div class="refentry">
<a name="man.named-checkconf"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -49,29 +48,29 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [<code class="option">-h</code>] [<code class="option">-v</code>] [<code class="option">-j</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename} [<code class="option">-p</code>] [<code class="option">-x</code>] [<code class="option">-z</code>]</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2635724"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">named-checkconf</strong></span>
+<div class="refsection">
+<a name="id-1.14.14.7"></a><h2>DESCRIPTION</h2>
+<p><span class="command"><strong>named-checkconf</strong></span>
checks the syntax, but not the semantics, of a
- <span><strong class="command">named</strong></span> configuration file. The file is parsed
+ <span class="command"><strong>named</strong></span> configuration file. The file is parsed
and checked for syntax errors, along with all files included by it.
If no file is specified, <code class="filename">/etc/named.conf</code> is read
by default.
</p>
<p>
- Note: files that <span><strong class="command">named</strong></span> reads in separate
+ Note: files that <span class="command"><strong>named</strong></span> reads in separate
parser contexts, such as <code class="filename">rndc.key</code> and
<code class="filename">bind.keys</code>, are not automatically read
- by <span><strong class="command">named-checkconf</strong></span>. Configuration
- errors in these files may cause <span><strong class="command">named</strong></span> to
- fail to run, even if <span><strong class="command">named-checkconf</strong></span> was
- successful. <span><strong class="command">named-checkconf</strong></span> can be run
+ by <span class="command"><strong>named-checkconf</strong></span>. Configuration
+ errors in these files may cause <span class="command"><strong>named</strong></span> to
+ fail to run, even if <span class="command"><strong>named-checkconf</strong></span> was
+ successful. <span class="command"><strong>named-checkconf</strong></span> can be run
on these files explicitly, however.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2635795"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
+<div class="refsection">
+<a name="id-1.14.14.8"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-h</span></dt>
<dd><p>
Print the usage summary and exit.
@@ -84,7 +83,7 @@
</p></dd>
<dt><span class="term">-v</span></dt>
<dd><p>
- Print the version of the <span><strong class="command">named-checkconf</strong></span>
+ Print the version of the <span class="command"><strong>named-checkconf</strong></span>
program and exit.
</p></dd>
<dt><span class="term">-p</span></dt>
@@ -118,25 +117,20 @@
</p></dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2637179"></a><h2>RETURN VALUES</h2>
-<p><span><strong class="command">named-checkconf</strong></span>
+<div class="refsection">
+<a name="id-1.14.14.9"></a><h2>RETURN VALUES</h2>
+<p><span class="command"><strong>named-checkconf</strong></span>
returns an exit status of 1 if
errors were detected and 0 otherwise.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2637193"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.14.14.10"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2637223"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
- </p>
-</div>
</div>
<div class="navfooter">
<hr>
@@ -157,6 +151,6 @@
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.9.8-P4 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.named-checkzone.html b/doc/arm/man.named-checkzone.html
index beb1273e27c6..244371986067 100644
--- a/doc/arm/man.named-checkzone.html
+++ b/doc/arm/man.named-checkzone.html
@@ -14,13 +14,12 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>named-checkzone</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
+<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
<link rel="prev" href="man.named-checkconf.html" title="named-checkconf">
<link rel="next" href="man.named.html" title="named">
@@ -39,7 +38,7 @@
</table>
<hr>
</div>
-<div class="refentry" lang="en">
+<div class="refentry">
<a name="man.named-checkzone"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -50,29 +49,29 @@
<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [<code class="option">-d</code>] [<code class="option">-h</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
<div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2680250"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">named-checkzone</strong></span>
+<div class="refsection">
+<a name="id-1.14.15.7"></a><h2>DESCRIPTION</h2>
+<p><span class="command"><strong>named-checkzone</strong></span>
checks the syntax and integrity of a zone file. It performs the
- same checks as <span><strong class="command">named</strong></span> does when loading a
- zone. This makes <span><strong class="command">named-checkzone</strong></span> useful for
+ same checks as <span class="command"><strong>named</strong></span> does when loading a
+ zone. This makes <span class="command"><strong>named-checkzone</strong></span> useful for
checking zone files before configuring them into a name server.
</p>
<p>
- <span><strong class="command">named-compilezone</strong></span> is similar to
- <span><strong class="command">named-checkzone</strong></span>, but it always dumps the
+ <span class="command"><strong>named-compilezone</strong></span> is similar to
+ <span class="command"><strong>named-checkzone</strong></span>, but it always dumps the
zone contents to a specified file in a specified format.
Additionally, it applies stricter check levels by default,
since the dump output will be used as an actual zone file
- loaded by <span><strong class="command">named</strong></span>.
+ loaded by <span class="command"><strong>named</strong></span>.
When manually specified otherwise, the check levels must at
least be as strict as those specified in the
- <span><strong class="command">named</strong></span> configuration file.
+ <span class="command"><strong>named</strong></span> configuration file.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2680300"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
+<div class="refsection">
+<a name="id-1.14.15.8"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-d</span></dt>
<dd><p>
Enable debugging.
@@ -87,7 +86,7 @@
</p></dd>
<dt><span class="term">-v</span></dt>
<dd><p>
- Print the version of the <span><strong class="command">named-checkzone</strong></span>
+ Print the version of the <span class="command"><strong>named-checkzone</strong></span>
program and exit.
</p></dd>
<dt><span class="term">-j</span></dt>
@@ -102,133 +101,133 @@
<dd>
<p>
Perform post-load zone integrity checks. Possible modes are
- <span><strong class="command">"full"</strong></span> (default),
- <span><strong class="command">"full-sibling"</strong></span>,
- <span><strong class="command">"local"</strong></span>,
- <span><strong class="command">"local-sibling"</strong></span> and
- <span><strong class="command">"none"</strong></span>.
+ <span class="command"><strong>"full"</strong></span> (default),
+ <span class="command"><strong>"full-sibling"</strong></span>,
+ <span class="command"><strong>"local"</strong></span>,
+ <span class="command"><strong>"local-sibling"</strong></span> and
+ <span class="command"><strong>"none"</strong></span>.
</p>
<p>
- Mode <span><strong class="command">"full"</strong></span> checks that MX records
+ Mode <span class="command"><strong>"full"</strong></span> checks that MX records
refer to A or AAAA record (both in-zone and out-of-zone
- hostnames). Mode <span><strong class="command">"local"</strong></span> only
+ hostnames). Mode <span class="command"><strong>"local"</strong></span> only
checks MX records which refer to in-zone hostnames.
</p>
<p>
- Mode <span><strong class="command">"full"</strong></span> checks that SRV records
+ Mode <span class="command"><strong>"full"</strong></span> checks that SRV records
refer to A or AAAA record (both in-zone and out-of-zone
- hostnames). Mode <span><strong class="command">"local"</strong></span> only
+ hostnames). Mode <span class="command"><strong>"local"</strong></span> only
checks SRV records which refer to in-zone hostnames.
</p>
<p>
- Mode <span><strong class="command">"full"</strong></span> checks that delegation NS
+ Mode <span class="command"><strong>"full"</strong></span> checks that delegation NS
records refer to A or AAAA record (both in-zone and out-of-zone
hostnames). It also checks that glue address records
in the zone match those advertised by the child.
- Mode <span><strong class="command">"local"</strong></span> only checks NS records which
+ Mode <span class="command"><strong>"local"</strong></span> only checks NS records which
refer to in-zone hostnames or that some required glue exists,
that is when the nameserver is in a child zone.
</p>
<p>
- Mode <span><strong class="command">"full-sibling"</strong></span> and
- <span><strong class="command">"local-sibling"</strong></span> disable sibling glue
- checks but are otherwise the same as <span><strong class="command">"full"</strong></span>
- and <span><strong class="command">"local"</strong></span> respectively.
+ Mode <span class="command"><strong>"full-sibling"</strong></span> and
+ <span class="command"><strong>"local-sibling"</strong></span> disable sibling glue
+ checks but are otherwise the same as <span class="command"><strong>"full"</strong></span>
+ and <span class="command"><strong>"local"</strong></span> respectively.
</p>
<p>
- Mode <span><strong class="command">"none"</strong></span> disables the checks.
+ Mode <span class="command"><strong>"none"</strong></span> disables the checks.
</p>
</dd>
<dt><span class="term">-f <em class="replaceable"><code>format</code></em></span></dt>
<dd><p>
Specify the format of the zone file.
- Possible formats are <span><strong class="command">"text"</strong></span> (default)
- and <span><strong class="command">"raw"</strong></span>.
+ Possible formats are <span class="command"><strong>"text"</strong></span> (default)
+ and <span class="command"><strong>"raw"</strong></span>.
</p></dd>
<dt><span class="term">-F <em class="replaceable"><code>format</code></em></span></dt>
<dd>
<p>
Specify the format of the output file specified.
- For <span><strong class="command">named-checkzone</strong></span>,
+ For <span class="command"><strong>named-checkzone</strong></span>,
this does not cause any effects unless it dumps the zone
contents.
</p>
<p>
- Possible formats are <span><strong class="command">"text"</strong></span> (default)
- and <span><strong class="command">"raw"</strong></span> or <span><strong class="command">"raw=N"</strong></span>,
+ Possible formats are <span class="command"><strong>"text"</strong></span> (default)
+ and <span class="command"><strong>"raw"</strong></span> or <span class="command"><strong>"raw=N"</strong></span>,
which store the zone in a binary format for rapid loading
- by <span><strong class="command">named</strong></span>. <span><strong class="command">"raw=N"</strong></span>
+ by <span class="command"><strong>named</strong></span>. <span class="command"><strong>"raw=N"</strong></span>
specifies the format version of the raw zone file: if N
is 0, the raw file can be read by any version of
- <span><strong class="command">named</strong></span>; if N is 1, the file can be read
+ <span class="command"><strong>named</strong></span>; if N is 1, the file can be read
by release 9.9.0 or higher. The default is 1.
</p>
</dd>
<dt><span class="term">-k <em class="replaceable"><code>mode</code></em></span></dt>
<dd><p>
- Perform <span><strong class="command">"check-names"</strong></span> checks with the
+ Perform <span class="command"><strong>"check-names"</strong></span> checks with the
specified failure mode.
- Possible modes are <span><strong class="command">"fail"</strong></span>
- (default for <span><strong class="command">named-compilezone</strong></span>),
- <span><strong class="command">"warn"</strong></span>
- (default for <span><strong class="command">named-checkzone</strong></span>) and
- <span><strong class="command">"ignore"</strong></span>.
+ Possible modes are <span class="command"><strong>"fail"</strong></span>
+ (default for <span class="command"><strong>named-compilezone</strong></span>),
+ <span class="command"><strong>"warn"</strong></span>
+ (default for <span class="command"><strong>named-checkzone</strong></span>) and
+ <span class="command"><strong>"ignore"</strong></span>.
</p></dd>
<dt><span class="term">-L <em class="replaceable"><code>serial</code></em></span></dt>
<dd><p>
- When compiling a zone to 'raw' format, set the "source serial"
+ When compiling a zone to 'raw' format, set the "source serial"
value in the header to the specified serial number. (This is
expected to be used primarily for testing purposes.)
</p></dd>
<dt><span class="term">-m <em class="replaceable"><code>mode</code></em></span></dt>
<dd><p>
Specify whether MX records should be checked to see if they
- are addresses. Possible modes are <span><strong class="command">"fail"</strong></span>,
- <span><strong class="command">"warn"</strong></span> (default) and
- <span><strong class="command">"ignore"</strong></span>.
+ are addresses. Possible modes are <span class="command"><strong>"fail"</strong></span>,
+ <span class="command"><strong>"warn"</strong></span> (default) and
+ <span class="command"><strong>"ignore"</strong></span>.
</p></dd>
<dt><span class="term">-M <em class="replaceable"><code>mode</code></em></span></dt>
<dd><p>
Check if a MX record refers to a CNAME.
- Possible modes are <span><strong class="command">"fail"</strong></span>,
- <span><strong class="command">"warn"</strong></span> (default) and
- <span><strong class="command">"ignore"</strong></span>.
+ Possible modes are <span class="command"><strong>"fail"</strong></span>,
+ <span class="command"><strong>"warn"</strong></span> (default) and
+ <span class="command"><strong>"ignore"</strong></span>.
</p></dd>
<dt><span class="term">-n <em class="replaceable"><code>mode</code></em></span></dt>
<dd><p>
Specify whether NS records should be checked to see if they
are addresses.
- Possible modes are <span><strong class="command">"fail"</strong></span>
- (default for <span><strong class="command">named-compilezone</strong></span>),
- <span><strong class="command">"warn"</strong></span>
- (default for <span><strong class="command">named-checkzone</strong></span>) and
- <span><strong class="command">"ignore"</strong></span>.
+ Possible modes are <span class="command"><strong>"fail"</strong></span>
+ (default for <span class="command"><strong>named-compilezone</strong></span>),
+ <span class="command"><strong>"warn"</strong></span>
+ (default for <span class="command"><strong>named-checkzone</strong></span>) and
+ <span class="command"><strong>"ignore"</strong></span>.
</p></dd>
<dt><span class="term">-o <em class="replaceable"><code>filename</code></em></span></dt>
<dd><p>
Write zone output to <code class="filename">filename</code>.
If <code class="filename">filename</code> is <code class="filename">-</code> then
write to standard out.
- This is mandatory for <span><strong class="command">named-compilezone</strong></span>.
+ This is mandatory for <span class="command"><strong>named-compilezone</strong></span>.
</p></dd>
<dt><span class="term">-r <em class="replaceable"><code>mode</code></em></span></dt>
<dd><p>
Check for records that are treated as different by DNSSEC but
- are semantically equal in plain DNS.
- Possible modes are <span><strong class="command">"fail"</strong></span>,
- <span><strong class="command">"warn"</strong></span> (default) and
- <span><strong class="command">"ignore"</strong></span>.
+ are semantically equal in plain DNS.
+ Possible modes are <span class="command"><strong>"fail"</strong></span>,
+ <span class="command"><strong>"warn"</strong></span> (default) and
+ <span class="command"><strong>"ignore"</strong></span>.
</p></dd>
<dt><span class="term">-s <em class="replaceable"><code>style</code></em></span></dt>
<dd><p>
Specify the style of the dumped zone file.
- Possible styles are <span><strong class="command">"full"</strong></span> (default)
- and <span><strong class="command">"relative"</strong></span>.
+ Possible styles are <span class="command"><strong>"full"</strong></span> (default)
+ and <span class="command"><strong>"relative"</strong></span>.
The full format is most suitable for processing
automatically by a separate script.
On the other hand, the relative format is more
human-readable and is thus suitable for editing by hand.
- For <span><strong class="command">named-checkzone</strong></span>
+ For <span class="command"><strong>named-checkzone</strong></span>
this does not cause any effects unless it dumps the zone
contents.
It also does not have any meaning if the output format
@@ -237,9 +236,9 @@
<dt><span class="term">-S <em class="replaceable"><code>mode</code></em></span></dt>
<dd><p>
Check if a SRV record refers to a CNAME.
- Possible modes are <span><strong class="command">"fail"</strong></span>,
- <span><strong class="command">"warn"</strong></span> (default) and
- <span><strong class="command">"ignore"</strong></span>.
+ Possible modes are <span class="command"><strong>"fail"</strong></span>,
+ <span class="command"><strong>"warn"</strong></span> (default) and
+ <span class="command"><strong>"ignore"</strong></span>.
</p></dd>
<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
<dd><p>
@@ -252,8 +251,8 @@
<dd><p>
Check if Sender Policy Framework (SPF) records exist
and issues a warning if an SPF-formatted TXT record is
- not also present. Possible modes are <span><strong class="command">"warn"</strong></span>
- (default), <span><strong class="command">"ignore"</strong></span>.
+ not also present. Possible modes are <span class="command"><strong>"warn"</strong></span>
+ (default), <span class="command"><strong>"ignore"</strong></span>.
</p></dd>
<dt><span class="term">-w <em class="replaceable"><code>directory</code></em></span></dt>
<dd><p>
@@ -266,16 +265,16 @@
<dt><span class="term">-D</span></dt>
<dd><p>
Dump zone file in canonical format.
- This is always enabled for <span><strong class="command">named-compilezone</strong></span>.
+ This is always enabled for <span class="command"><strong>named-compilezone</strong></span>.
</p></dd>
<dt><span class="term">-W <em class="replaceable"><code>mode</code></em></span></dt>
<dd><p>
Specify whether to check for non-terminal wildcards.
Non-terminal wildcards are almost always the result of a
failure to understand the wildcard matching algorithm (RFC 1034).
- Possible modes are <span><strong class="command">"warn"</strong></span> (default)
+ Possible modes are <span class="command"><strong>"warn"</strong></span> (default)
and
- <span><strong class="command">"ignore"</strong></span>.
+ <span class="command"><strong>"ignore"</strong></span>.
</p></dd>
<dt><span class="term">zonename</span></dt>
<dd><p>
@@ -287,26 +286,21 @@
</p></dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2681141"></a><h2>RETURN VALUES</h2>
-<p><span><strong class="command">named-checkzone</strong></span>
+<div class="refsection">
+<a name="id-1.14.15.9"></a><h2>RETURN VALUES</h2>
+<p><span class="command"><strong>named-checkzone</strong></span>
returns an exit status of 1 if
errors were detected and 0 otherwise.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2681155"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.14.15.10"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
<em class="citetitle">RFC 1035</em>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2681188"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
- </p>
-</div>
</div>
<div class="navfooter">
<hr>
@@ -327,6 +321,6 @@
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.9.8-P4 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.named-journalprint.html b/doc/arm/man.named-journalprint.html
index 237f6c750131..74ccac0a9d6a 100644
--- a/doc/arm/man.named-journalprint.html
+++ b/doc/arm/man.named-journalprint.html
@@ -14,15 +14,14 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>named-journalprint</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
+<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
-<link rel="prev" href="man.named.html" title="named">
+<link rel="prev" href="man.lwresd.html" title="lwresd">
<link rel="next" href="man.nsupdate.html" title="nsupdate">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
@@ -31,7 +30,7 @@
<tr><th colspan="3" align="center"><span class="application">named-journalprint</span></th></tr>
<tr>
<td width="20%" align="left">
-<a accesskey="p" href="man.named.html">Prev</a> </td>
+<a accesskey="p" href="man.lwresd.html">Prev</a> </td>
<th width="60%" align="center">Manual pages</th>
<td width="20%" align="right"> <a accesskey="n" href="man.nsupdate.html">Next</a>
</td>
@@ -39,7 +38,7 @@
</table>
<hr>
</div>
-<div class="refentry" lang="en">
+<div class="refentry">
<a name="man.named-journalprint"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -49,17 +48,17 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">named-journalprint</code> {<em class="replaceable"><code>journal</code></em>}</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2617477"></a><h2>DESCRIPTION</h2>
+<div class="refsection">
+<a name="id-1.14.19.7"></a><h2>DESCRIPTION</h2>
<p>
- <span><strong class="command">named-journalprint</strong></span>
+ <span class="command"><strong>named-journalprint</strong></span>
prints the contents of a zone journal file in a human-readable
- form.
+ form.
</p>
<p>
- Journal files are automatically created by <span><strong class="command">named</strong></span>
+ Journal files are automatically created by <span class="command"><strong>named</strong></span>
when changes are made to dynamic zones (e.g., by
- <span><strong class="command">nsupdate</strong></span>). They record each addition
+ <span class="command"><strong>nsupdate</strong></span>). They record each addition
or deletion of a resource record, in binary format, allowing the
changes to be re-applied to the zone when the server is
restarted after a shutdown or crash. By default, the name of
@@ -68,46 +67,41 @@
zone file.
</p>
<p>
- <span><strong class="command">named-journalprint</strong></span> converts the contents of a given
+ <span class="command"><strong>named-journalprint</strong></span> converts the contents of a given
journal file into a human-readable text format. Each line begins
with "add" or "del", to indicate whether the record was added or
deleted, and continues with the resource record in master-file
format.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2643532"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.14.19.8"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">nsupdate</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2643563"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
- </p>
-</div>
</div>
<div class="navfooter">
<hr>
<table width="100%" summary="Navigation footer">
<tr>
<td width="40%" align="left">
-<a accesskey="p" href="man.named.html">Prev</a> </td>
+<a accesskey="p" href="man.lwresd.html">Prev</a> </td>
<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch13.html">Up</a></td>
<td width="40%" align="right"> <a accesskey="n" href="man.nsupdate.html">Next</a>
</td>
</tr>
<tr>
<td width="40%" align="left" valign="top">
-<span class="application">named</span> </td>
+<span class="application">lwresd</span> </td>
<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
<td width="40%" align="right" valign="top"> <span class="application">nsupdate</span>
</td>
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.9.8-P4 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.named.conf.html b/doc/arm/man.named.conf.html
new file mode 100644
index 000000000000..8242a0e28107
--- /dev/null
+++ b/doc/arm/man.named.conf.html
@@ -0,0 +1,677 @@
+<!--
+ - Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2003 Internet Software Consortium.
+ -
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>named.conf</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
+<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
+<link rel="prev" href="man.named.html" title="named">
+<link rel="next" href="man.lwresd.html" title="lwresd">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
+<div class="navheader">
+<table width="100%" summary="Navigation header">
+<tr><th colspan="3" align="center"><code class="filename">named.conf</code></th></tr>
+<tr>
+<td width="20%" align="left">
+<a accesskey="p" href="man.named.html">Prev</a> </td>
+<th width="60%" align="center">Manual pages</th>
+<td width="20%" align="right"> <a accesskey="n" href="man.lwresd.html">Next</a>
+</td>
+</tr>
+</table>
+<hr>
+</div>
+<div class="refentry">
+<a name="man.named.conf"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p><code class="filename">named.conf</code> &#8212; configuration file for named</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">named.conf</code> </p></div>
+</div>
+<div class="refsection">
+<a name="id-1.14.17.7"></a><h2>DESCRIPTION</h2>
+<p><code class="filename">named.conf</code> is the configuration file
+ for
+ <span class="command"><strong>named</strong></span>. Statements are enclosed
+ in braces and terminated with a semi-colon. Clauses in
+ the statements are also semi-colon terminated. The usual
+ comment styles are supported:
+ </p>
+<p>
+ C style: /* */
+ </p>
+<p>
+ C++ style: // to end of line
+ </p>
+<p>
+ Unix style: # to end of line
+ </p>
+</div>
+<div class="refsection">
+<a name="id-1.14.17.8"></a><h2>ACL</h2>
+<div class="literallayout"><p><br>
+acl <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+<br>
+</p></div>
+</div>
+<div class="refsection">
+<a name="id-1.14.17.9"></a><h2>KEY</h2>
+<div class="literallayout"><p><br>
+key <em class="replaceable"><code>domain_name</code></em> {<br>
+ algorithm <em class="replaceable"><code>string</code></em>;<br>
+ secret <em class="replaceable"><code>string</code></em>;<br>
+};<br>
+</p></div>
+</div>
+<div class="refsection">
+<a name="id-1.14.17.10"></a><h2>MASTERS</h2>
+<div class="literallayout"><p><br>
+masters <em class="replaceable"><code>string</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
+ ( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
+ <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] ) [<span class="optional"> key <em class="replaceable"><code>string</code></em> </span>]; ...<br>
+};<br>
+</p></div>
+</div>
+<div class="refsection">
+<a name="id-1.14.17.11"></a><h2>SERVER</h2>
+<div class="literallayout"><p><br>
+server ( <em class="replaceable"><code>ipv4_address[<span class="optional">/prefixlen</span>]</code></em> | <em class="replaceable"><code>ipv6_address[<span class="optional">/prefixlen</span>]</code></em> ) {<br>
+ bogus <em class="replaceable"><code>boolean</code></em>;<br>
+ edns <em class="replaceable"><code>boolean</code></em>;<br>
+ edns-udp-size <em class="replaceable"><code>integer</code></em>;<br>
+ max-udp-size <em class="replaceable"><code>integer</code></em>;<br>
+ provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
+ request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
+ keys <em class="replaceable"><code>server_key</code></em>;<br>
+ transfers <em class="replaceable"><code>integer</code></em>;<br>
+ transfer-format ( many-answers | one-answer );<br>
+ transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
+ [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+ transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
+ [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+<br>
+ support-ixfr <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+};<br>
+</p></div>
+</div>
+<div class="refsection">
+<a name="id-1.14.17.12"></a><h2>TRUSTED-KEYS</h2>
+<div class="literallayout"><p><br>
+trusted-keys {<br>
+ <em class="replaceable"><code>domain_name</code></em> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ...<br>
+};<br>
+</p></div>
+</div>
+<div class="refsection">
+<a name="id-1.14.17.13"></a><h2>MANAGED-KEYS</h2>
+<div class="literallayout"><p><br>
+managed-keys {<br>
+ <em class="replaceable"><code>domain_name</code></em> <code class="constant">initial-key</code> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ...<br>
+};<br>
+</p></div>
+</div>
+<div class="refsection">
+<a name="id-1.14.17.14"></a><h2>CONTROLS</h2>
+<div class="literallayout"><p><br>
+controls {<br>
+ inet ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
+ [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>]<br>
+ allow { <em class="replaceable"><code>address_match_element</code></em>; ... }<br>
+ [<span class="optional"> keys { <em class="replaceable"><code>string</code></em>; ... } </span>];<br>
+ unix <em class="replaceable"><code>unsupported</code></em>; // not implemented<br>
+};<br>
+</p></div>
+</div>
+<div class="refsection">
+<a name="id-1.14.17.15"></a><h2>LOGGING</h2>
+<div class="literallayout"><p><br>
+logging {<br>
+ channel <em class="replaceable"><code>string</code></em> {<br>
+ file <em class="replaceable"><code>log_file</code></em>;<br>
+ syslog <em class="replaceable"><code>optional_facility</code></em>;<br>
+ null;<br>
+ stderr;<br>
+ severity <em class="replaceable"><code>log_severity</code></em>;<br>
+ print-time <em class="replaceable"><code>boolean</code></em>;<br>
+ print-severity <em class="replaceable"><code>boolean</code></em>;<br>
+ print-category <em class="replaceable"><code>boolean</code></em>;<br>
+ };<br>
+ category <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br>
+};<br>
+</p></div>
+</div>
+<div class="refsection">
+<a name="id-1.14.17.16"></a><h2>LWRES</h2>
+<div class="literallayout"><p><br>
+lwres {<br>
+ listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
+ ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
+ };<br>
+ view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em>;<br>
+ search { <em class="replaceable"><code>string</code></em>; ... };<br>
+ ndots <em class="replaceable"><code>integer</code></em>;<br>
+};<br>
+</p></div>
+</div>
+<div class="refsection">
+<a name="id-1.14.17.17"></a><h2>OPTIONS</h2>
+<div class="literallayout"><p><br>
+options {<br>
+ avoid-v4-udp-ports { <em class="replaceable"><code>port</code></em>; ... };<br>
+ avoid-v6-udp-ports { <em class="replaceable"><code>port</code></em>; ... };<br>
+ blackhole { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ coresize <em class="replaceable"><code>size</code></em>;<br>
+ datasize <em class="replaceable"><code>size</code></em>;<br>
+ directory <em class="replaceable"><code>quoted_string</code></em>;<br>
+ dump-file <em class="replaceable"><code>quoted_string</code></em>;<br>
+ files <em class="replaceable"><code>size</code></em>;<br>
+ heartbeat-interval <em class="replaceable"><code>integer</code></em>;<br>
+ host-statistics <em class="replaceable"><code>boolean</code></em>; // not implemented<br>
+ host-statistics-max <em class="replaceable"><code>number</code></em>; // not implemented<br>
+ hostname ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
+ interface-interval <em class="replaceable"><code>integer</code></em>;<br>
+ listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ listen-on-v6 [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ match-mapped-addresses <em class="replaceable"><code>boolean</code></em>;<br>
+ memstatistics-file <em class="replaceable"><code>quoted_string</code></em>;<br>
+ pid-file ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
+ port <em class="replaceable"><code>integer</code></em>;<br>
+ querylog <em class="replaceable"><code>boolean</code></em>;<br>
+ recursing-file <em class="replaceable"><code>quoted_string</code></em>;<br>
+ reserved-sockets <em class="replaceable"><code>integer</code></em>;<br>
+ random-device <em class="replaceable"><code>quoted_string</code></em>;<br>
+ recursive-clients <em class="replaceable"><code>integer</code></em>;<br>
+ serial-query-rate <em class="replaceable"><code>integer</code></em>;<br>
+ server-id ( <em class="replaceable"><code>quoted_string</code></em> | hostname | none );<br>
+ stacksize <em class="replaceable"><code>size</code></em>;<br>
+ statistics-file <em class="replaceable"><code>quoted_string</code></em>;<br>
+ statistics-interval <em class="replaceable"><code>integer</code></em>; // not yet implemented<br>
+ tcp-clients <em class="replaceable"><code>integer</code></em>;<br>
+ tcp-listen-queue <em class="replaceable"><code>integer</code></em>;<br>
+ tkey-dhkey <em class="replaceable"><code>quoted_string</code></em> <em class="replaceable"><code>integer</code></em>;<br>
+ tkey-gssapi-credential <em class="replaceable"><code>quoted_string</code></em>;<br>
+ tkey-gssapi-keytab <em class="replaceable"><code>quoted_string</code></em>;<br>
+ tkey-domain <em class="replaceable"><code>quoted_string</code></em>;<br>
+ transfers-per-ns <em class="replaceable"><code>integer</code></em>;<br>
+ transfers-in <em class="replaceable"><code>integer</code></em>;<br>
+ transfers-out <em class="replaceable"><code>integer</code></em>;<br>
+ version ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
+ allow-recursion { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-recursion-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ sortlist { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ topology { <em class="replaceable"><code>address_match_element</code></em>; ... }; // not implemented<br>
+ auth-nxdomain <em class="replaceable"><code>boolean</code></em>; // default changed<br>
+ minimal-responses <em class="replaceable"><code>boolean</code></em>;<br>
+ recursion <em class="replaceable"><code>boolean</code></em>;<br>
+ rrset-order {<br>
+ [<span class="optional"> class <em class="replaceable"><code>string</code></em> </span>] [<span class="optional"> type <em class="replaceable"><code>string</code></em> </span>]<br>
+ [<span class="optional"> name <em class="replaceable"><code>quoted_string</code></em> </span>] <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ...<br>
+ };<br>
+ provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
+ request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
+ rfc2308-type1 <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
+ additional-from-auth <em class="replaceable"><code>boolean</code></em>;<br>
+ additional-from-cache <em class="replaceable"><code>boolean</code></em>;<br>
+ query-source ( ( <em class="replaceable"><code>ipv4_address</code></em> | * ) | [<span class="optional"> address ( <em class="replaceable"><code>ipv4_address</code></em> | * ) </span>] ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+ query-source-v6 ( ( <em class="replaceable"><code>ipv6_address</code></em> | * ) | [<span class="optional"> address ( <em class="replaceable"><code>ipv6_address</code></em> | * ) </span>] ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+ use-queryport-pool <em class="replaceable"><code>boolean</code></em>;<br>
+ queryport-pool-ports <em class="replaceable"><code>integer</code></em>;<br>
+ queryport-pool-updateinterval <em class="replaceable"><code>integer</code></em>;<br>
+ cleaning-interval <em class="replaceable"><code>integer</code></em>;<br>
+ resolver-query-timeout <em class="replaceable"><code>integer</code></em>;<br>
+ min-roots <em class="replaceable"><code>integer</code></em>; // not implemented<br>
+ lame-ttl <em class="replaceable"><code>integer</code></em>;<br>
+ max-ncache-ttl <em class="replaceable"><code>integer</code></em>;<br>
+ max-cache-ttl <em class="replaceable"><code>integer</code></em>;<br>
+ transfer-format ( many-answers | one-answer );<br>
+ max-cache-size <em class="replaceable"><code>size</code></em>;<br>
+ max-acache-size <em class="replaceable"><code>size</code></em>;<br>
+ clients-per-query <em class="replaceable"><code>number</code></em>;<br>
+ max-clients-per-query <em class="replaceable"><code>number</code></em>;<br>
+ check-names ( master | slave | response )<br>
+ ( fail | warn | ignore );<br>
+ check-mx ( fail | warn | ignore );<br>
+ check-integrity <em class="replaceable"><code>boolean</code></em>;<br>
+ check-mx-cname ( fail | warn | ignore );<br>
+ check-srv-cname ( fail | warn | ignore );<br>
+ cache-file <em class="replaceable"><code>quoted_string</code></em>; // test option<br>
+ suppress-initial-notify <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
+ preferred-glue <em class="replaceable"><code>string</code></em>;<br>
+ dual-stack-servers [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
+ ( <em class="replaceable"><code>quoted_string</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
+ <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
+ <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] ); ...<br>
+ };<br>
+ edns-udp-size <em class="replaceable"><code>integer</code></em>;<br>
+ max-udp-size <em class="replaceable"><code>integer</code></em>;<br>
+ root-delegation-only [<span class="optional"> exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } </span>];<br>
+ disable-algorithms <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br>
+ dnssec-enable <em class="replaceable"><code>boolean</code></em>;<br>
+ dnssec-validation <em class="replaceable"><code>boolean</code></em>;<br>
+ dnssec-lookaside ( <em class="replaceable"><code>auto</code></em> | <em class="replaceable"><code>no</code></em> | <em class="replaceable"><code>domain</code></em> trust-anchor <em class="replaceable"><code>domain</code></em> );<br>
+ dnssec-must-be-secure <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>boolean</code></em>;<br>
+ dnssec-accept-expired <em class="replaceable"><code>boolean</code></em>;<br>
+<br>
+ dns64-server <em class="replaceable"><code>string</code></em>;<br>
+ dns64-contact <em class="replaceable"><code>string</code></em>;<br>
+ dns64 <em class="replaceable"><code>prefix</code></em> {<br>
+ clients { <span style="color: red">&lt;replacable&gt;acl&lt;/replacable&gt;</span>; };<br>
+ exclude { <span style="color: red">&lt;replacable&gt;acl&lt;/replacable&gt;</span>; };<br>
+ mapped { <span style="color: red">&lt;replacable&gt;acl&lt;/replacable&gt;</span>; };<br>
+ break-dnssec <em class="replaceable"><code>boolean</code></em>;<br>
+ recursive-only <em class="replaceable"><code>boolean</code></em>;<br>
+ suffix <em class="replaceable"><code>ipv6_address</code></em>;<br>
+ };<br>
+<br>
+ empty-server <em class="replaceable"><code>string</code></em>;<br>
+ empty-contact <em class="replaceable"><code>string</code></em>;<br>
+ empty-zones-enable <em class="replaceable"><code>boolean</code></em>;<br>
+ disable-empty-zone <em class="replaceable"><code>string</code></em>;<br>
+<br>
+ dialup <em class="replaceable"><code>dialuptype</code></em>;<br>
+ ixfr-from-differences <em class="replaceable"><code>ixfrdiff</code></em>;<br>
+<br>
+ allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-query-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-query-cache { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-query-cache-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-update { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
+ dnssec-dnskey-kskonly <em class="replaceable"><code>boolean</code></em>;<br>
+<br>
+ masterfile-format ( text | raw );<br>
+ notify <em class="replaceable"><code>notifytype</code></em>;<br>
+ notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+ notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+ notify-delay <em class="replaceable"><code>seconds</code></em>;<br>
+ notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
+ also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br>
+ [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
+ [<span class="optional"> key <em class="replaceable"><code>keyname</code></em> </span>] ... };<br>
+ allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+<br>
+ forward ( first | only );<br>
+ forwarders [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
+ ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
+ };<br>
+<br>
+ max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
+ max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
+ max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
+ max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
+ max-transfer-idle-out <em class="replaceable"><code>integer</code></em>;<br>
+ max-retry-time <em class="replaceable"><code>integer</code></em>;<br>
+ min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
+ max-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
+ min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
+ multi-master <em class="replaceable"><code>boolean</code></em>;<br>
+<br>
+ sig-validity-interval <em class="replaceable"><code>integer</code></em>;<br>
+ sig-re-signing-interval <em class="replaceable"><code>integer</code></em>;<br>
+ sig-signing-nodes <em class="replaceable"><code>integer</code></em>;<br>
+ sig-signing-signatures <em class="replaceable"><code>integer</code></em>;<br>
+ sig-signing-type <em class="replaceable"><code>integer</code></em>;<br>
+<br>
+ transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
+ [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+ transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
+ [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+<br>
+ alt-transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
+ [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+ alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
+ [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+ use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
+<br>
+ zone-statistics <em class="replaceable"><code>boolean</code></em>;<br>
+ key-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
+ managed-keys-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
+ auto-dnssec <code class="constant">allow</code>|<code class="constant">maintain</code>|<code class="constant">off</code>;<br>
+ try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br>
+ zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
+ zero-no-soa-ttl-cache <em class="replaceable"><code>boolean</code></em>;<br>
+ dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
+ deny-answer-addresses {<br>
+ <em class="replaceable"><code>address_match_list</code></em><br>
+ } [<span class="optional"> except-from { <em class="replaceable"><code>namelist</code></em> } </span>];<br>
+ deny-answer-aliases {<br>
+ <em class="replaceable"><code>namelist</code></em><br>
+ } [<span class="optional"> except-from { <em class="replaceable"><code>namelist</code></em> } </span>];<br>
+<br>
+ nsec3-test-zone <em class="replaceable"><code>boolean</code></em>;  // testing only<br>
+<br>
+ allow-v6-synthesis { <em class="replaceable"><code>address_match_element</code></em>; ... }; // obsolete<br>
+ deallocate-on-exit <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+ fake-iquery <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+ fetch-glue <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+ has-old-clients <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+ maintain-ixfr-base <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+ max-ixfr-log-size <em class="replaceable"><code>size</code></em>; // obsolete<br>
+ multiple-cnames <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+ named-xfer <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
+ serial-queries <em class="replaceable"><code>integer</code></em>; // obsolete<br>
+ treat-cr-as-space <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+ use-id-pool <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+ use-ixfr <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+};<br>
+</p></div>
+</div>
+<div class="refsection">
+<a name="id-1.14.17.18"></a><h2>VIEW</h2>
+<div class="literallayout"><p><br>
+view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
+ match-clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ match-destinations { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ match-recursive-only <em class="replaceable"><code>boolean</code></em>;<br>
+<br>
+ key <em class="replaceable"><code>string</code></em> {<br>
+ algorithm <em class="replaceable"><code>string</code></em>;<br>
+ secret <em class="replaceable"><code>string</code></em>;<br>
+ };<br>
+<br>
+ zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
+ ...<br>
+ };<br>
+<br>
+ server ( <em class="replaceable"><code>ipv4_address[<span class="optional">/prefixlen</span>]</code></em> | <em class="replaceable"><code>ipv6_address[<span class="optional">/prefixlen</span>]</code></em> ) {<br>
+ ...<br>
+ };<br>
+<br>
+ trusted-keys {<br>
+ <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>quoted_string</code></em>;<br>
+ [<span class="optional">...</span>]<br>
+ };<br>
+<br>
+ allow-recursion { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-recursion-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ sortlist { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ topology { <em class="replaceable"><code>address_match_element</code></em>; ... }; // not implemented<br>
+ auth-nxdomain <em class="replaceable"><code>boolean</code></em>; // default changed<br>
+ minimal-responses <em class="replaceable"><code>boolean</code></em>;<br>
+ recursion <em class="replaceable"><code>boolean</code></em>;<br>
+ rrset-order {<br>
+ [<span class="optional"> class <em class="replaceable"><code>string</code></em> </span>] [<span class="optional"> type <em class="replaceable"><code>string</code></em> </span>]<br>
+ [<span class="optional"> name <em class="replaceable"><code>quoted_string</code></em> </span>] <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ...<br>
+ };<br>
+ provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
+ request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
+ rfc2308-type1 <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
+ additional-from-auth <em class="replaceable"><code>boolean</code></em>;<br>
+ additional-from-cache <em class="replaceable"><code>boolean</code></em>;<br>
+ query-source ( ( <em class="replaceable"><code>ipv4_address</code></em> | * ) | [<span class="optional"> address ( <em class="replaceable"><code>ipv4_address</code></em> | * ) </span>] ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+ query-source-v6 ( ( <em class="replaceable"><code>ipv6_address</code></em> | * ) | [<span class="optional"> address ( <em class="replaceable"><code>ipv6_address</code></em> | * ) </span>] ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+ use-queryport-pool <em class="replaceable"><code>boolean</code></em>;<br>
+ queryport-pool-ports <em class="replaceable"><code>integer</code></em>;<br>
+ queryport-pool-updateinterval <em class="replaceable"><code>integer</code></em>;<br>
+ cleaning-interval <em class="replaceable"><code>integer</code></em>;<br>
+ resolver-query-timeout <em class="replaceable"><code>integer</code></em>;<br>
+ min-roots <em class="replaceable"><code>integer</code></em>; // not implemented<br>
+ lame-ttl <em class="replaceable"><code>integer</code></em>;<br>
+ max-ncache-ttl <em class="replaceable"><code>integer</code></em>;<br>
+ max-cache-ttl <em class="replaceable"><code>integer</code></em>;<br>
+ transfer-format ( many-answers | one-answer );<br>
+ max-cache-size <em class="replaceable"><code>size</code></em>;<br>
+ max-acache-size <em class="replaceable"><code>size</code></em>;<br>
+ clients-per-query <em class="replaceable"><code>number</code></em>;<br>
+ max-clients-per-query <em class="replaceable"><code>number</code></em>;<br>
+ check-names ( master | slave | response )<br>
+ ( fail | warn | ignore );<br>
+ check-mx ( fail | warn | ignore );<br>
+ check-integrity <em class="replaceable"><code>boolean</code></em>;<br>
+ check-mx-cname ( fail | warn | ignore );<br>
+ check-srv-cname ( fail | warn | ignore );<br>
+ cache-file <em class="replaceable"><code>quoted_string</code></em>; // test option<br>
+ suppress-initial-notify <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
+ preferred-glue <em class="replaceable"><code>string</code></em>;<br>
+ dual-stack-servers [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
+ ( <em class="replaceable"><code>quoted_string</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
+ <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
+ <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] ); ...<br>
+ };<br>
+ edns-udp-size <em class="replaceable"><code>integer</code></em>;<br>
+ max-udp-size <em class="replaceable"><code>integer</code></em>;<br>
+ root-delegation-only [<span class="optional"> exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } </span>];<br>
+ disable-algorithms <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br>
+ dnssec-enable <em class="replaceable"><code>boolean</code></em>;<br>
+ dnssec-validation <em class="replaceable"><code>boolean</code></em>;<br>
+ dnssec-lookaside ( <em class="replaceable"><code>auto</code></em> | <em class="replaceable"><code>no</code></em> | <em class="replaceable"><code>domain</code></em> trust-anchor <em class="replaceable"><code>domain</code></em> );<br>
+ dnssec-must-be-secure <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>boolean</code></em>;<br>
+ dnssec-accept-expired <em class="replaceable"><code>boolean</code></em>;<br>
+<br>
+ dns64-server <em class="replaceable"><code>string</code></em>;<br>
+ dns64-contact <em class="replaceable"><code>string</code></em>;<br>
+ dns64 <em class="replaceable"><code>prefix</code></em> {<br>
+ clients { <span style="color: red">&lt;replacable&gt;acl&lt;/replacable&gt;</span>; };<br>
+ exclude { <span style="color: red">&lt;replacable&gt;acl&lt;/replacable&gt;</span>; };<br>
+ mapped { <span style="color: red">&lt;replacable&gt;acl&lt;/replacable&gt;</span>; };<br>
+ break-dnssec <em class="replaceable"><code>boolean</code></em>;<br>
+ recursive-only <em class="replaceable"><code>boolean</code></em>;<br>
+ suffix <em class="replaceable"><code>ipv6_address</code></em>;<br>
+ };<br>
+<br>
+ empty-server <em class="replaceable"><code>string</code></em>;<br>
+ empty-contact <em class="replaceable"><code>string</code></em>;<br>
+ empty-zones-enable <em class="replaceable"><code>boolean</code></em>;<br>
+ disable-empty-zone <em class="replaceable"><code>string</code></em>;<br>
+<br>
+ dialup <em class="replaceable"><code>dialuptype</code></em>;<br>
+ ixfr-from-differences <em class="replaceable"><code>ixfrdiff</code></em>;<br>
+<br>
+ allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-query-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-query-cache { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-query-cache-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-update { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
+ dnssec-dnskey-kskonly <em class="replaceable"><code>boolean</code></em>;<br>
+<br>
+ masterfile-format ( text | raw );<br>
+ notify <em class="replaceable"><code>notifytype</code></em>;<br>
+ notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+ notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+ notify-delay <em class="replaceable"><code>seconds</code></em>;<br>
+ notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
+ also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br>
+ [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
+ [<span class="optional"> key <em class="replaceable"><code>keyname</code></em> </span>] ... };<br>
+ allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+<br>
+ forward ( first | only );<br>
+ forwarders [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
+ ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
+ };<br>
+<br>
+ max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
+ max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
+ max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
+ max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
+ max-transfer-idle-out <em class="replaceable"><code>integer</code></em>;<br>
+ max-retry-time <em class="replaceable"><code>integer</code></em>;<br>
+ min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
+ max-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
+ min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
+ multi-master <em class="replaceable"><code>boolean</code></em>;<br>
+ sig-validity-interval <em class="replaceable"><code>integer</code></em>;<br>
+<br>
+ transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
+ [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+ transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
+ [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+<br>
+ alt-transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
+ [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+ alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
+ [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+ use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
+<br>
+ zone-statistics <em class="replaceable"><code>boolean</code></em>;<br>
+ try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br>
+ key-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
+ zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
+ zero-no-soa-ttl-cache <em class="replaceable"><code>boolean</code></em>;<br>
+ dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
+<br>
+ allow-v6-synthesis { <em class="replaceable"><code>address_match_element</code></em>; ... }; // obsolete<br>
+ fetch-glue <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+ maintain-ixfr-base <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+ max-ixfr-log-size <em class="replaceable"><code>size</code></em>; // obsolete<br>
+};<br>
+</p></div>
+</div>
+<div class="refsection">
+<a name="id-1.14.17.19"></a><h2>ZONE</h2>
+<div class="literallayout"><p><br>
+zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
+ type ( master | slave | stub | hint | redirect |<br>
+ forward | delegation-only );<br>
+ file <em class="replaceable"><code>quoted_string</code></em>;<br>
+<br>
+ masters [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
+ ( <em class="replaceable"><code>masters</code></em> |<br>
+ <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
+ <em class="replaceable"><code>ipv6_address</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] ) [<span class="optional"> key <em class="replaceable"><code>string</code></em> </span>]; ...<br>
+ };<br>
+<br>
+ database <em class="replaceable"><code>string</code></em>;<br>
+ delegation-only <em class="replaceable"><code>boolean</code></em>;<br>
+ check-names ( fail | warn | ignore );<br>
+ check-mx ( fail | warn | ignore );<br>
+ check-integrity <em class="replaceable"><code>boolean</code></em>;<br>
+ check-mx-cname ( fail | warn | ignore );<br>
+ check-srv-cname ( fail | warn | ignore );<br>
+ dialup <em class="replaceable"><code>dialuptype</code></em>;<br>
+ ixfr-from-differences <em class="replaceable"><code>boolean</code></em>;<br>
+ journal <em class="replaceable"><code>quoted_string</code></em>;<br>
+ zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
+ dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
+<br>
+ allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-query-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-update { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+ update-policy <em class="replaceable"><code>local</code></em> | <em class="replaceable"><code> {<br>
+ ( grant | deny ) <em class="replaceable"><code>string</code></em><br>
+ ( name | subdomain | wildcard | self | selfsub | selfwild |<br>
+                  krb5-self | ms-self | krb5-subdomain | ms-subdomain |<br>
+   tcp-self | zonesub | 6to4-self ) <em class="replaceable"><code>string</code></em><br>
+ <em class="replaceable"><code>rrtypelist</code></em>;<br>
+ [<span class="optional">...</span>]<br>
+ }</code></em>;<br>
+ update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
+ dnssec-dnskey-kskonly <em class="replaceable"><code>boolean</code></em>;<br>
+<br>
+ masterfile-format ( text | raw );<br>
+ notify <em class="replaceable"><code>notifytype</code></em>;<br>
+ notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+ notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+ notify-delay <em class="replaceable"><code>seconds</code></em>;<br>
+ notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
+ also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br>
+ [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
+ [<span class="optional"> key <em class="replaceable"><code>keyname</code></em> </span>] ... };<br>
+ allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+<br>
+ forward ( first | only );<br>
+ forwarders [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
+ ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
+ };<br>
+<br>
+ max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
+ max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
+ max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
+ max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
+ max-transfer-idle-out <em class="replaceable"><code>integer</code></em>;<br>
+ max-retry-time <em class="replaceable"><code>integer</code></em>;<br>
+ min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
+ max-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
+ min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
+ multi-master <em class="replaceable"><code>boolean</code></em>;<br>
+ request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
+ sig-validity-interval <em class="replaceable"><code>integer</code></em>;<br>
+<br>
+ transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
+ [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+ transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
+ [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+<br>
+ alt-transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
+ [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+ alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
+ [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+ use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
+<br>
+ zone-statistics <em class="replaceable"><code>boolean</code></em>;<br>
+ try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br>
+ key-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
+<br>
+ nsec3-test-zone <em class="replaceable"><code>boolean</code></em>;  // testing only<br>
+<br>
+ ixfr-base <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
+ ixfr-tmp-file <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
+ maintain-ixfr-base <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+ max-ixfr-log-size <em class="replaceable"><code>size</code></em>; // obsolete<br>
+ pubkey <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
+};<br>
+</p></div>
+</div>
+<div class="refsection">
+<a name="id-1.14.17.20"></a><h2>FILES</h2>
+<p><code class="filename">/etc/named.conf</code>
+ </p>
+</div>
+<div class="refsection">
+<a name="id-1.14.17.21"></a><h2>SEE ALSO</h2>
+<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
+ <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
+ <span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
+ <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
+ </p>
+</div>
+</div>
+<div class="navfooter">
+<hr>
+<table width="100%" summary="Navigation footer">
+<tr>
+<td width="40%" align="left">
+<a accesskey="p" href="man.named.html">Prev</a> </td>
+<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch13.html">Up</a></td>
+<td width="40%" align="right"> <a accesskey="n" href="man.lwresd.html">Next</a>
+</td>
+</tr>
+<tr>
+<td width="40%" align="left" valign="top">
+<span class="application">named</span> </td>
+<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
+<td width="40%" align="right" valign="top"> <span class="application">lwresd</span>
+</td>
+</tr>
+</table>
+</div>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
+</body>
+</html>
diff --git a/doc/arm/man.named.html b/doc/arm/man.named.html
index 7090ece74fe4..ddcf66271593 100644
--- a/doc/arm/man.named.html
+++ b/doc/arm/man.named.html
@@ -14,16 +14,15 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>named</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
+<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
<link rel="prev" href="man.named-checkzone.html" title="named-checkzone">
-<link rel="next" href="man.named-journalprint.html" title="named-journalprint">
+<link rel="next" href="man.named.conf.html" title="named.conf">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
<div class="navheader">
@@ -33,13 +32,13 @@
<td width="20%" align="left">
<a accesskey="p" href="man.named-checkzone.html">Prev</a> </td>
<th width="60%" align="center">Manual pages</th>
-<td width="20%" align="right"> <a accesskey="n" href="man.named-journalprint.html">Next</a>
+<td width="20%" align="right"> <a accesskey="n" href="man.named.conf.html">Next</a>
</td>
</tr>
</table>
<hr>
</div>
-<div class="refentry" lang="en">
+<div class="refentry">
<a name="man.named"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -49,24 +48,24 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine-name</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-M <em class="replaceable"><code>option</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-S <em class="replaceable"><code>#max-socks</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-U <em class="replaceable"><code>#listeners</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-V</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2642459"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">named</strong></span>
+<div class="refsection">
+<a name="id-1.14.16.7"></a><h2>DESCRIPTION</h2>
+<p><span class="command"><strong>named</strong></span>
is a Domain Name System (DNS) server,
part of the BIND 9 distribution from ISC. For more
information on the DNS, see RFCs 1033, 1034, and 1035.
</p>
<p>
- When invoked without arguments, <span><strong class="command">named</strong></span>
+ When invoked without arguments, <span class="command"><strong>named</strong></span>
will
read the default configuration file
<code class="filename">/etc/named.conf</code>, read any initial
data, and listen for queries.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2642490"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
+<div class="refsection">
+<a name="id-1.14.16.8"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-4</span></dt>
<dd><p>
Use IPv4 only even if the host machine is capable of IPv6.
@@ -94,7 +93,7 @@
<dt><span class="term">-d <em class="replaceable"><code>debug-level</code></em></span></dt>
<dd><p>
Set the daemon's debug level to <em class="replaceable"><code>debug-level</code></em>.
- Debugging traces from <span><strong class="command">named</strong></span> become
+ Debugging traces from <span class="command"><strong>named</strong></span> become
more verbose as the debug level increases.
</p></dd>
<dt><span class="term">-E <em class="replaceable"><code>engine-name</code></em></span></dt>
@@ -137,7 +136,7 @@
<dd><p>
Create <em class="replaceable"><code>#cpus</code></em> worker threads
to take advantage of multiple CPUs. If not specified,
- <span><strong class="command">named</strong></span> will try to determine the
+ <span class="command"><strong>named</strong></span> will try to determine the
number of CPUs present and create one thread per CPU.
If it is unable to determine the number of CPUs, a
single worker thread will be created.
@@ -163,7 +162,7 @@
<dt><span class="term">-S <em class="replaceable"><code>#max-socks</code></em></span></dt>
<dd>
<p>
- Allow <span><strong class="command">named</strong></span> to use up to
+ Allow <span class="command"><strong>named</strong></span> to use up to
<em class="replaceable"><code>#max-socks</code></em> sockets.
</p>
<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
@@ -180,7 +179,7 @@
specified number of sockets.
Note also that the actual maximum number is normally a little
fewer than the specified value because
- <span><strong class="command">named</strong></span> reserves some file descriptors
+ <span class="command"><strong>named</strong></span> reserves some file descriptors
for its internal use.
</p>
</div>
@@ -208,13 +207,16 @@
<dd><p>
Use <em class="replaceable"><code>#listeners</code></em>
worker threads to listen for incoming UDP packets on each
- address. If not specified, <span><strong class="command">named</strong></span> will
+ address. If not specified, <span class="command"><strong>named</strong></span> will
calculate a default value based on the number of detected
- CPUs: 1 for 1 CPU, 2 for 2-4 CPUs, and the number of
- detected CPUs divided by 2 for values higher than 4.
+ CPUs: 1 for 1 CPU, and the number of detected CPUs
+ minus one for machines with more than 1 CPU. This cannot
+ be increased to a value higher than the number of CPUs.
If <code class="option">-n</code> has been set to a higher value than
the number of detected CPUs, then <code class="option">-U</code> may
be increased as high as that value, but no higher.
+ On Windows, the number of UDP listeners is hardwired to 1
+ and this option has no effect.
</p></dd>
<dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt>
<dd>
@@ -226,13 +228,13 @@
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>
- On Linux, <span><strong class="command">named</strong></span> uses the kernel's
+ On Linux, <span class="command"><strong>named</strong></span> uses the kernel's
capability mechanism to drop all root privileges
except the ability to <code class="function">bind(2)</code> to
a
privileged port and set process resource limits.
Unfortunately, this means that the <code class="option">-u</code>
- option only works when <span><strong class="command">named</strong></span> is
+ option only works when <span class="command"><strong>named</strong></span> is
run
on kernel 2.2.18 or later, or kernel 2.3.99-pre3 or
later, since previous kernels did not allow privileges
@@ -265,14 +267,14 @@
</dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2681466"></a><h2>SIGNALS</h2>
+<div class="refsection">
+<a name="id-1.14.16.9"></a><h2>SIGNALS</h2>
<p>
In routine operation, signals should not be used to control
- the nameserver; <span><strong class="command">rndc</strong></span> should be used
+ the nameserver; <span class="command"><strong>rndc</strong></span> should be used
instead.
</p>
-<div class="variablelist"><dl>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">SIGHUP</span></dt>
<dd><p>
Force a reload of the server.
@@ -286,26 +288,26 @@
The result of sending any other signals to the server is undefined.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2681585"></a><h2>CONFIGURATION</h2>
+<div class="refsection">
+<a name="id-1.14.16.10"></a><h2>CONFIGURATION</h2>
<p>
- The <span><strong class="command">named</strong></span> configuration file is too complex
+ The <span class="command"><strong>named</strong></span> configuration file is too complex
to describe in detail here. A complete description is provided
in the
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
<p>
- <span><strong class="command">named</strong></span> inherits the <code class="function">umask</code>
+ <span class="command"><strong>named</strong></span> inherits the <code class="function">umask</code>
(file creation mode mask) from the parent process. If files
- created by <span><strong class="command">named</strong></span>, such as journal files,
+ created by <span class="command"><strong>named</strong></span>, such as journal files,
need to have custom permissions, the <code class="function">umask</code>
should be set explicitly in the script used to start the
- <span><strong class="command">named</strong></span> process.
+ <span class="command"><strong>named</strong></span> process.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2681634"></a><h2>FILES</h2>
-<div class="variablelist"><dl>
+<div class="refsection">
+<a name="id-1.14.16.11"></a><h2>FILES</h2>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term"><code class="filename">/etc/named.conf</code></span></dt>
<dd><p>
The default configuration file.
@@ -316,8 +318,8 @@
</p></dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2681677"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.14.16.12"></a><h2>SEE ALSO</h2>
<p><em class="citetitle">RFC 1033</em>,
<em class="citetitle">RFC 1034</em>,
<em class="citetitle">RFC 1035</em>,
@@ -329,11 +331,6 @@
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2681748"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
- </p>
-</div>
</div>
<div class="navfooter">
<hr>
@@ -342,18 +339,18 @@
<td width="40%" align="left">
<a accesskey="p" href="man.named-checkzone.html">Prev</a> </td>
<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch13.html">Up</a></td>
-<td width="40%" align="right"> <a accesskey="n" href="man.named-journalprint.html">Next</a>
+<td width="40%" align="right"> <a accesskey="n" href="man.named.conf.html">Next</a>
</td>
</tr>
<tr>
<td width="40%" align="left" valign="top">
<span class="application">named-checkzone</span> </td>
<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
-<td width="40%" align="right" valign="top"> <span class="application">named-journalprint</span>
+<td width="40%" align="right" valign="top"> <code class="filename">named.conf</code>
</td>
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.9.8-P4 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.nsec3hash.html b/doc/arm/man.nsec3hash.html
index 83c712ba03e0..ef3b6cdd8d2a 100644
--- a/doc/arm/man.nsec3hash.html
+++ b/doc/arm/man.nsec3hash.html
@@ -14,13 +14,12 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>nsec3hash</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
+<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
<link rel="prev" href="man.isc-hmac-fixup.html" title="isc-hmac-fixup">
</head>
@@ -37,7 +36,7 @@
</table>
<hr>
</div>
-<div class="refentry" lang="en">
+<div class="refentry">
<a name="man.nsec3hash"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -47,17 +46,17 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">nsec3hash</code> {<em class="replaceable"><code>salt</code></em>} {<em class="replaceable"><code>algorithm</code></em>} {<em class="replaceable"><code>iterations</code></em>} {<em class="replaceable"><code>domain</code></em>}</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2659411"></a><h2>DESCRIPTION</h2>
+<div class="refsection">
+<a name="id-1.14.28.7"></a><h2>DESCRIPTION</h2>
<p>
- <span><strong class="command">nsec3hash</strong></span> generates an NSEC3 hash based on
+ <span class="command"><strong>nsec3hash</strong></span> generates an NSEC3 hash based on
a set of NSEC3 parameters. This can be used to check the validity
of NSEC3 records in a signed zone.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2659426"></a><h2>ARGUMENTS</h2>
-<div class="variablelist"><dl>
+<div class="refsection">
+<a name="id-1.14.28.8"></a><h2>ARGUMENTS</h2>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">salt</span></dt>
<dd><p>
The salt provided to the hash algorithm.
@@ -79,18 +78,13 @@
</p></dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2659488"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.14.28.9"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 5155</em>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2659505"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
- </p>
-</div>
</div>
<div class="navfooter">
<hr>
@@ -109,6 +103,6 @@
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.9.8-P4 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.nsupdate.html b/doc/arm/man.nsupdate.html
index 4462acb91d81..45b5b31701a8 100644
--- a/doc/arm/man.nsupdate.html
+++ b/doc/arm/man.nsupdate.html
@@ -14,13 +14,12 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>nsupdate</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
+<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
<link rel="prev" href="man.named-journalprint.html" title="named-journalprint">
<link rel="next" href="man.rndc.html" title="rndc">
@@ -39,7 +38,7 @@
</table>
<hr>
</div>
-<div class="refentry" lang="en">
+<div class="refentry">
<a name="man.nsupdate"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -49,9 +48,9 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">nsupdate</code> [<code class="option">-d</code>] [<code class="option">-D</code>] [<code class="option">-L <em class="replaceable"><code>level</code></em></code>] [[<code class="option">-g</code>] | [<code class="option">-o</code>] | [<code class="option">-l</code>] | [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] | [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v</code>] [<code class="option">-V</code>] [filename]</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2644203"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">nsupdate</strong></span>
+<div class="refsection">
+<a name="id-1.14.20.7"></a><h2>DESCRIPTION</h2>
+<p><span class="command"><strong>nsupdate</strong></span>
is used to submit Dynamic DNS Update requests as defined in RFC 2136
to a name server.
This allows resource records to be added or removed from a zone
@@ -62,14 +61,14 @@
</p>
<p>
Zones that are under dynamic control via
- <span><strong class="command">nsupdate</strong></span>
+ <span class="command"><strong>nsupdate</strong></span>
or a DHCP server should not be edited by hand.
Manual edits could
conflict with dynamic updates and cause data to be lost.
</p>
<p>
The resource records that are dynamically added or removed with
- <span><strong class="command">nsupdate</strong></span>
+ <span class="command"><strong>nsupdate</strong></span>
have to be in the same zone.
Requests are sent to the zone's master server.
This is identified by the MNAME field of the zone's SOA record.
@@ -83,15 +82,15 @@
<p>
TSIG relies on
a shared secret that should only be known to
- <span><strong class="command">nsupdate</strong></span> and the name server.
+ <span class="command"><strong>nsupdate</strong></span> and the name server.
For instance, suitable <span class="type">key</span> and
<span class="type">server</span> statements would be added to
<code class="filename">/etc/named.conf</code> so that the name server
can associate the appropriate secret key and algorithm with
the IP address of the client application that will be using
- TSIG authentication. You can use <span><strong class="command">ddns-confgen</strong></span>
+ TSIG authentication. You can use <span class="command"><strong>ddns-confgen</strong></span>
to generate suitable configuration fragments.
- <span><strong class="command">nsupdate</strong></span>
+ <span class="command"><strong>nsupdate</strong></span>
uses the <code class="option">-y</code> or <code class="option">-k</code> options
to provide the TSIG shared secret. These options are mutually exclusive.
</p>
@@ -107,9 +106,9 @@
2000 can be switched on with the <code class="option">-o</code> flag.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2644497"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
+<div class="refsection">
+<a name="id-1.14.20.8"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-d</span></dt>
<dd><p>
Debug mode. This provides tracing information about the
@@ -124,12 +123,12 @@
<dd><p>
The file containing the TSIG authentication key.
Keyfiles may be in two formats: a single file containing
- a <code class="filename">named.conf</code>-format <span><strong class="command">key</strong></span>
+ a <code class="filename">named.conf</code>-format <span class="command"><strong>key</strong></span>
statement, which may be generated automatically by
- <span><strong class="command">ddns-confgen</strong></span>, or a pair of files whose names are
+ <span class="command"><strong>ddns-confgen</strong></span>, or a pair of files whose names are
of the format <code class="filename">K{name}.+157.+{random}.key</code> and
<code class="filename">K{name}.+157.+{random}.private</code>, which can be
- generated by <span><strong class="command">dnssec-keygen</strong></span>.
+ generated by <span class="command"><strong>dnssec-keygen</strong></span>.
The <code class="option">-k</code> may also be used to specify a SIG(0) key used
to authenticate Dynamic DNS update requests. In this case, the key
specified is not an HMAC-MD5 key.
@@ -137,12 +136,12 @@
<dt><span class="term">-l</span></dt>
<dd><p>
Local-host only mode. This sets the server address to
- localhost (disabling the <span><strong class="command">server</strong></span> so that the server
+ localhost (disabling the <span class="command"><strong>server</strong></span> so that the server
address cannot be overridden). Connections to the local server will
use a TSIG key found in <code class="filename">/var/run/named/session.key</code>,
- which is automatically generated by <span><strong class="command">named</strong></span> if any
- local master zone has set <span><strong class="command">update-policy</strong></span> to
- <span><strong class="command">local</strong></span>. The location of this key file can be
+ which is automatically generated by <span class="command"><strong>named</strong></span> if any
+ local master zone has set <span class="command"><strong>update-policy</strong></span> to
+ <span class="command"><strong>local</strong></span>. The location of this key file can be
overridden with the <code class="option">-k</code> option.
</p></dd>
<dt><span class="term">-L <em class="replaceable"><code>level</code></em></span></dt>
@@ -185,7 +184,7 @@
<dt><span class="term">-v</span></dt>
<dd><p>
Use TCP even for small update requests.
- By default, <span><strong class="command">nsupdate</strong></span>
+ By default, <span class="command"><strong>nsupdate</strong></span>
uses UDP to send update requests to the name server unless they are too
large to fit in a UDP request in which case TCP will be used.
TCP may be preferable when a batch of update requests is made.
@@ -217,9 +216,9 @@
</dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2682020"></a><h2>INPUT FORMAT</h2>
-<p><span><strong class="command">nsupdate</strong></span>
+<div class="refsection">
+<a name="id-1.14.20.9"></a><h2>INPUT FORMAT</h2>
+<p><span class="command"><strong>nsupdate</strong></span>
reads input from
<em class="parameter"><code>filename</code></em>
or standard input.
@@ -238,7 +237,7 @@
and zero or more updates.
This allows a suitably authenticated update request to proceed if some
specified resource records are present or missing from the zone.
- A blank input line (or the <span><strong class="command">send</strong></span> command)
+ A blank input line (or the <span class="command"><strong>send</strong></span> command)
causes the
accumulated commands to be sent as one Dynamic DNS update request to the
name server.
@@ -246,9 +245,9 @@
<p>
The command formats and their meaning are as follows:
</p>
-<div class="variablelist"><dl>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">
- <span><strong class="command">server</strong></span>
+ <span class="command"><strong>server</strong></span>
{servername}
[port]
</span></dt>
@@ -256,7 +255,7 @@
Sends all dynamic update requests to the name server
<em class="parameter"><code>servername</code></em>.
When no server statement is provided,
- <span><strong class="command">nsupdate</strong></span>
+ <span class="command"><strong>nsupdate</strong></span>
will send updates to the master server of the correct zone.
The MNAME field of that zone's SOA record will identify the
master
@@ -270,7 +269,7 @@
used.
</p></dd>
<dt><span class="term">
- <span><strong class="command">local</strong></span>
+ <span class="command"><strong>local</strong></span>
{address}
[port]
</span></dt>
@@ -279,7 +278,7 @@
<em class="parameter"><code>address</code></em>.
When no local statement is provided,
- <span><strong class="command">nsupdate</strong></span>
+ <span class="command"><strong>nsupdate</strong></span>
will send updates using an address and port chosen by the
system.
<em class="parameter"><code>port</code></em>
@@ -288,7 +287,7 @@
If no port number is specified, the system will assign one.
</p></dd>
<dt><span class="term">
- <span><strong class="command">zone</strong></span>
+ <span class="command"><strong>zone</strong></span>
{zonename}
</span></dt>
<dd><p>
@@ -297,12 +296,12 @@
If no
<em class="parameter"><code>zone</code></em>
statement is provided,
- <span><strong class="command">nsupdate</strong></span>
+ <span class="command"><strong>nsupdate</strong></span>
will attempt determine the correct zone to update based on the
rest of the input.
</p></dd>
<dt><span class="term">
- <span><strong class="command">class</strong></span>
+ <span class="command"><strong>class</strong></span>
{classname}
</span></dt>
<dd><p>
@@ -312,7 +311,7 @@
<em class="parameter"><code>IN</code></em>.
</p></dd>
<dt><span class="term">
- <span><strong class="command">ttl</strong></span>
+ <span class="command"><strong>ttl</strong></span>
{seconds}
</span></dt>
<dd><p>
@@ -321,7 +320,7 @@
ttl.
</p></dd>
<dt><span class="term">
- <span><strong class="command">key</strong></span>
+ <span class="command"><strong>key</strong></span>
[hmac:] {keyname}
{secret}
</span></dt>
@@ -330,19 +329,19 @@
<em class="parameter"><code>keyname</code></em> <em class="parameter"><code>secret</code></em> pair.
If <em class="parameter"><code>hmac</code></em> is specified, then it sets the
signing algorithm in use; the default is
- <code class="literal">hmac-md5</code>. The <span><strong class="command">key</strong></span>
+ <code class="literal">hmac-md5</code>. The <span class="command"><strong>key</strong></span>
command overrides any key specified on the command line via
<code class="option">-y</code> or <code class="option">-k</code>.
</p></dd>
<dt><span class="term">
- <span><strong class="command">gsstsig</strong></span>
+ <span class="command"><strong>gsstsig</strong></span>
</span></dt>
<dd><p>
Use GSS-TSIG to sign the updated. This is equivalent to
specifying <code class="option">-g</code> on the commandline.
</p></dd>
<dt><span class="term">
- <span><strong class="command">oldgsstsig</strong></span>
+ <span class="command"><strong>oldgsstsig</strong></span>
</span></dt>
<dd><p>
Use the Windows 2000 version of GSS-TSIG to sign the updated.
@@ -350,7 +349,7 @@
commandline.
</p></dd>
<dt><span class="term">
- <span><strong class="command">realm</strong></span>
+ <span class="command"><strong>realm</strong></span>
{[<span class="optional">realm_name</span>]}
</span></dt>
<dd><p>
@@ -359,7 +358,7 @@
realm is specified the saved realm is cleared.
</p></dd>
<dt><span class="term">
- <span><strong class="command">[<span class="optional">prereq</span>] nxdomain</strong></span>
+ <span class="command"><strong>[<span class="optional">prereq</span>] nxdomain</strong></span>
{domain-name}
</span></dt>
<dd><p>
@@ -367,7 +366,7 @@
<em class="parameter"><code>domain-name</code></em>.
</p></dd>
<dt><span class="term">
- <span><strong class="command">[<span class="optional">prereq</span>] yxdomain</strong></span>
+ <span class="command"><strong>[<span class="optional">prereq</span>] yxdomain</strong></span>
{domain-name}
</span></dt>
<dd><p>
@@ -376,7 +375,7 @@
exists (has as at least one resource record, of any type).
</p></dd>
<dt><span class="term">
- <span><strong class="command">[<span class="optional">prereq</span>] nxrrset</strong></span>
+ <span class="command"><strong>[<span class="optional">prereq</span>] nxrrset</strong></span>
{domain-name}
[class]
{type}
@@ -392,7 +391,7 @@
is omitted, IN (internet) is assumed.
</p></dd>
<dt><span class="term">
- <span><strong class="command">[<span class="optional">prereq</span>] yxrrset</strong></span>
+ <span class="command"><strong>[<span class="optional">prereq</span>] yxrrset</strong></span>
{domain-name}
[class]
{type}
@@ -409,7 +408,7 @@
is omitted, IN (internet) is assumed.
</p></dd>
<dt><span class="term">
- <span><strong class="command">[<span class="optional">prereq</span>] yxrrset</strong></span>
+ <span class="command"><strong>[<span class="optional">prereq</span>] yxrrset</strong></span>
{domain-name}
[class]
{type}
@@ -438,7 +437,7 @@
RDATA.
</p></dd>
<dt><span class="term">
- <span><strong class="command">[<span class="optional">update</span>] del[<span class="optional">ete</span>]</strong></span>
+ <span class="command"><strong>[<span class="optional">update</span>] del[<span class="optional">ete</span>]</strong></span>
{domain-name}
[ttl]
[class]
@@ -459,7 +458,7 @@
is ignored, and is only allowed for compatibility.
</p></dd>
<dt><span class="term">
- <span><strong class="command">[<span class="optional">update</span>] add</strong></span>
+ <span class="command"><strong>[<span class="optional">update</span>] add</strong></span>
{domain-name}
{ttl}
[class]
@@ -474,7 +473,7 @@
<em class="parameter"><code>data</code></em>.
</p></dd>
<dt><span class="term">
- <span><strong class="command">show</strong></span>
+ <span class="command"><strong>show</strong></span>
</span></dt>
<dd><p>
Displays the current message, containing all of the
@@ -482,32 +481,32 @@
updates specified since the last send.
</p></dd>
<dt><span class="term">
- <span><strong class="command">send</strong></span>
+ <span class="command"><strong>send</strong></span>
</span></dt>
<dd><p>
Sends the current message. This is equivalent to entering a
blank line.
</p></dd>
<dt><span class="term">
- <span><strong class="command">answer</strong></span>
+ <span class="command"><strong>answer</strong></span>
</span></dt>
<dd><p>
Displays the answer.
</p></dd>
<dt><span class="term">
- <span><strong class="command">debug</strong></span>
+ <span class="command"><strong>debug</strong></span>
</span></dt>
<dd><p>
Turn on debugging.
</p></dd>
<dt><span class="term">
- <span><strong class="command">version</strong></span>
+ <span class="command"><strong>version</strong></span>
</span></dt>
<dd><p>
Print version number.
</p></dd>
<dt><span class="term">
- <span><strong class="command">help</strong></span>
+ <span class="command"><strong>help</strong></span>
</span></dt>
<dd><p>
Print a list of commands.
@@ -519,11 +518,11 @@
Lines beginning with a semicolon are comments and are ignored.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2683271"></a><h2>EXAMPLES</h2>
+<div class="refsection">
+<a name="id-1.14.20.10"></a><h2>EXAMPLES</h2>
<p>
The examples below show how
- <span><strong class="command">nsupdate</strong></span>
+ <span class="command"><strong>nsupdate</strong></span>
could be used to insert and delete resource records from the
<span class="type">example.com</span>
zone.
@@ -573,9 +572,9 @@
RRSIG, DNSKEY and NSEC records.)
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2683321"></a><h2>FILES</h2>
-<div class="variablelist"><dl>
+<div class="refsection">
+<a name="id-1.14.20.11"></a><h2>FILES</h2>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt>
<dd><p>
used to identify default name server
@@ -596,8 +595,8 @@
</p></dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2683408"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.14.20.12"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">RFC 2136</em>,
<em class="citetitle">RFC 3007</em>,
@@ -611,8 +610,8 @@
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2683533"></a><h2>BUGS</h2>
+<div class="refsection">
+<a name="id-1.14.20.13"></a><h2>BUGS</h2>
<p>
The TSIG key is redundantly stored in two separate files.
This is a consequence of nsupdate using the DST library
@@ -640,6 +639,6 @@
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.9.8-P4 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.rndc-confgen.html b/doc/arm/man.rndc-confgen.html
index db1cfa8a5ee7..697e44cda784 100644
--- a/doc/arm/man.rndc-confgen.html
+++ b/doc/arm/man.rndc-confgen.html
@@ -14,13 +14,12 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>rndc-confgen</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
+<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
<link rel="prev" href="man.rndc.conf.html" title="rndc.conf">
<link rel="next" href="man.ddns-confgen.html" title="ddns-confgen">
@@ -39,7 +38,7 @@
</table>
<hr>
</div>
-<div class="refentry" lang="en">
+<div class="refentry">
<a name="man.rndc-confgen"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -49,57 +48,57 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">rndc-confgen</code> [<code class="option">-a</code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-c <em class="replaceable"><code>keyfile</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [<code class="option">-s <em class="replaceable"><code>address</code></em></code>] [<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>]</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2649297"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">rndc-confgen</strong></span>
+<div class="refsection">
+<a name="id-1.14.23.7"></a><h2>DESCRIPTION</h2>
+<p><span class="command"><strong>rndc-confgen</strong></span>
generates configuration files
- for <span><strong class="command">rndc</strong></span>. It can be used as a
+ for <span class="command"><strong>rndc</strong></span>. It can be used as a
convenient alternative to writing the
<code class="filename">rndc.conf</code> file
- and the corresponding <span><strong class="command">controls</strong></span>
- and <span><strong class="command">key</strong></span>
+ and the corresponding <span class="command"><strong>controls</strong></span>
+ and <span class="command"><strong>key</strong></span>
statements in <code class="filename">named.conf</code> by hand.
- Alternatively, it can be run with the <span><strong class="command">-a</strong></span>
+ Alternatively, it can be run with the <span class="command"><strong>-a</strong></span>
option to set up a <code class="filename">rndc.key</code> file and
avoid the need for a <code class="filename">rndc.conf</code> file
- and a <span><strong class="command">controls</strong></span> statement altogether.
+ and a <span class="command"><strong>controls</strong></span> statement altogether.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2649363"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
+<div class="refsection">
+<a name="id-1.14.23.8"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-a</span></dt>
<dd>
<p>
- Do automatic <span><strong class="command">rndc</strong></span> configuration.
+ Do automatic <span class="command"><strong>rndc</strong></span> configuration.
This creates a file <code class="filename">rndc.key</code>
in <code class="filename">/etc</code> (or whatever
<code class="varname">sysconfdir</code>
was specified as when <acronym class="acronym">BIND</acronym> was
built)
- that is read by both <span><strong class="command">rndc</strong></span>
- and <span><strong class="command">named</strong></span> on startup. The
+ that is read by both <span class="command"><strong>rndc</strong></span>
+ and <span class="command"><strong>named</strong></span> on startup. The
<code class="filename">rndc.key</code> file defines a default
command channel and authentication key allowing
- <span><strong class="command">rndc</strong></span> to communicate with
- <span><strong class="command">named</strong></span> on the local host
+ <span class="command"><strong>rndc</strong></span> to communicate with
+ <span class="command"><strong>named</strong></span> on the local host
with no further configuration.
</p>
<p>
- Running <span><strong class="command">rndc-confgen -a</strong></span> allows
- BIND 9 and <span><strong class="command">rndc</strong></span> to be used as
+ Running <span class="command"><strong>rndc-confgen -a</strong></span> allows
+ BIND 9 and <span class="command"><strong>rndc</strong></span> to be used as
drop-in
- replacements for BIND 8 and <span><strong class="command">ndc</strong></span>,
+ replacements for BIND 8 and <span class="command"><strong>ndc</strong></span>,
with no changes to the existing BIND 8
<code class="filename">named.conf</code> file.
</p>
<p>
If a more elaborate configuration than that
- generated by <span><strong class="command">rndc-confgen -a</strong></span>
+ generated by <span class="command"><strong>rndc-confgen -a</strong></span>
is required, for example if rndc is to be used remotely,
- you should run <span><strong class="command">rndc-confgen</strong></span> without
+ you should run <span class="command"><strong>rndc-confgen</strong></span> without
the
- <span><strong class="command">-a</strong></span> option and set up a
+ <span class="command"><strong>-a</strong></span> option and set up a
<code class="filename">rndc.conf</code> and
<code class="filename">named.conf</code>
as directed.
@@ -112,13 +111,13 @@
</p></dd>
<dt><span class="term">-c <em class="replaceable"><code>keyfile</code></em></span></dt>
<dd><p>
- Used with the <span><strong class="command">-a</strong></span> option to specify
+ Used with the <span class="command"><strong>-a</strong></span> option to specify
an alternate location for <code class="filename">rndc.key</code>.
</p></dd>
<dt><span class="term">-h</span></dt>
<dd><p>
Prints a short summary of the options and arguments to
- <span><strong class="command">rndc-confgen</strong></span>.
+ <span class="command"><strong>rndc-confgen</strong></span>.
</p></dd>
<dt><span class="term">-k <em class="replaceable"><code>keyname</code></em></span></dt>
<dd><p>
@@ -128,8 +127,8 @@
</p></dd>
<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
<dd><p>
- Specifies the command channel port where <span><strong class="command">named</strong></span>
- listens for connections from <span><strong class="command">rndc</strong></span>.
+ Specifies the command channel port where <span class="command"><strong>named</strong></span>
+ listens for connections from <span class="command"><strong>rndc</strong></span>.
The default is 953.
</p></dd>
<dt><span class="term">-r <em class="replaceable"><code>randomfile</code></em></span></dt>
@@ -147,61 +146,56 @@
</p></dd>
<dt><span class="term">-s <em class="replaceable"><code>address</code></em></span></dt>
<dd><p>
- Specifies the IP address where <span><strong class="command">named</strong></span>
+ Specifies the IP address where <span class="command"><strong>named</strong></span>
listens for command channel connections from
- <span><strong class="command">rndc</strong></span>. The default is the loopback
+ <span class="command"><strong>rndc</strong></span>. The default is the loopback
address 127.0.0.1.
</p></dd>
<dt><span class="term">-t <em class="replaceable"><code>chrootdir</code></em></span></dt>
<dd><p>
- Used with the <span><strong class="command">-a</strong></span> option to specify
- a directory where <span><strong class="command">named</strong></span> will run
+ Used with the <span class="command"><strong>-a</strong></span> option to specify
+ a directory where <span class="command"><strong>named</strong></span> will run
chrooted. An additional copy of the <code class="filename">rndc.key</code>
will be written relative to this directory so that
- it will be found by the chrooted <span><strong class="command">named</strong></span>.
+ it will be found by the chrooted <span class="command"><strong>named</strong></span>.
</p></dd>
<dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt>
<dd><p>
- Used with the <span><strong class="command">-a</strong></span> option to set the
+ Used with the <span class="command"><strong>-a</strong></span> option to set the
owner
of the <code class="filename">rndc.key</code> file generated.
If
- <span><strong class="command">-t</strong></span> is also specified only the file
+ <span class="command"><strong>-t</strong></span> is also specified only the file
in
the chroot area has its owner changed.
</p></dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2652411"></a><h2>EXAMPLES</h2>
+<div class="refsection">
+<a name="id-1.14.23.9"></a><h2>EXAMPLES</h2>
<p>
- To allow <span><strong class="command">rndc</strong></span> to be used with
+ To allow <span class="command"><strong>rndc</strong></span> to be used with
no manual configuration, run
</p>
<p><strong class="userinput"><code>rndc-confgen -a</code></strong>
</p>
<p>
To print a sample <code class="filename">rndc.conf</code> file and
- corresponding <span><strong class="command">controls</strong></span> and <span><strong class="command">key</strong></span>
+ corresponding <span class="command"><strong>controls</strong></span> and <span class="command"><strong>key</strong></span>
statements to be manually inserted into <code class="filename">named.conf</code>,
run
</p>
<p><strong class="userinput"><code>rndc-confgen</code></strong>
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2652468"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.14.23.10"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2659196"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
- </p>
-</div>
</div>
<div class="navfooter">
<hr>
@@ -222,6 +216,6 @@
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.9.8-P4 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.rndc.conf.html b/doc/arm/man.rndc.conf.html
index 2a3aa393ec93..877c1e4dffdf 100644
--- a/doc/arm/man.rndc.conf.html
+++ b/doc/arm/man.rndc.conf.html
@@ -14,13 +14,12 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>rndc.conf</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
+<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
<link rel="prev" href="man.rndc.html" title="rndc">
<link rel="next" href="man.rndc-confgen.html" title="rndc-confgen">
@@ -39,7 +38,7 @@
</table>
<hr>
</div>
-<div class="refentry" lang="en">
+<div class="refentry">
<a name="man.rndc.conf"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -49,10 +48,10 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">rndc.conf</code> </p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2617745"></a><h2>DESCRIPTION</h2>
+<div class="refsection">
+<a name="id-1.14.22.7"></a><h2>DESCRIPTION</h2>
<p><code class="filename">rndc.conf</code> is the configuration file
- for <span><strong class="command">rndc</strong></span>, the BIND 9 name server control
+ for <span class="command"><strong>rndc</strong></span>, the BIND 9 name server control
utility. This file has a similar structure and syntax to
<code class="filename">named.conf</code>. Statements are enclosed
in braces and terminated with a semi-colon. Clauses in
@@ -78,7 +77,7 @@
The <code class="option">default-server</code> clause is followed by the
name or address of a name server. This host will be used when
no name server is given as an argument to
- <span><strong class="command">rndc</strong></span>. The <code class="option">default-key</code>
+ <span class="command"><strong>rndc</strong></span>. The <code class="option">default-key</code>
clause is followed by the name of a key which is identified by
a <code class="option">key</code> statement. If no
<code class="option">keyid</code> is provided on the rndc command line,
@@ -114,7 +113,7 @@
The <code class="option">key</code> statement begins with an identifying
string, the name of the key. The statement has two clauses.
<code class="option">algorithm</code> identifies the encryption algorithm
- for <span><strong class="command">rndc</strong></span> to use; currently only HMAC-MD5
+ for <span class="command"><strong>rndc</strong></span> to use; currently only HMAC-MD5
is
supported. This is followed by a secret clause which contains
the base-64 encoding of the algorithm's encryption key. The
@@ -122,20 +121,20 @@
</p>
<p>
There are two common ways to generate the base-64 string for the
- secret. The BIND 9 program <span><strong class="command">rndc-confgen</strong></span>
+ secret. The BIND 9 program <span class="command"><strong>rndc-confgen</strong></span>
can
be used to generate a random key, or the
- <span><strong class="command">mmencode</strong></span> program, also known as
- <span><strong class="command">mimencode</strong></span>, can be used to generate a
+ <span class="command"><strong>mmencode</strong></span> program, also known as
+ <span class="command"><strong>mimencode</strong></span>, can be used to generate a
base-64
- string from known input. <span><strong class="command">mmencode</strong></span> does
+ string from known input. <span class="command"><strong>mmencode</strong></span> does
not
ship with BIND 9 but is available on many systems. See the
EXAMPLE section for sample command lines for each.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2646384"></a><h2>EXAMPLE</h2>
+<div class="refsection">
+<a name="id-1.14.22.8"></a><h2>EXAMPLE</h2>
<pre class="programlisting">
options {
default-server localhost;
@@ -176,7 +175,7 @@
<p>
</p>
<p>
- In the above example, <span><strong class="command">rndc</strong></span> will by
+ In the above example, <span class="command"><strong>rndc</strong></span> will by
default use
the server at localhost (127.0.0.1) and the key called samplekey.
Commands to the localhost server will use the samplekey key, which
@@ -186,11 +185,11 @@
base-64 encoding of the HMAC-MD5 secret enclosed in double quotes.
</p>
<p>
- If <span><strong class="command">rndc -s testserver</strong></span> is used then <span><strong class="command">rndc</strong></span> will
+ If <span class="command"><strong>rndc -s testserver</strong></span> is used then <span class="command"><strong>rndc</strong></span> will
connect to server on localhost port 5353 using the key testkey.
</p>
<p>
- To generate a random secret with <span><strong class="command">rndc-confgen</strong></span>:
+ To generate a random secret with <span class="command"><strong>rndc-confgen</strong></span>:
</p>
<p><strong class="userinput"><code>rndc-confgen</code></strong>
</p>
@@ -203,13 +202,13 @@
<code class="filename">named.conf</code> are also printed.
</p>
<p>
- To generate a base-64 secret with <span><strong class="command">mmencode</strong></span>:
+ To generate a base-64 secret with <span class="command"><strong>mmencode</strong></span>:
</p>
<p><strong class="userinput"><code>echo "known plaintext for a secret" | mmencode</code></strong>
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2647324"></a><h2>NAME SERVER CONFIGURATION</h2>
+<div class="refsection">
+<a name="id-1.14.22.9"></a><h2>NAME SERVER CONFIGURATION</h2>
<p>
The name server must be configured to accept rndc connections and
to recognize the key specified in the <code class="filename">rndc.conf</code>
@@ -218,19 +217,14 @@
BIND 9 Administrator Reference Manual for details.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2647350"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.14.22.10"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">mmencode</span>(1)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2647388"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
- </p>
-</div>
</div>
<div class="navfooter">
<hr>
@@ -251,6 +245,6 @@
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.9.8-P4 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/man.rndc.html b/doc/arm/man.rndc.html
index 731a560c7207..59a1360e7ecb 100644
--- a/doc/arm/man.rndc.html
+++ b/doc/arm/man.rndc.html
@@ -14,13 +14,12 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>rndc</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
+<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
<link rel="prev" href="man.nsupdate.html" title="nsupdate">
<link rel="next" href="man.rndc.conf.html" title="rndc.conf">
@@ -39,7 +38,7 @@
</table>
<hr>
</div>
-<div class="refentry" lang="en">
+<div class="refentry">
<a name="man.rndc"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
@@ -49,22 +48,22 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">rndc</code> [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2644753"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">rndc</strong></span>
+<div class="refsection">
+<a name="id-1.14.21.7"></a><h2>DESCRIPTION</h2>
+<p><span class="command"><strong>rndc</strong></span>
controls the operation of a name
- server. It supersedes the <span><strong class="command">ndc</strong></span> utility
+ server. It supersedes the <span class="command"><strong>ndc</strong></span> utility
that was provided in old BIND releases. If
- <span><strong class="command">rndc</strong></span> is invoked with no command line
+ <span class="command"><strong>rndc</strong></span> is invoked with no command line
options or arguments, it prints a short summary of the
supported commands and the available options and their
arguments.
</p>
-<p><span><strong class="command">rndc</strong></span>
+<p><span class="command"><strong>rndc</strong></span>
communicates with the name server
over a TCP connection, sending commands authenticated with
digital signatures. In the current versions of
- <span><strong class="command">rndc</strong></span> and <span><strong class="command">named</strong></span>,
+ <span class="command"><strong>rndc</strong></span> and <span class="command"><strong>named</strong></span>,
the only supported authentication algorithm is HMAC-MD5,
which uses a shared secret on each end of the connection.
This provides TSIG-style authentication for the command
@@ -72,15 +71,15 @@
over the channel must be signed by a key_id known to the
server.
</p>
-<p><span><strong class="command">rndc</strong></span>
+<p><span class="command"><strong>rndc</strong></span>
reads a configuration file to
determine how to contact the name server and decide what
algorithm and key it should use.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2644803"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
+<div class="refsection">
+<a name="id-1.14.21.8"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt>
<dd><p>
Use <em class="replaceable"><code>source-address</code></em>
@@ -108,9 +107,9 @@
<dd><p><em class="replaceable"><code>server</code></em> is
the name or address of the server which matches a
server statement in the configuration file for
- <span><strong class="command">rndc</strong></span>. If no server is supplied on the
+ <span class="command"><strong>rndc</strong></span>. If no server is supplied on the
command line, the host named by the default-server clause
- in the options statement of the <span><strong class="command">rndc</strong></span>
+ in the options statement of the <span class="command"><strong>rndc</strong></span>
configuration file will be used.
</p></dd>
<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
@@ -130,10 +129,10 @@
from the configuration file.
<em class="replaceable"><code>key_id</code></em>
must be
- known by <span><strong class="command">named</strong></span> with the same algorithm and secret string
+ known by <span class="command"><strong>named</strong></span> with the same algorithm and secret string
in order for control message validation to succeed.
If no <em class="replaceable"><code>key_id</code></em>
- is specified, <span><strong class="command">rndc</strong></span> will first look
+ is specified, <span class="command"><strong>rndc</strong></span> will first look
for a key clause in the server statement of the server
being used, or if no server statement is present for that
host, then the default-key clause of the options statement.
@@ -144,22 +143,22 @@
</p></dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2645564"></a><h2>COMMANDS</h2>
+<div class="refsection">
+<a name="id-1.14.21.9"></a><h2>COMMANDS</h2>
<p>
- A list of commands supported by <span><strong class="command">rndc</strong></span> can
- be seen by running <span><strong class="command">rndc</strong></span> without arguments.
+ A list of commands supported by <span class="command"><strong>rndc</strong></span> can
+ be seen by running <span class="command"><strong>rndc</strong></span> without arguments.
</p>
<p>
Currently supported commands are:
</p>
-<div class="variablelist"><dl>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term"><strong class="userinput"><code>addzone <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>] <em class="replaceable"><code>configuration</code></em> </code></strong></span></dt>
<dd>
<p>
Add a zone while the server is running. This
command requires the
- <span><strong class="command">allow-new-zones</strong></span> option to be set
+ <span class="command"><strong>allow-new-zones</strong></span> option to be set
to <strong class="userinput"><code>yes</code></strong>. The
<em class="replaceable"><code>configuration</code></em> string
specified on the command line is the zone
@@ -171,13 +170,13 @@
<code class="filename"><em class="replaceable"><code>hash</code></em>.nzf</code>,
where <em class="replaceable"><code>hash</code></em> is a
cryptographic hash generated from the name of
- the view. When <span><strong class="command">named</strong></span> is
+ the view. When <span class="command"><strong>named</strong></span> is
restarted, the file will be loaded into the view
configuration, so that zones that were added
can persist after a restart.
</p>
<p>
- This sample <span><strong class="command">addzone</strong></span> command
+ This sample <span class="command"><strong>addzone</strong></span> command
would add the zone <code class="literal">example.com</code>
to the default view:
</p>
@@ -189,7 +188,7 @@
configuration text.)
</p>
<p>
- See also <span><strong class="command">rndc delzone</strong></span>.
+ See also <span class="command"><strong>rndc delzone</strong></span>.
</p>
</dd>
<dt><span class="term"><strong class="userinput"><code>delzone <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>] </code></strong></span></dt>
@@ -197,11 +196,11 @@
<p>
Delete a zone while the server is running.
Only zones that were originally added via
- <span><strong class="command">rndc addzone</strong></span> can be deleted
- in this manner.
+ <span class="command"><strong>rndc addzone</strong></span> can be deleted
+ in this manner.
</p>
<p>
- See also <span><strong class="command">rndc addzone</strong></span>
+ See also <span class="command"><strong>rndc addzone</strong></span>
</p>
</dd>
<dt><span class="term"><strong class="userinput"><code>dumpdb [<span class="optional">-all|-cache|-zone|-adb|-bad</span>] [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt>
@@ -211,7 +210,7 @@
dump file for the specified views. If no view is
specified, all
views are dumped.
- (See the <span><strong class="command">dump-file</strong></span> option in
+ (See the <span class="command"><strong>dump-file</strong></span> option in
the BIND 9 Administrator Reference Manual.)
</p></dd>
<dt><span class="term"><strong class="userinput"><code>flush</code></strong></span></dt>
@@ -243,7 +242,7 @@
the zone is frozen.
</p>
<p>
- See also <span><strong class="command">rndc thaw</strong></span>.
+ See also <span class="command"><strong>rndc thaw</strong></span>.
</p>
</dd>
<dt><span class="term"><strong class="userinput"><code>halt [<span class="optional">-p</span>]</code></strong></span></dt>
@@ -253,12 +252,12 @@
made through dynamic update or IXFR are not saved to
the master files, but will be rolled forward from the
journal files when the server is restarted.
- If <code class="option">-p</code> is specified <span><strong class="command">named</strong></span>'s process id is returned.
- This allows an external process to determine when <span><strong class="command">named</strong></span>
+ If <code class="option">-p</code> is specified <span class="command"><strong>named</strong></span>'s process id is returned.
+ This allows an external process to determine when <span class="command"><strong>named</strong></span>
had completed halting.
</p>
<p>
- See also <span><strong class="command">rndc stop</strong></span>.
+ See also <span class="command"><strong>rndc stop</strong></span>.
</p>
</dd>
<dt><span class="term"><strong class="userinput"><code>loadkeys <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>
@@ -267,14 +266,14 @@
Fetch all DNSSEC keys for the given zone
from the key directory. If they are within
their publication period, merge them into the
- zone's DNSKEY RRset. Unlike <span><strong class="command">rndc
+ zone's DNSKEY RRset. Unlike <span class="command"><strong>rndc
sign</strong></span>, however, the zone is not
immediately re-signed by the new keys, but is
allowed to incrementally re-sign over time.
</p>
<p>
This command requires that the
- <span><strong class="command">auto-dnssec</strong></span> zone option
+ <span class="command"><strong>auto-dnssec</strong></span> zone option
be set to <code class="literal">maintain</code>,
and also requires the zone to be configured to
allow dynamic DNS.
@@ -292,7 +291,7 @@
Sets the server's debugging level to 0.
</p>
<p>
- See also <span><strong class="command">rndc trace</strong></span>.
+ See also <span class="command"><strong>rndc trace</strong></span>.
</p>
</dd>
<dt><span class="term"><strong class="userinput"><code>querylog</code></strong> [<span class="optional">on|off</span>] </span></dt>
@@ -304,13 +303,13 @@
</p>
<p>
Query logging can also be enabled
- by explicitly directing the <span><strong class="command">queries</strong></span>
- <span><strong class="command">category</strong></span> to a
- <span><strong class="command">channel</strong></span> in the
- <span><strong class="command">logging</strong></span> section of
+ by explicitly directing the <span class="command"><strong>queries</strong></span>
+ <span class="command"><strong>category</strong></span> to a
+ <span class="command"><strong>channel</strong></span> in the
+ <span class="command"><strong>logging</strong></span> section of
<code class="filename">named.conf</code> or by specifying
- <span><strong class="command">querylog yes;</strong></span> in the
- <span><strong class="command">options</strong></span> section of
+ <span class="command"><strong>querylog yes;</strong></span> in the
+ <span class="command"><strong>options</strong></span> section of
<code class="filename">named.conf</code>.
</p>
</dd>
@@ -319,14 +318,14 @@
Reload the configuration file and load new zones,
but do not reload existing zone files even if they
have changed.
- This is faster than a full <span><strong class="command">reload</strong></span> when there
+ This is faster than a full <span class="command"><strong>reload</strong></span> when there
is a large number of zones because it avoids the need
to examine the
modification times of the zones files.
</p></dd>
<dt><span class="term"><strong class="userinput"><code>recursing</code></strong></span></dt>
<dd><p>
- Dump the list of queries <span><strong class="command">named</strong></span> is currently
+ Dump the list of queries <span class="command"><strong>named</strong></span> is currently
recursing on, and the list of domains to which iterative
queries are currently being sent. (The second list includes
the number of fetches currently active for the given domain,
@@ -352,7 +351,7 @@
</p>
<p>
If the zone is configured to use
- <span><strong class="command">inline-signing</strong></span>, the signed
+ <span class="command"><strong>inline-signing</strong></span>, the signed
version of the zone is discarded; after the
retransfer of the unsigned version is complete, the
signed version will be regenerated with all new
@@ -370,8 +369,8 @@
<dd>
<p>
Fetch all DNSSEC keys for the given zone
- from the key directory (see the
- <span><strong class="command">key-directory</strong></span> option in
+ from the key directory (see the
+ <span class="command"><strong>key-directory</strong></span> option in
the BIND 9 Administrator Reference Manual). If they are within
their publication period, merge them into the
zone's DNSKEY RRset. If the DNSKEY RRset
@@ -380,7 +379,7 @@
</p>
<p>
This command requires that the
- <span><strong class="command">auto-dnssec</strong></span> zone option be set
+ <span class="command"><strong>auto-dnssec</strong></span> zone option be set
to <code class="literal">allow</code> or
<code class="literal">maintain</code>,
and also requires the zone to be configured to
@@ -389,7 +388,7 @@
Reference Manual for more details.)
</p>
<p>
- See also <span><strong class="command">rndc loadkeys</strong></span>.
+ See also <span class="command"><strong>rndc loadkeys</strong></span>.
</p>
</dd>
<dt><span class="term"><strong class="userinput"><code>signing [<span class="optional">( -list | -clear <em class="replaceable"><code>keyid/algorithm</code></em> | -clear <code class="literal">all</code> | -nsec3param ( <em class="replaceable"><code>parameters</code></em> | <code class="literal">none</code> ) ) </span>] <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>] </code></strong></span></dt>
@@ -400,33 +399,33 @@
operations (such as signing or generating
NSEC3 chains) is stored in the zone in the form
of DNS resource records of type
- <span><strong class="command">sig-signing-type</strong></span>.
- <span><strong class="command">rndc signing -list</strong></span> converts
+ <span class="command"><strong>sig-signing-type</strong></span>.
+ <span class="command"><strong>rndc signing -list</strong></span> converts
these records into a human-readable form,
indicating which keys are currently signing
or have finished signing the zone, and which NSEC3
chains are being created or removed.
</p>
<p>
- <span><strong class="command">rndc signing -clear</strong></span> can remove
+ <span class="command"><strong>rndc signing -clear</strong></span> can remove
a single key (specified in the same format that
- <span><strong class="command">rndc signing -list</strong></span> uses to
+ <span class="command"><strong>rndc signing -list</strong></span> uses to
display it), or all keys. In either case, only
completed keys are removed; any record indicating
that a key has not yet finished signing the zone
will be retained.
</p>
<p>
- <span><strong class="command">rndc signing -nsec3param</strong></span> sets
+ <span class="command"><strong>rndc signing -nsec3param</strong></span> sets
the NSEC3 parameters for a zone. This is the
only supported mechanism for using NSEC3 with
- <span><strong class="command">inline-signing</strong></span> zones.
+ <span class="command"><strong>inline-signing</strong></span> zones.
Parameters are specified in the same format as
an NSEC3PARAM resource record: hash algorithm,
flags, iterations, and salt, in that order.
</p>
<p>
- Currently, the only defined value for hash algorithm
+ Currently, the only defined value for hash algorithm
is <code class="literal">1</code>, representing SHA-1.
The <code class="option">flags</code> may be set to
<code class="literal">0</code> or <code class="literal">1</code>,
@@ -442,13 +441,13 @@
So, for example, to create an NSEC3 chain using
the SHA-1 hash algorithm, no opt-out flag,
10 iterations, and a salt value of "FFFF", use:
- <span><strong class="command">rndc signing -nsec3param 1 0 10 FFFF <em class="replaceable"><code>zone</code></em></strong></span>.
+ <span class="command"><strong>rndc signing -nsec3param 1 0 10 FFFF <em class="replaceable"><code>zone</code></em></strong></span>.
To set the opt-out flag, 15 iterations, and no
salt, use:
- <span><strong class="command">rndc signing -nsec3param 1 1 15 - <em class="replaceable"><code>zone</code></em></strong></span>.
+ <span class="command"><strong>rndc signing -nsec3param 1 1 15 - <em class="replaceable"><code>zone</code></em></strong></span>.
</p>
<p>
- <span><strong class="command">rndc signing -nsec3param none</strong></span>
+ <span class="command"><strong>rndc signing -nsec3param none</strong></span>
removes an existing NSEC3 chain and replaces it
with NSEC.
</p>
@@ -456,14 +455,14 @@
<dt><span class="term"><strong class="userinput"><code>stats</code></strong></span></dt>
<dd><p>
Write server statistics to the statistics file.
- (See the <span><strong class="command">statistics-file</strong></span> option in
+ (See the <span class="command"><strong>statistics-file</strong></span> option in
the BIND 9 Administrator Reference Manual.)
</p></dd>
<dt><span class="term"><strong class="userinput"><code>status</code></strong></span></dt>
<dd><p>
Display status of the server.
- Note that the number of zones includes the internal <span><strong class="command">bind/CH</strong></span> zone
- and the default <span><strong class="command">./IN</strong></span>
+ Note that the number of zones includes the internal <span class="command"><strong>bind/CH</strong></span> zone
+ and the default <span class="command"><strong>./IN</strong></span>
hint zone if there is not an
explicit root zone configured.
</p></dd>
@@ -473,11 +472,11 @@
Stop the server, making sure any recent changes
made through dynamic update or IXFR are first saved to
the master files of the updated zones.
- If <code class="option">-p</code> is specified <span><strong class="command">named</strong></span>'s process id is returned.
- This allows an external process to determine when <span><strong class="command">named</strong></span>
+ If <code class="option">-p</code> is specified <span class="command"><strong>named</strong></span>'s process id is returned.
+ This allows an external process to determine when <span class="command"><strong>named</strong></span>
had completed stopping.
</p>
-<p>See also <span><strong class="command">rndc halt</strong></span>.</p>
+<p>See also <span class="command"><strong>rndc halt</strong></span>.</p>
</dd>
<dt><span class="term"><strong class="userinput"><code>sync [<span class="optional">-clean</span>] [<span class="optional"><em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>
<dd><p>
@@ -496,13 +495,13 @@
load has completed. After a zone is thawed,
dynamic updates will no longer be refused. If
the zone has changed and the
- <span><strong class="command">ixfr-from-differences</strong></span> option is
+ <span class="command"><strong>ixfr-from-differences</strong></span> option is
in use, then the journal file will be updated to
reflect changes in the zone. Otherwise, if the
zone has changed, any existing journal file will be
removed.
</p>
-<p>See also <span><strong class="command">rndc freeze</strong></span>.</p>
+<p>See also <span class="command"><strong>rndc freeze</strong></span>.</p>
</dd>
<dt><span class="term"><strong class="userinput"><code>trace</code></strong></span></dt>
<dd><p>
@@ -515,7 +514,7 @@
value.
</p>
<p>
- See also <span><strong class="command">rndc notrace</strong></span>.
+ See also <span class="command"><strong>rndc notrace</strong></span>.
</p>
</dd>
<dt><span class="term"><strong class="userinput"><code>tsig-delete</code></strong> <em class="replaceable"><code>keyname</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span></dt>
@@ -527,7 +526,7 @@
<dt><span class="term"><strong class="userinput"><code>tsig-list</code></strong></span></dt>
<dd><p>
List the names of all TSIG keys currently configured
- for use by <span><strong class="command">named</strong></span> in each view. The
+ for use by <span class="command"><strong>named</strong></span> in each view. The
list both statically configured keys and dynamic
TKEY-negotiated keys.
</p></dd>
@@ -535,15 +534,15 @@
<dd><p>
Enable, disable, or check the current status of
DNSSEC validation.
- Note <span><strong class="command">dnssec-enable</strong></span> also needs to be
+ Note <span class="command"><strong>dnssec-enable</strong></span> also needs to be
set to <strong class="userinput"><code>yes</code></strong> or
<strong class="userinput"><code>auto</code></strong> to be effective.
It defaults to enabled.
</p></dd>
</dl></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2687854"></a><h2>LIMITATIONS</h2>
+<div class="refsection">
+<a name="id-1.14.21.10"></a><h2>LIMITATIONS</h2>
<p>
There is currently no way to provide the shared secret for a
<code class="option">key_id</code> without using the configuration file.
@@ -552,8 +551,8 @@
Several error messages could be clearer.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2687873"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.14.21.11"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
@@ -562,11 +561,6 @@
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2687928"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
- </p>
-</div>
</div>
<div class="navfooter">
<hr>
@@ -587,6 +581,6 @@
</tr>
</table>
</div>
-<p style="text-align: center;">BIND 9.9.8-P4 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P3 (Extended Support Version)</p>
</body>
</html>
diff --git a/doc/arm/managed-keys.xml b/doc/arm/managed-keys.xml
index 51949487fbb4..d1335eaf4b9d 100644
--- a/doc/arm/managed-keys.xml
+++ b/doc/arm/managed-keys.xml
@@ -1,6 +1,5 @@
-<?xml version="1.0" encoding="utf-8"?>
<!--
- - Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2010, 2015 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -15,28 +14,29 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: managed-keys.xml,v 1.3 2010/02/03 23:49:07 tbox Exp $ -->
+<!-- $Id$ -->
+
+<!-- Converted by db4-upgrade version 1.0 -->
+<section xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="rfc5011.support"><info><title>Dynamic Trust Anchor Management</title></info>
-<sect1 id="rfc5011.support">
- <title>Dynamic Trust Anchor Management</title>
<para>BIND 9.7.0 introduces support for RFC 5011, dynamic trust
- anchor management. Using this feature allows
+ anchor management. Using this feature allows
<command>named</command> to keep track of changes to critical
DNSSEC keys without any need for the operator to make changes to
configuration files.</para>
- <sect2>
- <title>Validating Resolver</title>
+ <section><info><title>Validating Resolver</title></info>
+
<!-- TODO: command tag is overloaded for configuration and executables -->
<para>To configure a validating resolver to use RFC 5011 to
- maintain a trust anchor, configure the trust anchor using a
+ maintain a trust anchor, configure the trust anchor using a
<command>managed-keys</command> statement. Information about
- this can be found in
- <xref linkend="managed-keys" />.</para>
+ this can be found in
+ <xref linkend="managed-keys"/>.</para>
<!-- TODO: managed-keys examples
also in DNSSEC section above here in ARM -->
- </sect2>
- <sect2>
- <title>Authoritative Server</title>
+ </section>
+ <section><info><title>Authoritative Server</title></info>
+
<para>To set up an authoritative zone for RFC 5011 trust anchor
maintenance, generate two (or more) key signing keys (KSKs) for
the zone. Sign the zone with one of them; this is the "active"
@@ -52,21 +52,21 @@ also in DNSSEC section above here in ARM -->
timer has completed, the active KSK can be revoked, and the
zone can be "rolled over" to the newly accepted key.</para>
<para>The easiest way to place a stand-by key in a zone is to
- use the "smart signing" features of
- <command>dnssec-keygen</command> and
+ use the "smart signing" features of
+ <command>dnssec-keygen</command> and
<command>dnssec-signzone</command>. If a key with a publication
date in the past, but an activation date which is unset or in
- the future, "
+ the future, "
<command>dnssec-signzone -S</command>" will include the DNSKEY
record in the zone, but will not sign with it:</para>
<screen>
$ <userinput>dnssec-keygen -K keys -f KSK -P now -A now+2y example.net</userinput>
$ <userinput>dnssec-signzone -S -K keys example.net</userinput>
</screen>
- <para>To revoke a key, the new command
+ <para>To revoke a key, the new command
<command>dnssec-revoke</command> has been added. This adds the
- REVOKED bit to the key flags and re-generates the
- <filename>K*.key</filename> and
+ REVOKED bit to the key flags and re-generates the
+ <filename>K*.key</filename> and
<filename>K*.private</filename> files.</para>
<para>After revoking the active key, the zone must be signed
with both the revoked KSK and the new active KSK. (Smart
@@ -84,7 +84,7 @@ $ <userinput>dnssec-signzone -S -K keys example.net</userinput>
"<filename>Kexample.com.+005+10128</filename>".</para>
<para>If two keys have ID's exactly 128 apart, and one is
revoked, then the two key ID's will collide, causing several
- problems. To prevent this,
+ problems. To prevent this,
<command>dnssec-keygen</command> will not generate a new key if
another key is present which may collide. This checking will
only occur if the new keys are written to the same directory
@@ -96,5 +96,5 @@ $ <userinput>dnssec-signzone -S -K keys example.net</userinput>
<para>It is expected that a future release of BIND 9 will
address this problem in a different way, by storing revoked
keys with their original unrevoked key ID's.</para>
- </sect2>
-</sect1>
+ </section>
+</section>
diff --git a/doc/arm/notes-wrapper.xml b/doc/arm/notes-wrapper.xml
index 9d31ef8b6d58..db5f01c19eae 100644
--- a/doc/arm/notes-wrapper.xml
+++ b/doc/arm/notes-wrapper.xml
@@ -1,6 +1,5 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
+<!DOCTYPE book [
+<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
-
@@ -17,13 +16,8 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<article xmlns:xi="http://www.w3.org/2001/XInclude">
- <title/>
- <xi:include href="notes.xml"/>
-</article>
+<!-- Converted by db4-upgrade version 1.0 -->
+<article xmlns="http://docbook.org/ns/docbook" version="5.0"><info><title/></info>
-<!--
- - Local variables:
- - mode: sgml
- - End:
- -->
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="notes.xml"/>
+</article>
diff --git a/doc/arm/notes.conf b/doc/arm/notes.conf
new file mode 100644
index 000000000000..f8dd8326f5a5
--- /dev/null
+++ b/doc/arm/notes.conf
@@ -0,0 +1,3 @@
+TexInputs: ../tex//
+TexStyle: notestyle
+XslParam: ../xsl/notes-param.xsl
diff --git a/doc/arm/notes.html b/doc/arm/notes.html
index da38378d3218..d0639bc21fb8 100644
--- a/doc/arm/notes.html
+++ b/doc/arm/notes.html
@@ -17,119 +17,112 @@
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title></title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="article" lang="en"><div class="sect1" lang="en">
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="article"><div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2542126"></a>Release Notes for BIND Version 9.9.8-P4</h2></div></div></div>
-<div class="sect2" lang="en">
+<a name="id-1.2"></a>Release Notes for BIND Version 9.9.9-P3</h2></div></div></div>
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_intro"></a>Introduction</h3></div></div></div>
<p>
- This document summarizes changes since BIND 9.9.8:
+ This document summarizes changes since BIND 9.9.9:
</p>
<p>
- BIND 9.9.8-P4 addresses the security issues described in
- CVE-2016-1285 and CVE-2016-1286.
+ BIND 9.10.9-P3 addresses the security issue described in
+ CVE-2016-2776.
</p>
<p>
- BIND 9.9.8-P3 addresses the security issue described in CVE-2015-8704.
- It also fixes a serious regression in authoritative server selection
- that was introduced in 9.9.8.
+ BIND 9.9.9-P2 addresses the security issue described in
+ CVE-2016-2775.
</p>
<p>
- BIND 9.9.8-P2 addresses security issues described in CVE-2015-3193
- (OpenSSL), CVE-2015-8000 and CVE-2015-8461.
- </p>
-<p>
- BIND 9.9.8-P1 was incomplete and was withdrawn prior to publication.
+ BIND 9.9.9-P1 addresses Windows installation issues and a race
+ condition in the rbt/rbtdb implementation resulting in named
+ exiting due to assertion failures being detected.
</p>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_download"></a>Download</h3></div></div></div>
<p>
The latest versions of BIND 9 software can always be found at
- <a href="http://www.isc.org/downloads/" target="_top">http://www.isc.org/downloads/</a>.
+ <a class="link" href="http://www.isc.org/downloads/" target="_top">http://www.isc.org/downloads/</a>.
There you will find additional information about each release,
source code, and pre-compiled versions for Microsoft Windows
operating systems.
</p>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
-<div class="itemizedlist"><ul type="disc">
-<li><p>
- The resolver could abort with an assertion failure due to
- improper DNAME handling when parsing fetch reply
- messages. This flaw is disclosed in CVE-2016-1286. [RT #41753]
- </p></li>
-<li><p>
- Malformed control messages can trigger assertions in named
- and rndc. This flaw is disclosed in CVE-2016-1285. [RT
- #41666]
- </p></li>
-<li><p>
- Specific APL data could trigger an INSIST. This flaw
- is disclosed in CVE-2015-8704. [RT #41396]
+<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem"><p>
+ It was possible to trigger a assertion when rendering a
+ message using a specially crafted request. This flaw is
+ disclosed in CVE-2016-2776. [RT #43139]
</p></li>
-<li><p>
- Named is potentially vulnerable to the OpenSSL vulnerability
- described in CVE-2015-3193.
- </p></li>
-<li><p>
- Incorrect reference counting could result in an INSIST
- failure if a socket error occurred while performing a
- lookup. This flaw is disclosed in CVE-2015-8461. [RT#40945]
- </p></li>
-<li><p>
- Insufficient testing when parsing a message allowed
- records with an incorrect class to be be accepted,
- triggering a REQUIRE failure when those records
- were subsequently cached. This flaw is disclosed
- in CVE-2015-8000. [RT #40987]
+<li class="listitem"><p>
+ getrrsetbyname with a non absolute name could trigger an
+ infinite recursion bug in lwresd and named with lwres
+ configured if when combined with a search list entry the
+ resulting name is too long. This flaw is disclosed in
+ CVE-2016-2775. [RT #42694]
</p></li>
</ul></div>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_features"></a>New Features</h3></div></div></div>
-<div class="itemizedlist"><ul type="disc"><li><p>None</p></li></ul></div>
+<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
+ None.
+ </p></li></ul></div>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
-<div class="itemizedlist"><ul type="disc"><li><p>
- Updated the compiled in addresses for H.ROOT-SERVERS.NET.
+<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
+ None.
</p></li></ul></div>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
-<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
-<div class="itemizedlist"><ul type="disc"><li><p>
- Authoritative servers that were marked as bogus (e.g. blackholed
- in configuration or with invalid addresses) were being queried
- anyway. [RT #41321]
+<a name="relnotes_port"></a>Porting Changes</h3></div></div></div>
+<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
+ None.
</p></li></ul></div>
</div>
-<div class="sect2" lang="en">
+<div class="section">
+<div class="titlepage"><div><div><h3 class="title">
+<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
+<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem"><p>
+ Windows installs were failing due to triggering UAC without
+ the installation binary being signed.
+ </p></li>
+<li class="listitem"><p>
+ A race condition in rbt/rbtdb was leading to INSISTs being
+ triggered.
+ </p></li>
+</ul></div>
+</div>
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="end_of_life"></a>End of Life</h3></div></div></div>
<p>
- The BIND 9.9 (Extended Support Version) will be supported until
+ BIND 9.9 (Extended Support Version) will be supported until
December, 2017.
- <a href="https://www.isc.org/downloads/software-support-policy/" target="_top">https://www.isc.org/downloads/software-support-policy/</a>
+ <a class="link" href="https://www.isc.org/downloads/software-support-policy/" target="_top">https://www.isc.org/downloads/software-support-policy/</a>
</p>
</div>
-<div class="sect2" lang="en">
+<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_thanks"></a>Thank You</h3></div></div></div>
<p>
Thank you to everyone who assisted us in making this release possible.
If you would like to contribute to ISC to assist us in continuing to
make quality open source software, please visit our donations page at
- <a href="http://www.isc.org/donate/" target="_top">http://www.isc.org/donate/</a>.
+ <a class="link" href="http://www.isc.org/donate/" target="_top">http://www.isc.org/donate/</a>.
</p>
</div>
</div></div></body>
diff --git a/doc/arm/notes.pdf b/doc/arm/notes.pdf
index 01b320bfb75b..228070f438e8 100644
--- a/doc/arm/notes.pdf
+++ b/doc/arm/notes.pdf
Binary files differ
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index 0e7d95fdd436..72cebb286a77 100644
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -1,4 +1,6 @@
-<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE book [
+<!ENTITY mdash "&#8212;">
+<!ENTITY ouml "&#xf6;">]>
<!--
- Copyright (C) 2014-2016 Internet Systems Consortium, Inc. ("ISC")
-
@@ -15,135 +17,121 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<sect1 xmlns:xi="http://www.w3.org/2001/XInclude">
- <xi:include href="noteversion.xml"/>
- <sect2 id="relnotes_intro">
- <title>Introduction</title>
+<section xmlns="http://docbook.org/ns/docbook" version="5.0"><info/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="noteversion.xml"/>
+ <section xml:id="relnotes_intro"><info><title>Introduction</title></info>
<para>
- This document summarizes changes since BIND 9.9.8:
+ This document summarizes changes since BIND 9.9.9:
</para>
<para>
- BIND 9.9.8-P4 addresses the security issues described in
- CVE-2016-1285 and CVE-2016-1286.
+ BIND 9.10.9-P3 addresses the security issue described in
+ CVE-2016-2776.
</para>
<para>
- BIND 9.9.8-P3 addresses the security issue described in CVE-2015-8704.
- It also fixes a serious regression in authoritative server selection
- that was introduced in 9.9.8.
+ BIND 9.9.9-P2 addresses the security issue described in
+ CVE-2016-2775.
</para>
<para>
- BIND 9.9.8-P2 addresses security issues described in CVE-2015-3193
- (OpenSSL), CVE-2015-8000 and CVE-2015-8461.
+ BIND 9.9.9-P1 addresses Windows installation issues and a race
+ condition in the rbt/rbtdb implementation resulting in named
+ exiting due to assertion failures being detected.
</para>
- <para>
- BIND 9.9.8-P1 was incomplete and was withdrawn prior to publication.
- </para>
- </sect2>
- <sect2 id="relnotes_download">
- <title>Download</title>
+
+ </section>
+
+ <section xml:id="relnotes_download"><info><title>Download</title></info>
<para>
The latest versions of BIND 9 software can always be found at
- <ulink url="http://www.isc.org/downloads/"
- >http://www.isc.org/downloads/</ulink>.
+ <link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="http://www.isc.org/downloads/">http://www.isc.org/downloads/</link>.
There you will find additional information about each release,
source code, and pre-compiled versions for Microsoft Windows
operating systems.
</para>
- </sect2>
- <sect2 id="relnotes_security">
- <title>Security Fixes</title>
+ </section>
+
+ <section xml:id="relnotes_security"><info><title>Security Fixes</title></info>
<itemizedlist>
<listitem>
<para>
- The resolver could abort with an assertion failure due to
- improper DNAME handling when parsing fetch reply
- messages. This flaw is disclosed in CVE-2016-1286. [RT #41753]
+ It was possible to trigger a assertion when rendering a
+ message using a specially crafted request. This flaw is
+ disclosed in CVE-2016-2776. [RT #43139]
</para>
</listitem>
<listitem>
<para>
- Malformed control messages can trigger assertions in named
- and rndc. This flaw is disclosed in CVE-2016-1285. [RT
- #41666]
- </para>
- </listitem>
- <listitem>
- <para>
- Specific APL data could trigger an INSIST. This flaw
- is disclosed in CVE-2015-8704. [RT #41396]
- </para>
- </listitem>
- <listitem>
- <para>
- Named is potentially vulnerable to the OpenSSL vulnerability
- described in CVE-2015-3193.
+ getrrsetbyname with a non absolute name could trigger an
+ infinite recursion bug in lwresd and named with lwres
+ configured if when combined with a search list entry the
+ resulting name is too long. This flaw is disclosed in
+ CVE-2016-2775. [RT #42694]
</para>
</listitem>
+ </itemizedlist>
+
+ </section>
+
+ <section xml:id="relnotes_features"><info><title>New Features</title></info>
+ <itemizedlist>
<listitem>
<para>
- Incorrect reference counting could result in an INSIST
- failure if a socket error occurred while performing a
- lookup. This flaw is disclosed in CVE-2015-8461. [RT#40945]
+ None.
</para>
</listitem>
+ </itemizedlist>
+ </section>
+
+ <section xml:id="relnotes_changes"><info><title>Feature Changes</title></info>
+ <itemizedlist>
<listitem>
<para>
- Insufficient testing when parsing a message allowed
- records with an incorrect class to be be accepted,
- triggering a REQUIRE failure when those records
- were subsequently cached. This flaw is disclosed
- in CVE-2015-8000. [RT #40987]
+ None.
</para>
</listitem>
</itemizedlist>
- </sect2>
- <sect2 id="relnotes_features">
- <title>New Features</title>
+ </section>
+
+ <section xml:id="relnotes_port"><info><title>Porting Changes</title></info>
<itemizedlist>
<listitem>
- <para>None</para>
+ <para>
+ None.
+ </para>
</listitem>
</itemizedlist>
- </sect2>
- <sect2 id="relnotes_changes">
- <title>Feature Changes</title>
+ </section>
+
+ <section xml:id="relnotes_bugs"><info><title>Bug Fixes</title></info>
<itemizedlist>
<listitem>
- <para>
- Updated the compiled in addresses for H.ROOT-SERVERS.NET.
+ <para>
+ Windows installs were failing due to triggering UAC without
+ the installation binary being signed.
</para>
</listitem>
- </itemizedlist>
- </sect2>
- <sect2 id="relnotes_bugs">
- <title>Bug Fixes</title>
- <itemizedlist>
<listitem>
<para>
- Authoritative servers that were marked as bogus (e.g. blackholed
- in configuration or with invalid addresses) were being queried
- anyway. [RT #41321]
+ A race condition in rbt/rbtdb was leading to INSISTs being
+ triggered.
</para>
</listitem>
</itemizedlist>
- </sect2>
- <sect2 id="end_of_life">
- <title>End of Life</title>
+ </section>
+
+ <section xml:id="end_of_life"><info><title>End of Life</title></info>
<para>
- The BIND 9.9 (Extended Support Version) will be supported until
+ BIND 9.9 (Extended Support Version) will be supported until
December, 2017.
- <ulink url="https://www.isc.org/downloads/software-support-policy/"
- >https://www.isc.org/downloads/software-support-policy/</ulink>
+ <link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://www.isc.org/downloads/software-support-policy/">https://www.isc.org/downloads/software-support-policy/</link>
</para>
- </sect2>
- <sect2 id="relnotes_thanks">
- <title>Thank You</title>
+ </section>
+
+ <section xml:id="relnotes_thanks"><info><title>Thank You</title></info>
<para>
Thank you to everyone who assisted us in making this release possible.
If you would like to contribute to ISC to assist us in continuing to
make quality open source software, please visit our donations page at
- <ulink url="http://www.isc.org/donate/"
- >http://www.isc.org/donate/</ulink>.
+ <link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="http://www.isc.org/donate/">http://www.isc.org/donate/</link>.
</para>
- </sect2>
-</sect1>
+ </section>
+</section>
diff --git a/doc/arm/noteversion.xml.in b/doc/arm/noteversion.xml.in
new file mode 100644
index 000000000000..e42aeb2b3612
--- /dev/null
+++ b/doc/arm/noteversion.xml.in
@@ -0,0 +1,17 @@
+<!--
+ - Copyright (C) 2015 Internet Systems Consortium, Inc. ("ISC")
+ -
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+
+<title>Release Notes for BIND Version @BIND9_VERSION@</title>
diff --git a/doc/arm/pkcs11.xml b/doc/arm/pkcs11.xml
index d5a841295a5a..86a7305e36b0 100644
--- a/doc/arm/pkcs11.xml
+++ b/doc/arm/pkcs11.xml
@@ -1,8 +1,5 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2010, 2012-2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2010, 2012-2016 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -17,10 +14,9 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: pkcs11.xml,v 1.7 2012/01/16 22:50:12 each Exp $ -->
+<!-- Converted by db4-upgrade version 1.0 -->
+<section xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="pkcs11"><info><title>PKCS #11 (Cryptoki) support</title></info>
-<sect1 id="pkcs11">
- <title>PKCS #11 (Cryptoki) support</title>
<para>PKCS #11 (Public Key Cryptography Standard #11) defines a
platform- independent API for the control of hardware security
modules (HSMs) and other cryptographic support devices.</para>
@@ -28,8 +24,8 @@
cryptographic acceleration board, tested under Solaris x86, and
the AEP Keyper network-attached key storage device, tested with
Debian Linux, Solaris x86 and Windows Server 2003.</para>
- <sect2>
- <title>Prerequisites</title>
+ <section><info><title>Prerequisites</title></info>
+
<para>See the HSM vendor documentation for information about
installing, initializing, testing and troubleshooting the
HSM.</para>
@@ -60,7 +56,7 @@
function primarily as secure key storage devices, but lack
hardware acceleration. These devices are highly secure, but
are not necessarily any faster at cryptography than the
- system CPU &mdash; often, they are slower. It is therefore
+ system CPU — often, they are slower. It is therefore
most efficient to use them only for those cryptographic
functions that require access to the secured private key,
such as zone signing, and to use the system CPU for all
@@ -71,15 +67,15 @@
<para>
The modified OpenSSL code is included in the BIND 9 release,
in the form of a context diff against the latest versions of
- OpenSSL. OpenSSL 0.9.8, 1.0.0, and 1.0.1 are supported; there are
- separate diffs for each version. In the examples to follow,
- we use OpenSSL 0.9.8, but the same methods work with OpenSSL
- 1.0.0 and 1.0.1.
+ OpenSSL. OpenSSL 0.9.8, 1.0.0, 1.0.1 and 1.0.2 are supported;
+ there are separate diffs for each version. In the examples to
+ follow, we use OpenSSL 0.9.8, but the same methods work with
+ OpenSSL 1.0.0 through 1.0.2.
</para>
<note>
- The latest OpenSSL versions at the time of the BIND release
- are 0.9.8y, 1.0.0k and 1.0.1e.
- ISC will provide an updated patch as new versions of OpenSSL
+ The OpenSSL patches as of this writing (January 2016)
+ support versions 0.9.8zh, 1.0.0t, 1.0.1q and 1.0.2f.
+ ISC will provide updated patches as new versions of OpenSSL
are released. The version number in the following examples
is expected to change.</note>
<para>
@@ -89,7 +85,7 @@
library.</para>
<para>Obtain OpenSSL 0.9.8s:</para>
<screen>
-$ <userinput>wget <ulink>http://www.openssl.org/source/openssl-0.9.8s.tar.gz</ulink></userinput>
+$ <userinput>wget <link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="">http://www.openssl.org/source/openssl-0.9.8s.tar.gz</link></userinput>
</screen>
<para>Extract the tarball:</para>
<screen>
@@ -108,9 +104,9 @@ $ <userinput>patch -p1 -d openssl-0.9.8s \
elsewhere on the system. In the following examples, we choose
to install into "/opt/pkcs11/usr". We will use this location
when we configure BIND 9.</para>
- <sect3>
+ <section><info><title>Building OpenSSL for the AEP Keyper on Linux</title></info>
<!-- Example 1 -->
- <title>Building OpenSSL for the AEP Keyper on Linux</title>
+
<para>The AEP Keyper is a highly secure key storage device,
but does not provide hardware cryptographic acceleration. It
can carry out cryptographic operations, but it is probably
@@ -139,10 +135,10 @@ $ <userinput>./Configure linux-generic32 -m32 -pthread \
and "<command>make test</command>". If "<command>make
test</command>" fails with "pthread_atfork() not found", you forgot to
add the -pthread above.</para>
- </sect3>
- <sect3>
+ </section>
+ <section><info><title>Building OpenSSL for the SCA 6000 on Solaris</title></info>
<!-- Example 2 -->
- <title>Building OpenSSL for the SCA 6000 on Solaris</title>
+
<para>The SCA-6000 PKCS #11 provider is installed as a system
library, libpkcs11. It is a true crypto accelerator, up to 4
times faster than any CPU, so the flavor shall be
@@ -158,13 +154,13 @@ $ <userinput>./Configure solaris64-x86_64-cc \
</screen>
<para>(For a 32-bit build, use "solaris-x86-cc" and
/usr/lib/libpkcs11.so.)</para>
- <para>After configuring, run
- <command>make</command> and
+ <para>After configuring, run
+ <command>make</command> and
<command>make test</command>.</para>
- </sect3>
- <sect3>
+ </section>
+ <section><info><title>Building OpenSSL for SoftHSM</title></info>
<!-- Example 3 -->
- <title>Building OpenSSL for SoftHSM</title>
+
<para>SoftHSM is a software library provided by the OpenDNSSEC
project (http://www.opendnssec.org) which provides a PKCS#11
interface to a virtual HSM, implemented in the form of encrypted
@@ -183,7 +179,7 @@ $ <userinput> configure --prefix=/opt/pkcs11/usr </userinput>
$ <userinput> make </userinput>
$ <userinput> make install </userinput>
$ <userinput> export SOFTHSM_CONF=/opt/pkcs11/softhsm.conf </userinput>
-$ <userinput> echo "0:/opt/pkcs11/softhsm.db" > $SOFTHSM_CONF </userinput>
+$ <userinput> echo "0:/opt/pkcs11/softhsm.db" &gt; $SOFTHSM_CONF </userinput>
$ <userinput> /opt/pkcs11/usr/bin/softhsm --init-token 0 --slot 0 --label softhsm </userinput>
</screen>
<para>SoftHSM can perform all cryptographic operations, but
@@ -199,7 +195,7 @@ $ <userinput>./Configure linux-x86_64 -pthread \
</screen>
<para>After configuring, run "<command>make</command>"
and "<command>make test</command>".</para>
- </sect3>
+ </section>
<para>Once you have built OpenSSL, run
"<command>apps/openssl engine pkcs11</command>" to confirm
that PKCS #11 support was compiled in correctly. The output
@@ -219,16 +215,16 @@ $ <userinput>./Configure linux-x86_64 -pthread \
<quote><literal>[ available ]</literal></quote>.</para>
<para>If the output is correct, run
"<command>make install</command>" which will install the
- modified OpenSSL suite to
+ modified OpenSSL suite to
<filename>/opt/pkcs11/usr</filename>.</para>
- </sect2>
- <sect2>
- <title>Building BIND 9 with PKCS#11</title>
+ </section>
+ <section><info><title>Building BIND 9 with PKCS#11</title></info>
+
<para>When building BIND 9, the location of the custom-built
OpenSSL library must be specified via configure.</para>
- <sect3>
+ <section><info><title>Configuring BIND 9 for Linux with the AEP Keyper</title></info>
<!-- Example 4 -->
- <title>Configuring BIND 9 for Linux with the AEP Keyper</title>
+
<para>To link with the PKCS #11 provider, threads must be
enabled in the BIND 9 build.</para>
<para>The PKCS #11 library for the AEP Keyper is currently
@@ -241,10 +237,10 @@ $ <userinput>./configure CC="gcc -m32" --enable-threads \
--with-openssl=/opt/pkcs11/usr \
--with-pkcs11=/opt/pkcs11/usr/lib/libpkcs11.so</userinput>
</screen>
- </sect3>
- <sect3>
+ </section>
+ <section><info><title>Configuring BIND 9 for Solaris with the SCA 6000</title></info>
<!-- Example 5 -->
- <title>Configuring BIND 9 for Solaris with the SCA 6000</title>
+
<para>To link with the PKCS #11 provider, threads must be
enabled in the BIND 9 build.</para>
<screen>
@@ -259,32 +255,32 @@ $ <userinput>./configure CC="cc -xarch=amd64" --enable-threads \
incorrectly specified the path to OpenSSL (it should be the
same as the --prefix argument to the OpenSSL
Configure).</para>
- </sect3>
- <sect3>
+ </section>
+ <section><info><title>Configuring BIND 9 for SoftHSM</title></info>
<!-- Example 6 -->
- <title>Configuring BIND 9 for SoftHSM</title>
+
<screen>
$ <userinput>cd ../bind9</userinput>
$ <userinput>./configure --enable-threads \
--with-openssl=/opt/pkcs11/usr \
--with-pkcs11=/opt/pkcs11/usr/lib/libpkcs11.so</userinput>
</screen>
- </sect3>
+ </section>
<para>After configuring, run
"<command>make</command>",
"<command>make test</command>" and
"<command>make install</command>".</para>
<para>(Note: If "make test" fails in the "pkcs11" system test, you may
have forgotten to set the SOFTHSM_CONF environment variable.)</para>
- </sect2>
- <sect2>
- <title>PKCS #11 Tools</title>
+ </section>
+ <section><info><title>PKCS #11 Tools</title></info>
+
<para>BIND 9 includes a minimal set of tools to operate the
- HSM, including
+ HSM, including
<command>pkcs11-keygen</command> to generate a new key pair
- within the HSM,
+ within the HSM,
<command>pkcs11-list</command> to list objects currently
- available, and
+ available, and
<command>pkcs11-destroy</command> to remove objects.</para>
<para>In UNIX/Linux builds, these tools are built only if BIND
9 is configured with the --with-pkcs11 option. (NOTE: If
@@ -293,9 +289,9 @@ $ <userinput>./configure --enable-threads \
provider will be left undefined. Use the -m option or the
PKCS11_PROVIDER environment variable to specify the path to the
provider.)</para>
- </sect2>
- <sect2>
- <title>Using the HSM</title>
+ </section>
+ <section><info><title>Using the HSM</title></info>
+
<para>First, we must set up the runtime environment so the
OpenSSL and PKCS #11 libraries can be loaded:</para>
<screen>
@@ -304,7 +300,7 @@ $ <userinput>export LD_LIBRARY_PATH=/opt/pkcs11/usr/lib:${LD_LIBRARY_PATH}</user
<para>When operating an AEP Keyper, it is also necessary to
specify the location of the "machine" file, which stores
information about the Keyper for use by PKCS #11 provider
- library. If the machine file is in
+ library. If the machine file is in
<filename>/opt/Keyper/PKCS11Provider/machine</filename>,
use:</para>
<screen>
@@ -312,14 +308,14 @@ $ <userinput>export KEYPER_LIBRARY_PATH=/opt/Keyper/PKCS11Provider</userinput>
</screen>
<!-- TODO: why not defined at compile time? -->
<para>These environment variables must be set whenever running
- any tool that uses the HSM, including
- <command>pkcs11-keygen</command>,
- <command>pkcs11-list</command>,
- <command>pkcs11-destroy</command>,
- <command>dnssec-keyfromlabel</command>,
- <command>dnssec-signzone</command>,
+ any tool that uses the HSM, including
+ <command>pkcs11-keygen</command>,
+ <command>pkcs11-list</command>,
+ <command>pkcs11-destroy</command>,
+ <command>dnssec-keyfromlabel</command>,
+ <command>dnssec-signzone</command>,
<command>dnssec-keygen</command>(which will use the HSM for
- random number generation), and
+ random number generation), and
<command>named</command>.</para>
<para>We can now create and use keys in the HSM. In this case,
we will create a 2048 bit key and give it the label
@@ -367,9 +363,9 @@ $ <userinput>dnssec-keygen example.net</userinput>
rolled more frequently, if you wish, to compensate for a
reduction in key security.</para>
<para>Now you can sign the zone. (Note: If not using the -S
- option to
+ option to
<command>dnssec-signzone</command>, it will be necessary to add
- the contents of both
+ the contents of both
<filename>K*.key</filename> files to the zone master file before
signing it.)</para>
<screen>
@@ -381,35 +377,35 @@ Zone signing complete:
Algorithm: NSEC3RSASHA1: ZSKs: 1, KSKs: 1 active, 0 revoked, 0 stand-by
example.net.signed
</screen>
- </sect2>
- <sect2>
- <title>Specifying the engine on the command line</title>
- <para>The OpenSSL engine can be specified in
- <command>named</command> and all of the BIND
+ </section>
+ <section><info><title>Specifying the engine on the command line</title></info>
+
+ <para>The OpenSSL engine can be specified in
+ <command>named</command> and all of the BIND
<command>dnssec-*</command> tools by using the "-E
&lt;engine&gt;" command line option. If BIND 9 is built with
the --with-pkcs11 option, this option defaults to "pkcs11".
Specifying the engine will generally not be necessary unless
for some reason you wish to use a different OpenSSL
engine.</para>
- <para>If you wish to disable use of the "pkcs11" engine &mdash;
+ <para>If you wish to disable use of the "pkcs11" engine —
for troubleshooting purposes, or because the HSM is unavailable
- &mdash; set the engine to the empty string. For example:</para>
+ — set the engine to the empty string. For example:</para>
<screen>
$ <userinput>dnssec-signzone -E '' -S example.net</userinput>
</screen>
- <para>This causes
+ <para>This causes
<command>dnssec-signzone</command> to run as if it were compiled
without the --with-pkcs11 option.</para>
- </sect2>
- <sect2>
- <title>Running named with automatic zone re-signing</title>
- <para>If you want
+ </section>
+ <section><info><title>Running named with automatic zone re-signing</title></info>
+
+ <para>If you want
<command>named</command> to dynamically re-sign zones using HSM
keys, and/or to to sign new records inserted via nsupdate, then
named must have access to the HSM PIN. This can be accomplished
by placing the PIN into the openssl.cnf file (in the above
- examples,
+ examples,
<filename>/opt/pkcs11/usr/ssl/openssl.cnf</filename>).</para>
<para>The location of the openssl.cnf file can be overridden by
setting the OPENSSL_CONF environment variable before running
@@ -428,7 +424,7 @@ $ <userinput>dnssec-signzone -E '' -S example.net</userinput>
without PIN entry. (The pkcs11-* tools access the HSM directly,
not via OpenSSL, so a PIN will still be required to use
them.)</para>
-<!--
+<!--
If the PIN is not known, I believe the first time named needs the
PIN to open a key, it'll ask you to type in the PIN, which will be
a problem because it probably won't be running on a terminal
@@ -439,7 +435,7 @@ a problem because it probably won't be running on a terminal
HSM. Be sure this is what you want to do before configuring
OpenSSL in this way.</para>
</warning>
- </sect2>
+ </section>
<!-- TODO: what is alternative then for named dynamic re-signing? -->
<!-- TODO: what happens if PIN is not known? named will log about it? -->
-</sect1>
+</section>
diff --git a/doc/arm/pkgversion.xml.in b/doc/arm/pkgversion.xml.in
new file mode 100644
index 000000000000..1329f53ad8f3
--- /dev/null
+++ b/doc/arm/pkgversion.xml.in
@@ -0,0 +1,17 @@
+<!--
+ - Copyright (C) 2015 Internet Systems Consortium, Inc. ("ISC")
+ -
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+
+ <para>This version of the manual corresponds to BIND version @PACKAGE_VERSION@.</para>
diff --git a/doc/arm/releaseinfo.xml.in b/doc/arm/releaseinfo.xml.in
new file mode 100644
index 000000000000..a3bbd20a93b7
--- /dev/null
+++ b/doc/arm/releaseinfo.xml.in
@@ -0,0 +1,17 @@
+<!--
+ - Copyright (C) 2015 Internet Systems Consortium, Inc. ("ISC")
+ -
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+
+<releaseinfo>BIND Version @BIND9_VERSION@</releaseinfo>
diff --git a/doc/misc/options b/doc/misc/options
index 66df0bd60c63..f23568cda1c3 100644
--- a/doc/misc/options
+++ b/doc/misc/options
@@ -32,7 +32,7 @@ logging {
print-time <boolean>;
severity <log_severity>;
stderr;
- syslog <optional_facility>;
+ syslog [ <syslog_facility> ];
};
};
@@ -41,7 +41,7 @@ lwres {
[ port <integer> ]; ... };
ndots <integer>;
search { <string>; ... };
- view <string> <optional_class>;
+ view <string> [ <class> ];
};
managed-keys { <string> <string> <integer> <integer> <integer>
@@ -92,14 +92,14 @@ options {
check-wildcard <boolean>;
cleaning-interval <integer>;
clients-per-query <integer>;
- coresize <size>;
- datasize <size>;
+ coresize ( unlimited | default | <sizeval> );
+ datasize ( unlimited | default | <sizeval> );
deallocate-on-exit <boolean>; // obsolete
deny-answer-addresses { <address_match_element>; ... } [
except-from { <quoted_string>; ... } ];
deny-answer-aliases { <quoted_string>; ... } [ except-from {
<quoted_string>; ... } ];
- dialup <dialuptype>;
+ dialup ( notify | notify-passive | refresh | passive | <boolean> );
directory <quoted_string>;
disable-algorithms <string> { <string>; ... };
disable-empty-zone <string>;
@@ -132,9 +132,13 @@ options {
empty-zones-enable <boolean>;
fake-iquery <boolean>; // obsolete
fetch-glue <boolean>; // obsolete
- files <size>;
+ fetch-quota-params <integer> <fixedpoint>
+ <fixedpoint> <fixedpoint>; // not configured
+ fetches-per-server <integer> [ ( drop | fail ) ]; // not configured
+ fetches-per-zone <integer> [ ( drop | fail ) ]; // not configured
+ files ( unlimited | default | <sizeval> );
filter-aaaa { <address_match_element>; ... }; // not configured
- filter-aaaa-on-v4 <v4_aaaa>; // not configured
+ filter-aaaa-on-v4 ( break-dnssec | <boolean> ); // not configured
flush-zones-on-shutdown <boolean>;
forward ( first | only );
forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
@@ -146,7 +150,7 @@ options {
hostname ( <quoted_string> | none );
inline-signing <boolean>;
interface-interval <integer>;
- ixfr-from-differences <ixfrdiff>;
+ ixfr-from-differences ( master | slave | <boolean> );
key-directory <quoted_string>;
lame-ttl <integer>;
listen-on [ port <integer> ] { <address_match_element>; ... };
@@ -159,7 +163,7 @@ options {
max-cache-size <size_no_default>;
max-cache-ttl <integer>;
max-clients-per-query <integer>;
- max-ixfr-log-size <size>; // obsolete
+ max-ixfr-log-size ( unlimited | default | <sizeval> ); // obsolete
max-journal-size <size_no_default>;
max-ncache-ttl <integer>;
max-recursion-depth <integer>;
@@ -182,7 +186,7 @@ options {
multiple-cnames <boolean>; // obsolete
named-xfer <quoted_string>; // obsolete
no-case-compress { <address_match_element>; ... };
- notify <notifytype>;
+ notify ( explicit | master-only | <boolean> );
notify-delay <integer>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
@@ -227,7 +231,7 @@ options {
sig-signing-type <integer>;
sig-validity-interval <integer> [ <integer> ];
sortlist { <address_match_element>; ... };
- stacksize <size>;
+ stacksize ( unlimited | default | <sizeval> );
statistics-file <quoted_string>;
statistics-interval <integer>; // not yet implemented
suppress-initial-notify <boolean>; // not yet implemented
@@ -249,14 +253,14 @@ options {
update-check-ksk <boolean>;
use-alt-transfer-source <boolean>;
use-id-pool <boolean>; // obsolete
- use-ixfr <boolean>;
+ use-ixfr <boolean>; // obsolete
use-queryport-pool <boolean>; // obsolete
use-v4-udp-ports { <portrange>; ... };
use-v6-udp-ports { <portrange>; ... };
version ( <quoted_string> | none );
zero-no-soa-ttl <boolean>;
zero-no-soa-ttl-cache <boolean>;
- zone-statistics <zonestat>;
+ zone-statistics ( full | terse | none | <boolean> );
};
server <netprefix> {
@@ -285,7 +289,7 @@ statistics-channels {
trusted-keys { <string> <integer> <integer> <integer> <quoted_string>; ... };
-view <string> <optional_class> {
+view <string> [ <class> ] {
acache-cleaning-interval <integer>;
acache-enable <boolean>;
additional-from-auth <boolean>;
@@ -327,7 +331,7 @@ view <string> <optional_class> {
except-from { <quoted_string>; ... } ];
deny-answer-aliases { <quoted_string>; ... } [ except-from {
<quoted_string>; ... } ];
- dialup <dialuptype>;
+ dialup ( notify | notify-passive | refresh | passive | <boolean> );
disable-algorithms <string> { <string>; ... };
disable-empty-zone <string>;
dlz <string> {
@@ -360,13 +364,17 @@ view <string> <optional_class> {
empty-server <string>;
empty-zones-enable <boolean>;
fetch-glue <boolean>; // obsolete
+ fetch-quota-params <integer> <fixedpoint>
+ <fixedpoint> <fixedpoint>; // not configured
+ fetches-per-server <integer> [ ( drop | fail ) ]; // not configured
+ fetches-per-zone <integer> [ ( drop | fail ) ]; // not configured
filter-aaaa { <address_match_element>; ... }; // not configured
- filter-aaaa-on-v4 <v4_aaaa>; // not configured
+ filter-aaaa-on-v4 ( break-dnssec | <boolean> ); // not configured
forward ( first | only );
forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
[ port <integer> ]; ... };
inline-signing <boolean>;
- ixfr-from-differences <ixfrdiff>;
+ ixfr-from-differences ( master | slave | <boolean> );
key <string> {
algorithm <string>;
secret <string>;
@@ -384,7 +392,7 @@ view <string> <optional_class> {
max-cache-size <size_no_default>;
max-cache-ttl <integer>;
max-clients-per-query <integer>;
- max-ixfr-log-size <size>; // obsolete
+ max-ixfr-log-size ( unlimited | default | <sizeval> ); // obsolete
max-journal-size <size_no_default>;
max-ncache-ttl <integer>;
max-recursion-depth <integer>;
@@ -402,7 +410,7 @@ view <string> <optional_class> {
minimal-responses <boolean>;
multi-master <boolean>;
no-case-compress { <address_match_element>; ... };
- notify <notifytype>;
+ notify ( explicit | master-only | <boolean> );
notify-delay <integer>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
@@ -468,7 +476,7 @@ view <string> <optional_class> {
use-queryport-pool <boolean>; // obsolete
zero-no-soa-ttl <boolean>;
zero-no-soa-ttl-cache <boolean>;
- zone <string> <optional_class> {
+ zone <string> [ <class> ] {
allow-notify { <address_match_element>; ... };
allow-query { <address_match_element>; ... };
allow-query-on { <address_match_element>; ... };
@@ -494,7 +502,8 @@ view <string> <optional_class> {
check-wildcard <boolean>;
database <string>;
delegation-only <boolean>;
- dialup <dialuptype>;
+ dialup ( notify | notify-passive | refresh | passive |
+ <boolean> );
dnssec-dnskey-kskonly <boolean>;
dnssec-loadkeys-interval <integer>;
dnssec-secure-to-insecure <boolean>;
@@ -514,7 +523,8 @@ view <string> <optional_class> {
masters [ port <integer> ] { ( <masters> | <ipv4_address> [
port <integer> ] | <ipv6_address> [ port <integer> ] )
[ key <string> ]; ... };
- max-ixfr-log-size <size>; // obsolete
+ max-ixfr-log-size ( unlimited | default |
+ <sizeval> ); // obsolete
max-journal-size <size_no_default>;
max-refresh-time <integer>;
max-retry-time <integer>;
@@ -525,7 +535,7 @@ view <string> <optional_class> {
min-refresh-time <integer>;
min-retry-time <integer>;
multi-master <boolean>;
- notify <notifytype>;
+ notify ( explicit | master-only | <boolean> );
notify-delay <integer>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
) ];
@@ -559,12 +569,12 @@ view <string> <optional_class> {
] <rrtypelist>; ... };
use-alt-transfer-source <boolean>;
zero-no-soa-ttl <boolean>;
- zone-statistics <zonestat>;
+ zone-statistics ( full | terse | none | <boolean> );
};
- zone-statistics <zonestat>;
+ zone-statistics ( full | terse | none | <boolean> );
};
-zone <string> <optional_class> {
+zone <string> [ <class> ] {
allow-notify { <address_match_element>; ... };
allow-query { <address_match_element>; ... };
allow-query-on { <address_match_element>; ... };
@@ -589,7 +599,7 @@ zone <string> <optional_class> {
check-wildcard <boolean>;
database <string>;
delegation-only <boolean>;
- dialup <dialuptype>;
+ dialup ( notify | notify-passive | refresh | passive | <boolean> );
dnssec-dnskey-kskonly <boolean>;
dnssec-loadkeys-interval <integer>;
dnssec-secure-to-insecure <boolean>;
@@ -609,7 +619,7 @@ zone <string> <optional_class> {
masters [ port <integer> ] { ( <masters> | <ipv4_address> [ port
<integer> ] | <ipv6_address> [ port <integer> ] ) [ key
<string> ]; ... };
- max-ixfr-log-size <size>; // obsolete
+ max-ixfr-log-size ( unlimited | default | <sizeval> ); // obsolete
max-journal-size <size_no_default>;
max-refresh-time <integer>;
max-retry-time <integer>;
@@ -620,7 +630,7 @@ zone <string> <optional_class> {
min-refresh-time <integer>;
min-retry-time <integer>;
multi-master <boolean>;
- notify <notifytype>;
+ notify ( explicit | master-only | <boolean> );
notify-delay <integer>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
@@ -648,6 +658,6 @@ zone <string> <optional_class> {
| zonesub | external ) [ <string> ] <rrtypelist>; ... };
use-alt-transfer-source <boolean>;
zero-no-soa-ttl <boolean>;
- zone-statistics <zonestat>;
+ zone-statistics ( full | terse | none | <boolean> );
};
diff --git a/doc/misc/rfc-compliance b/doc/misc/rfc-compliance
index 18e6e8ba2089..766cd23fac5e 100644
--- a/doc/misc/rfc-compliance
+++ b/doc/misc/rfc-compliance
@@ -85,7 +85,7 @@ or Best Current Practice (BCP) documents.
RFC6891
RFC7043
RFC7314
- RFC7314
+ RFC7477
The following DNS related RFC have been obsoleted
diff --git a/isc-config.sh.in b/isc-config.sh.in
index 04a9e5c6f4ff..056c4875a1d2 100644
--- a/isc-config.sh.in
+++ b/isc-config.sh.in
@@ -74,7 +74,7 @@ while test $# -gt 0; do
echo_exec_prefix=true
;;
--version)
- echo @BIND9_VERSION@
+ echo VERSION=@BIND9_VERSION@
exit 0
;;
--cflags)
diff --git a/lib/bind9/Makefile.in b/lib/bind9/Makefile.in
index e9e65daa9661..32481c40c7ce 100644
--- a/lib/bind9/Makefile.in
+++ b/lib/bind9/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004, 2007, 2009, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2007, 2009, 2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2001 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -19,7 +19,7 @@ srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
@LIBBIND9_API@
diff --git a/lib/bind9/api b/lib/bind9/api
index bd19d6da532f..b4f3c8dc4f55 100644
--- a/lib/bind9/api
+++ b/lib/bind9/api
@@ -5,5 +5,5 @@
# 9.9: 90-109
# 9.9-sub: 130-139
LIBINTERFACE = 90
-LIBREVISION = 14
+LIBREVISION = 15
LIBAGE = 0
diff --git a/lib/bind9/check.c b/lib/bind9/check.c
index bc7aabe2e0e7..cbfa8301e3f4 100644
--- a/lib/bind9/check.c
+++ b/lib/bind9/check.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -1292,6 +1292,8 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
dns_name_t *zname = NULL;
isc_buffer_t b;
isc_boolean_t root = ISC_FALSE;
+ isc_boolean_t rfc1918 = ISC_FALSE;
+ isc_boolean_t ula = ISC_FALSE;
const cfg_listelt_t *element;
isc_boolean_t ddns = ISC_FALSE;
@@ -1461,6 +1463,10 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
result = tresult;
if (dns_name_equal(zname, dns_rootname))
root = ISC_TRUE;
+ else if (dns_name_isrfc1918(zname))
+ rfc1918 = ISC_TRUE;
+ else if (dns_name_isula(zname))
+ ula = ISC_TRUE;
}
/*
@@ -1731,6 +1737,32 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
result = ISC_R_FAILURE;
/*
+ * Check that a RFC 1918 / ULA reverse zone is not forward first
+ * unless explictly configured to be so.
+ */
+ if (ztype == FORWARDZONE && (rfc1918 || ula)) {
+ obj = NULL;
+ (void)cfg_map_get(zoptions, "forward", &obj);
+ if (obj == NULL) {
+ /*
+ * Forward mode not explicity configured.
+ */
+ if (voptions != NULL)
+ cfg_map_get(voptions, "forward", &obj);
+ if (obj == NULL && goptions != NULL)
+ cfg_map_get(goptions, "forward", &obj);
+ if (obj == NULL ||
+ strcasecmp(cfg_obj_asstring(obj), "first") == 0)
+ cfg_obj_log(zconfig, logctx, ISC_LOG_WARNING,
+ "inherited 'forward first;' for "
+ "%s zone '%s' - did you want "
+ "'forward only;'?",
+ rfc1918 ? "rfc1918" : "ula",
+ znamestr);
+ }
+ }
+
+ /*
* Check validity of static stub server addresses.
*/
obj = NULL;
diff --git a/lib/bind9/include/bind9/Makefile.in b/lib/bind9/include/bind9/Makefile.in
index 11ae586205ef..0ba184b5102d 100644
--- a/lib/bind9/include/bind9/Makefile.in
+++ b/lib/bind9/include/bind9/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2007, 2012, 2015 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2001 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -19,7 +19,7 @@ srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
#
# Only list headers that are to be installed and are not
diff --git a/lib/dns/Makefile.in b/lib/dns/Makefile.in
index eec4c9ef0e77..ee2327a13f3b 100644
--- a/lib/dns/Makefile.in
+++ b/lib/dns/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2003 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -13,8 +13,6 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.180 2011/10/11 00:09:03 each Exp $
-
srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
@@ -23,7 +21,7 @@ top_srcdir = @top_srcdir@
.NOTPARALLEL:
.NO_PARALLEL:
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
@LIBDNS_API@
@@ -53,7 +51,7 @@ OPENSSLLINKOBJS = openssl_link.@O@ openssldh_link.@O@ openssldsa_link.@O@ \
DSTOBJS = @DST_EXTRA_OBJS@ @OPENSSLLINKOBJS@ \
dst_api.@O@ dst_lib.@O@ dst_parse.@O@ dst_result.@O@ \
- gssapi_link.@O@ gssapictx.@O@ hmac_link.@O@ key.@O@
+ gssapi_link.@O@ gssapictx.@O@ hmac_link.@O@ key.@O@
RRLOBJS = rrl.@O@
diff --git a/lib/dns/acache.c b/lib/dns/acache.c
index d3d28f856171..d7a11f764391 100644
--- a/lib/dns/acache.c
+++ b/lib/dns/acache.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2008, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2008, 2012, 2013, 2015 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -472,8 +472,7 @@ finddbent(dns_acache_t *acache, dns_db_t *db, dbentry_t **dbentryp) {
* The caller must be holding the acache lock.
*/
- bucket = isc_hash_calc((const unsigned char *)&db,
- sizeof(db), ISC_TRUE) % DBBUCKETS;
+ bucket = isc_hash_function(&db, sizeof(db), ISC_TRUE, NULL) % DBBUCKETS;
for (dbentry = ISC_LIST_HEAD(acache->dbbucket[bucket]);
dbentry != NULL;
@@ -1264,8 +1263,7 @@ dns_acache_setdb(dns_acache_t *acache, dns_db_t *db) {
dbentry->db = NULL;
dns_db_attach(db, &dbentry->db);
- bucket = isc_hash_calc((const unsigned char *)&db,
- sizeof(db), ISC_TRUE) % DBBUCKETS;
+ bucket = isc_hash_function(&db, sizeof(db), ISC_TRUE, NULL) % DBBUCKETS;
ISC_LIST_APPEND(acache->dbbucket[bucket], dbentry, link);
@@ -1353,8 +1351,8 @@ dns_acache_putdb(dns_acache_t *acache, dns_db_t *db) {
INSIST(ISC_LIST_EMPTY(dbentry->originlist) &&
ISC_LIST_EMPTY(dbentry->referlist));
- bucket = isc_hash_calc((const unsigned char *)&db,
- sizeof(db), ISC_TRUE) % DBBUCKETS;
+ bucket = isc_hash_function(&db, sizeof(db), ISC_TRUE, NULL) % DBBUCKETS;
+
ISC_LIST_UNLINK(acache->dbbucket[bucket], dbentry, link);
dns_db_detach(&dbentry->db);
diff --git a/lib/dns/api b/lib/dns/api
index df171fa191b4..95055594c127 100644
--- a/lib/dns/api
+++ b/lib/dns/api
@@ -6,6 +6,6 @@
# 9.9-sub: 130-139, 150-159
# 9.10: 140-149
# 9.11: 160-169
-LIBINTERFACE = 170
-LIBREVISION = 3
-LIBAGE = 1
+LIBINTERFACE = 172
+LIBREVISION = 2
+LIBAGE = 0
diff --git a/lib/dns/cache.c b/lib/dns/cache.c
index 098823314980..0b6ddb46f2db 100644
--- a/lib/dns/cache.c
+++ b/lib/dns/cache.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2009, 2011, 2013, 2015 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2009, 2011, 2013, 2015, 2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -1199,10 +1199,16 @@ static isc_result_t
cleartree(dns_db_t *db, dns_name_t *name) {
isc_result_t result, answer = ISC_R_SUCCESS;
dns_dbiterator_t *iter = NULL;
- dns_dbnode_t *node = NULL;
+ dns_dbnode_t *node = NULL, *top = NULL;
dns_fixedname_t fnodename;
dns_name_t *nodename;
+ /*
+ * Create the node if it doesn't exist so dns_dbiterator_seek()
+ * can find it. We will continue even if this fails.
+ */
+ (void)dns_db_findnode(db, name, ISC_TRUE, &top);
+
dns_fixedname_init(&fnodename);
nodename = dns_fixedname_name(&fnodename);
@@ -1211,6 +1217,8 @@ cleartree(dns_db_t *db, dns_name_t *name) {
goto cleanup;
result = dns_dbiterator_seek(iter, name);
+ if (result == DNS_R_PARTIALMATCH)
+ result = dns_dbiterator_next(iter);
if (result != ISC_R_SUCCESS)
goto cleanup;
@@ -1245,6 +1253,8 @@ cleartree(dns_db_t *db, dns_name_t *name) {
dns_db_detachnode(db, &node);
if (iter != NULL)
dns_dbiterator_destroy(&iter);
+ if (top != NULL)
+ dns_db_detachnode(db, &top);
return (answer);
}
@@ -1262,7 +1272,7 @@ dns_cache_flushnode(dns_cache_t *cache, dns_name_t *name,
dns_dbnode_t *node = NULL;
dns_db_t *db = NULL;
- if (dns_name_equal(name, dns_rootname))
+ if (tree && dns_name_equal(name, dns_rootname))
return (dns_cache_flush(cache));
LOCK(&cache->lock);
diff --git a/lib/dns/client.c b/lib/dns/client.c
index b433e348fe31..f21f666d33b1 100644
--- a/lib/dns/client.c
+++ b/lib/dns/client.c
@@ -1120,7 +1120,6 @@ client_resfind(resctx_t *rctx, dns_fetchevent_t *event) {
UNLOCK(&rctx->lock);
}
-
static void
suspend(isc_task_t *task, isc_event_t *event) {
isc_appctx_t *actx = event->ev_arg;
@@ -1434,6 +1433,13 @@ dns_client_destroyrestrans(dns_clientrestrans_t **transp) {
mctx = client->mctx;
dns_view_detach(&rctx->view);
+ /*
+ * Wait for the lock in client_resfind to be released before
+ * destroying the lock.
+ */
+ LOCK(&rctx->lock);
+ UNLOCK(&rctx->lock);
+
LOCK(&client->lock);
INSIST(ISC_LINK_LINKED(rctx, link));
diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c
index 680a0184319e..5834a58223f0 100644
--- a/lib/dns/dst_api.c
+++ b/lib/dns/dst_api.c
@@ -1,5 +1,5 @@
/*
- * Portions Copyright (C) 2004-2013, 2015 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2004-2013, 2015, 2016 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -302,12 +302,15 @@ dst_context_create2(dst_key_t *key, isc_mem_t *mctx,
dctx = isc_mem_get(mctx, sizeof(dst_context_t));
if (dctx == NULL)
return (ISC_R_NOMEMORY);
- dctx->key = key;
- dctx->mctx = mctx;
+ memset(dctx, 0, sizeof(*dctx));
+ dst_key_attach(key, &dctx->key);
+ isc_mem_attach(mctx, &dctx->mctx);
dctx->category = category;
result = key->func->createctx(key, dctx);
if (result != ISC_R_SUCCESS) {
- isc_mem_put(mctx, dctx, sizeof(dst_context_t));
+ if (dctx->key != NULL)
+ dst_key_free(&dctx->key);
+ isc_mem_putanddetach(&dctx->mctx, dctx, sizeof(dst_context_t));
return (result);
}
dctx->magic = CTX_MAGIC;
@@ -324,8 +327,10 @@ dst_context_destroy(dst_context_t **dctxp) {
dctx = *dctxp;
INSIST(dctx->key->func->destroyctx != NULL);
dctx->key->func->destroyctx(dctx);
+ if (dctx->key != NULL)
+ dst_key_free(&dctx->key);
dctx->magic = 0;
- isc_mem_put(dctx->mctx, dctx, sizeof(dst_context_t));
+ isc_mem_putanddetach(&dctx->mctx, dctx, sizeof(dst_context_t));
*dctxp = NULL;
}
diff --git a/lib/dns/dst_openssl.h b/lib/dns/dst_openssl.h
index dd6740586d8a..12f8bfcd6794 100644
--- a/lib/dns/dst_openssl.h
+++ b/lib/dns/dst_openssl.h
@@ -36,7 +36,7 @@
#define USE_ENGINE 1
#endif
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
/*
* These are new in OpenSSL 1.1.0. BN_GENCB _cb needs to be declared in
* the function like this before the BN_GENCB_new call:
diff --git a/lib/dns/forward.c b/lib/dns/forward.c
index 7ec4e5c9debb..c465ddf90db9 100644
--- a/lib/dns/forward.c
+++ b/lib/dns/forward.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2009, 2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,8 +15,6 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: forward.c,v 1.14 2009/09/02 23:48:02 tbox Exp $ */
-
/*! \file */
#include <config.h>
@@ -24,7 +22,6 @@
#include <isc/magic.h>
#include <isc/mem.h>
#include <isc/rwlock.h>
-#include <isc/sockaddr.h>
#include <isc/util.h>
#include <dns/forward.h>
diff --git a/lib/dns/gen.c b/lib/dns/gen.c
index 7a7dafb46100..4a8d50ea5415 100644
--- a/lib/dns/gen.c
+++ b/lib/dns/gen.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2009, 2012-2014 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2009, 2012-2015 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -770,7 +770,7 @@ main(int argc, char **argv) {
continue;
if (hash == HASH(ttn2->typename)) {
fprintf(stdout, "\t\t\tRDATATYPE_COMPARE"
- "(\"%s\", %u, "
+ "(\"%s\", %d, "
"_typename, _length, _typep); \\\n",
ttn2->typename, ttn2->type);
ttn2->sorted = 1;
@@ -786,7 +786,7 @@ main(int argc, char **argv) {
ttn = find_typename(i);
if (ttn == NULL)
continue;
- fprintf(stdout, "\tcase %u: return (%s); \\\n",
+ fprintf(stdout, "\tcase %d: return (%s); \\\n",
i, upper(ttn->attr));
}
fprintf(stdout, "\t}\n");
@@ -805,7 +805,7 @@ main(int argc, char **argv) {
*/
if (i == 65533U)
continue;
- fprintf(stdout, "\tcase %u: return "
+ fprintf(stdout, "\tcase %d: return "
"(str_totext(\"%s\", target)); \\\n",
i, upper(ttn->typename));
}
diff --git a/lib/dns/include/dns/Makefile.in b/lib/dns/include/dns/Makefile.in
index 640a63e2c8e7..6be914d9f948 100644
--- a/lib/dns/include/dns/Makefile.in
+++ b/lib/dns/include/dns/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004, 2007-2009, 2011, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2007-2009, 2011, 2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2003 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -19,7 +19,7 @@ srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
HEADERS = acache.h acl.h adb.h bit.h byaddr.h cache.h callbacks.h cert.h \
client.h clientinfo.h compress.h \
diff --git a/lib/dns/include/dns/dbiterator.h b/lib/dns/include/dns/dbiterator.h
index 366d6767a79f..c36f18d48922 100644
--- a/lib/dns/include/dns/dbiterator.h
+++ b/lib/dns/include/dns/dbiterator.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -166,6 +166,8 @@ dns_dbiterator_seek(dns_dbiterator_t *iterator, dns_name_t *name);
* Returns:
*\li #ISC_R_SUCCESS
*\li #ISC_R_NOTFOUND
+ *\li #DNS_R_PARTIALMATCH
+ * (node is at name above requested named when name has children)
*
*\li Other results are possible, depending on the DB implementation.
*/
@@ -286,7 +288,7 @@ dns_dbiterator_setcleanmode(dns_dbiterator_t *iterator, isc_boolean_t mode);
* Indicate that the given iterator is/is not cleaning the DB.
*
* Notes:
- *\li When 'mode' is ISC_TRUE,
+ *\li When 'mode' is ISC_TRUE,
*
* Requires:
*\li 'iterator' is a valid iterator.
diff --git a/lib/dns/include/dns/forward.h b/lib/dns/include/dns/forward.h
index 23e94be7894e..9bda7989a1d0 100644
--- a/lib/dns/include/dns/forward.h
+++ b/lib/dns/include/dns/forward.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2009, 2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,8 +15,6 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: forward.h,v 1.13 2009/09/02 23:48:02 tbox Exp $ */
-
#ifndef DNS_FORWARD_H
#define DNS_FORWARD_H 1
@@ -24,6 +22,7 @@
#include <isc/lang.h>
#include <isc/result.h>
+#include <isc/sockaddr.h>
#include <dns/types.h>
diff --git a/lib/dns/include/dns/message.h b/lib/dns/include/dns/message.h
index 395d066a4851..191920ff7a22 100644
--- a/lib/dns/include/dns/message.h
+++ b/lib/dns/include/dns/message.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2010, 2012-2015 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2010, 2012-2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -102,10 +102,11 @@
#define DNS_MESSAGEEXTFLAG_DO 0x8000U
/*%< EDNS0 extended OPT codes */
-#define DNS_OPT_NSID 0x0003 /*%< NSID opt code */
-#define DNS_OPT_CLIENT_SUBNET 0x0008 /*%< client subnet opt code */
-#define DNS_OPT_EXPIRE 0x0009 /*%< EXPIRE opt code */
-#define DNS_OPT_COOKIE 0x000a /*%< COOKIE opt code */
+#define DNS_OPT_NSID 3 /*%< NSID opt code */
+#define DNS_OPT_CLIENT_SUBNET 8 /*%< client subnet opt code */
+#define DNS_OPT_EXPIRE 9 /*%< EXPIRE opt code */
+#define DNS_OPT_COOKIE 10 /*%< COOKIE opt code */
+#define DNS_OPT_PAD 12 /*%< PAD opt code */
/*%< The number of EDNS options we know about. */
#define DNS_EDNSOPTIONS 4
diff --git a/lib/dns/include/dns/name.h b/lib/dns/include/dns/name.h
index d6e9a90c1eb5..48abbace0fcf 100644
--- a/lib/dns/include/dns/name.h
+++ b/lib/dns/include/dns/name.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007, 2009-2012, 2015 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2009-2012, 2015, 2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -1286,6 +1286,18 @@ dns_name_isdnssd(const dns_name_t *owner);
* Determine if the 'owner' is a DNS-SD prefix.
*/
+isc_boolean_t
+dns_name_isrfc1918(const dns_name_t *owner);
+/*%<
+ * Determine if the 'name' is in the RFC 1918 reverse namespace.
+ */
+
+isc_boolean_t
+dns_name_isula(const dns_name_t *owner);
+/*%<
+ * Determine if the 'name' is in the ULA reverse namespace.
+ */
+
ISC_LANG_ENDDECLS
/*
diff --git a/lib/dns/include/dns/rbt.h b/lib/dns/include/dns/rbt.h
index 947e7c177a47..490cf6f8b745 100644
--- a/lib/dns/include/dns/rbt.h
+++ b/lib/dns/include/dns/rbt.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -80,21 +80,6 @@ struct dns_rbtnode {
#if DNS_RBT_USEMAGIC
unsigned int magic;
#endif
- dns_rbtnode_t *parent;
- dns_rbtnode_t *left;
- dns_rbtnode_t *right;
- dns_rbtnode_t *down;
-#ifdef DNS_RBT_USEHASH
- dns_rbtnode_t *hashnext;
-#endif
-
- /*%
- * Used for LRU cache. This linked list is used to mark nodes which
- * have no data any longer, but we cannot unlink at that exact moment
- * because we did not or could not obtain a write lock on the tree.
- */
- ISC_LINK(dns_rbtnode_t) deadlink;
-
/*@{*/
/*!
* The following bitfields add up to a total bitwidth of 32.
@@ -104,7 +89,18 @@ struct dns_rbtnode {
*
* In each case below the "range" indicated is what's _necessary_ for
* the bitfield to hold, not what it actually _can_ hold.
+ *
+ * Note: Tree lock must be held before modifying these
+ * bit-fields.
+ *
+ * Note: The two "unsigned int :0;" unnamed bitfields on either
+ * side of the bitfields below are scaffolding that border the
+ * set of bitfields which are accessed after acquiring the tree
+ * lock. Please don't insert any other bitfield members between
+ * the unnamed bitfields unless they should also be accessed
+ * after acquiring the tree lock.
*/
+ unsigned int :0; /* start of bitfields c/o tree lock */
unsigned int is_root : 1; /*%< range is 0..1 */
unsigned int color : 1; /*%< range is 0..1 */
unsigned int find_callback : 1; /*%< range is 0..1 */
@@ -117,23 +113,53 @@ struct dns_rbtnode {
/* node needs to be cleaned from rpz */
unsigned int rpz : 1;
+ unsigned int :0; /* end of bitfields c/o tree lock */
#ifdef DNS_RBT_USEHASH
unsigned int hashval;
+ dns_rbtnode_t *uppernode;
+ dns_rbtnode_t *hashnext;
#endif
+ dns_rbtnode_t *parent;
+ dns_rbtnode_t *left;
+ dns_rbtnode_t *right;
+ dns_rbtnode_t *down;
+
+ /*%
+ * Used for LRU cache. This linked list is used to mark nodes which
+ * have no data any longer, but we cannot unlink at that exact moment
+ * because we did not or could not obtain a write lock on the tree.
+ */
+ ISC_LINK(dns_rbtnode_t) deadlink;
/*@{*/
/*!
* These values are used in the RBT DB implementation. The appropriate
* node lock must be held before accessing them.
+ *
+ * Note: The two "unsigned int :0;" unnamed bitfields on either
+ * side of the bitfields below are scaffolding that border the
+ * set of bitfields which are accessed after acquiring the node
+ * lock. Please don't insert any other bitfield members between
+ * the unnamed bitfields unless they should also be accessed
+ * after acquiring the node lock.
+ *
+ * NOTE: Do not merge these fields into bitfields above, as
+ * they'll all be put in the same qword that could be accessed
+ * without the node lock as it shares the qword with other
+ * members. Leave these members here so that they occupy a
+ * separate region of memory.
*/
void *data;
+ unsigned int :0; /* start of bitfields c/o node lock */
unsigned int dirty:1;
unsigned int wild:1;
unsigned int locknum:DNS_RBT_LOCKLENGTH;
#ifndef DNS_RBT_USEISCREFCOUNT
unsigned int references:DNS_RBT_REFLENGTH;
-#else
+#endif
+ unsigned int :0; /* end of bitfields c/o node lock */
+#ifdef DNS_RBT_USEISCREFCOUNT
isc_refcount_t references; /* note that this is not in the bitfield */
#endif
/*@}*/
diff --git a/lib/dns/include/dns/view.h b/lib/dns/include/dns/view.h
index b9d6084f351c..6f4f4f937baa 100644
--- a/lib/dns/include/dns/view.h
+++ b/lib/dns/include/dns/view.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2014, 2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -1082,6 +1082,12 @@ dns_view_untrust(dns_view_t *view, dns_name_t *keyname,
* Remove keys that match 'keyname' and 'dnskey' from the views trust
* anchors.
*
+ * (NOTE: If the configuration specifies that there should be a
+ * trust anchor at 'keyname', but no keys are left after this
+ * operation, that is an error. We fail closed, inserting a NULL
+ * key so as to prevent validation until a legimitate key has been
+ * provided.)
+ *
* Requires:
* \li 'view' is valid.
* \li 'keyname' is valid.
diff --git a/lib/dns/include/dst/Makefile.in b/lib/dns/include/dst/Makefile.in
index cece67dd33a0..293e0edf7f7c 100644
--- a/lib/dns/include/dst/Makefile.in
+++ b/lib/dns/include/dst/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2007, 2012, 2015 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2001 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -19,7 +19,7 @@ srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
HEADERS = dst.h gssapi.h lib.h result.h
diff --git a/lib/dns/journal.c b/lib/dns/journal.c
index 4811ebbd80b6..102efd16f8de 100644
--- a/lib/dns/journal.c
+++ b/lib/dns/journal.c
@@ -677,11 +677,12 @@ journal_open(isc_mem_t *mctx, const char *filename, isc_boolean_t writable,
failure:
j->magic = 0;
- if (j->index != NULL) {
- isc_mem_put(j->mctx, j->index, j->header.index_size *
+ if (j->rawindex != NULL)
+ isc_mem_put(j->mctx, j->rawindex, j->header.index_size *
sizeof(journal_rawpos_t));
- j->index = NULL;
- }
+ if (j->index != NULL)
+ isc_mem_put(j->mctx, j->index, j->header.index_size *
+ sizeof(journal_pos_t));
if (j->filename != NULL)
isc_mem_free(j->mctx, j->filename);
if (j->fp != NULL)
diff --git a/lib/dns/master.c b/lib/dns/master.c
index 4dba0d7c5558..beb0ae661b69 100644
--- a/lib/dns/master.c
+++ b/lib/dns/master.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2009, 2011-2015 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2009, 2011-2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -147,6 +147,7 @@ struct dns_loadctx {
isc_uint32_t references;
dns_incctx_t *inc;
isc_uint32_t resign;
+ isc_stdtime_t now;
};
struct dns_incctx {
@@ -601,6 +602,7 @@ loadctx_create(dns_masterformat_t format, isc_mem_t *mctx,
lctx->zclass = zclass;
lctx->resign = resign;
lctx->result = ISC_R_SUCCESS;
+ isc_stdtime_get(&lctx->now);
dns_fixedname_init(&lctx->fixed_top);
lctx->top = dns_fixedname_name(&lctx->fixed_top);
@@ -816,7 +818,7 @@ generate(dns_loadctx_t *lctx, char *range, char *lhs, char *gtype, char *rhs,
isc_textregion_t r;
int i, n, start, stop, step = 0;
dns_incctx_t *ictx;
- char dummy;
+ char dummy[2];
ictx = lctx->inc;
callbacks = lctx->callbacks;
@@ -833,7 +835,7 @@ generate(dns_loadctx_t *lctx, char *range, char *lhs, char *gtype, char *rhs,
}
isc_buffer_init(&target, target_mem, target_size);
- n = sscanf(range, "%d-%d%[/]%d", &start, &stop, &dummy, &step);
+ n = sscanf(range, "%d-%d%1[/]%d", &start, &stop, dummy, &step);
if ((n != 2 && n != 4) || (start < 0) || (stop < 0) ||
(n == 4 && step < 1) || (stop < start))
{
@@ -1061,7 +1063,6 @@ load_text(dns_loadctx_t *lctx) {
const char *source = "";
unsigned long line = 0;
isc_boolean_t explicit_ttl;
- isc_stdtime_t now;
char classname1[DNS_RDATACLASS_FORMATSIZE];
char classname2[DNS_RDATACLASS_FORMATSIZE];
unsigned int options = 0;
@@ -1074,7 +1075,6 @@ load_text(dns_loadctx_t *lctx) {
ISC_LIST_INIT(glue_list);
ISC_LIST_INIT(current_list);
- isc_stdtime_get(&now);
/*
* Allocate target_size of buffer space. This is greater than twice
@@ -1115,6 +1115,7 @@ load_text(dns_loadctx_t *lctx) {
incctx_destroy(lctx->mctx, ictx);
RUNTIME_CHECK(isc_lex_close(lctx->lex) == ISC_R_SUCCESS);
line = isc_lex_getsourceline(lctx->lex);
+ POST(line);
source = isc_lex_getsourcename(lctx->lex);
ictx = lctx->inc;
continue;
@@ -1888,7 +1889,7 @@ load_text(dns_loadctx_t *lctx) {
result = dns_rdata_tostruct(&rdata[rdcount], &sig,
NULL);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
- if (isc_serial_lt(sig.timeexpire, now)) {
+ if (isc_serial_lt(sig.timeexpire, lctx->now)) {
(*callbacks->warn)(callbacks,
"%s:%lu: "
"signature has expired",
@@ -2090,12 +2091,18 @@ pushfile(const char *master_file, dns_name_t *origin, dns_loadctx_t *lctx) {
return (result);
}
+/*
+ * Fill/check exists buffer with 'len' bytes. Track remaining bytes to be
+ * read when incrementally filling the buffer.
+ */
static inline isc_result_t
read_and_check(isc_boolean_t do_read, isc_buffer_t *buffer,
- size_t len, FILE *f)
+ size_t len, FILE *f, isc_uint32_t *totallen)
{
isc_result_t result;
+ REQUIRE(totallen != NULL);
+
if (do_read) {
INSIST(isc_buffer_availablelength(buffer) >= len);
result = isc_stdio_read(isc_buffer_used(buffer), 1, len,
@@ -2103,6 +2110,9 @@ read_and_check(isc_boolean_t do_read, isc_buffer_t *buffer,
if (result != ISC_R_SUCCESS)
return (result);
isc_buffer_add(buffer, (unsigned int)len);
+ if (*totallen < len)
+ return (ISC_R_RANGE);
+ *totallen -= (isc_uint32_t)len;
} else if (isc_buffer_remaininglength(buffer) < len)
return (ISC_R_RANGE);
@@ -2129,7 +2139,6 @@ load_raw(dns_loadctx_t *lctx) {
dns_masterrawheader_t header;
dns_decompress_t dctx;
- REQUIRE(DNS_LCTX_VALID(lctx));
callbacks = lctx->callbacks;
dns_decompress_init(&dctx, -1, DNS_DECOMPRESS_NONE);
@@ -2245,6 +2254,7 @@ load_raw(dns_loadctx_t *lctx) {
goto cleanup;
isc_buffer_add(&target, sizeof(totallen));
totallen = isc_buffer_getuint32(&target);
+
/*
* Validation: the input data must at least contain the common
* header.
@@ -2286,10 +2296,15 @@ load_raw(dns_loadctx_t *lctx) {
if (result != ISC_R_SUCCESS)
goto cleanup;
isc_buffer_add(&target, (unsigned int)readlen);
+ totallen -= (isc_uint32_t)readlen;
/* Construct RRset headers */
dns_rdatalist_init(&rdatalist);
rdatalist.rdclass = isc_buffer_getuint16(&target);
+ if (lctx->zclass != rdatalist.rdclass) {
+ result = DNS_R_BADCLASS;
+ goto cleanup;
+ }
rdatalist.type = isc_buffer_getuint16(&target);
rdatalist.covers = isc_buffer_getuint16(&target);
rdatalist.ttl = isc_buffer_getuint32(&target);
@@ -2302,7 +2317,7 @@ load_raw(dns_loadctx_t *lctx) {
/* Owner name: length followed by name */
result = read_and_check(sequential_read, &target,
- sizeof(namelen), lctx->f);
+ sizeof(namelen), lctx->f, &totallen);
if (result != ISC_R_SUCCESS)
goto cleanup;
namelen = isc_buffer_getuint16(&target);
@@ -2312,7 +2327,7 @@ load_raw(dns_loadctx_t *lctx) {
}
result = read_and_check(sequential_read, &target, namelen,
- lctx->f);
+ lctx->f, &totallen);
if (result != ISC_R_SUCCESS)
goto cleanup;
@@ -2370,14 +2385,15 @@ load_raw(dns_loadctx_t *lctx) {
/* rdata length */
result = read_and_check(sequential_read, &target,
- sizeof(rdlen), lctx->f);
+ sizeof(rdlen), lctx->f,
+ &totallen);
if (result != ISC_R_SUCCESS)
goto cleanup;
rdlen = isc_buffer_getuint16(&target);
/* rdata */
result = read_and_check(sequential_read, &target,
- rdlen, lctx->f);
+ rdlen, lctx->f, &totallen);
if (result != ISC_R_SUCCESS)
goto cleanup;
isc_buffer_setactive(&target, (unsigned int)rdlen);
@@ -2403,7 +2419,7 @@ load_raw(dns_loadctx_t *lctx) {
* necessarily critical, but it very likely indicates broken
* or malformed data.
*/
- if (isc_buffer_remaininglength(&target) != 0) {
+ if (isc_buffer_remaininglength(&target) != 0 || totallen != 0) {
result = ISC_R_RANGE;
goto cleanup;
}
@@ -2856,7 +2872,7 @@ grow_rdata(int new_len, dns_rdata_t *old, int old_len,
}
static isc_uint32_t
-resign_fromlist(dns_rdatalist_t *this, isc_uint32_t resign) {
+resign_fromlist(dns_rdatalist_t *this, dns_loadctx_t *lctx) {
dns_rdata_t *rdata;
dns_rdata_rrsig_t sig;
isc_uint32_t when;
@@ -2864,13 +2880,18 @@ resign_fromlist(dns_rdatalist_t *this, isc_uint32_t resign) {
rdata = ISC_LIST_HEAD(this->rdata);
INSIST(rdata != NULL);
(void)dns_rdata_tostruct(rdata, &sig, NULL);
- when = sig.timeexpire - resign;
+ if (isc_serial_gt(sig.timesigned, lctx->now))
+ when = lctx->now;
+ else
+ when = sig.timeexpire - lctx->resign;
rdata = ISC_LIST_NEXT(rdata, link);
while (rdata != NULL) {
(void)dns_rdata_tostruct(rdata, &sig, NULL);
- if (sig.timeexpire - resign < when)
- when = sig.timeexpire - resign;
+ if (isc_serial_gt(sig.timesigned, lctx->now))
+ when = lctx->now;
+ else if (sig.timeexpire - lctx->resign < when)
+ when = sig.timeexpire - lctx->resign;
rdata = ISC_LIST_NEXT(rdata, link);
}
return (when);
@@ -2908,8 +2929,7 @@ commit(dns_rdatacallbacks_t *callbacks, dns_loadctx_t *lctx,
if (dataset.type == dns_rdatatype_rrsig &&
(lctx->options & DNS_MASTER_RESIGN) != 0) {
dataset.attributes |= DNS_RDATASETATTR_RESIGN;
- dns_name_format(owner, namebuf, sizeof(namebuf));
- dataset.resign = resign_fromlist(this, lctx->resign);
+ dataset.resign = resign_fromlist(this, lctx);
}
result = ((*callbacks->add)(callbacks->add_private, owner,
&dataset));
diff --git a/lib/dns/message.c b/lib/dns/message.c
index d3ae609a6de1..869d25823eea 100644
--- a/lib/dns/message.c
+++ b/lib/dns/message.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -36,6 +36,7 @@
#include <dns/masterdump.h>
#include <dns/message.h>
#include <dns/opcode.h>
+#include <dns/rcode.h>
#include <dns/rdata.h>
#include <dns/rdatalist.h>
#include <dns/rdataset.h>
@@ -145,27 +146,6 @@ static const char *opcodetext[] = {
"RESERVED15"
};
-static const char *rcodetext[] = {
- "NOERROR",
- "FORMERR",
- "SERVFAIL",
- "NXDOMAIN",
- "NOTIMP",
- "REFUSED",
- "YXDOMAIN",
- "YXRRSET",
- "NXRRSET",
- "NOTAUTH",
- "NOTZONE",
- "RESERVED11",
- "RESERVED12",
- "RESERVED13",
- "RESERVED14",
- "RESERVED15",
- "BADVERS"
-};
-
-
/*%
* "helper" type, which consists of a block of some type, and is linkable.
* For it to work, sizeof(dns_msgblock_t) must be a multiple of the pointer
@@ -850,9 +830,8 @@ dns_message_find(dns_name_t *name, dns_rdataclass_t rdclass,
{
dns_rdataset_t *curr;
- if (rdataset != NULL) {
- REQUIRE(*rdataset == NULL);
- }
+ REQUIRE(name != NULL);
+ REQUIRE(rdataset == NULL || *rdataset == NULL);
for (curr = ISC_LIST_TAIL(name->list);
curr != NULL;
@@ -875,15 +854,13 @@ dns_message_findtype(dns_name_t *name, dns_rdatatype_t type,
dns_rdataset_t *curr;
REQUIRE(name != NULL);
- if (rdataset != NULL) {
- REQUIRE(*rdataset == NULL);
- }
+ REQUIRE(rdataset == NULL || *rdataset == NULL);
for (curr = ISC_LIST_TAIL(name->list);
curr != NULL;
curr = ISC_LIST_PREV(curr, link)) {
if (curr->type == type && curr->covers == covers) {
- if (rdataset != NULL)
+ if (ISC_UNLIKELY(rdataset != NULL))
*rdataset = curr;
return (ISC_R_SUCCESS);
}
@@ -1300,6 +1277,7 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
* it must be the first OPT we've seen.
*/
if (!dns_name_equal(dns_rootname, name) ||
+ sectionid != DNS_SECTION_ADDITIONAL ||
msg->opt != NULL)
DO_FORMERR;
skip_name_search = ISC_TRUE;
@@ -1541,9 +1519,12 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
ISC_LIST_APPEND(rdatalist->rdata, rdata, link);
/*
- * If this is an OPT record, remember it. Also, set
- * the extended rcode. Note that msg->opt will only be set
- * if best-effort parsing is enabled.
+ * If this is an OPT, SIG(0) or TSIG record, remember it.
+ * Also, set the extended rcode for TSIG.
+ *
+ * Note msg->opt, msg->sig0 and msg->tsig will only be
+ * already set if best-effort parsing is enabled otherwise
+ * there will only be at most one of each.
*/
if (rdtype == dns_rdatatype_opt && msg->opt == NULL) {
dns_rcode_t ercode;
@@ -1557,14 +1538,7 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
msg->rcode |= ercode;
isc_mempool_put(msg->namepool, name);
free_name = ISC_FALSE;
- }
-
- /*
- * If this is an SIG(0) or TSIG record, remember it. Note
- * that msg->sig0 or msg->tsig will only be set if best-effort
- * parsing is enabled.
- */
- if (issigzero && msg->sig0 == NULL) {
+ } else if (issigzero && msg->sig0 == NULL) {
msg->sig0 = rdataset;
msg->sig0name = name;
rdataset = NULL;
@@ -1748,7 +1722,7 @@ dns_message_renderbegin(dns_message_t *msg, dns_compress_t *cctx,
if (r.length < DNS_MESSAGE_HEADERLEN)
return (ISC_R_NOSPACE);
- if (r.length < msg->reserved)
+ if (r.length - DNS_MESSAGE_HEADERLEN < msg->reserved)
return (ISC_R_NOSPACE);
/*
@@ -1889,8 +1863,29 @@ norender_rdataset(const dns_rdataset_t *rdataset, unsigned int options,
return (ISC_TRUE);
}
-
#endif
+
+static isc_result_t
+renderset(dns_rdataset_t *rdataset, dns_name_t *owner_name,
+ dns_compress_t *cctx, isc_buffer_t *target,
+ unsigned int reserved, unsigned int options, unsigned int *countp)
+{
+ isc_result_t result;
+
+ /*
+ * Shrink the space in the buffer by the reserved amount.
+ */
+ if (target->length - target->used < reserved)
+ return (ISC_R_NOSPACE);
+
+ target->length -= reserved;
+ result = dns_rdataset_towire(rdataset, owner_name,
+ cctx, target, options, countp);
+ target->length += reserved;
+
+ return (result);
+}
+
isc_result_t
dns_message_rendersection(dns_message_t *msg, dns_section_t sectionid,
unsigned int options)
@@ -1933,6 +1928,8 @@ dns_message_rendersection(dns_message_t *msg, dns_section_t sectionid,
/*
* Shrink the space in the buffer by the reserved amount.
*/
+ if (msg->buffer->length - msg->buffer->used < msg->reserved)
+ return (ISC_R_NOSPACE);
msg->buffer->length -= msg->reserved;
total = 0;
@@ -2208,9 +2205,8 @@ dns_message_renderend(dns_message_t *msg) {
* Render.
*/
count = 0;
- result = dns_rdataset_towire(msg->opt, dns_rootname,
- msg->cctx, msg->buffer, 0,
- &count);
+ result = renderset(msg->opt, dns_rootname, msg->cctx,
+ msg->buffer, msg->reserved, 0, &count);
msg->counts[DNS_SECTION_ADDITIONAL] += count;
if (result != ISC_R_SUCCESS)
return (result);
@@ -2226,9 +2222,8 @@ dns_message_renderend(dns_message_t *msg) {
if (result != ISC_R_SUCCESS)
return (result);
count = 0;
- result = dns_rdataset_towire(msg->tsig, msg->tsigname,
- msg->cctx, msg->buffer, 0,
- &count);
+ result = renderset(msg->tsig, msg->tsigname, msg->cctx,
+ msg->buffer, msg->reserved, 0, &count);
msg->counts[DNS_SECTION_ADDITIONAL] += count;
if (result != ISC_R_SUCCESS)
return (result);
@@ -2249,9 +2244,8 @@ dns_message_renderend(dns_message_t *msg) {
* the owner name of a SIG(0) is irrelevant, and will not
* be set in a message being rendered.
*/
- result = dns_rdataset_towire(msg->sig0, dns_rootname,
- msg->cctx, msg->buffer, 0,
- &count);
+ result = renderset(msg->sig0, dns_rootname, msg->cctx,
+ msg->buffer, msg->reserved, 0, &count);
msg->counts[DNS_SECTION_ADDITIONAL] += count;
if (result != ISC_R_SUCCESS)
return (result);
@@ -2364,13 +2358,12 @@ dns_message_findname(dns_message_t *msg, dns_section_t section,
REQUIRE(msg != NULL);
REQUIRE(VALID_SECTION(section));
REQUIRE(target != NULL);
- if (name != NULL)
- REQUIRE(*name == NULL);
+ REQUIRE(name == NULL || *name == NULL);
+
if (type == dns_rdatatype_any) {
REQUIRE(rdataset == NULL);
} else {
- if (rdataset != NULL)
- REQUIRE(*rdataset == NULL);
+ REQUIRE(rdataset == NULL || *rdataset == NULL);
}
result = findname(&foundname, target,
@@ -2387,7 +2380,7 @@ dns_message_findname(dns_message_t *msg, dns_section_t section,
/*
* And now look for the type.
*/
- if (type == dns_rdatatype_any)
+ if (ISC_UNLIKELY(type == dns_rdatatype_any))
return (ISC_R_SUCCESS);
result = dns_message_findtype(foundname, type, covers, rdataset);
@@ -3277,7 +3270,7 @@ dns_message_pseudosectiontotext(dns_message_t *msg,
mbz &= ~DNS_MESSAGEEXTFLAG_DO; /* Known Flags. */
if (mbz != 0) {
ADD_STRING(target, "; MBZ: ");
- snprintf(buf, sizeof(buf), "%.4x ", mbz);
+ snprintf(buf, sizeof(buf), "0x%.4x", mbz);
ADD_STRING(target, buf);
ADD_STRING(target, ", udp: ");
} else
@@ -3313,11 +3306,17 @@ dns_message_pseudosectiontotext(dns_message_t *msg,
snprintf(buf, sizeof(buf), "%u", secs);
ADD_STRING(target, buf);
ADD_STRING(target, " (");
- dns_ttl_totext(secs, ISC_TRUE, target);
+ result = dns_ttl_totext(secs,
+ ISC_TRUE,
+ target);
+ if (result != ISC_R_SUCCESS)
+ return (result);
ADD_STRING(target, ")\n");
continue;
}
ADD_STRING(target, "; EXPIRE");
+ } else if (optcode == DNS_OPT_PAD) {
+ ADD_STRING(target, "; PAD");
} else {
ADD_STRING(target, "; OPT=");
snprintf(buf, sizeof(buf), "%u", optcode);
@@ -3399,7 +3398,8 @@ dns_message_pseudosectiontotext(dns_message_t *msg,
isc_result_t
dns_message_totext(dns_message_t *msg, const dns_master_style_t *style,
- dns_messagetextflag_t flags, isc_buffer_t *target) {
+ dns_messagetextflag_t flags, isc_buffer_t *target)
+{
char buf[sizeof("1234567890")];
isc_result_t result;
@@ -3410,12 +3410,9 @@ dns_message_totext(dns_message_t *msg, const dns_master_style_t *style,
ADD_STRING(target, ";; ->>HEADER<<- opcode: ");
ADD_STRING(target, opcodetext[msg->opcode]);
ADD_STRING(target, ", status: ");
- if (msg->rcode < (sizeof(rcodetext)/sizeof(rcodetext[0]))) {
- ADD_STRING(target, rcodetext[msg->rcode]);
- } else {
- snprintf(buf, sizeof(buf), "%4u", msg->rcode);
- ADD_STRING(target, buf);
- }
+ result = dns_rcode_totext(msg->rcode, target);
+ if (result != ISC_R_SUCCESS)
+ return (result);
ADD_STRING(target, ", id: ");
snprintf(buf, sizeof(buf), "%6u", msg->id);
ADD_STRING(target, buf);
diff --git a/lib/dns/name.c b/lib/dns/name.c
index 6db373c03b0e..a14f12bd7324 100644
--- a/lib/dns/name.c
+++ b/lib/dns/name.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -29,6 +29,7 @@
#include <isc/mem.h>
#include <isc/once.h>
#include <isc/print.h>
+#include <isc/random.h>
#include <isc/string.h>
#include <isc/thread.h>
#include <isc/util.h>
@@ -438,42 +439,10 @@ dns_name_internalwildcard(const dns_name_t *name) {
return (ISC_FALSE);
}
-static inline unsigned int
-name_hash(dns_name_t *name, isc_boolean_t case_sensitive) {
- unsigned int length;
- const unsigned char *s;
- unsigned int h = 0;
- unsigned char c;
-
- length = name->length;
- if (length > 16)
- length = 16;
-
- /*
- * This hash function is similar to the one Ousterhout
- * uses in Tcl.
- */
- s = name->ndata;
- if (case_sensitive) {
- while (length > 0) {
- h += ( h << 3 ) + *s;
- s++;
- length--;
- }
- } else {
- while (length > 0) {
- c = maptolower[*s];
- h += ( h << 3 ) + c;
- s++;
- length--;
- }
- }
-
- return (h);
-}
-
unsigned int
dns_name_hash(dns_name_t *name, isc_boolean_t case_sensitive) {
+ unsigned int length;
+
/*
* Provide a hash value for 'name'.
*/
@@ -482,7 +451,12 @@ dns_name_hash(dns_name_t *name, isc_boolean_t case_sensitive) {
if (name->labels == 0)
return (0);
- return (name_hash(name, case_sensitive));
+ length = name->length;
+ if (length > 16)
+ length = 16;
+
+ return (isc_hash_function_reverse(name->ndata, length,
+ case_sensitive, NULL));
}
unsigned int
@@ -495,19 +469,17 @@ dns_name_fullhash(dns_name_t *name, isc_boolean_t case_sensitive) {
if (name->labels == 0)
return (0);
- return (isc_hash_calc((const unsigned char *)name->ndata,
- name->length, case_sensitive));
+ return (isc_hash_function_reverse(name->ndata, name->length,
+ case_sensitive, NULL));
}
unsigned int
dns_fullname_hash(dns_name_t *name, isc_boolean_t case_sensitive) {
/*
* This function was deprecated due to the breakage of the name space
- * convention. We only keep this internally to provide binary backward
+ * convention. We only keep this internally to provide binary backward
* compatibility.
*/
- REQUIRE(VALID_NAME(name));
-
return (dns_name_fullhash(name, case_sensitive));
}
@@ -527,7 +499,8 @@ dns_name_hashbylabel(dns_name_t *name, isc_boolean_t case_sensitive) {
if (name->labels == 0)
return (0);
else if (name->labels == 1)
- return (name_hash(name, case_sensitive));
+ return (isc_hash_function_reverse(name->ndata, name->length,
+ case_sensitive, NULL));
SETUP_OFFSETS(name, offsets, odata);
DNS_NAME_INIT(&tname, NULL);
@@ -539,7 +512,8 @@ dns_name_hashbylabel(dns_name_t *name, isc_boolean_t case_sensitive) {
tname.length = name->length - offsets[i];
else
tname.length = offsets[i + 1] - offsets[i];
- h += name_hash(&tname, case_sensitive);
+ h += isc_hash_function_reverse(tname.ndata, tname.length,
+ case_sensitive, NULL);
}
return (h);
@@ -577,7 +551,7 @@ dns_name_fullcompare(const dns_name_t *name1, const dns_name_t *name2,
REQUIRE((name1->attributes & DNS_NAMEATTR_ABSOLUTE) ==
(name2->attributes & DNS_NAMEATTR_ABSOLUTE));
- if (name1 == name2) {
+ if (ISC_UNLIKELY(name1 == name2)) {
*orderp = 0;
*nlabelsp = name1->labels;
return (dns_namereln_equal);
@@ -597,12 +571,15 @@ dns_name_fullcompare(const dns_name_t *name1, const dns_name_t *name2,
ldiff = l1 - l2;
}
- while (l > 0) {
+ offsets1 += l1;
+ offsets2 += l2;
+
+ while (ISC_LIKELY(l > 0)) {
l--;
- l1--;
- l2--;
- label1 = &name1->ndata[offsets1[l1]];
- label2 = &name2->ndata[offsets2[l2]];
+ offsets1--;
+ offsets2--;
+ label1 = &name1->ndata[*offsets1];
+ label2 = &name2->ndata[*offsets2];
count1 = *label1++;
count2 = *label2++;
@@ -618,16 +595,43 @@ dns_name_fullcompare(const dns_name_t *name1, const dns_name_t *name2,
else
count = count2;
- while (count > 0) {
- chdiff = (int)maptolower[*label1] -
- (int)maptolower[*label2];
+ /* Loop unrolled for performance */
+ while (ISC_LIKELY(count > 3)) {
+ chdiff = (int)maptolower[label1[0]] -
+ (int)maptolower[label2[0]];
+ if (chdiff != 0) {
+ *orderp = chdiff;
+ goto done;
+ }
+ chdiff = (int)maptolower[label1[1]] -
+ (int)maptolower[label2[1]];
+ if (chdiff != 0) {
+ *orderp = chdiff;
+ goto done;
+ }
+ chdiff = (int)maptolower[label1[2]] -
+ (int)maptolower[label2[2]];
+ if (chdiff != 0) {
+ *orderp = chdiff;
+ goto done;
+ }
+ chdiff = (int)maptolower[label1[3]] -
+ (int)maptolower[label2[3]];
+ if (chdiff != 0) {
+ *orderp = chdiff;
+ goto done;
+ }
+ count -= 4;
+ label1 += 4;
+ label2 += 4;
+ }
+ while (ISC_LIKELY(count-- > 0)) {
+ chdiff = (int)maptolower[*label1++] -
+ (int)maptolower[*label2++];
if (chdiff != 0) {
*orderp = chdiff;
goto done;
}
- count--;
- label1++;
- label2++;
}
if (cdiff != 0) {
*orderp = cdiff;
@@ -643,11 +647,12 @@ dns_name_fullcompare(const dns_name_t *name1, const dns_name_t *name2,
namereln = dns_namereln_subdomain;
else
namereln = dns_namereln_equal;
+ *nlabelsp = nlabels;
+ return (namereln);
done:
*nlabelsp = nlabels;
-
- if (nlabels > 0 && namereln == dns_namereln_none)
+ if (nlabels > 0)
namereln = dns_namereln_commonancestor;
return (namereln);
@@ -696,7 +701,7 @@ dns_name_equal(const dns_name_t *name1, const dns_name_t *name2) {
REQUIRE((name1->attributes & DNS_NAMEATTR_ABSOLUTE) ==
(name2->attributes & DNS_NAMEATTR_ABSOLUTE));
- if (name1 == name2)
+ if (ISC_UNLIKELY(name1 == name2))
return (ISC_TRUE);
if (name1->length != name2->length)
@@ -709,16 +714,32 @@ dns_name_equal(const dns_name_t *name1, const dns_name_t *name2) {
label1 = name1->ndata;
label2 = name2->ndata;
- while (l > 0) {
- l--;
+ while (ISC_LIKELY(l-- > 0)) {
count = *label1++;
if (count != *label2++)
return (ISC_FALSE);
INSIST(count <= 63); /* no bitstring support */
- while (count > 0) {
- count--;
+ /* Loop unrolled for performance */
+ while (ISC_LIKELY(count > 3)) {
+ c = maptolower[label1[0]];
+ if (c != maptolower[label2[0]])
+ return (ISC_FALSE);
+ c = maptolower[label1[1]];
+ if (c != maptolower[label2[1]])
+ return (ISC_FALSE);
+ c = maptolower[label1[2]];
+ if (c != maptolower[label2[2]])
+ return (ISC_FALSE);
+ c = maptolower[label1[3]];
+ if (c != maptolower[label2[3]])
+ return (ISC_FALSE);
+ count -= 4;
+ label1 += 4;
+ label2 += 4;
+ }
+ while (ISC_LIKELY(count-- > 0)) {
c = maptolower[*label1++];
if (c != maptolower[*label2++])
return (ISC_FALSE);
@@ -2574,3 +2595,87 @@ dns_name_isdnssd(const dns_name_t *name) {
return (ISC_FALSE);
}
+
+#define NS_NAME_INIT(A,B) \
+ { \
+ DNS_NAME_MAGIC, \
+ A, sizeof(A), sizeof(B), \
+ DNS_NAMEATTR_READONLY | DNS_NAMEATTR_ABSOLUTE, \
+ B, NULL, { (void *)-1, (void *)-1}, \
+ {NULL, NULL} \
+ }
+
+static unsigned char inaddr10_offsets[] = { 0, 3, 11, 16 };
+static unsigned char inaddr172_offsets[] = { 0, 3, 7, 15, 20 };
+static unsigned char inaddr192_offsets[] = { 0, 4, 8, 16, 21 };
+
+static unsigned char inaddr10[] = "\00210\007IN-ADDR\004ARPA";
+
+static unsigned char inaddr16172[] = "\00216\003172\007IN-ADDR\004ARPA";
+static unsigned char inaddr17172[] = "\00217\003172\007IN-ADDR\004ARPA";
+static unsigned char inaddr18172[] = "\00218\003172\007IN-ADDR\004ARPA";
+static unsigned char inaddr19172[] = "\00219\003172\007IN-ADDR\004ARPA";
+static unsigned char inaddr20172[] = "\00220\003172\007IN-ADDR\004ARPA";
+static unsigned char inaddr21172[] = "\00221\003172\007IN-ADDR\004ARPA";
+static unsigned char inaddr22172[] = "\00222\003172\007IN-ADDR\004ARPA";
+static unsigned char inaddr23172[] = "\00223\003172\007IN-ADDR\004ARPA";
+static unsigned char inaddr24172[] = "\00224\003172\007IN-ADDR\004ARPA";
+static unsigned char inaddr25172[] = "\00225\003172\007IN-ADDR\004ARPA";
+static unsigned char inaddr26172[] = "\00226\003172\007IN-ADDR\004ARPA";
+static unsigned char inaddr27172[] = "\00227\003172\007IN-ADDR\004ARPA";
+static unsigned char inaddr28172[] = "\00228\003172\007IN-ADDR\004ARPA";
+static unsigned char inaddr29172[] = "\00229\003172\007IN-ADDR\004ARPA";
+static unsigned char inaddr30172[] = "\00230\003172\007IN-ADDR\004ARPA";
+static unsigned char inaddr31172[] = "\00231\003172\007IN-ADDR\004ARPA";
+
+static unsigned char inaddr168192[] = "\003168\003192\007IN-ADDR\004ARPA";
+
+static dns_name_t const rfc1918names[] = {
+ NS_NAME_INIT(inaddr10, inaddr10_offsets),
+ NS_NAME_INIT(inaddr16172, inaddr172_offsets),
+ NS_NAME_INIT(inaddr17172, inaddr172_offsets),
+ NS_NAME_INIT(inaddr18172, inaddr172_offsets),
+ NS_NAME_INIT(inaddr19172, inaddr172_offsets),
+ NS_NAME_INIT(inaddr20172, inaddr172_offsets),
+ NS_NAME_INIT(inaddr21172, inaddr172_offsets),
+ NS_NAME_INIT(inaddr22172, inaddr172_offsets),
+ NS_NAME_INIT(inaddr23172, inaddr172_offsets),
+ NS_NAME_INIT(inaddr24172, inaddr172_offsets),
+ NS_NAME_INIT(inaddr25172, inaddr172_offsets),
+ NS_NAME_INIT(inaddr26172, inaddr172_offsets),
+ NS_NAME_INIT(inaddr27172, inaddr172_offsets),
+ NS_NAME_INIT(inaddr28172, inaddr172_offsets),
+ NS_NAME_INIT(inaddr29172, inaddr172_offsets),
+ NS_NAME_INIT(inaddr30172, inaddr172_offsets),
+ NS_NAME_INIT(inaddr31172, inaddr172_offsets),
+ NS_NAME_INIT(inaddr168192, inaddr192_offsets)
+};
+
+isc_boolean_t
+dns_name_isrfc1918(const dns_name_t *name) {
+ size_t i;
+
+ for (i = 0; i < (sizeof(rfc1918names)/sizeof(*rfc1918names)); i++)
+ if (dns_name_issubdomain(name, &rfc1918names[i]))
+ return (ISC_TRUE);
+ return (ISC_FALSE);
+}
+
+static unsigned char ulaoffsets[] = { 0, 2, 4, 8, 13 };
+static unsigned char ip6fc[] = "\001c\001f\003ip6\004ARPA";
+static unsigned char ip6fd[] = "\001d\001f\003ip6\004ARPA";
+
+static dns_name_t const ulanames[] = {
+ NS_NAME_INIT(ip6fc, ulaoffsets),
+ NS_NAME_INIT(ip6fd, ulaoffsets),
+};
+
+isc_boolean_t
+dns_name_isula(const dns_name_t *name) {
+ size_t i;
+
+ for (i = 0; i < (sizeof(ulanames)/sizeof(*ulanames)); i++)
+ if (dns_name_issubdomain(name, &ulanames[i]))
+ return (ISC_TRUE);
+ return (ISC_FALSE);
+}
diff --git a/lib/dns/nsec3.c b/lib/dns/nsec3.c
index 74ab9ddf6497..3d47217113d5 100644
--- a/lib/dns/nsec3.c
+++ b/lib/dns/nsec3.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006, 2008-2015 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2006, 2008-2016 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -1342,7 +1342,7 @@ dns_nsec3_delnsec3(dns_db_t *db, dns_dbversion_t *version, dns_name_t *name,
CHECK(dns_db_createiterator(db, DNS_DB_NSEC3ONLY, &dbit));
result = dns_dbiterator_seek(dbit, hashname);
- if (result == ISC_R_NOTFOUND)
+ if (result == ISC_R_NOTFOUND || result == DNS_R_PARTIALMATCH)
goto success;
if (result != ISC_R_SUCCESS)
goto failure;
@@ -1447,7 +1447,7 @@ dns_nsec3_delnsec3(dns_db_t *db, dns_dbversion_t *version, dns_name_t *name,
&empty, origin, hash, iterations,
salt, salt_length));
result = dns_dbiterator_seek(dbit, hashname);
- if (result == ISC_R_NOTFOUND)
+ if (result == ISC_R_NOTFOUND || result == DNS_R_PARTIALMATCH)
goto success;
if (result != ISC_R_SUCCESS)
goto failure;
diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c
index 8683bee4d60e..1cb46172c862 100644
--- a/lib/dns/openssl_link.c
+++ b/lib/dns/openssl_link.c
@@ -1,5 +1,5 @@
/*
- * Portions Copyright (C) 2004-2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2004-2012, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -88,7 +88,7 @@ entropy_getpseudo(unsigned char *buf, int num) {
return (result == ISC_R_SUCCESS ? 1 : -1);
}
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
static void
entropy_add(const void *buf, int num, double entropy) {
/*
@@ -121,7 +121,7 @@ lock_callback(int mode, int type, const char *file, int line) {
UNLOCK(&locks[type]);
}
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
static unsigned long
id_callback(void) {
return ((unsigned long)isc_thread_self());
@@ -187,7 +187,7 @@ dst__openssl_init(const char *engine) {
if (result != ISC_R_SUCCESS)
goto cleanup_mutexalloc;
CRYPTO_set_locking_callback(lock_callback);
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
CRYPTO_set_id_callback(id_callback);
#endif
@@ -206,7 +206,20 @@ dst__openssl_init(const char *engine) {
rm->status = entropy_status;
#ifdef USE_ENGINE
+#if !defined(CONF_MFLAGS_DEFAULT_SECTION)
OPENSSL_config(NULL);
+#else
+ /*
+ * OPENSSL_config() can only be called a single time as of
+ * 1.0.2e so do the steps individually.
+ */
+ OPENSSL_load_builtin_modules();
+ ENGINE_load_builtin_engines();
+ ERR_clear_error();
+ CONF_modules_load_file(NULL, NULL,
+ CONF_MFLAGS_DEFAULT_SECTION |
+ CONF_MFLAGS_IGNORE_MISSING_FILE);
+#endif
if (engine != NULL && *engine == '\0')
engine = NULL;
@@ -287,7 +300,7 @@ dst__openssl_destroy(void) {
CRYPTO_cleanup_all_ex_data();
#endif
ERR_clear_error();
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
ERR_remove_state(0);
#endif
ERR_free_strings();
diff --git a/lib/dns/openssldh_link.c b/lib/dns/openssldh_link.c
index 4d77c5bf164f..44114b8066f6 100644
--- a/lib/dns/openssldh_link.c
+++ b/lib/dns/openssldh_link.c
@@ -173,7 +173,7 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
DH *dh = NULL;
#if OPENSSL_VERSION_NUMBER > 0x00908000L
BN_GENCB *cb;
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
BN_GENCB _cb;
#endif
union {
@@ -210,7 +210,7 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
if (dh == NULL)
return (dst__openssl_toresult(ISC_R_NOMEMORY));
cb = BN_GENCB_new();
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
if (cb == NULL) {
DH_free(dh);
return (dst__openssl_toresult(ISC_R_NOMEMORY));
@@ -617,7 +617,7 @@ BN_fromhex(BIGNUM *b, const char *str) {
RUNTIME_CHECK(strlen(str) < 1024U && strlen(str) % 2 == 0U);
for (i = 0; i < strlen(str); i += 2) {
- char *s;
+ const char *s;
unsigned int high, low;
s = strchr(hexdigits, tolower((unsigned char)str[i]));
diff --git a/lib/dns/openssldsa_link.c b/lib/dns/openssldsa_link.c
index 34348f07767f..81a09cf2f344 100644
--- a/lib/dns/openssldsa_link.c
+++ b/lib/dns/openssldsa_link.c
@@ -78,6 +78,8 @@ openssldsa_createctx(dst_key_t *key, dst_context_t *dctx) {
UNUSED(key);
sha1ctx = isc_mem_get(dctx->mctx, sizeof(isc_sha1_t));
+ if (sha1ctx == NULL)
+ return (ISC_R_NOMEMORY);
isc_sha1_init(sha1ctx);
dctx->ctxdata.sha1ctx = sha1ctx;
return (ISC_R_SUCCESS);
@@ -359,7 +361,7 @@ openssldsa_generate(dst_key_t *key, int unused, void (*callback)(int)) {
isc_result_t result;
#if OPENSSL_VERSION_NUMBER > 0x00908000L
BN_GENCB *cb;
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
BN_GENCB _cb;
#endif
union {
@@ -383,7 +385,7 @@ openssldsa_generate(dst_key_t *key, int unused, void (*callback)(int)) {
if (dsa == NULL)
return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
cb = BN_GENCB_new();
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
if (cb == NULL) {
DSA_free(dsa);
return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c
index f78732d6dc3f..03ea1bd6eb17 100644
--- a/lib/dns/opensslrsa_link.c
+++ b/lib/dns/opensslrsa_link.c
@@ -774,7 +774,7 @@ opensslrsa_generate(dst_key_t *key, int exp, void (*callback)(int)) {
} u;
RSA *rsa = RSA_new();
BIGNUM *e = BN_new();
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
BN_GENCB _cb;
#endif
BN_GENCB *cb = BN_GENCB_new();
@@ -1393,8 +1393,7 @@ opensslrsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
UNUSED(pin);
if (engine == NULL) {
- colon = strchr(label, ':');
- if (colon == NULL)
+ if (strchr(label, ':') == NULL)
DST_RET(DST_R_NOENGINE);
tmpengine = isc_mem_strdup(key->mctx, label);
if (tmpengine == NULL)
diff --git a/lib/dns/rbt.c b/lib/dns/rbt.c
index 74aad1b3553f..cf8cd91ca18c 100644
--- a/lib/dns/rbt.c
+++ b/lib/dns/rbt.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007-2009, 2011-2015 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007-2009, 2011-2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -58,14 +58,14 @@
#endif
struct dns_rbt {
- unsigned int magic;
- isc_mem_t * mctx;
- dns_rbtnode_t * root;
- void (*data_deleter)(void *, void *);
- void * deleter_arg;
- unsigned int nodecount;
- unsigned int hashsize;
- dns_rbtnode_t ** hashtable;
+ unsigned int magic;
+ isc_mem_t * mctx;
+ dns_rbtnode_t * root;
+ void (*data_deleter)(void *, void *);
+ void * deleter_arg;
+ unsigned int nodecount;
+ unsigned int hashsize;
+ dns_rbtnode_t ** hashtable;
};
#define RED 0
@@ -78,6 +78,9 @@ struct dns_rbt {
#define LEFT(node) ((node)->left)
#define RIGHT(node) ((node)->right)
#define DOWN(node) ((node)->down)
+#ifdef DNS_RBT_USEHASH
+#define UPPERNODE(node) ((node)->uppernode)
+#endif /* DNS_RBT_USEHASH */
#define DATA(node) ((node)->data)
#define HASHNEXT(node) ((node)->hashnext)
#define HASHVAL(node) ((node)->hashval)
@@ -174,25 +177,45 @@ Name(dns_rbtnode_t *node) {
return (name);
}
+#endif /* DEBUG */
-static void dns_rbt_printnodename(dns_rbtnode_t *node);
-#endif
+#ifdef DNS_RBT_USEHASH
+
+/*
+ * Upper node is the parent of the root of the passed node's
+ * subtree. The passed node must not be NULL.
+ */
+static inline dns_rbtnode_t *
+get_upper_node(dns_rbtnode_t *node) {
+ return (UPPERNODE(node));
+}
+
+#else
+
+/* The passed node must not be NULL. */
+static inline dns_rbtnode_t *
+get_subtree_root(dns_rbtnode_t *node) {
+ while (!IS_ROOT(node)) {
+ node = PARENT(node);
+ }
+
+ return (node);
+}
+/* Upper node is the parent of the root of the passed node's
+ * subtree. The passed node must not be NULL.
+ */
static inline dns_rbtnode_t *
-find_up(dns_rbtnode_t *node) {
+get_upper_node(dns_rbtnode_t *node) {
dns_rbtnode_t *root;
- /*
- * Return the node in the level above the argument node that points
- * to the level the argument node is in. If the argument node is in
- * the top level, the return value is NULL.
- */
- for (root = node; ! IS_ROOT(root); root = PARENT(root))
- ; /* Nothing. */
+ root = get_subtree_root(node);
return (PARENT(root));
}
+#endif /* DNS_RBT_USEHASH */
+
/*
* Forward declarations.
*/
@@ -219,14 +242,14 @@ dns_rbt_addonlevel(dns_rbtnode_t *node, dns_rbtnode_t *current, int order,
dns_rbtnode_t **rootp);
static void
-dns_rbt_deletefromlevel(dns_rbtnode_t *delete, dns_rbtnode_t **rootp);
+deletefromlevel(dns_rbtnode_t *delete, dns_rbtnode_t **rootp);
-static isc_result_t
-dns_rbt_deletetree(dns_rbt_t *rbt, dns_rbtnode_t *node);
+static void
+deletetreeflat(dns_rbt_t *rbt, unsigned int quantum, isc_boolean_t unhash,
+ dns_rbtnode_t **nodep);
static void
-dns_rbt_deletetreeflat(dns_rbt_t *rbt, unsigned int quantum,
- dns_rbtnode_t **nodep);
+freenode(dns_rbt_t *rbt, dns_rbtnode_t **nodep);
/*
* Initialize a red/black tree of trees.
@@ -289,7 +312,7 @@ dns_rbt_destroy2(dns_rbt_t **rbtp, unsigned int quantum) {
rbt = *rbtp;
- dns_rbt_deletetreeflat(rbt, quantum, &rbt->root);
+ deletetreeflat(rbt, quantum, ISC_FALSE, &rbt->root);
if (rbt->root != NULL)
return (ISC_R_QUOTA);
@@ -377,7 +400,7 @@ dns_rbt_addnode(dns_rbt_t *rbt, dns_name_t *name, dns_rbtnode_t **nodep) {
dns_offsets_t current_offsets;
dns_namereln_t compared;
isc_result_t result = ISC_R_SUCCESS;
- dns_rbtnodechain_t chain;
+ unsigned int level_count;
unsigned int common_labels;
unsigned int nlabels, hlabels;
int order;
@@ -387,6 +410,37 @@ dns_rbt_addnode(dns_rbt_t *rbt, dns_name_t *name, dns_rbtnode_t **nodep) {
REQUIRE(nodep != NULL && *nodep == NULL);
/*
+ * Dear future BIND developer,
+ *
+ * After you have tried attempting to optimize this routine by
+ * using the hashtable and have realized your folly, please
+ * append another cross ("X") below as a warning to the next
+ * future BIND developer:
+ *
+ * Number of victim developers: X
+ *
+ * I wish the past developer had included such a notice.
+ *
+ * Long form: Unlike dns_rbt_findnode(), this function does not
+ * lend itself to be optimized using the hashtable:
+ *
+ * 1. In the subtree where the insertion occurs, this function
+ * needs to have the insertion point and the order where the
+ * lookup terminated (i.e., at the insertion point where left or
+ * right child is NULL). This cannot be determined from the
+ * hashtable, so at least in that subtree, a BST O(log N) lookup
+ * is necessary.
+ *
+ * 2. Our RBT nodes contain not only single labels but label
+ * sequences to optimize space usage. So at every level, we have
+ * to look for a match in the hashtable for all superdomains in
+ * the rest of the name we're searching. This is an O(N)
+ * operation at least, here N being the label size of name, each
+ * of which is a hashtable lookup involving dns_name_equal()
+ * comparisons.
+ */
+
+ /*
* Create a copy of the name so the original name structure is
* not modified.
*/
@@ -394,11 +448,14 @@ dns_rbt_addnode(dns_rbt_t *rbt, dns_name_t *name, dns_rbtnode_t **nodep) {
add_name = dns_fixedname_name(&fixedcopy);
dns_name_clone(name, add_name);
- if (rbt->root == NULL) {
+ if (ISC_UNLIKELY(rbt->root == NULL)) {
result = create_node(rbt->mctx, add_name, &new_current);
if (result == ISC_R_SUCCESS) {
rbt->nodecount++;
new_current->is_root = 1;
+#ifdef DNS_RBT_USEHASH
+ UPPERNODE(new_current) = NULL;
+#endif /* DNS_RBT_USEHASH */
rbt->root = new_current;
*nodep = new_current;
hash_node(rbt, new_current, name);
@@ -406,7 +463,7 @@ dns_rbt_addnode(dns_rbt_t *rbt, dns_name_t *name, dns_rbtnode_t **nodep) {
return (result);
}
- dns_rbtnodechain_init(&chain, rbt->mctx);
+ level_count = 0;
dns_fixedname_init(&fixedprefix);
dns_fixedname_init(&fixedsuffix);
@@ -485,8 +542,9 @@ dns_rbt_addnode(dns_rbt_t *rbt, dns_name_t *name, dns_rbtnode_t **nodep) {
parent = NULL;
child = DOWN(current);
- ADD_LEVEL(&chain, current);
+ INSIST(level_count < DNS_RBT_LEVELBLOCK);
+ level_count++;
} else {
/*
* The number of labels in common is fewer
@@ -513,9 +571,7 @@ dns_rbt_addnode(dns_rbt_t *rbt, dns_name_t *name, dns_rbtnode_t **nodep) {
* a simple integer variable, but I am pressed
* for time.
*/
- if (chain.level_count ==
- (sizeof(chain.levels) /
- sizeof(*chain.levels))) {
+ if (level_count >= DNS_RBT_LEVELBLOCK) {
result = ISC_R_NOSPACE;
break;
}
@@ -578,8 +634,13 @@ dns_rbt_addnode(dns_rbt_t *rbt, dns_name_t *name, dns_rbtnode_t **nodep) {
PARENT(current) = new_current;
DOWN(new_current) = current;
root = &DOWN(new_current);
+#ifdef DNS_RBT_USEHASH
+ UPPERNODE(new_current) = UPPERNODE(current);
+ UPPERNODE(current) = new_current;
+#endif /* DNS_RBT_USEHASH */
- ADD_LEVEL(&chain, new_current);
+ INSIST(level_count < DNS_RBT_LEVELBLOCK);
+ level_count++;
LEFT(current) = NULL;
RIGHT(current) = NULL;
@@ -629,12 +690,18 @@ dns_rbt_addnode(dns_rbt_t *rbt, dns_name_t *name, dns_rbtnode_t **nodep) {
}
- } while (child != NULL);
+ } while (ISC_LIKELY(child != NULL));
- if (result == ISC_R_SUCCESS)
+ if (ISC_LIKELY(result == ISC_R_SUCCESS))
result = create_node(rbt->mctx, add_name, &new_current);
- if (result == ISC_R_SUCCESS) {
+ if (ISC_LIKELY(result == ISC_R_SUCCESS)) {
+#ifdef DNS_RBT_USEHASH
+ if (*root == NULL)
+ UPPERNODE(new_current) = current;
+ else
+ UPPERNODE(new_current) = PARENT(*root);
+#endif /* DNS_RBT_USEHASH */
dns_rbt_addonlevel(new_current, current, order, root);
rbt->nodecount++;
*nodep = new_current;
@@ -683,7 +750,7 @@ dns_rbt_findnode(dns_rbt_t *rbt, dns_name_t *name, dns_name_t *foundname,
unsigned int options, dns_rbtfindcallback_t callback,
void *callback_arg)
{
- dns_rbtnode_t *current, *last_compared, *current_root;
+ dns_rbtnode_t *current, *last_compared;
dns_rbtnodechain_t localchain;
dns_name_t *search_name, current_name, *callback_name;
dns_fixedname_t fixedcallbackname, fixedsearchname;
@@ -711,7 +778,7 @@ dns_rbt_findnode(dns_rbt_t *rbt, dns_name_t *name, dns_name_t *foundname,
} else
dns_rbtnodechain_reset(chain);
- if (rbt->root == NULL)
+ if (ISC_UNLIKELY(rbt->root == NULL))
return (ISC_R_NOTFOUND);
else {
/*
@@ -741,9 +808,8 @@ dns_rbt_findnode(dns_rbt_t *rbt, dns_name_t *name, dns_name_t *foundname,
saved_result = ISC_R_SUCCESS;
current = rbt->root;
- current_root = rbt->root;
- while (current != NULL) {
+ while (ISC_LIKELY(current != NULL)) {
NODENAME(current, &current_name);
compared = dns_name_fullcompare(search_name, &current_name,
&order, &common_labels);
@@ -762,28 +828,23 @@ dns_rbt_findnode(dns_rbt_t *rbt, dns_name_t *name, dns_name_t *foundname,
unsigned int hash;
/*
- * If there is no hash table, hashing can't be done.
- */
- if (rbt->hashtable == NULL)
- goto nohash;
-
- /*
- * The case of current != current_root, that
- * means a left or right pointer was followed,
- * only happens when the algorithm fell through to
- * the traditional binary search because of a
- * bitstring label. Since we dropped the bitstring
- * support, this should not happen.
+ * The case of current not being a subtree root,
+ * that means a left or right pointer was
+ * followed, only happens when the algorithm
+ * fell through to the traditional binary search
+ * because of a bitstring label. Since we
+ * dropped the bitstring support, this should
+ * not happen.
*/
- INSIST(current == current_root);
+ INSIST(IS_ROOT(current));
nlabels = dns_name_countlabels(search_name);
/*
- * current_root is the root of the current level, so
- * it's parent is the same as it's "up" pointer.
+ * current is the root of the current level, so
+ * its parent is the same as its "up" pointer.
*/
- up_current = PARENT(current_root);
+ up_current = PARENT(current);
dns_name_init(&hash_name, NULL);
hashagain:
@@ -805,13 +866,20 @@ dns_rbt_findnode(dns_rbt_t *rbt, dns_name_t *name, dns_name_t *foundname,
{
dns_name_t hnode_name;
- if (hash != HASHVAL(hnode))
+ if (ISC_LIKELY(hash != HASHVAL(hnode)))
continue;
- if (find_up(hnode) != up_current)
+ /*
+ * This checks that the hashed label
+ * sequence being looked up is at the
+ * same tree level, so that we don't
+ * match a labelsequence from some other
+ * subdomain.
+ */
+ if (ISC_LIKELY(get_upper_node(hnode) != up_current))
continue;
dns_name_init(&hnode_name, NULL);
NODENAME(hnode, &hnode_name);
- if (dns_name_equal(&hnode_name, &hash_name))
+ if (ISC_LIKELY(dns_name_equal(&hnode_name, &hash_name)))
break;
}
@@ -848,8 +916,8 @@ dns_rbt_findnode(dns_rbt_t *rbt, dns_name_t *name, dns_name_t *foundname,
current = NULL;
continue;
- nohash:
-#endif /* DNS_RBT_USEHASH */
+#else /* DNS_RBT_USEHASH */
+
/*
* Standard binary search tree movement.
*/
@@ -858,6 +926,8 @@ dns_rbt_findnode(dns_rbt_t *rbt, dns_name_t *name, dns_name_t *foundname,
else
current = RIGHT(current);
+#endif /* DNS_RBT_USEHASH */
+
} else {
/*
* The names have some common suffix labels.
@@ -930,8 +1000,6 @@ dns_rbt_findnode(dns_rbt_t *rbt, dns_name_t *name, dns_name_t *foundname,
* Finally, head to the next tree level.
*/
current = DOWN(current);
- current_root = current;
-
} else {
/*
* Though there are labels in common, the
@@ -1285,10 +1353,10 @@ dns_rbt_deletenode(dns_rbt_t *rbt, dns_rbtnode_t *node, isc_boolean_t recurse)
REQUIRE(DNS_RBTNODE_VALID(node));
if (DOWN(node) != NULL) {
- if (recurse)
- RUNTIME_CHECK(dns_rbt_deletetree(rbt, DOWN(node))
- == ISC_R_SUCCESS);
- else {
+ if (recurse) {
+ PARENT(DOWN(node)) = NULL;
+ deletetreeflat(rbt, 0, ISC_TRUE, &DOWN(node));
+ } else {
if (DATA(node) != NULL && rbt->data_deleter != NULL)
rbt->data_deleter(DATA(node), rbt->deleter_arg);
DATA(node) = NULL;
@@ -1300,25 +1368,24 @@ dns_rbt_deletenode(dns_rbt_t *rbt, dns_rbtnode_t *node, isc_boolean_t recurse)
* by itself on a single level, so join_nodes() could
* be used to collapse the tree (with all the caveats
* of the comment at the start of this function).
+ * But join_nodes() function has now been removed.
*/
return (ISC_R_SUCCESS);
}
}
/*
- * Note the node that points to the level of the node that is being
- * deleted. If the deleted node is the top level, parent will be set
- * to NULL.
+ * Note the node that points to the level of the node
+ * that is being deleted. If the deleted node is the
+ * top level, parent will be set to NULL.
*/
- parent = find_up(node);
+ parent = get_upper_node(node);
/*
- * This node now has no down pointer (either because it didn't
- * have one to start, or because it was recursively removed).
- * So now the node needs to be removed from this level.
+ * This node now has no down pointer, so now it needs
+ * to be removed from this level.
*/
- dns_rbt_deletefromlevel(node, parent == NULL ? &rbt->root :
- &DOWN(parent));
+ deletefromlevel(node, parent == NULL ? &rbt->root : &DOWN(parent));
if (DATA(node) != NULL && rbt->data_deleter != NULL)
rbt->data_deleter(DATA(node), rbt->deleter_arg);
@@ -1328,31 +1395,8 @@ dns_rbt_deletenode(dns_rbt_t *rbt, dns_rbtnode_t *node, isc_boolean_t recurse)
node->magic = 0;
#endif
dns_rbtnode_refdestroy(node);
- isc_mem_put(rbt->mctx, node, NODE_SIZE(node));
- rbt->nodecount--;
- /*
- * There are now two special cases that can exist that would
- * not have existed if the tree had been created using only
- * the names that now exist in it. (This is all related to
- * join_nodes() as described in this function's introductory comment.)
- * Both cases exist when the deleted node's parent (the node
- * that pointed to the deleted node's level) is not null but
- * it has no data: parent != NULL && DATA(parent) == NULL.
- *
- * The first case is that the deleted node was the last on its level:
- * DOWN(parent) == NULL. This case can only exist if the parent was
- * previously deleted -- and so now, apparently, the parent should go
- * away. That can't be done though because there might be external
- * references to it, such as through a nodechain.
- *
- * The other case also involves a parent with no data, but with the
- * deleted node being the next-to-last node instead of the last:
- * LEFT(DOWN(parent)) == NULL && RIGHT(DOWN(parent)) == NULL.
- * Presumably now the remaining node on the level should be joined
- * with the parent, but it's already been described why that can't be
- * done.
- */
+ freenode(rbt, &node);
/*
* This function never fails.
@@ -1391,7 +1435,7 @@ dns_rbt_fullnamefromnode(dns_rbtnode_t *node, dns_name_t *name) {
if (result != ISC_R_SUCCESS)
break;
- node = find_up(node);
+ node = get_upper_node(node);
} while (! dns_name_isabsolute(name));
return (result);
@@ -1511,7 +1555,7 @@ inithash(dns_rbt_t *rbt) {
unsigned int bytes;
rbt->hashsize = RBT_HASH_SIZE;
- bytes = rbt->hashsize * sizeof(dns_rbtnode_t *);
+ bytes = (unsigned int)rbt->hashsize * sizeof(dns_rbtnode_t *);
rbt->hashtable = isc_mem_get(rbt->mctx, bytes);
if (rbt->hashtable == NULL)
@@ -1527,10 +1571,11 @@ rehash(dns_rbt_t *rbt) {
unsigned int oldsize;
dns_rbtnode_t **oldtable;
dns_rbtnode_t *node;
+ dns_rbtnode_t *nextnode;
unsigned int hash;
unsigned int i;
- oldsize = rbt->hashsize;
+ oldsize = (unsigned int)rbt->hashsize;
oldtable = rbt->hashtable;
rbt->hashsize = rbt->hashsize * 2 + 1;
rbt->hashtable = isc_mem_get(rbt->mctx,
@@ -1541,19 +1586,15 @@ rehash(dns_rbt_t *rbt) {
return;
}
- INSIST(rbt->hashsize > 0);
-
for (i = 0; i < rbt->hashsize; i++)
rbt->hashtable[i] = NULL;
for (i = 0; i < oldsize; i++) {
- node = oldtable[i];
- while (node != NULL) {
+ for (node = oldtable[i]; node != NULL; node = nextnode) {
hash = HASHVAL(node) % rbt->hashsize;
- oldtable[i] = HASHNEXT(node);
+ nextnode = HASHNEXT(node);
HASHNEXT(node) = rbt->hashtable[hash];
rbt->hashtable[hash] = node;
- node = oldtable[i];
}
}
@@ -1578,19 +1619,17 @@ unhash_node(dns_rbt_t *rbt, dns_rbtnode_t *node) {
REQUIRE(DNS_RBTNODE_VALID(node));
- if (rbt->hashtable != NULL) {
- bucket = HASHVAL(node) % rbt->hashsize;
- bucket_node = rbt->hashtable[bucket];
+ bucket = HASHVAL(node) % rbt->hashsize;
+ bucket_node = rbt->hashtable[bucket];
- if (bucket_node == node)
- rbt->hashtable[bucket] = HASHNEXT(node);
- else {
- while (HASHNEXT(bucket_node) != node) {
- INSIST(HASHNEXT(bucket_node) != NULL);
- bucket_node = HASHNEXT(bucket_node);
- }
- HASHNEXT(bucket_node) = HASHNEXT(node);
+ if (bucket_node == node) {
+ rbt->hashtable[bucket] = HASHNEXT(node);
+ } else {
+ while (HASHNEXT(bucket_node) != node) {
+ INSIST(HASHNEXT(bucket_node) != NULL);
+ bucket_node = HASHNEXT(bucket_node);
}
+ HASHNEXT(bucket_node) = HASHNEXT(node);
}
}
#endif /* DNS_RBT_USEHASH */
@@ -1771,7 +1810,7 @@ dns_rbt_addonlevel(dns_rbtnode_t *node, dns_rbtnode_t *current, int order,
* true red/black tree on a single level.
*/
static void
-dns_rbt_deletefromlevel(dns_rbtnode_t *delete, dns_rbtnode_t **rootp) {
+deletefromlevel(dns_rbtnode_t *delete, dns_rbtnode_t **rootp) {
dns_rbtnode_t *child, *sibling, *parent;
dns_rbtnode_t *successor;
@@ -2004,117 +2043,66 @@ dns_rbt_deletefromlevel(dns_rbtnode_t *delete, dns_rbtnode_t **rootp) {
}
}
-/*
- * This should only be used on the root of a tree, because no color fixup
- * is done at all.
- *
- * NOTE: No root pointer maintenance is done, because the function is only
- * used for two cases:
- * + deleting everything DOWN from a node that is itself being deleted, and
- * + deleting the entire tree of trees from dns_rbt_destroy.
- * In each case, the root pointer is no longer relevant, so there
- * is no need for a root parameter to this function.
- *
- * If the function is ever intended to be used to delete something where
- * a pointer needs to be told that this tree no longer exists,
- * this function would need to adjusted accordingly.
- */
-static isc_result_t
-dns_rbt_deletetree(dns_rbt_t *rbt, dns_rbtnode_t *node) {
- isc_result_t result = ISC_R_SUCCESS;
- REQUIRE(VALID_RBT(rbt));
-
- if (node == NULL)
- return (result);
-
- if (LEFT(node) != NULL) {
- result = dns_rbt_deletetree(rbt, LEFT(node));
- if (result != ISC_R_SUCCESS)
- goto done;
- LEFT(node) = NULL;
- }
- if (RIGHT(node) != NULL) {
- result = dns_rbt_deletetree(rbt, RIGHT(node));
- if (result != ISC_R_SUCCESS)
- goto done;
- RIGHT(node) = NULL;
- }
- if (DOWN(node) != NULL) {
- result = dns_rbt_deletetree(rbt, DOWN(node));
- if (result != ISC_R_SUCCESS)
- goto done;
- DOWN(node) = NULL;
- }
- done:
- if (result != ISC_R_SUCCESS)
- return (result);
-
- if (DATA(node) != NULL && rbt->data_deleter != NULL)
- rbt->data_deleter(DATA(node), rbt->deleter_arg);
-
- unhash_node(rbt, node);
-#if DNS_RBT_USEMAGIC
- node->magic = 0;
-#endif
+static void
+freenode(dns_rbt_t *rbt, dns_rbtnode_t **nodep) {
+ dns_rbtnode_t *node = *nodep;
isc_mem_put(rbt->mctx, node, NODE_SIZE(node));
+ *nodep = NULL;
+
rbt->nodecount--;
- return (result);
}
static void
-dns_rbt_deletetreeflat(dns_rbt_t *rbt, unsigned int quantum,
- dns_rbtnode_t **nodep)
+deletetreeflat(dns_rbt_t *rbt, unsigned int quantum, isc_boolean_t unhash,
+ dns_rbtnode_t **nodep)
{
- dns_rbtnode_t *parent;
- dns_rbtnode_t *node = *nodep;
- REQUIRE(VALID_RBT(rbt));
-
- again:
- if (node == NULL) {
- *nodep = NULL;
- return;
- }
-
- traverse:
- if (LEFT(node) != NULL) {
- node = LEFT(node);
- goto traverse;
- }
- if (DOWN(node) != NULL) {
- node = DOWN(node);
- goto traverse;
- }
+ dns_rbtnode_t *root = *nodep;
- if (DATA(node) != NULL && rbt->data_deleter != NULL)
- rbt->data_deleter(DATA(node), rbt->deleter_arg);
+ while (root != NULL) {
+ /*
+ * If there is a left, right or down node, walk into it
+ * and iterate.
+ */
+ if (LEFT(root) != NULL) {
+ dns_rbtnode_t *node = root;
+ root = LEFT(root);
+ LEFT(node) = NULL;
+ } else if (RIGHT(root) != NULL) {
+ dns_rbtnode_t *node = root;
+ root = RIGHT(root);
+ RIGHT(node) = NULL;
+ } else if (DOWN(root) != NULL) {
+ dns_rbtnode_t *node = root;
+ root = DOWN(root);
+ DOWN(node) = NULL;
+ } else {
+ /*
+ * There are no left, right or down nodes, so we
+ * can free this one and go back to its parent.
+ */
+ dns_rbtnode_t *node = root;
+ root = PARENT(root);
- /*
- * Note: we don't call unhash_node() here as we are destroying
- * the complete rbt tree.
- */
+ if (DATA(node) != NULL && rbt->data_deleter != NULL)
+ rbt->data_deleter(DATA(node),
+ rbt->deleter_arg);
+ if (unhash)
+ unhash_node(rbt, node);
+ /*
+ * Note: we don't call unhash_node() here as we
+ * are destroying the complete RBT tree.
+ */
#if DNS_RBT_USEMAGIC
- node->magic = 0;
+ node->magic = 0;
#endif
- parent = PARENT(node);
- if (RIGHT(node) != NULL)
- PARENT(RIGHT(node)) = parent;
- if (parent != NULL) {
- if (LEFT(parent) == node)
- LEFT(parent) = RIGHT(node);
- else if (DOWN(parent) == node)
- DOWN(parent) = RIGHT(node);
- } else
- parent = RIGHT(node);
-
- isc_mem_put(rbt->mctx, node, NODE_SIZE(node));
- rbt->nodecount--;
- node = parent;
- if (quantum != 0 && --quantum == 0) {
- *nodep = node;
- return;
+ freenode(rbt, &node);
+ if (quantum != 0 && --quantum == 0)
+ break;
+ }
}
- goto again;
+
+ *nodep = root;
}
static void
diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
index a0fa148cf545..82499d85c0ee 100644
--- a/lib/dns/rbtdb.c
+++ b/lib/dns/rbtdb.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -401,6 +401,9 @@ typedef ISC_LIST(dns_rbtnode_t) rbtnodelist_t;
#define RDATASET_ATTR_STATCOUNT 0x0040
#define RDATASET_ATTR_OPTOUT 0x0080
#define RDATASET_ATTR_NEGATIVE 0x0100
+#define RDATASET_ATTR_PREFETCH 0x0200
+#define RDATASET_ATTR_CASESET 0x0400
+#define RDATASET_ATTR_ZEROTTL 0x0800
typedef struct acache_cbarg {
dns_rdatasetadditional_t type;
@@ -441,6 +444,16 @@ struct acachectl {
(((header)->attributes & RDATASET_ATTR_OPTOUT) != 0)
#define NEGATIVE(header) \
(((header)->attributes & RDATASET_ATTR_NEGATIVE) != 0)
+#define PREFETCH(header) \
+ (((header)->attributes & RDATASET_ATTR_PREFETCH) != 0)
+#define CASESET(header) \
+ (((header)->attributes & RDATASET_ATTR_CASESET) != 0)
+#define ZEROTTL(header) \
+ (((header)->attributes & RDATASET_ATTR_ZEROTTL) != 0)
+
+#define ACTIVE(header, now) \
+ (((header)->rdh_ttl > (now)) || \
+ ((header)->rdh_ttl == (now) && ZEROTTL(header)))
#define DEFAULT_NODE_LOCK_COUNT 7 /*%< Should be prime. */
@@ -1637,6 +1650,19 @@ delete_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node)
INSIST(!ISC_LINK_LINKED(node, deadlink));
+ if (isc_log_wouldlog(dns_lctx, ISC_LOG_DEBUG(1))) {
+ char printname[DNS_NAME_FORMATSIZE];
+ isc_log_write(dns_lctx,
+ DNS_LOGCATEGORY_DATABASE,
+ DNS_LOGMODULE_CACHE,
+ ISC_LOG_DEBUG(1),
+ "delete_node(): %p %s (bucket %d)",
+ node,
+ dns_rbt_formatnodename(node,
+ printname, sizeof(printname)),
+ node->locknum);
+ }
+
switch (node->nsec) {
case DNS_RBT_NSEC_NORMAL:
#ifdef BIND9
@@ -1704,6 +1730,24 @@ delete_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node)
}
}
+/*
+ * Caller must be holding the node lock.
+ */
+static inline void
+new_reference(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) {
+ unsigned int lockrefs, noderefs;
+ isc_refcount_t *lockref;
+
+ INSIST(!ISC_LINK_LINKED(node, deadlink));
+ dns_rbtnode_refincrement0(node, &noderefs);
+ if (noderefs == 1) { /* this is the first reference to the node */
+ lockref = &rbtdb->node_locks[node->locknum].references;
+ isc_refcount_increment0(lockref, &lockrefs);
+ INSIST(lockrefs != 0);
+ }
+ INSIST(noderefs != 0);
+}
+
/*%
* Clean up dead nodes. These are nodes which have no references, and
* have no data. They are dead but we could not or chose not to delete
@@ -1728,32 +1772,36 @@ cleanup_dead_nodes(dns_rbtdb_t *rbtdb, int bucketnum) {
INSIST(dns_rbtnode_refcurrent(node) == 0 &&
node->data == NULL);
- delete_node(rbtdb, node);
+ if (node->parent != NULL &&
+ node->parent->down == node && node->left == NULL &&
+ node->right == NULL && rbtdb->task != NULL)
+ {
+ isc_event_t *ev;
+ dns_db_t *db;
+ ev = isc_event_allocate(rbtdb->common.mctx, NULL,
+ DNS_EVENT_RBTPRUNE,
+ prune_tree, node,
+ sizeof(isc_event_t));
+ if (ev != NULL) {
+ new_reference(rbtdb, node);
+ db = NULL;
+ attach((dns_db_t *)rbtdb, &db);
+ ev->ev_sender = db;
+ isc_task_send(rbtdb->task, &ev);
+ } else {
+ ISC_LIST_APPEND(rbtdb->deadnodes[bucketnum],
+ node, deadlink);
+ }
+ } else {
+ delete_node(rbtdb, node);
+ }
node = ISC_LIST_HEAD(rbtdb->deadnodes[bucketnum]);
count--;
}
}
/*
- * Caller must be holding the node lock.
- */
-static inline void
-new_reference(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) {
- unsigned int lockrefs, noderefs;
- isc_refcount_t *lockref;
-
- INSIST(!ISC_LINK_LINKED(node, deadlink));
- dns_rbtnode_refincrement0(node, &noderefs);
- if (noderefs == 1) { /* this is the first reference to the node */
- lockref = &rbtdb->node_locks[node->locknum].references;
- isc_refcount_increment0(lockref, &lockrefs);
- INSIST(lockrefs != 0);
- }
- INSIST(noderefs != 0);
-}
-
-/*
* This function is assumed to be called when a node is newly referenced
* and can be in the deadnode list. In that case the node must be retrieved
* from the list because it is going to be used. In addition, if the caller
@@ -1969,21 +2017,6 @@ decrement_reference(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node,
deadlink);
}
} else {
- if (isc_log_wouldlog(dns_lctx, ISC_LOG_DEBUG(1))) {
- char printname[DNS_NAME_FORMATSIZE];
-
- isc_log_write(dns_lctx,
- DNS_LOGCATEGORY_DATABASE,
- DNS_LOGMODULE_CACHE,
- ISC_LOG_DEBUG(1),
- "decrement_reference: "
- "delete from rbt: %p %s",
- node,
- dns_rbt_formatnodename(node,
- printname,
- sizeof(printname)));
- }
-
delete_node(rbtdb, node);
}
} else {
@@ -4305,7 +4338,7 @@ cache_zonecut_callback(dns_rbtnode_t *node, dns_name_t *name, void *arg) {
header_prev = NULL;
for (header = node->data; header != NULL; header = header_next) {
header_next = header->next;
- if (header->rdh_ttl < search->now) {
+ if (!ACTIVE(header, search->now)) {
/*
* This rdataset is stale. If no one else is
* using the node, we can clean it up right
@@ -4313,7 +4346,7 @@ cache_zonecut_callback(dns_rbtnode_t *node, dns_name_t *name, void *arg) {
* the node as dirty, so it will get cleaned
* up later.
*/
- if ((header->rdh_ttl < search->now - RBTDB_VIRTUAL) &&
+ if ((header->rdh_ttl < search->now - RBTDB_VIRTUAL) &&
(locktype == isc_rwlocktype_write ||
NODE_TRYUPGRADE(lock) == ISC_R_SUCCESS)) {
/*
@@ -4429,7 +4462,7 @@ find_deepest_zonecut(rbtdb_search_t *search, dns_rbtnode_t *node,
header != NULL;
header = header_next) {
header_next = header->next;
- if (header->rdh_ttl < search->now) {
+ if (!ACTIVE(header, search->now)) {
/*
* This rdataset is stale. If no one else is
* using the node, we can clean it up right
@@ -4437,7 +4470,7 @@ find_deepest_zonecut(rbtdb_search_t *search, dns_rbtnode_t *node,
* the node as dirty, so it will get cleaned
* up later.
*/
- if ((header->rdh_ttl < search->now -
+ if ((header->rdh_ttl < search->now -
RBTDB_VIRTUAL) &&
(locktype == isc_rwlocktype_write ||
NODE_TRYUPGRADE(lock) == ISC_R_SUCCESS)) {
@@ -4606,7 +4639,7 @@ find_coveringnsec(rbtdb_search_t *search, dns_dbnode_t **nodep,
header != NULL;
header = header_next) {
header_next = header->next;
- if (header->rdh_ttl < now) {
+ if (!ACTIVE(header, now)) {
/*
* This rdataset is stale. If no one else is
* using the node, we can clean it up right
@@ -4614,7 +4647,7 @@ find_coveringnsec(rbtdb_search_t *search, dns_dbnode_t **nodep,
* node as dirty, so it will get cleaned up
* later.
*/
- if ((header->rdh_ttl < now - RBTDB_VIRTUAL) &&
+ if ((header->rdh_ttl < now - RBTDB_VIRTUAL) &&
(locktype == isc_rwlocktype_write ||
NODE_TRYUPGRADE(lock) == ISC_R_SUCCESS)) {
/*
@@ -5013,14 +5046,14 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
header_prev = NULL;
for (header = node->data; header != NULL; header = header_next) {
header_next = header->next;
- if (header->rdh_ttl < now) {
+ if (!ACTIVE(header, now)) {
/*
* This rdataset is stale. If no one else is using the
* node, we can clean it up right now, otherwise we
* mark it as stale, and the node as dirty, so it will
* get cleaned up later.
*/
- if ((header->rdh_ttl < now - RBTDB_VIRTUAL) &&
+ if ((header->rdh_ttl < now - RBTDB_VIRTUAL) &&
(locktype == isc_rwlocktype_write ||
NODE_TRYUPGRADE(lock) == ISC_R_SUCCESS)) {
/*
@@ -5320,7 +5353,7 @@ cache_findzonecut(dns_db_t *db, dns_name_t *name, unsigned int options,
header_prev = NULL;
for (header = node->data; header != NULL; header = header_next) {
header_next = header->next;
- if (header->rdh_ttl < now) {
+ if (!ACTIVE(header, now)) {
/*
* This rdataset is stale. If no one else is using the
* node, we can clean it up right now, otherwise we
@@ -5809,7 +5842,7 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
for (header = rbtnode->data; header != NULL; header = header_next) {
header_next = header->next;
- if (header->rdh_ttl < now) {
+ if (!ACTIVE(header, now)) {
if ((header->rdh_ttl < now - RBTDB_VIRTUAL) &&
(locktype == isc_rwlocktype_write ||
NODE_TRYUPGRADE(lock) == ISC_R_SUCCESS)) {
@@ -6134,7 +6167,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
}
}
if (topheader != NULL && EXISTS(topheader) &&
- topheader->rdh_ttl >= now) {
+ ACTIVE(topheader, now)) {
/*
* Found one.
*/
@@ -6200,7 +6233,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
* has no effect, provided that the cache data isn't stale.
*/
if (rbtversion == NULL && trust < header->trust &&
- (header->rdh_ttl >= now || header_nx)) {
+ (ACTIVE(header, now) || header_nx)) {
free_rdataset(rbtdb, rbtdb->common.mctx, newheader);
if (addedrdataset != NULL)
bind_rdataset(rbtdb, rbtnode, header, now,
@@ -6270,7 +6303,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
* Don't lower trust of existing record if the
* update is forced.
*/
- if (IS_CACHE(rbtdb) && header->rdh_ttl >= now &&
+ if (IS_CACHE(rbtdb) && ACTIVE(header, now) &&
header->type == dns_rdatatype_ns &&
!header_nx && !newheader_nx &&
header->trust >= newheader->trust &&
@@ -6306,7 +6339,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
* to be no more than the current NS RRset's TTL. This
* ensures the delegations that are withdrawn are honoured.
*/
- if (IS_CACHE(rbtdb) && header->rdh_ttl >= now &&
+ if (IS_CACHE(rbtdb) && ACTIVE(header, now) &&
header->type == dns_rdatatype_ns &&
!header_nx && !newheader_nx &&
header->trust <= newheader->trust) {
@@ -6314,7 +6347,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
newheader->rdh_ttl = header->rdh_ttl;
}
}
- if (IS_CACHE(rbtdb) && header->rdh_ttl >= now &&
+ if (IS_CACHE(rbtdb) && ACTIVE(header, now) &&
(header->type == dns_rdatatype_a ||
header->type == dns_rdatatype_aaaa ||
header->type == dns_rdatatype_ds ||
@@ -6646,6 +6679,8 @@ addrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
newheader->type = RBTDB_RDATATYPE_VALUE(rdataset->type,
rdataset->covers);
newheader->attributes = 0;
+ if (rdataset->ttl == 0U)
+ newheader->attributes |= RDATASET_ATTR_ZEROTTL;
newheader->noqname = NULL;
newheader->closest = NULL;
newheader->count = init_count++;
@@ -7130,13 +7165,14 @@ loading_addrdataset(void *arg, dns_name_t *name, dns_rdataset_t *rdataset) {
isc_region_t region;
rdatasetheader_t *newheader;
+ REQUIRE(rdataset->rdclass == rbtdb->common.rdclass);
+
/*
* This routine does no node locking. See comments in
* 'load' below for more information on loading and
* locking.
*/
-
/*
* SOA records are only allowed at top of zone.
*/
@@ -8615,6 +8651,8 @@ dbiterator_first(dns_dbiterator_t *iterator) {
dns_name_t *name, *origin;
if (rbtdbiter->result != ISC_R_SUCCESS &&
+ rbtdbiter->result != ISC_R_NOTFOUND &&
+ rbtdbiter->result != DNS_R_PARTIALMATCH &&
rbtdbiter->result != ISC_R_NOMORE)
return (rbtdbiter->result);
@@ -8668,6 +8706,8 @@ dbiterator_last(dns_dbiterator_t *iterator) {
dns_name_t *name, *origin;
if (rbtdbiter->result != ISC_R_SUCCESS &&
+ rbtdbiter->result != ISC_R_NOTFOUND &&
+ rbtdbiter->result != DNS_R_PARTIALMATCH &&
rbtdbiter->result != ISC_R_NOMORE)
return (rbtdbiter->result);
@@ -8718,6 +8758,7 @@ dbiterator_seek(dns_dbiterator_t *iterator, dns_name_t *name) {
if (rbtdbiter->result != ISC_R_SUCCESS &&
rbtdbiter->result != ISC_R_NOTFOUND &&
+ rbtdbiter->result != DNS_R_PARTIALMATCH &&
rbtdbiter->result != ISC_R_NOMORE)
return (rbtdbiter->result);
@@ -8766,23 +8807,7 @@ dbiterator_seek(dns_dbiterator_t *iterator, dns_name_t *name) {
}
}
-#if 1
- if (result == ISC_R_SUCCESS) {
- result = dns_rbtnodechain_current(rbtdbiter->current, iname,
- origin, NULL);
- if (result == ISC_R_SUCCESS) {
- rbtdbiter->new_origin = ISC_TRUE;
- reference_iter_node(rbtdbiter);
- }
- } else if (result == DNS_R_PARTIALMATCH) {
- result = ISC_R_NOTFOUND;
- rbtdbiter->node = NULL;
- }
-
- rbtdbiter->result = result;
-#else
if (result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH) {
- isc_result_t tresult;
tresult = dns_rbtnodechain_current(rbtdbiter->current, iname,
origin, NULL);
if (tresult == ISC_R_SUCCESS) {
@@ -8797,7 +8822,6 @@ dbiterator_seek(dns_dbiterator_t *iterator, dns_name_t *name) {
rbtdbiter->result = (result == DNS_R_PARTIALMATCH) ?
ISC_R_SUCCESS : result;
-#endif
return (result);
}
@@ -8960,6 +8984,8 @@ dbiterator_pause(dns_dbiterator_t *iterator) {
rbtdb_dbiterator_t *rbtdbiter = (rbtdb_dbiterator_t *)iterator;
if (rbtdbiter->result != ISC_R_SUCCESS &&
+ rbtdbiter->result != ISC_R_NOTFOUND &&
+ rbtdbiter->result != DNS_R_PARTIALMATCH &&
rbtdbiter->result != ISC_R_NOMORE)
return (rbtdbiter->result);
diff --git a/lib/dns/rcode.c b/lib/dns/rcode.c
index 2fdb751e6dbf..1f97ad03768f 100644
--- a/lib/dns/rcode.c
+++ b/lib/dns/rcode.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -49,6 +49,8 @@
#define NUMBERSIZE sizeof("037777777777") /* 2^32-1 octal + NUL */
+#define TOTEXTONLY 0x01
+
#define RCODENAMES \
/* standard rcodes */ \
{ dns_rcode_noerror, "NOERROR", 0}, \
@@ -61,7 +63,12 @@
{ dns_rcode_yxrrset, "YXRRSET", 0}, \
{ dns_rcode_nxrrset, "NXRRSET", 0}, \
{ dns_rcode_notauth, "NOTAUTH", 0}, \
- { dns_rcode_notzone, "NOTZONE", 0},
+ { dns_rcode_notzone, "NOTZONE", 0}, \
+ { 11, "RESERVED11", TOTEXTONLY}, \
+ { 12, "RESERVED12", TOTEXTONLY}, \
+ { 13, "RESERVED13", TOTEXTONLY}, \
+ { 14, "RESERVED14", TOTEXTONLY}, \
+ { 15, "RESERVED15", TOTEXTONLY},
#define ERCODENAMES \
/* extended rcodes */ \
@@ -247,6 +254,7 @@ dns_mnemonic_fromtext(unsigned int *valuep, isc_textregion_t *source,
unsigned int n;
n = strlen(table[i].name);
if (n == source->length &&
+ (table[i].flags & TOTEXTONLY) == 0 &&
strncasecmp(source->base, table[i].name, n) == 0) {
*valuep = table[i].value;
return (ISC_R_SUCCESS);
diff --git a/lib/dns/rdata.c b/lib/dns/rdata.c
index 6c0a3195379b..2788cba9a5af 100644
--- a/lib/dns/rdata.c
+++ b/lib/dns/rdata.c
@@ -218,6 +218,84 @@ static isc_result_t
unknown_totext(dns_rdata_t *rdata, dns_rdata_textctx_t *tctx,
isc_buffer_t *target);
+static inline isc_result_t
+generic_fromtext_key(ARGS_FROMTEXT);
+
+static inline isc_result_t
+generic_totext_key(ARGS_TOTEXT);
+
+static inline isc_result_t
+generic_fromwire_key(ARGS_FROMWIRE);
+
+static inline isc_result_t
+generic_fromstruct_key(ARGS_FROMSTRUCT);
+
+static inline isc_result_t
+generic_tostruct_key(ARGS_TOSTRUCT);
+
+static inline void
+generic_freestruct_key(ARGS_FREESTRUCT);
+
+static isc_result_t
+generic_fromtext_txt(ARGS_FROMTEXT);
+
+static isc_result_t
+generic_totext_txt(ARGS_TOTEXT);
+
+static isc_result_t
+generic_fromwire_txt(ARGS_FROMWIRE);
+
+static isc_result_t
+generic_fromstruct_txt(ARGS_FROMSTRUCT);
+
+static isc_result_t
+generic_tostruct_txt(ARGS_TOSTRUCT);
+
+static void
+generic_freestruct_txt(ARGS_FREESTRUCT);
+
+static isc_result_t
+generic_txt_first(dns_rdata_txt_t *txt);
+
+static isc_result_t
+generic_txt_next(dns_rdata_txt_t *txt);
+
+static isc_result_t
+generic_txt_current(dns_rdata_txt_t *txt, dns_rdata_txt_string_t *string);
+
+static isc_result_t
+generic_totext_ds(ARGS_TOTEXT);
+
+static isc_result_t
+generic_tostruct_ds(ARGS_TOSTRUCT);
+
+static isc_result_t
+generic_fromtext_ds(ARGS_FROMTEXT);
+
+static isc_result_t
+generic_fromwire_ds(ARGS_FROMWIRE);
+
+static isc_result_t
+generic_fromstruct_ds(ARGS_FROMSTRUCT);
+
+static isc_result_t
+generic_fromtext_tlsa(ARGS_FROMTEXT);
+
+static isc_result_t
+generic_totext_tlsa(ARGS_TOTEXT);
+
+static isc_result_t
+generic_fromwire_tlsa(ARGS_FROMWIRE);
+
+static isc_result_t
+generic_fromstruct_tlsa(ARGS_FROMSTRUCT);
+
+static isc_result_t
+generic_tostruct_tlsa(ARGS_TOSTRUCT);
+
+static void
+generic_freestruct_tlsa(ARGS_FREESTRUCT);
+
/*% INT16 Size */
#define NS_INT16SZ 2
/*% IPv6 Address Size */
@@ -339,6 +417,160 @@ mem_maybedup(isc_mem_t *mctx, void *source, size_t length) {
return (copy);
}
+static inline isc_result_t
+typemap_fromtext(isc_lex_t *lexer, isc_buffer_t *target,
+ isc_boolean_t allow_empty)
+{
+ isc_token_t token;
+ unsigned char bm[8*1024]; /* 64k bits */
+ dns_rdatatype_t covered, max_used;
+ int octet;
+ unsigned int max_octet, newend, end;
+ int window;
+ isc_boolean_t first = ISC_TRUE;
+
+ max_used = 0;
+ bm[0] = 0;
+ end = 0;
+
+ do {
+ RETERR(isc_lex_getmastertoken(lexer, &token,
+ isc_tokentype_string, ISC_TRUE));
+ if (token.type != isc_tokentype_string)
+ break;
+ RETTOK(dns_rdatatype_fromtext(&covered,
+ &token.value.as_textregion));
+ if (covered > max_used) {
+ newend = covered / 8;
+ if (newend > end) {
+ memset(&bm[end + 1], 0, newend - end);
+ end = newend;
+ }
+ max_used = covered;
+ }
+ bm[covered/8] |= (0x80>>(covered%8));
+ first = ISC_FALSE;
+ } while (1);
+ isc_lex_ungettoken(lexer, &token);
+ if (!allow_empty && first)
+ return (DNS_R_FORMERR);
+
+ for (window = 0; window < 256 ; window++) {
+ if (max_used < window * 256)
+ break;
+
+ max_octet = max_used - (window * 256);
+ if (max_octet >= 256)
+ max_octet = 31;
+ else
+ max_octet /= 8;
+
+ /*
+ * Find if we have a type in this window.
+ */
+ for (octet = max_octet; octet >= 0; octet--) {
+ if (bm[window * 32 + octet] != 0)
+ break;
+ }
+ if (octet < 0)
+ continue;
+ RETERR(uint8_tobuffer(window, target));
+ RETERR(uint8_tobuffer(octet + 1, target));
+ RETERR(mem_tobuffer(target, &bm[window * 32], octet + 1));
+ }
+ return (ISC_R_SUCCESS);
+}
+
+static inline isc_result_t
+typemap_totext(isc_region_t *sr, dns_rdata_textctx_t *tctx,
+ isc_buffer_t *target)
+{
+ unsigned int i, j, k;
+ unsigned int window, len;
+ isc_boolean_t first = ISC_FALSE;
+
+ for (i = 0; i < sr->length; i += len) {
+ if (tctx != NULL &&
+ (tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0) {
+ RETERR(str_totext(tctx->linebreak, target));
+ first = ISC_TRUE;
+ }
+ INSIST(i + 2 <= sr->length);
+ window = sr->base[i];
+ len = sr->base[i + 1];
+ INSIST(len > 0 && len <= 32);
+ i += 2;
+ INSIST(i + len <= sr->length);
+ for (j = 0; j < len; j++) {
+ dns_rdatatype_t t;
+ if (sr->base[i + j] == 0)
+ continue;
+ for (k = 0; k < 8; k++) {
+ if ((sr->base[i + j] & (0x80 >> k)) == 0)
+ continue;
+ t = window * 256 + j * 8 + k;
+ if (!first)
+ RETERR(str_totext(" ", target));
+ first = ISC_FALSE;
+ if (dns_rdatatype_isknown(t)) {
+ RETERR(dns_rdatatype_totext(t, target));
+ } else {
+ char buf[sizeof("TYPE65535")];
+ sprintf(buf, "TYPE%u", t);
+ RETERR(str_totext(buf, target));
+ }
+ }
+ }
+ }
+ return (ISC_R_SUCCESS);
+}
+
+static isc_result_t
+typemap_test(isc_region_t *sr, isc_boolean_t allow_empty) {
+ unsigned int window, lastwindow = 0;
+ unsigned int len;
+ isc_boolean_t first = ISC_TRUE;
+ unsigned int i;
+
+ for (i = 0; i < sr->length; i += len) {
+ /*
+ * Check for overflow.
+ */
+ if (i + 2 > sr->length)
+ RETERR(DNS_R_FORMERR);
+ window = sr->base[i];
+ len = sr->base[i + 1];
+ i += 2;
+ /*
+ * Check that bitmap windows are in the correct order.
+ */
+ if (!first && window <= lastwindow)
+ RETERR(DNS_R_FORMERR);
+ /*
+ * Check for legal lengths.
+ */
+ if (len < 1 || len > 32)
+ RETERR(DNS_R_FORMERR);
+ /*
+ * Check for overflow.
+ */
+ if (i + len > sr->length)
+ RETERR(DNS_R_FORMERR);
+ /*
+ * The last octet of the bitmap must be non zero.
+ */
+ if (sr->base[i + len - 1] == 0)
+ RETERR(DNS_R_FORMERR);
+ lastwindow = window;
+ first = ISC_FALSE;
+ }
+ if (i != sr->length)
+ return (DNS_R_EXTRADATA);
+ if (!allow_empty && first)
+ RETERR(DNS_R_FORMERR);
+ return (ISC_R_SUCCESS);
+}
+
static const char hexdigits[] = "0123456789abcdef";
static const char decdigits[] = "0123456789";
@@ -1591,6 +1823,9 @@ static isc_result_t
mem_tobuffer(isc_buffer_t *target, void *base, unsigned int length) {
isc_region_t tr;
+ if (length == 0U)
+ return (ISC_R_SUCCESS);
+
isc_buffer_availableregion(target, &tr);
if (length > tr.length)
return (ISC_R_NOSPACE);
diff --git a/lib/dns/rdata/any_255/tsig_250.c b/lib/dns/rdata/any_255/tsig_250.c
index 65ceb84152c9..abdf3203ebf3 100644
--- a/lib/dns/rdata/any_255/tsig_250.c
+++ b/lib/dns/rdata/any_255/tsig_250.c
@@ -49,7 +49,8 @@ fromtext_any_tsig(ARGS_FROMTEXT) {
ISC_FALSE));
dns_name_init(&name, NULL);
buffer_fromregion(&buffer, &token.value.as_region);
- origin = (origin != NULL) ? origin : dns_rootname;
+ if (origin == NULL)
+ origin = dns_rootname;
RETTOK(dns_name_fromtext(&name, &buffer, origin, options, target));
/*
diff --git a/lib/dns/rdata/ch_3/a_1.c b/lib/dns/rdata/ch_3/a_1.c
index 34a059b34374..5250bd5a9498 100644
--- a/lib/dns/rdata/ch_3/a_1.c
+++ b/lib/dns/rdata/ch_3/a_1.c
@@ -44,7 +44,8 @@ fromtext_ch_a(ARGS_FROMTEXT) {
/* get domain name */
dns_name_init(&name, NULL);
buffer_fromregion(&buffer, &token.value.as_region);
- origin = (origin != NULL) ? origin : dns_rootname;
+ if (origin == NULL)
+ origin = dns_rootname;
RETTOK(dns_name_fromtext(&name, &buffer, origin, options, target));
if ((options & DNS_RDATA_CHECKNAMES) != 0 &&
(options & DNS_RDATA_CHECKREVERSE) != 0) {
diff --git a/lib/dns/rdata/generic/afsdb_18.c b/lib/dns/rdata/generic/afsdb_18.c
index 75f644f2c7ab..88564a15026a 100644
--- a/lib/dns/rdata/generic/afsdb_18.c
+++ b/lib/dns/rdata/generic/afsdb_18.c
@@ -55,7 +55,8 @@ fromtext_afsdb(ARGS_FROMTEXT) {
ISC_FALSE));
dns_name_init(&name, NULL);
buffer_fromregion(&buffer, &token.value.as_region);
- origin = (origin != NULL) ? origin : dns_rootname;
+ if (origin == NULL)
+ origin = dns_rootname;
RETTOK(dns_name_fromtext(&name, &buffer, origin, options, target));
ok = ISC_TRUE;
if ((options & DNS_RDATA_CHECKNAMES) != 0)
diff --git a/lib/dns/rdata/generic/avc_258.c b/lib/dns/rdata/generic/avc_258.c
new file mode 100644
index 000000000000..e74903f48555
--- /dev/null
+++ b/lib/dns/rdata/generic/avc_258.c
@@ -0,0 +1,168 @@
+/*
+ * Copyright (C) 2016 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef RDATA_GENERIC_AVC_258_C
+#define RDATA_GENERIC_AVC_258_C
+
+#define RRTYPE_AVC_ATTRIBUTES (0)
+
+static inline isc_result_t
+fromtext_avc(ARGS_FROMTEXT) {
+
+ REQUIRE(type == dns_rdatatype_avc);
+
+ UNUSED(type);
+ UNUSED(rdclass);
+ UNUSED(origin);
+ UNUSED(options);
+ UNUSED(callbacks);
+
+ return (generic_fromtext_txt(rdclass, type, lexer, origin, options,
+ target, callbacks));
+}
+
+static inline isc_result_t
+totext_avc(ARGS_TOTEXT) {
+
+ UNUSED(tctx);
+
+ REQUIRE(rdata->type == dns_rdatatype_avc);
+
+ return (generic_totext_txt(rdata, tctx, target));
+}
+
+static inline isc_result_t
+fromwire_avc(ARGS_FROMWIRE) {
+
+ REQUIRE(type == dns_rdatatype_avc);
+
+ UNUSED(type);
+ UNUSED(dctx);
+ UNUSED(rdclass);
+ UNUSED(options);
+
+ return (generic_fromwire_txt(rdclass, type, source, dctx, options,
+ target));
+}
+
+static inline isc_result_t
+towire_avc(ARGS_TOWIRE) {
+
+ REQUIRE(rdata->type == dns_rdatatype_avc);
+
+ UNUSED(cctx);
+
+ return (mem_tobuffer(target, rdata->data, rdata->length));
+}
+
+static inline int
+compare_avc(ARGS_COMPARE) {
+ isc_region_t r1;
+ isc_region_t r2;
+
+ REQUIRE(rdata1->type == rdata2->type);
+ REQUIRE(rdata1->rdclass == rdata2->rdclass);
+ REQUIRE(rdata1->type == dns_rdatatype_avc);
+
+ dns_rdata_toregion(rdata1, &r1);
+ dns_rdata_toregion(rdata2, &r2);
+ return (isc_region_compare(&r1, &r2));
+}
+
+static inline isc_result_t
+fromstruct_avc(ARGS_FROMSTRUCT) {
+
+ REQUIRE(type == dns_rdatatype_avc);
+
+ return (generic_fromstruct_txt(rdclass, type, source, target));
+}
+
+static inline isc_result_t
+tostruct_avc(ARGS_TOSTRUCT) {
+ dns_rdata_avc_t *avc = target;
+
+ REQUIRE(rdata->type == dns_rdatatype_avc);
+ REQUIRE(target != NULL);
+
+ avc->common.rdclass = rdata->rdclass;
+ avc->common.rdtype = rdata->type;
+ ISC_LINK_INIT(&avc->common, link);
+
+ return (generic_tostruct_txt(rdata, target, mctx));
+}
+
+static inline void
+freestruct_avc(ARGS_FREESTRUCT) {
+ dns_rdata_avc_t *txt = source;
+
+ REQUIRE(source != NULL);
+ REQUIRE(txt->common.rdtype == dns_rdatatype_avc);
+
+ generic_freestruct_txt(source);
+}
+
+static inline isc_result_t
+additionaldata_avc(ARGS_ADDLDATA) {
+ REQUIRE(rdata->type == dns_rdatatype_avc);
+
+ UNUSED(rdata);
+ UNUSED(add);
+ UNUSED(arg);
+
+ return (ISC_R_SUCCESS);
+}
+
+static inline isc_result_t
+digest_avc(ARGS_DIGEST) {
+ isc_region_t r;
+
+ REQUIRE(rdata->type == dns_rdatatype_avc);
+
+ dns_rdata_toregion(rdata, &r);
+
+ return ((digest)(arg, &r));
+}
+
+static inline isc_boolean_t
+checkowner_avc(ARGS_CHECKOWNER) {
+
+ REQUIRE(type == dns_rdatatype_avc);
+
+ UNUSED(name);
+ UNUSED(type);
+ UNUSED(rdclass);
+ UNUSED(wildcard);
+
+ return (ISC_TRUE);
+}
+
+static inline isc_boolean_t
+checknames_avc(ARGS_CHECKNAMES) {
+
+ REQUIRE(rdata->type == dns_rdatatype_avc);
+
+ UNUSED(rdata);
+ UNUSED(owner);
+ UNUSED(bad);
+
+ return (ISC_TRUE);
+}
+
+static inline int
+casecompare_avc(ARGS_COMPARE) {
+ return (compare_avc(rdata1, rdata2));
+}
+#endif /* RDATA_GENERIC_AVC_258_C */
diff --git a/lib/dns/rdata/generic/avc_258.h b/lib/dns/rdata/generic/avc_258.h
new file mode 100644
index 000000000000..d32282e3d068
--- /dev/null
+++ b/lib/dns/rdata/generic/avc_258.h
@@ -0,0 +1,35 @@
+/*
+ * Copyright (C) 2016 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef GENERIC_AVC_258_H
+#define GENERIC_AVC_258_H 1
+
+typedef dns_rdata_txt_string_t dns_rdata_avc_string_t;
+
+typedef struct dns_rdata_avc {
+ dns_rdatacommon_t common;
+ isc_mem_t *mctx;
+ unsigned char *data;
+ isc_uint16_t length;
+ /* private */
+ isc_uint16_t offset;
+} dns_rdata_avc_t;
+
+/*
+ * ISC_LANG_BEGINDECLS and ISC_LANG_ENDDECLS are already done
+ * via rdatastructpre.h and rdatastructsuf.h.
+ */
+#endif /* GENERIC_AVC_258_H */
diff --git a/lib/dns/rdata/generic/caa_257.c b/lib/dns/rdata/generic/caa_257.c
index 648f4afdc3b6..1a681652afcd 100644
--- a/lib/dns/rdata/generic/caa_257.c
+++ b/lib/dns/rdata/generic/caa_257.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2014-2016 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -58,7 +58,7 @@ fromtext_caa(ARGS_FROMTEXT) {
ISC_FALSE));
if (token.value.as_ulong > 255U)
RETTOK(ISC_R_RANGE);
- flags = token.value.as_ulong;
+ flags = (isc_uint8_t)(token.value.as_ulong & 255U);
RETERR(uint8_tobuffer(flags, target));
/*
diff --git a/lib/dns/rdata/generic/cdnskey_60.c b/lib/dns/rdata/generic/cdnskey_60.c
index 945b3644ce67..15f93fd4ef91 100644
--- a/lib/dns/rdata/generic/cdnskey_60.c
+++ b/lib/dns/rdata/generic/cdnskey_60.c
@@ -31,180 +31,29 @@
static inline isc_result_t
fromtext_cdnskey(ARGS_FROMTEXT) {
- isc_result_t result;
- isc_token_t token;
- dns_secalg_t alg;
- dns_secproto_t proto;
- dns_keyflags_t flags;
REQUIRE(type == dns_rdatatype_cdnskey);
- UNUSED(type);
- UNUSED(rdclass);
- UNUSED(origin);
- UNUSED(options);
- UNUSED(callbacks);
-
- /* flags */
- RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string,
- ISC_FALSE));
- RETTOK(dns_keyflags_fromtext(&flags, &token.value.as_textregion));
- RETERR(uint16_tobuffer(flags, target));
-
- /* protocol */
- RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string,
- ISC_FALSE));
- RETTOK(dns_secproto_fromtext(&proto, &token.value.as_textregion));
- RETERR(mem_tobuffer(target, &proto, 1));
-
- /* algorithm */
- RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string,
- ISC_FALSE));
- RETTOK(dns_secalg_fromtext(&alg, &token.value.as_textregion));
- RETERR(mem_tobuffer(target, &alg, 1));
-
- /* No Key? */
- if ((flags & 0xc000) == 0xc000)
- return (ISC_R_SUCCESS);
-
- result = isc_base64_tobuffer(lexer, target, -1);
- if (result != ISC_R_SUCCESS)
- return (result);
-
- /* Ensure there's at least enough data to compute a key ID for MD5 */
- if (alg == DST_ALG_RSAMD5 && isc_buffer_usedlength(target) < 7)
- return (ISC_R_UNEXPECTEDEND);
-
- return (ISC_R_SUCCESS);
+ return (generic_fromtext_key(rdclass, type, lexer, origin,
+ options, target, callbacks));
}
static inline isc_result_t
totext_cdnskey(ARGS_TOTEXT) {
- isc_region_t sr;
- char buf[sizeof("64000")];
- unsigned int flags;
- unsigned char algorithm;
- char algbuf[DNS_NAME_FORMATSIZE];
- const char *keyinfo;
+ REQUIRE(rdata != NULL);
REQUIRE(rdata->type == dns_rdatatype_cdnskey);
- REQUIRE(rdata->length != 0);
-
- dns_rdata_toregion(rdata, &sr);
- /* flags */
- flags = uint16_fromregion(&sr);
- isc_region_consume(&sr, 2);
- sprintf(buf, "%u", flags);
- RETERR(str_totext(buf, target));
- RETERR(str_totext(" ", target));
- if ((flags & DNS_KEYFLAG_KSK) != 0) {
- if (flags & DNS_KEYFLAG_REVOKE)
- keyinfo = "revoked KSK";
- else
- keyinfo = "KSK";
- } else
- keyinfo = "ZSK";
-
- /* protocol */
- sprintf(buf, "%u", sr.base[0]);
- isc_region_consume(&sr, 1);
- RETERR(str_totext(buf, target));
- RETERR(str_totext(" ", target));
-
- /* algorithm */
- algorithm = sr.base[0];
- sprintf(buf, "%u", algorithm);
- isc_region_consume(&sr, 1);
- RETERR(str_totext(buf, target));
-
- /* No Key? */
- if ((flags & 0xc000) == 0xc000)
- return (ISC_R_SUCCESS);
-
- if ((tctx->flags & DNS_STYLEFLAG_RRCOMMENT) != 0 &&
- algorithm == DNS_KEYALG_PRIVATEDNS) {
- dns_name_t name;
- dns_name_init(&name, NULL);
- dns_name_fromregion(&name, &sr);
- dns_name_format(&name, algbuf, sizeof(algbuf));
- } else {
- dns_secalg_format((dns_secalg_t) algorithm, algbuf,
- sizeof(algbuf));
- }
-
- /* key */
- if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0)
- RETERR(str_totext(" (", target));
- RETERR(str_totext(tctx->linebreak, target));
- if (tctx->width == 0) /* No splitting */
- RETERR(isc_base64_totext(&sr, 0, "", target));
- else
- RETERR(isc_base64_totext(&sr, tctx->width - 2,
- tctx->linebreak, target));
-
- if ((tctx->flags & DNS_STYLEFLAG_RRCOMMENT) != 0)
- RETERR(str_totext(tctx->linebreak, target));
- else if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0)
- RETERR(str_totext(" ", target));
-
- if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0)
- RETERR(str_totext(")", target));
-
- if ((tctx->flags & DNS_STYLEFLAG_RRCOMMENT) != 0) {
- isc_region_t tmpr;
-
- RETERR(str_totext(" ; ", target));
- RETERR(str_totext(keyinfo, target));
- RETERR(str_totext("; alg = ", target));
- RETERR(str_totext(algbuf, target));
- RETERR(str_totext("; key id = ", target));
- dns_rdata_toregion(rdata, &tmpr);
- sprintf(buf, "%u", dst_region_computeid(&tmpr, algorithm));
- RETERR(str_totext(buf, target));
- }
- return (ISC_R_SUCCESS);
+ return (generic_totext_key(rdata, tctx, target));
}
static inline isc_result_t
fromwire_cdnskey(ARGS_FROMWIRE) {
- unsigned char algorithm;
- isc_region_t sr;
REQUIRE(type == dns_rdatatype_cdnskey);
- UNUSED(type);
- UNUSED(rdclass);
- UNUSED(dctx);
- UNUSED(options);
-
- isc_buffer_activeregion(source, &sr);
- if (sr.length < 4)
- return (ISC_R_UNEXPECTEDEND);
-
- algorithm = sr.base[3];
- RETERR(mem_tobuffer(target, sr.base, 4));
- isc_region_consume(&sr, 4);
- isc_buffer_forward(source, 4);
-
- if (algorithm == DNS_KEYALG_PRIVATEDNS) {
- dns_name_t name;
- dns_decompress_setmethods(dctx, DNS_COMPRESS_NONE);
- dns_name_init(&name, NULL);
- RETERR(dns_name_fromwire(&name, source, dctx, options, target));
- }
-
- /*
- * RSAMD5 computes key ID differently from other
- * algorithms: we need to ensure there's enough data
- * present for the computation
- */
- if (algorithm == DST_ALG_RSAMD5 && sr.length < 3)
- return (ISC_R_UNEXPECTEDEND);
-
- isc_buffer_activeregion(source, &sr);
- isc_buffer_forward(source, sr.length);
- return (mem_tobuffer(target, sr.base, sr.length));
+ return (generic_fromwire_key(rdclass, type, source, dctx,
+ options, target));
}
static inline isc_result_t
@@ -225,6 +74,8 @@ compare_cdnskey(ARGS_COMPARE) {
isc_region_t r1;
isc_region_t r2;
+ REQUIRE(rdata1 != NULL);
+ REQUIRE(rdata2 != NULL);
REQUIRE(rdata1->type == rdata2->type);
REQUIRE(rdata1->rdclass == rdata2->rdclass);
REQUIRE(rdata1->type == dns_rdatatype_cdnskey);
@@ -238,85 +89,35 @@ compare_cdnskey(ARGS_COMPARE) {
static inline isc_result_t
fromstruct_cdnskey(ARGS_FROMSTRUCT) {
- dns_rdata_cdnskey_t *dnskey = source;
REQUIRE(type == dns_rdatatype_cdnskey);
- REQUIRE(source != NULL);
- REQUIRE(dnskey->common.rdtype == type);
- REQUIRE(dnskey->common.rdclass == rdclass);
-
- UNUSED(type);
- UNUSED(rdclass);
-
- /* Flags */
- RETERR(uint16_tobuffer(dnskey->flags, target));
- /* Protocol */
- RETERR(uint8_tobuffer(dnskey->protocol, target));
-
- /* Algorithm */
- RETERR(uint8_tobuffer(dnskey->algorithm, target));
-
- /* Data */
- return (mem_tobuffer(target, dnskey->data, dnskey->datalen));
+ return (generic_fromstruct_key(rdclass, type, source, target));
}
static inline isc_result_t
tostruct_cdnskey(ARGS_TOSTRUCT) {
dns_rdata_cdnskey_t *dnskey = target;
- isc_region_t sr;
+ REQUIRE(dnskey != NULL);
+ REQUIRE(rdata != NULL);
REQUIRE(rdata->type == dns_rdatatype_cdnskey);
- REQUIRE(target != NULL);
- REQUIRE(rdata->length != 0);
dnskey->common.rdclass = rdata->rdclass;
dnskey->common.rdtype = rdata->type;
ISC_LINK_INIT(&dnskey->common, link);
- dns_rdata_toregion(rdata, &sr);
-
- /* Flags */
- if (sr.length < 2)
- return (ISC_R_UNEXPECTEDEND);
- dnskey->flags = uint16_fromregion(&sr);
- isc_region_consume(&sr, 2);
-
- /* Protocol */
- if (sr.length < 1)
- return (ISC_R_UNEXPECTEDEND);
- dnskey->protocol = uint8_fromregion(&sr);
- isc_region_consume(&sr, 1);
-
- /* Algorithm */
- if (sr.length < 1)
- return (ISC_R_UNEXPECTEDEND);
- dnskey->algorithm = uint8_fromregion(&sr);
- isc_region_consume(&sr, 1);
-
- /* Data */
- dnskey->datalen = sr.length;
- dnskey->data = mem_maybedup(mctx, sr.base, dnskey->datalen);
- if (dnskey->data == NULL)
- return (ISC_R_NOMEMORY);
-
- dnskey->mctx = mctx;
- return (ISC_R_SUCCESS);
+ return (generic_tostruct_key(rdata, target, mctx));
}
static inline void
freestruct_cdnskey(ARGS_FREESTRUCT) {
dns_rdata_cdnskey_t *dnskey = (dns_rdata_cdnskey_t *) source;
- REQUIRE(source != NULL);
+ REQUIRE(dnskey != NULL);
REQUIRE(dnskey->common.rdtype == dns_rdatatype_cdnskey);
- if (dnskey->mctx == NULL)
- return;
-
- if (dnskey->data != NULL)
- isc_mem_free(dnskey->mctx, dnskey->data);
- dnskey->mctx = NULL;
+ generic_freestruct_key(source);
}
static inline isc_result_t
@@ -334,6 +135,7 @@ static inline isc_result_t
digest_cdnskey(ARGS_DIGEST) {
isc_region_t r;
+ REQUIRE(rdata != NULL);
REQUIRE(rdata->type == dns_rdatatype_cdnskey);
dns_rdata_toregion(rdata, &r);
@@ -357,6 +159,7 @@ checkowner_cdnskey(ARGS_CHECKOWNER) {
static inline isc_boolean_t
checknames_cdnskey(ARGS_CHECKNAMES) {
+ REQUIRE(rdata != NULL);
REQUIRE(rdata->type == dns_rdatatype_cdnskey);
UNUSED(rdata);
diff --git a/lib/dns/rdata/generic/cdnskey_60.h b/lib/dns/rdata/generic/cdnskey_60.h
index d284177c118d..c52035eaceec 100644
--- a/lib/dns/rdata/generic/cdnskey_60.h
+++ b/lib/dns/rdata/generic/cdnskey_60.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -18,15 +18,6 @@
#define GENERIC_CDNSKEY_60_H 1
/* CDNSKEY records have the same RDATA fields as DNSKEY records. */
-typedef struct dns_rdata_cdnskey {
- dns_rdatacommon_t common;
- isc_mem_t * mctx;
- isc_uint16_t flags;
- isc_uint8_t protocol;
- isc_uint8_t algorithm;
- isc_uint16_t datalen;
- unsigned char * data;
-} dns_rdata_cdnskey_t;
-
+typedef struct dns_rdata_key dns_rdata_cdnskey_t;
#endif /* GENERIC_CDNSKEY_60_H */
diff --git a/lib/dns/rdata/generic/cds_59.c b/lib/dns/rdata/generic/cds_59.c
index b58d5f7999d2..966ba0a3f3ff 100644
--- a/lib/dns/rdata/generic/cds_59.c
+++ b/lib/dns/rdata/generic/cds_59.c
@@ -30,164 +30,28 @@
static inline isc_result_t
fromtext_cds(ARGS_FROMTEXT) {
- isc_token_t token;
- unsigned char c;
- int length;
REQUIRE(type == dns_rdatatype_cds);
- UNUSED(type);
- UNUSED(rdclass);
- UNUSED(origin);
- UNUSED(options);
- UNUSED(callbacks);
-
- /*
- * Key tag.
- */
- RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number,
- ISC_FALSE));
- if (token.value.as_ulong > 0xffffU)
- RETTOK(ISC_R_RANGE);
- RETERR(uint16_tobuffer(token.value.as_ulong, target));
-
- /*
- * Algorithm.
- */
- RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string,
- ISC_FALSE));
- RETTOK(dns_secalg_fromtext(&c, &token.value.as_textregion));
- RETERR(mem_tobuffer(target, &c, 1));
-
- /*
- * Digest type.
- */
- RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number,
- ISC_FALSE));
- if (token.value.as_ulong > 0xffU)
- RETTOK(ISC_R_RANGE);
- RETERR(uint8_tobuffer(token.value.as_ulong, target));
- c = (unsigned char) token.value.as_ulong;
-
- /*
- * Digest.
- */
- switch (c) {
- case DNS_DSDIGEST_SHA1:
- length = ISC_SHA1_DIGESTLENGTH;
- break;
- case DNS_DSDIGEST_SHA256:
- length = ISC_SHA256_DIGESTLENGTH;
- break;
- case DNS_DSDIGEST_GOST:
- length = ISC_GOST_DIGESTLENGTH;
- break;
- case DNS_DSDIGEST_SHA384:
- length = ISC_SHA384_DIGESTLENGTH;
- break;
- default:
- length = -1;
- break;
- }
- return (isc_hex_tobuffer(lexer, target, length));
+ return (generic_fromtext_ds(rdclass, type, lexer, origin, options,
+ target, callbacks));
}
static inline isc_result_t
totext_cds(ARGS_TOTEXT) {
- isc_region_t sr;
- char buf[sizeof("64000 ")];
- unsigned int n;
REQUIRE(rdata->type == dns_rdatatype_cds);
- REQUIRE(rdata->length != 0);
- UNUSED(tctx);
-
- dns_rdata_toregion(rdata, &sr);
-
- /*
- * Key tag.
- */
- n = uint16_fromregion(&sr);
- isc_region_consume(&sr, 2);
- sprintf(buf, "%u ", n);
- RETERR(str_totext(buf, target));
-
- /*
- * Algorithm.
- */
- n = uint8_fromregion(&sr);
- isc_region_consume(&sr, 1);
- sprintf(buf, "%u ", n);
- RETERR(str_totext(buf, target));
-
- /*
- * Digest type.
- */
- n = uint8_fromregion(&sr);
- isc_region_consume(&sr, 1);
- sprintf(buf, "%u", n);
- RETERR(str_totext(buf, target));
-
- /*
- * Digest.
- */
- if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0)
- RETERR(str_totext(" (", target));
- RETERR(str_totext(tctx->linebreak, target));
- if (tctx->width == 0) /* No splitting */
- RETERR(isc_hex_totext(&sr, 0, "", target));
- else
- RETERR(isc_hex_totext(&sr, tctx->width - 2,
- tctx->linebreak, target));
- if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0)
- RETERR(str_totext(" )", target));
- return (ISC_R_SUCCESS);
+ return (generic_totext_ds(rdata, tctx, target));
}
static inline isc_result_t
fromwire_cds(ARGS_FROMWIRE) {
- isc_region_t sr;
REQUIRE(type == dns_rdatatype_cds);
- UNUSED(type);
- UNUSED(rdclass);
- UNUSED(dctx);
- UNUSED(options);
-
- isc_buffer_activeregion(source, &sr);
-
- /*
- * Check digest lengths if we know them.
- */
- if (sr.length < 4 ||
- (sr.base[3] == DNS_DSDIGEST_SHA1 &&
- sr.length < 4 + ISC_SHA1_DIGESTLENGTH) ||
- (sr.base[3] == DNS_DSDIGEST_SHA256 &&
- sr.length < 4 + ISC_SHA256_DIGESTLENGTH) ||
- (sr.base[3] == DNS_DSDIGEST_GOST &&
- sr.length < 4 + ISC_GOST_DIGESTLENGTH) ||
- (sr.base[3] == DNS_DSDIGEST_SHA384 &&
- sr.length < 4 + ISC_SHA384_DIGESTLENGTH))
- return (ISC_R_UNEXPECTEDEND);
-
- /*
- * Only copy digest lengths if we know them.
- * If there is extra data dns_rdata_fromwire() will
- * detect that.
- */
- if (sr.base[3] == DNS_DSDIGEST_SHA1)
- sr.length = 4 + ISC_SHA1_DIGESTLENGTH;
- else if (sr.base[3] == DNS_DSDIGEST_SHA256)
- sr.length = 4 + ISC_SHA256_DIGESTLENGTH;
- else if (sr.base[3] == DNS_DSDIGEST_GOST)
- sr.length = 4 + ISC_GOST_DIGESTLENGTH;
- else if (sr.base[3] == DNS_DSDIGEST_SHA384)
- sr.length = 4 + ISC_SHA384_DIGESTLENGTH;
-
- isc_buffer_forward(source, sr.length);
- return (mem_tobuffer(target, sr.base, sr.length));
+ return (generic_fromwire_ds(rdclass, type, source, dctx, options,
+ target));
}
static inline isc_result_t
@@ -221,66 +85,28 @@ compare_cds(ARGS_COMPARE) {
static inline isc_result_t
fromstruct_cds(ARGS_FROMSTRUCT) {
- dns_rdata_cds_t *ds = source;
REQUIRE(type == dns_rdatatype_cds);
- REQUIRE(source != NULL);
- REQUIRE(ds->common.rdtype == type);
- REQUIRE(ds->common.rdclass == rdclass);
- switch (ds->digest_type) {
- case DNS_DSDIGEST_SHA1:
- REQUIRE(ds->length == ISC_SHA1_DIGESTLENGTH);
- break;
- case DNS_DSDIGEST_SHA256:
- REQUIRE(ds->length == ISC_SHA256_DIGESTLENGTH);
- break;
- case DNS_DSDIGEST_GOST:
- REQUIRE(ds->length == ISC_GOST_DIGESTLENGTH);
- break;
- case DNS_DSDIGEST_SHA384:
- REQUIRE(ds->length == ISC_SHA384_DIGESTLENGTH);
- break;
- }
-
- UNUSED(type);
- UNUSED(rdclass);
-
- RETERR(uint16_tobuffer(ds->key_tag, target));
- RETERR(uint8_tobuffer(ds->algorithm, target));
- RETERR(uint8_tobuffer(ds->digest_type, target));
- return (mem_tobuffer(target, ds->digest, ds->length));
+ return (generic_fromstruct_ds(rdclass, type, source, target));
}
static inline isc_result_t
tostruct_cds(ARGS_TOSTRUCT) {
- dns_rdata_cds_t *ds = target;
- isc_region_t region;
+ dns_rdata_cds_t *cds = target;
REQUIRE(rdata->type == dns_rdatatype_cds);
REQUIRE(target != NULL);
REQUIRE(rdata->length != 0);
- ds->common.rdclass = rdata->rdclass;
- ds->common.rdtype = rdata->type;
- ISC_LINK_INIT(&ds->common, link);
-
- dns_rdata_toregion(rdata, &region);
-
- ds->key_tag = uint16_fromregion(&region);
- isc_region_consume(&region, 2);
- ds->algorithm = uint8_fromregion(&region);
- isc_region_consume(&region, 1);
- ds->digest_type = uint8_fromregion(&region);
- isc_region_consume(&region, 1);
- ds->length = region.length;
-
- ds->digest = mem_maybedup(mctx, region.base, region.length);
- if (ds->digest == NULL)
- return (ISC_R_NOMEMORY);
+ /*
+ * Checked by generic_tostruct_ds().
+ */
+ cds->common.rdclass = rdata->rdclass;
+ cds->common.rdtype = rdata->type;
+ ISC_LINK_INIT(&cds->common, link);
- ds->mctx = mctx;
- return (ISC_R_SUCCESS);
+ return (generic_tostruct_ds(rdata, target, mctx));
}
static inline void
diff --git a/lib/dns/rdata/generic/cds_59.h b/lib/dns/rdata/generic/cds_59.h
index 099cba39468c..c51cefbf27c0 100644
--- a/lib/dns/rdata/generic/cds_59.h
+++ b/lib/dns/rdata/generic/cds_59.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -18,14 +18,6 @@
#define GENERIC_CDS_59_H 1
/* CDS records have the same RDATA fields as DS records. */
-typedef struct dns_rdata_cds {
- dns_rdatacommon_t common;
- isc_mem_t *mctx;
- isc_uint16_t key_tag;
- isc_uint8_t algorithm;
- isc_uint8_t digest_type;
- isc_uint16_t length;
- unsigned char *digest;
-} dns_rdata_cds_t;
+typedef struct dns_rdata_ds dns_rdata_cds_t;
#endif /* GENERIC_CDS_59_H */
diff --git a/lib/dns/rdata/generic/cname_5.c b/lib/dns/rdata/generic/cname_5.c
index 3f8a69b28dbf..fc7356189014 100644
--- a/lib/dns/rdata/generic/cname_5.c
+++ b/lib/dns/rdata/generic/cname_5.c
@@ -42,7 +42,8 @@ fromtext_cname(ARGS_FROMTEXT) {
dns_name_init(&name, NULL);
buffer_fromregion(&buffer, &token.value.as_region);
- origin = (origin != NULL) ? origin : dns_rootname;
+ if (origin == NULL)
+ origin = dns_rootname;
RETTOK(dns_name_fromtext(&name, &buffer, origin, options, target));
return (ISC_R_SUCCESS);
}
diff --git a/lib/dns/rdata/generic/csync_62.c b/lib/dns/rdata/generic/csync_62.c
new file mode 100644
index 000000000000..cd8019593076
--- /dev/null
+++ b/lib/dns/rdata/generic/csync_62.c
@@ -0,0 +1,268 @@
+/*
+ * Copyright (C) 2015 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* RFC 7477 */
+
+#ifndef RDATA_GENERIC_CSYNC_62_C
+#define RDATA_GENERIC_CSYNC_62_C
+
+#define RRTYPE_CSYNC_ATTRIBUTES 0
+
+static inline isc_result_t
+fromtext_csync(ARGS_FROMTEXT) {
+ isc_token_t token;
+
+ REQUIRE(type == dns_rdatatype_csync);
+
+ UNUSED(type);
+ UNUSED(rdclass);
+ UNUSED(origin);
+ UNUSED(options);
+ UNUSED(callbacks);
+
+ /* Serial. */
+ RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number,
+ ISC_FALSE));
+ RETERR(uint32_tobuffer(token.value.as_ulong, target));
+
+ /* Flags. */
+ RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number,
+ ISC_FALSE));
+ if (token.value.as_ulong > 0xffffU)
+ RETTOK(ISC_R_RANGE);
+ RETERR(uint16_tobuffer(token.value.as_ulong, target));
+
+ /* Type Map */
+ return (typemap_fromtext(lexer, target, ISC_TRUE));
+}
+
+static inline isc_result_t
+totext_csync(ARGS_TOTEXT) {
+ unsigned long num;
+ char buf[sizeof("0123456789")]; /* Also TYPE65535 */
+ isc_region_t sr;
+
+ REQUIRE(rdata->type == dns_rdatatype_csync);
+ REQUIRE(rdata->length >= 6);
+
+ UNUSED(tctx);
+
+ dns_rdata_toregion(rdata, &sr);
+
+ num = uint32_fromregion(&sr);
+ isc_region_consume(&sr, 4);
+ sprintf(buf, "%lu", num);
+ RETERR(str_totext(buf, target));
+
+ RETERR(str_totext(" ", target));
+
+ num = uint16_fromregion(&sr);
+ isc_region_consume(&sr, 2);
+ sprintf(buf, "%lu", num);
+ RETERR(str_totext(buf, target));
+
+ return (typemap_totext(&sr, NULL, target));
+}
+
+static /* inline */ isc_result_t
+fromwire_csync(ARGS_FROMWIRE) {
+ isc_region_t sr;
+
+ REQUIRE(type == dns_rdatatype_csync);
+
+ UNUSED(type);
+ UNUSED(rdclass);
+ UNUSED(options);
+ UNUSED(dctx);
+
+ /*
+ * Serial + Flags
+ */
+ isc_buffer_activeregion(source, &sr);
+ if (sr.length < 6)
+ return (ISC_R_UNEXPECTEDEND);
+
+ RETERR(mem_tobuffer(target, sr.base, 6));
+ isc_buffer_forward(source, 6);
+ isc_region_consume(&sr, 6);
+
+ RETERR(typemap_test(&sr, ISC_TRUE));
+
+ RETERR(mem_tobuffer(target, sr.base, sr.length));
+ isc_buffer_forward(source, sr.length);
+ return (ISC_R_SUCCESS);
+}
+
+static inline isc_result_t
+towire_csync(ARGS_TOWIRE) {
+
+ REQUIRE(rdata->type == dns_rdatatype_csync);
+ REQUIRE(rdata->length >= 6);
+
+ UNUSED(cctx);
+
+ return (mem_tobuffer(target, rdata->data, rdata->length));
+}
+
+static inline int
+compare_csync(ARGS_COMPARE) {
+ isc_region_t r1;
+ isc_region_t r2;
+
+ REQUIRE(rdata1->type == rdata2->type);
+ REQUIRE(rdata1->rdclass == rdata2->rdclass);
+ REQUIRE(rdata1->type == dns_rdatatype_csync);
+ REQUIRE(rdata1->length >= 6);
+ REQUIRE(rdata2->length >= 6);
+
+ dns_rdata_toregion(rdata1, &r1);
+ dns_rdata_toregion(rdata2, &r2);
+ return (isc_region_compare(&r1, &r2));
+}
+
+static inline isc_result_t
+fromstruct_csync(ARGS_FROMSTRUCT) {
+ dns_rdata_csync_t *csync = source;
+ isc_region_t region;
+
+ REQUIRE(type == dns_rdatatype_csync);
+ REQUIRE(source != NULL);
+ REQUIRE(csync->common.rdtype == type);
+ REQUIRE(csync->common.rdclass == rdclass);
+ REQUIRE(csync->typebits != NULL || csync->len == 0);
+
+ UNUSED(type);
+ UNUSED(rdclass);
+
+ RETERR(uint32_tobuffer(csync->serial, target));
+ RETERR(uint16_tobuffer(csync->flags, target));
+
+ region.base = csync->typebits;
+ region.length = csync->len;
+ RETERR(typemap_test(&region, ISC_TRUE));
+ return (mem_tobuffer(target, csync->typebits, csync->len));
+}
+
+static inline isc_result_t
+tostruct_csync(ARGS_TOSTRUCT) {
+ isc_region_t region;
+ dns_rdata_csync_t *csync = target;
+
+ REQUIRE(rdata->type == dns_rdatatype_csync);
+ REQUIRE(target != NULL);
+ REQUIRE(rdata->length != 0);
+
+ csync->common.rdclass = rdata->rdclass;
+ csync->common.rdtype = rdata->type;
+ ISC_LINK_INIT(&csync->common, link);
+
+ dns_rdata_toregion(rdata, &region);
+
+ csync->serial = uint32_fromregion(&region);
+ isc_region_consume(&region, 4);
+
+ csync->flags = uint16_fromregion(&region);
+ isc_region_consume(&region, 2);
+
+ csync->len = region.length;
+ csync->typebits = mem_maybedup(mctx, region.base, region.length);
+ if (csync->typebits == NULL)
+ goto cleanup;
+
+ csync->mctx = mctx;
+ return (ISC_R_SUCCESS);
+
+ cleanup:
+ return (ISC_R_NOMEMORY);
+}
+
+static inline void
+freestruct_csync(ARGS_FREESTRUCT) {
+ dns_rdata_csync_t *csync = source;
+
+ REQUIRE(source != NULL);
+ REQUIRE(csync->common.rdtype == dns_rdatatype_csync);
+
+ if (csync->mctx == NULL)
+ return;
+
+ if (csync->typebits != NULL)
+ isc_mem_free(csync->mctx, csync->typebits);
+ csync->mctx = NULL;
+}
+
+static inline isc_result_t
+additionaldata_csync(ARGS_ADDLDATA) {
+ REQUIRE(rdata->type == dns_rdatatype_csync);
+
+ UNUSED(rdata);
+ UNUSED(add);
+ UNUSED(arg);
+
+ return (ISC_R_SUCCESS);
+}
+
+static inline isc_result_t
+digest_csync(ARGS_DIGEST) {
+ isc_region_t r;
+
+ REQUIRE(rdata->type == dns_rdatatype_csync);
+
+ dns_rdata_toregion(rdata, &r);
+ return ((digest)(arg, &r));
+}
+
+static inline isc_boolean_t
+checkowner_csync(ARGS_CHECKOWNER) {
+
+ REQUIRE(type == dns_rdatatype_csync);
+
+ UNUSED(name);
+ UNUSED(type);
+ UNUSED(rdclass);
+ UNUSED(wildcard);
+
+ return (ISC_TRUE);
+}
+
+static inline isc_boolean_t
+checknames_csync(ARGS_CHECKNAMES) {
+
+ REQUIRE(rdata->type == dns_rdatatype_csync);
+
+ UNUSED(rdata);
+ UNUSED(owner);
+ UNUSED(bad);
+
+ return (ISC_TRUE);
+}
+
+static inline int
+casecompare_csync(ARGS_COMPARE) {
+ isc_region_t region1;
+ isc_region_t region2;
+
+ REQUIRE(rdata1->type == rdata2->type);
+ REQUIRE(rdata1->rdclass == rdata2->rdclass);
+ REQUIRE(rdata1->type == dns_rdatatype_csync);
+ REQUIRE(rdata1->length >= 6);
+ REQUIRE(rdata2->length >= 6);
+
+ dns_rdata_toregion(rdata1, &region1);
+ dns_rdata_toregion(rdata2, &region2);
+ return (isc_region_compare(&region1, &region2));
+}
+#endif /* RDATA_GENERIC_CSYNC_62_C */
diff --git a/lib/dns/rdata/generic/csync_62.h b/lib/dns/rdata/generic/csync_62.h
new file mode 100644
index 000000000000..1e4d3de42818
--- /dev/null
+++ b/lib/dns/rdata/generic/csync_62.h
@@ -0,0 +1,33 @@
+/*
+ * Copyright (C) 2015 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef GENERIC_CSYNC_62_H
+#define GENERIC_CSYNC_62_H 1
+
+/*!
+ * \brief Per RFC 7477
+ */
+
+typedef struct dns_rdata_csync {
+ dns_rdatacommon_t common;
+ isc_mem_t *mctx;
+ isc_uint32_t serial;
+ isc_uint16_t flags;
+ unsigned char *typebits;
+ isc_uint16_t len;
+} dns_rdata_csync_t;
+
+#endif /* GENERIC_CSYNC_62_H */
diff --git a/lib/dns/rdata/generic/dlv_32769.c b/lib/dns/rdata/generic/dlv_32769.c
index 3ff575766e3b..263f3f568cfa 100644
--- a/lib/dns/rdata/generic/dlv_32769.c
+++ b/lib/dns/rdata/generic/dlv_32769.c
@@ -31,165 +31,28 @@
static inline isc_result_t
fromtext_dlv(ARGS_FROMTEXT) {
- isc_token_t token;
- unsigned char c;
- int length;
REQUIRE(type == dns_rdatatype_dlv);
- UNUSED(type);
- UNUSED(rdclass);
- UNUSED(origin);
- UNUSED(options);
- UNUSED(callbacks);
-
- /*
- * Key tag.
- */
- RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number,
- ISC_FALSE));
- if (token.value.as_ulong > 0xffffU)
- RETTOK(ISC_R_RANGE);
- RETERR(uint16_tobuffer(token.value.as_ulong, target));
-
- /*
- * Algorithm.
- */
- RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number,
- ISC_FALSE));
- if (token.value.as_ulong > 0xffU)
- RETTOK(ISC_R_RANGE);
- RETERR(uint8_tobuffer(token.value.as_ulong, target));
-
- /*
- * Digest type.
- */
- RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number,
- ISC_FALSE));
- if (token.value.as_ulong > 0xffU)
- RETTOK(ISC_R_RANGE);
- RETERR(uint8_tobuffer(token.value.as_ulong, target));
- c = (unsigned char) token.value.as_ulong;
-
- /*
- * Digest.
- */
- switch (c) {
- case DNS_DSDIGEST_SHA1:
- length = ISC_SHA1_DIGESTLENGTH;
- break;
- case DNS_DSDIGEST_SHA256:
- length = ISC_SHA256_DIGESTLENGTH;
- break;
- case DNS_DSDIGEST_GOST:
- length = ISC_GOST_DIGESTLENGTH;
- break;
- case DNS_DSDIGEST_SHA384:
- length = ISC_SHA384_DIGESTLENGTH;
- break;
- default:
- length = -1;
- break;
- }
- return (isc_hex_tobuffer(lexer, target, length));
+ return (generic_fromtext_ds(rdclass, type, lexer, origin, options,
+ target, callbacks));
}
static inline isc_result_t
totext_dlv(ARGS_TOTEXT) {
- isc_region_t sr;
- char buf[sizeof("64000 ")];
- unsigned int n;
REQUIRE(rdata->type == dns_rdatatype_dlv);
- REQUIRE(rdata->length != 0);
-
- UNUSED(tctx);
- dns_rdata_toregion(rdata, &sr);
-
- /*
- * Key tag.
- */
- n = uint16_fromregion(&sr);
- isc_region_consume(&sr, 2);
- sprintf(buf, "%u ", n);
- RETERR(str_totext(buf, target));
-
- /*
- * Algorithm.
- */
- n = uint8_fromregion(&sr);
- isc_region_consume(&sr, 1);
- sprintf(buf, "%u ", n);
- RETERR(str_totext(buf, target));
-
- /*
- * Digest type.
- */
- n = uint8_fromregion(&sr);
- isc_region_consume(&sr, 1);
- sprintf(buf, "%u", n);
- RETERR(str_totext(buf, target));
-
- /*
- * Digest.
- */
- if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0)
- RETERR(str_totext(" (", target));
- RETERR(str_totext(tctx->linebreak, target));
- if (tctx->width == 0) /* No splitting */
- RETERR(isc_hex_totext(&sr, 0, "", target));
- else
- RETERR(isc_hex_totext(&sr, tctx->width - 2,
- tctx->linebreak, target));
- if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0)
- RETERR(str_totext(" )", target));
- return (ISC_R_SUCCESS);
+ return (generic_totext_ds(rdata, tctx, target));
}
static inline isc_result_t
fromwire_dlv(ARGS_FROMWIRE) {
- isc_region_t sr;
REQUIRE(type == dns_rdatatype_dlv);
- UNUSED(type);
- UNUSED(rdclass);
- UNUSED(dctx);
- UNUSED(options);
-
- isc_buffer_activeregion(source, &sr);
-
- /*
- * Check digest lengths if we know them.
- */
- if (sr.length < 4 ||
- (sr.base[3] == DNS_DSDIGEST_SHA1 &&
- sr.length < 4 + ISC_SHA1_DIGESTLENGTH) ||
- (sr.base[3] == DNS_DSDIGEST_SHA256 &&
- sr.length < 4 + ISC_SHA256_DIGESTLENGTH) ||
- (sr.base[3] == DNS_DSDIGEST_GOST &&
- sr.length < 4 + ISC_GOST_DIGESTLENGTH) ||
- (sr.base[3] == DNS_DSDIGEST_SHA384 &&
- sr.length < 4 + ISC_SHA384_DIGESTLENGTH))
- return (ISC_R_UNEXPECTEDEND);
-
- /*
- * Only copy digest lengths if we know them.
- * If there is extra data dns_rdata_fromwire() will
- * detect that.
- */
- if (sr.base[3] == DNS_DSDIGEST_SHA1)
- sr.length = 4 + ISC_SHA1_DIGESTLENGTH;
- else if (sr.base[3] == DNS_DSDIGEST_SHA256)
- sr.length = 4 + ISC_SHA256_DIGESTLENGTH;
- else if (sr.base[3] == DNS_DSDIGEST_GOST)
- sr.length = 4 + ISC_GOST_DIGESTLENGTH;
- else if (sr.base[3] == DNS_DSDIGEST_SHA384)
- sr.length = 4 + ISC_SHA384_DIGESTLENGTH;
-
- isc_buffer_forward(source, sr.length);
- return (mem_tobuffer(target, sr.base, sr.length));
+ return (generic_fromwire_ds(rdclass, type, source, dctx, options,
+ target));
}
static inline isc_result_t
@@ -223,66 +86,23 @@ compare_dlv(ARGS_COMPARE) {
static inline isc_result_t
fromstruct_dlv(ARGS_FROMSTRUCT) {
- dns_rdata_dlv_t *dlv = source;
REQUIRE(type == dns_rdatatype_dlv);
- REQUIRE(source != NULL);
- REQUIRE(dlv->common.rdtype == type);
- REQUIRE(dlv->common.rdclass == rdclass);
- switch (dlv->digest_type) {
- case DNS_DSDIGEST_SHA1:
- REQUIRE(dlv->length == ISC_SHA1_DIGESTLENGTH);
- break;
- case DNS_DSDIGEST_SHA256:
- REQUIRE(dlv->length == ISC_SHA256_DIGESTLENGTH);
- break;
- case DNS_DSDIGEST_GOST:
- REQUIRE(dlv->length == ISC_GOST_DIGESTLENGTH);
- break;
- case DNS_DSDIGEST_SHA384:
- REQUIRE(dlv->length == ISC_SHA384_DIGESTLENGTH);
- break;
- }
-
- UNUSED(type);
- UNUSED(rdclass);
-
- RETERR(uint16_tobuffer(dlv->key_tag, target));
- RETERR(uint8_tobuffer(dlv->algorithm, target));
- RETERR(uint8_tobuffer(dlv->digest_type, target));
- return (mem_tobuffer(target, dlv->digest, dlv->length));
+ return (generic_fromstruct_ds(rdclass, type, source, target));
}
static inline isc_result_t
tostruct_dlv(ARGS_TOSTRUCT) {
dns_rdata_dlv_t *dlv = target;
- isc_region_t region;
REQUIRE(rdata->type == dns_rdatatype_dlv);
- REQUIRE(target != NULL);
- REQUIRE(rdata->length != 0);
dlv->common.rdclass = rdata->rdclass;
dlv->common.rdtype = rdata->type;
ISC_LINK_INIT(&dlv->common, link);
- dns_rdata_toregion(rdata, &region);
-
- dlv->key_tag = uint16_fromregion(&region);
- isc_region_consume(&region, 2);
- dlv->algorithm = uint8_fromregion(&region);
- isc_region_consume(&region, 1);
- dlv->digest_type = uint8_fromregion(&region);
- isc_region_consume(&region, 1);
- dlv->length = region.length;
-
- dlv->digest = mem_maybedup(mctx, region.base, region.length);
- if (dlv->digest == NULL)
- return (ISC_R_NOMEMORY);
-
- dlv->mctx = mctx;
- return (ISC_R_SUCCESS);
+ return (generic_tostruct_ds(rdata, target, mctx));
}
static inline void
diff --git a/lib/dns/rdata/generic/dlv_32769.h b/lib/dns/rdata/generic/dlv_32769.h
index 2313c57582d8..404b2856c929 100644
--- a/lib/dns/rdata/generic/dlv_32769.h
+++ b/lib/dns/rdata/generic/dlv_32769.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006, 2007, 2015 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -20,14 +20,6 @@
#ifndef GENERIC_DLV_32769_H
#define GENERIC_DLV_32769_H 1
-typedef struct dns_rdata_dlv {
- dns_rdatacommon_t common;
- isc_mem_t *mctx;
- isc_uint16_t key_tag;
- isc_uint8_t algorithm;
- isc_uint8_t digest_type;
- isc_uint16_t length;
- unsigned char *digest;
-} dns_rdata_dlv_t;
+typedef struct dns_rdata_ds dns_rdata_dlv_t;
#endif /* GENERIC_DLV_32769_H */
diff --git a/lib/dns/rdata/generic/dname_39.c b/lib/dns/rdata/generic/dname_39.c
index d181a6cd10c7..e061161f79c5 100644
--- a/lib/dns/rdata/generic/dname_39.c
+++ b/lib/dns/rdata/generic/dname_39.c
@@ -43,7 +43,8 @@ fromtext_dname(ARGS_FROMTEXT) {
dns_name_init(&name, NULL);
buffer_fromregion(&buffer, &token.value.as_region);
- origin = (origin != NULL) ? origin : dns_rootname;
+ if (origin == NULL)
+ origin = dns_rootname;
RETTOK(dns_name_fromtext(&name, &buffer, origin, options, target));
return (ISC_R_SUCCESS);
}
diff --git a/lib/dns/rdata/generic/dnskey_48.c b/lib/dns/rdata/generic/dnskey_48.c
index 3b0387503a1b..41afd57fe1ab 100644
--- a/lib/dns/rdata/generic/dnskey_48.c
+++ b/lib/dns/rdata/generic/dnskey_48.c
@@ -32,186 +32,36 @@
static inline isc_result_t
fromtext_dnskey(ARGS_FROMTEXT) {
- isc_result_t result;
- isc_token_t token;
- dns_secalg_t alg;
- dns_secproto_t proto;
- dns_keyflags_t flags;
REQUIRE(type == dns_rdatatype_dnskey);
- UNUSED(type);
- UNUSED(rdclass);
- UNUSED(origin);
- UNUSED(options);
- UNUSED(callbacks);
-
- /* flags */
- RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string,
- ISC_FALSE));
- RETTOK(dns_keyflags_fromtext(&flags, &token.value.as_textregion));
- RETERR(uint16_tobuffer(flags, target));
-
- /* protocol */
- RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string,
- ISC_FALSE));
- RETTOK(dns_secproto_fromtext(&proto, &token.value.as_textregion));
- RETERR(mem_tobuffer(target, &proto, 1));
-
- /* algorithm */
- RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string,
- ISC_FALSE));
- RETTOK(dns_secalg_fromtext(&alg, &token.value.as_textregion));
- RETERR(mem_tobuffer(target, &alg, 1));
-
- /* No Key? */
- if ((flags & 0xc000) == 0xc000)
- return (ISC_R_SUCCESS);
-
- result = isc_base64_tobuffer(lexer, target, -1);
- if (result != ISC_R_SUCCESS)
- return (result);
-
- /* Ensure there's at least enough data to compute a key ID for MD5 */
- if (alg == DST_ALG_RSAMD5 && isc_buffer_usedlength(target) < 7)
- return (ISC_R_UNEXPECTEDEND);
-
- return (ISC_R_SUCCESS);
+ return (generic_fromtext_key(rdclass, type, lexer, origin,
+ options, target, callbacks));
}
static inline isc_result_t
totext_dnskey(ARGS_TOTEXT) {
- isc_region_t sr;
- char buf[sizeof("64000")];
- unsigned int flags;
- unsigned char algorithm;
- char algbuf[DNS_NAME_FORMATSIZE];
- const char *keyinfo;
+ REQUIRE(rdata != NULL);
REQUIRE(rdata->type == dns_rdatatype_dnskey);
- REQUIRE(rdata->length != 0);
-
- dns_rdata_toregion(rdata, &sr);
- /* flags */
- flags = uint16_fromregion(&sr);
- isc_region_consume(&sr, 2);
- sprintf(buf, "%u", flags);
- RETERR(str_totext(buf, target));
- RETERR(str_totext(" ", target));
- if ((flags & DNS_KEYFLAG_KSK) != 0) {
- if (flags & DNS_KEYFLAG_REVOKE)
- keyinfo = "revoked KSK";
- else
- keyinfo = "KSK";
- } else
- keyinfo = "ZSK";
-
- /* protocol */
- sprintf(buf, "%u", sr.base[0]);
- isc_region_consume(&sr, 1);
- RETERR(str_totext(buf, target));
- RETERR(str_totext(" ", target));
-
- /* algorithm */
- algorithm = sr.base[0];
- sprintf(buf, "%u", algorithm);
- isc_region_consume(&sr, 1);
- RETERR(str_totext(buf, target));
-
- /* No Key? */
- if ((flags & 0xc000) == 0xc000)
- return (ISC_R_SUCCESS);
-
- if ((tctx->flags & DNS_STYLEFLAG_RRCOMMENT) != 0 &&
- algorithm == DNS_KEYALG_PRIVATEDNS) {
- dns_name_t name;
- dns_name_init(&name, NULL);
- dns_name_fromregion(&name, &sr);
- dns_name_format(&name, algbuf, sizeof(algbuf));
- } else {
- dns_secalg_format((dns_secalg_t) algorithm, algbuf,
- sizeof(algbuf));
- }
-
- /* key */
- if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0)
- RETERR(str_totext(" (", target));
- RETERR(str_totext(tctx->linebreak, target));
- if (tctx->width == 0) /* No splitting */
- RETERR(isc_base64_totext(&sr, 0, "", target));
- else
- RETERR(isc_base64_totext(&sr, tctx->width - 2,
- tctx->linebreak, target));
-
- if ((tctx->flags & DNS_STYLEFLAG_RRCOMMENT) != 0)
- RETERR(str_totext(tctx->linebreak, target));
- else if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0)
- RETERR(str_totext(" ", target));
-
- if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0)
- RETERR(str_totext(")", target));
-
- if ((tctx->flags & DNS_STYLEFLAG_RRCOMMENT) != 0) {
- isc_region_t tmpr;
-
- RETERR(str_totext(" ; ", target));
- RETERR(str_totext(keyinfo, target));
- RETERR(str_totext("; alg = ", target));
- RETERR(str_totext(algbuf, target));
- RETERR(str_totext("; key id = ", target));
- dns_rdata_toregion(rdata, &tmpr);
- sprintf(buf, "%u", dst_region_computeid(&tmpr, algorithm));
- RETERR(str_totext(buf, target));
- }
- return (ISC_R_SUCCESS);
+ return (generic_totext_key(rdata, tctx, target));
}
static inline isc_result_t
fromwire_dnskey(ARGS_FROMWIRE) {
- unsigned char algorithm;
- isc_region_t sr;
REQUIRE(type == dns_rdatatype_dnskey);
- UNUSED(type);
- UNUSED(rdclass);
- UNUSED(dctx);
- UNUSED(options);
-
- isc_buffer_activeregion(source, &sr);
- if (sr.length < 4)
- return (ISC_R_UNEXPECTEDEND);
-
- algorithm = sr.base[3];
- RETERR(mem_tobuffer(target, sr.base, 4));
- isc_region_consume(&sr, 4);
- isc_buffer_forward(source, 4);
-
- if (algorithm == DNS_KEYALG_PRIVATEDNS) {
- dns_name_t name;
- dns_decompress_setmethods(dctx, DNS_COMPRESS_NONE);
- dns_name_init(&name, NULL);
- RETERR(dns_name_fromwire(&name, source, dctx, options, target));
- }
-
- /*
- * RSAMD5 computes key ID differently from other
- * algorithms: we need to ensure there's enough data
- * present for the computation
- */
- if (algorithm == DST_ALG_RSAMD5 && sr.length < 3)
- return (ISC_R_UNEXPECTEDEND);
-
- isc_buffer_activeregion(source, &sr);
- isc_buffer_forward(source, sr.length);
- return (mem_tobuffer(target, sr.base, sr.length));
+ return (generic_fromwire_key(rdclass, type, source, dctx,
+ options, target));
}
static inline isc_result_t
towire_dnskey(ARGS_TOWIRE) {
isc_region_t sr;
+ REQUIRE(rdata != NULL);
REQUIRE(rdata->type == dns_rdatatype_dnskey);
REQUIRE(rdata->length != 0);
@@ -226,6 +76,8 @@ compare_dnskey(ARGS_COMPARE) {
isc_region_t r1;
isc_region_t r2;
+ REQUIRE(rdata1 != NULL);
+ REQUIRE(rdata2 != NULL);
REQUIRE(rdata1->type == rdata2->type);
REQUIRE(rdata1->rdclass == rdata2->rdclass);
REQUIRE(rdata1->type == dns_rdatatype_dnskey);
@@ -239,89 +91,40 @@ compare_dnskey(ARGS_COMPARE) {
static inline isc_result_t
fromstruct_dnskey(ARGS_FROMSTRUCT) {
- dns_rdata_dnskey_t *dnskey = source;
REQUIRE(type == dns_rdatatype_dnskey);
- REQUIRE(source != NULL);
- REQUIRE(dnskey->common.rdtype == type);
- REQUIRE(dnskey->common.rdclass == rdclass);
-
- UNUSED(type);
- UNUSED(rdclass);
-
- /* Flags */
- RETERR(uint16_tobuffer(dnskey->flags, target));
-
- /* Protocol */
- RETERR(uint8_tobuffer(dnskey->protocol, target));
- /* Algorithm */
- RETERR(uint8_tobuffer(dnskey->algorithm, target));
-
- /* Data */
- return (mem_tobuffer(target, dnskey->data, dnskey->datalen));
+ return (generic_fromstruct_key(rdclass, type, source, target));
}
static inline isc_result_t
tostruct_dnskey(ARGS_TOSTRUCT) {
dns_rdata_dnskey_t *dnskey = target;
- isc_region_t sr;
+ REQUIRE(dnskey != NULL);
+ REQUIRE(rdata != NULL);
REQUIRE(rdata->type == dns_rdatatype_dnskey);
- REQUIRE(target != NULL);
- REQUIRE(rdata->length != 0);
dnskey->common.rdclass = rdata->rdclass;
dnskey->common.rdtype = rdata->type;
ISC_LINK_INIT(&dnskey->common, link);
- dns_rdata_toregion(rdata, &sr);
-
- /* Flags */
- if (sr.length < 2)
- return (ISC_R_UNEXPECTEDEND);
- dnskey->flags = uint16_fromregion(&sr);
- isc_region_consume(&sr, 2);
-
- /* Protocol */
- if (sr.length < 1)
- return (ISC_R_UNEXPECTEDEND);
- dnskey->protocol = uint8_fromregion(&sr);
- isc_region_consume(&sr, 1);
-
- /* Algorithm */
- if (sr.length < 1)
- return (ISC_R_UNEXPECTEDEND);
- dnskey->algorithm = uint8_fromregion(&sr);
- isc_region_consume(&sr, 1);
-
- /* Data */
- dnskey->datalen = sr.length;
- dnskey->data = mem_maybedup(mctx, sr.base, dnskey->datalen);
- if (dnskey->data == NULL)
- return (ISC_R_NOMEMORY);
-
- dnskey->mctx = mctx;
- return (ISC_R_SUCCESS);
+ return (generic_tostruct_key(rdata, target, mctx));
}
static inline void
freestruct_dnskey(ARGS_FREESTRUCT) {
dns_rdata_dnskey_t *dnskey = (dns_rdata_dnskey_t *) source;
- REQUIRE(source != NULL);
+ REQUIRE(dnskey != NULL);
REQUIRE(dnskey->common.rdtype == dns_rdatatype_dnskey);
- if (dnskey->mctx == NULL)
- return;
-
- if (dnskey->data != NULL)
- isc_mem_free(dnskey->mctx, dnskey->data);
- dnskey->mctx = NULL;
+ generic_freestruct_key(source);
}
static inline isc_result_t
additionaldata_dnskey(ARGS_ADDLDATA) {
+
REQUIRE(rdata->type == dns_rdatatype_dnskey);
UNUSED(rdata);
@@ -335,6 +138,7 @@ static inline isc_result_t
digest_dnskey(ARGS_DIGEST) {
isc_region_t r;
+ REQUIRE(rdata != NULL);
REQUIRE(rdata->type == dns_rdatatype_dnskey);
dns_rdata_toregion(rdata, &r);
@@ -358,6 +162,7 @@ checkowner_dnskey(ARGS_CHECKOWNER) {
static inline isc_boolean_t
checknames_dnskey(ARGS_CHECKNAMES) {
+ REQUIRE(rdata != NULL);
REQUIRE(rdata->type == dns_rdatatype_dnskey);
UNUSED(rdata);
diff --git a/lib/dns/rdata/generic/dnskey_48.h b/lib/dns/rdata/generic/dnskey_48.h
index ce88cd1bf37a..67b1d7a3573a 100644
--- a/lib/dns/rdata/generic/dnskey_48.h
+++ b/lib/dns/rdata/generic/dnskey_48.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2015 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -18,20 +18,10 @@
#ifndef GENERIC_DNSKEY_48_H
#define GENERIC_DNSKEY_48_H 1
-/* $Id: dnskey_48.h,v 1.7 2007/06/19 23:47:17 tbox Exp $ */
-
/*!
- * \brief per RFC2535 */
-
-typedef struct dns_rdata_dnskey {
- dns_rdatacommon_t common;
- isc_mem_t * mctx;
- isc_uint16_t flags;
- isc_uint8_t protocol;
- isc_uint8_t algorithm;
- isc_uint16_t datalen;
- unsigned char * data;
-} dns_rdata_dnskey_t;
+ * \brief per RFC2535
+ */
+typedef struct dns_rdata_key dns_rdata_dnskey_t;
#endif /* GENERIC_DNSKEY_48_H */
diff --git a/lib/dns/rdata/generic/ds_43.c b/lib/dns/rdata/generic/ds_43.c
index 975fdfd2b3a6..cdaec4dba9c8 100644
--- a/lib/dns/rdata/generic/ds_43.c
+++ b/lib/dns/rdata/generic/ds_43.c
@@ -31,13 +31,11 @@
#include <dns/ds.h>
static inline isc_result_t
-fromtext_ds(ARGS_FROMTEXT) {
+generic_fromtext_ds(ARGS_FROMTEXT) {
isc_token_t token;
unsigned char c;
int length;
- REQUIRE(type == dns_rdatatype_ds);
-
UNUSED(type);
UNUSED(rdclass);
UNUSED(origin);
@@ -95,12 +93,20 @@ fromtext_ds(ARGS_FROMTEXT) {
}
static inline isc_result_t
-totext_ds(ARGS_TOTEXT) {
+fromtext_ds(ARGS_FROMTEXT) {
+
+ REQUIRE(type == dns_rdatatype_ds);
+
+ return (generic_fromtext_ds(rdclass, type, lexer, origin, options,
+ target, callbacks));
+}
+
+static inline isc_result_t
+generic_totext_ds(ARGS_TOTEXT) {
isc_region_t sr;
char buf[sizeof("64000 ")];
unsigned int n;
- REQUIRE(rdata->type == dns_rdatatype_ds);
REQUIRE(rdata->length != 0);
UNUSED(tctx);
@@ -148,10 +154,16 @@ totext_ds(ARGS_TOTEXT) {
}
static inline isc_result_t
-fromwire_ds(ARGS_FROMWIRE) {
- isc_region_t sr;
+totext_ds(ARGS_TOTEXT) {
- REQUIRE(type == dns_rdatatype_ds);
+ REQUIRE(rdata->type == dns_rdatatype_ds);
+
+ return (generic_totext_ds(rdata, tctx, target));
+}
+
+static inline isc_result_t
+generic_fromwire_ds(ARGS_FROMWIRE) {
+ isc_region_t sr;
UNUSED(type);
UNUSED(rdclass);
@@ -193,6 +205,15 @@ fromwire_ds(ARGS_FROMWIRE) {
}
static inline isc_result_t
+fromwire_ds(ARGS_FROMWIRE) {
+
+ REQUIRE(type == dns_rdatatype_ds);
+
+ return (generic_fromwire_ds(rdclass, type, source, dctx, options,
+ target));
+}
+
+static inline isc_result_t
towire_ds(ARGS_TOWIRE) {
isc_region_t sr;
@@ -222,13 +243,16 @@ compare_ds(ARGS_COMPARE) {
}
static inline isc_result_t
-fromstruct_ds(ARGS_FROMSTRUCT) {
+generic_fromstruct_ds(ARGS_FROMSTRUCT) {
dns_rdata_ds_t *ds = source;
- REQUIRE(type == dns_rdatatype_ds);
REQUIRE(source != NULL);
REQUIRE(ds->common.rdtype == type);
REQUIRE(ds->common.rdclass == rdclass);
+
+ UNUSED(type);
+ UNUSED(rdclass);
+
switch (ds->digest_type) {
case DNS_DSDIGEST_SHA1:
REQUIRE(ds->length == ISC_SHA1_DIGESTLENGTH);
@@ -244,9 +268,6 @@ fromstruct_ds(ARGS_FROMSTRUCT) {
break;
}
- UNUSED(type);
- UNUSED(rdclass);
-
RETERR(uint16_tobuffer(ds->key_tag, target));
RETERR(uint8_tobuffer(ds->algorithm, target));
RETERR(uint8_tobuffer(ds->digest_type, target));
@@ -255,17 +276,23 @@ fromstruct_ds(ARGS_FROMSTRUCT) {
}
static inline isc_result_t
-tostruct_ds(ARGS_TOSTRUCT) {
+fromstruct_ds(ARGS_FROMSTRUCT) {
+
+ REQUIRE(type == dns_rdatatype_ds);
+
+ return (generic_fromstruct_ds(rdclass, type, source, target));
+}
+
+static inline isc_result_t
+generic_tostruct_ds(ARGS_TOSTRUCT) {
dns_rdata_ds_t *ds = target;
isc_region_t region;
- REQUIRE(rdata->type == dns_rdatatype_ds);
REQUIRE(target != NULL);
REQUIRE(rdata->length != 0);
-
- ds->common.rdclass = rdata->rdclass;
- ds->common.rdtype = rdata->type;
- ISC_LINK_INIT(&ds->common, link);
+ REQUIRE(ds->common.rdtype == rdata->type);
+ REQUIRE(ds->common.rdclass == rdata->rdclass);
+ REQUIRE(!ISC_LINK_LINKED(&ds->common, link));
dns_rdata_toregion(rdata, &region);
@@ -285,6 +312,20 @@ tostruct_ds(ARGS_TOSTRUCT) {
return (ISC_R_SUCCESS);
}
+static inline isc_result_t
+tostruct_ds(ARGS_TOSTRUCT) {
+ dns_rdata_ds_t *ds = target;
+
+ REQUIRE(rdata->type == dns_rdatatype_ds);
+ REQUIRE(target != NULL);
+
+ ds->common.rdclass = rdata->rdclass;
+ ds->common.rdtype = rdata->type;
+ ISC_LINK_INIT(&ds->common, link);
+
+ return (generic_tostruct_ds(rdata, target, mctx));
+}
+
static inline void
freestruct_ds(ARGS_FREESTRUCT) {
dns_rdata_ds_t *ds = source;
diff --git a/lib/dns/rdata/generic/hip_55.c b/lib/dns/rdata/generic/hip_55.c
index 7c51d1f72a54..8e7002298c3d 100644
--- a/lib/dns/rdata/generic/hip_55.c
+++ b/lib/dns/rdata/generic/hip_55.c
@@ -94,6 +94,9 @@ fromtext_hip(ARGS_FROMTEXT) {
RETTOK(ISC_R_RANGE);
RETERR(uint16_tobuffer((isc_uint32_t)len, &key_len));
+ if (origin == NULL)
+ origin = dns_rootname;
+
/*
* Rendezvous Servers.
*/
@@ -105,7 +108,6 @@ fromtext_hip(ARGS_FROMTEXT) {
if (token.type != isc_tokentype_string)
break;
buffer_fromregion(&buffer, &token.value.as_region);
- origin = (origin != NULL) ? origin : dns_rootname;
RETTOK(dns_name_fromtext(&name, &buffer, origin, options,
target));
} while (1);
diff --git a/lib/dns/rdata/generic/ipseckey_45.c b/lib/dns/rdata/generic/ipseckey_45.c
index c5462c1a69a8..cc6fb6d402d4 100644
--- a/lib/dns/rdata/generic/ipseckey_45.c
+++ b/lib/dns/rdata/generic/ipseckey_45.c
@@ -104,7 +104,8 @@ fromtext_ipseckey(ARGS_FROMTEXT) {
case 3:
dns_name_init(&name, NULL);
buffer_fromregion(&buffer, &token.value.as_region);
- origin = (origin != NULL) ? origin : dns_rootname;
+ if (origin == NULL)
+ origin = dns_rootname;
RETTOK(dns_name_fromtext(&name, &buffer, origin,
options, target));
break;
diff --git a/lib/dns/rdata/generic/key_25.c b/lib/dns/rdata/generic/key_25.c
index c2ddd57fc108..4c65408ceaf9 100644
--- a/lib/dns/rdata/generic/key_25.c
+++ b/lib/dns/rdata/generic/key_25.c
@@ -31,15 +31,13 @@
#define RRTYPE_KEY_ATTRIBUTES (0)
static inline isc_result_t
-fromtext_key(ARGS_FROMTEXT) {
+generic_fromtext_key(ARGS_FROMTEXT) {
isc_result_t result;
isc_token_t token;
dns_secalg_t alg;
dns_secproto_t proto;
dns_keyflags_t flags;
- REQUIRE(type == dns_rdatatype_key);
-
UNUSED(type);
UNUSED(rdclass);
UNUSED(origin);
@@ -80,14 +78,15 @@ fromtext_key(ARGS_FROMTEXT) {
}
static inline isc_result_t
-totext_key(ARGS_TOTEXT) {
+generic_totext_key(ARGS_TOTEXT) {
isc_region_t sr;
- char buf[sizeof("64000")];
+ char buf[sizeof("[key id = 64000]")];
unsigned int flags;
unsigned char algorithm;
- char namebuf[DNS_NAME_FORMATSIZE];
+ char algbuf[DNS_NAME_FORMATSIZE];
+ const char *keyinfo;
+ isc_region_t tmpr;
- REQUIRE(rdata->type == dns_rdatatype_key);
REQUIRE(rdata->length != 0);
dns_rdata_toregion(rdata, &sr);
@@ -98,6 +97,14 @@ totext_key(ARGS_TOTEXT) {
sprintf(buf, "%u", flags);
RETERR(str_totext(buf, target));
RETERR(str_totext(" ", target));
+ if ((flags & DNS_KEYFLAG_KSK) != 0) {
+ if (flags & DNS_KEYFLAG_REVOKE)
+ keyinfo = "revoked KSK";
+ else
+ keyinfo = "KSK";
+ } else
+ keyinfo = "ZSK";
+
/* protocol */
sprintf(buf, "%u", sr.base[0]);
@@ -120,19 +127,22 @@ totext_key(ARGS_TOTEXT) {
dns_name_t name;
dns_name_init(&name, NULL);
dns_name_fromregion(&name, &sr);
- dns_name_format(&name, namebuf, sizeof(namebuf));
- } else
- namebuf[0] = 0;
+ dns_name_format(&name, algbuf, sizeof(algbuf));
+ } else {
+ dns_secalg_format((dns_secalg_t) algorithm, algbuf,
+ sizeof(algbuf));
+ }
/* key */
if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0)
RETERR(str_totext(" (", target));
RETERR(str_totext(tctx->linebreak, target));
+
if (tctx->width == 0) /* No splitting */
RETERR(isc_base64_totext(&sr, 60, "", target));
else
RETERR(isc_base64_totext(&sr, tctx->width - 2,
- tctx->linebreak, target));
+ tctx->linebreak, target));
if ((tctx->flags & DNS_STYLEFLAG_RRCOMMENT) != 0)
RETERR(str_totext(tctx->linebreak, target));
@@ -143,28 +153,27 @@ totext_key(ARGS_TOTEXT) {
RETERR(str_totext(")", target));
if ((tctx->flags & DNS_STYLEFLAG_RRCOMMENT) != 0) {
- isc_region_t tmpr;
+ if (rdata->type == dns_rdatatype_dnskey ||
+ rdata->type == dns_rdatatype_cdnskey) {
+ RETERR(str_totext(" ; ", target));
+ RETERR(str_totext(keyinfo, target));
+ }
+ RETERR(str_totext("; alg = ", target));
+ RETERR(str_totext(algbuf, target));
RETERR(str_totext(" ; key id = ", target));
dns_rdata_toregion(rdata, &tmpr);
sprintf(buf, "%u", dst_region_computeid(&tmpr, algorithm));
RETERR(str_totext(buf, target));
- if (algorithm == DNS_KEYALG_PRIVATEDNS) {
- RETERR(str_totext(tctx->linebreak, target));
- RETERR(str_totext("; alg = ", target));
- RETERR(str_totext(namebuf, target));
- }
}
return (ISC_R_SUCCESS);
}
static inline isc_result_t
-fromwire_key(ARGS_FROMWIRE) {
+generic_fromwire_key(ARGS_FROMWIRE) {
unsigned char algorithm;
isc_region_t sr;
- REQUIRE(type == dns_rdatatype_key);
-
UNUSED(type);
UNUSED(rdclass);
UNUSED(dctx);
@@ -200,9 +209,37 @@ fromwire_key(ARGS_FROMWIRE) {
}
static inline isc_result_t
+fromtext_key(ARGS_FROMTEXT) {
+
+ REQUIRE(type == dns_rdatatype_key);
+
+ return (generic_fromtext_key(rdclass, type, lexer, origin,
+ options, target, callbacks));
+}
+
+static inline isc_result_t
+totext_key(ARGS_TOTEXT) {
+
+ REQUIRE(rdata != NULL);
+ REQUIRE(rdata->type == dns_rdatatype_key);
+
+ return (generic_totext_key(rdata, tctx, target));
+}
+
+static inline isc_result_t
+fromwire_key(ARGS_FROMWIRE) {
+
+ REQUIRE(type == dns_rdatatype_key);
+
+ return (generic_fromwire_key(rdclass, type, source, dctx,
+ options, target));
+}
+
+static inline isc_result_t
towire_key(ARGS_TOWIRE) {
isc_region_t sr;
+ REQUIRE(rdata != NULL);
REQUIRE(rdata->type == dns_rdatatype_key);
REQUIRE(rdata->length != 0);
@@ -217,6 +254,8 @@ compare_key(ARGS_COMPARE) {
isc_region_t r1;
isc_region_t r2;
+ REQUIRE(rdata1 != NULL);
+ REQUIRE(rdata2 != NULL);
REQUIRE(rdata1->type == rdata2->type);
REQUIRE(rdata1->rdclass == rdata2->rdclass);
REQUIRE(rdata1->type == dns_rdatatype_key);
@@ -229,11 +268,10 @@ compare_key(ARGS_COMPARE) {
}
static inline isc_result_t
-fromstruct_key(ARGS_FROMSTRUCT) {
+generic_fromstruct_key(ARGS_FROMSTRUCT) {
dns_rdata_key_t *key = source;
- REQUIRE(type == dns_rdatatype_key);
- REQUIRE(source != NULL);
+ REQUIRE(key != NULL);
REQUIRE(key->common.rdtype == type);
REQUIRE(key->common.rdclass == rdclass);
@@ -254,17 +292,17 @@ fromstruct_key(ARGS_FROMSTRUCT) {
}
static inline isc_result_t
-tostruct_key(ARGS_TOSTRUCT) {
+generic_tostruct_key(ARGS_TOSTRUCT) {
dns_rdata_key_t *key = target;
isc_region_t sr;
- REQUIRE(rdata->type == dns_rdatatype_key);
- REQUIRE(target != NULL);
+ REQUIRE(rdata != NULL);
REQUIRE(rdata->length != 0);
- key->common.rdclass = rdata->rdclass;
- key->common.rdtype = rdata->type;
- ISC_LINK_INIT(&key->common, link);
+ REQUIRE(key != NULL);
+ REQUIRE(key->common.rdclass == rdata->rdclass);
+ REQUIRE(key->common.rdtype == rdata->type);
+ REQUIRE(!ISC_LINK_LINKED(&key->common, link));
dns_rdata_toregion(rdata, &sr);
@@ -297,11 +335,10 @@ tostruct_key(ARGS_TOSTRUCT) {
}
static inline void
-freestruct_key(ARGS_FREESTRUCT) {
+generic_freestruct_key(ARGS_FREESTRUCT) {
dns_rdata_key_t *key = (dns_rdata_key_t *) source;
- REQUIRE(source != NULL);
- REQUIRE(key->common.rdtype == dns_rdatatype_key);
+ REQUIRE(key != NULL);
if (key->mctx == NULL)
return;
@@ -312,7 +349,42 @@ freestruct_key(ARGS_FREESTRUCT) {
}
static inline isc_result_t
+fromstruct_key(ARGS_FROMSTRUCT) {
+
+ REQUIRE(type == dns_rdatatype_key);
+
+ return (generic_fromstruct_key(rdclass, type, source, target));
+}
+
+static inline isc_result_t
+tostruct_key(ARGS_TOSTRUCT) {
+ dns_rdata_key_t *key = target;
+
+ REQUIRE(key != NULL);
+ REQUIRE(rdata != NULL);
+ REQUIRE(rdata->type == dns_rdatatype_key);
+
+ key->common.rdclass = rdata->rdclass;
+ key->common.rdtype = rdata->type;
+ ISC_LINK_INIT(&key->common, link);
+
+ return (generic_tostruct_key(rdata, target, mctx));
+}
+
+static inline void
+freestruct_key(ARGS_FREESTRUCT) {
+ dns_rdata_key_t *key = (dns_rdata_key_t *) source;
+
+ REQUIRE(key != NULL);
+ REQUIRE(key->common.rdtype == dns_rdatatype_key);
+
+ generic_freestruct_key(source);
+}
+
+static inline isc_result_t
additionaldata_key(ARGS_ADDLDATA) {
+
+ REQUIRE(rdata != NULL);
REQUIRE(rdata->type == dns_rdatatype_key);
UNUSED(rdata);
@@ -326,6 +398,7 @@ static inline isc_result_t
digest_key(ARGS_DIGEST) {
isc_region_t r;
+ REQUIRE(rdata != NULL);
REQUIRE(rdata->type == dns_rdatatype_key);
dns_rdata_toregion(rdata, &r);
@@ -349,6 +422,7 @@ checkowner_key(ARGS_CHECKOWNER) {
static inline isc_boolean_t
checknames_key(ARGS_CHECKNAMES) {
+ REQUIRE(rdata != NULL);
REQUIRE(rdata->type == dns_rdatatype_key);
UNUSED(rdata);
diff --git a/lib/dns/rdata/generic/key_25.h b/lib/dns/rdata/generic/key_25.h
index bcf9cb6a22bf..e3aa8beaec3d 100644
--- a/lib/dns/rdata/generic/key_25.h
+++ b/lib/dns/rdata/generic/key_25.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2015 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -23,14 +23,14 @@
/*!
* \brief Per RFC2535 */
-typedef struct dns_rdata_key_t {
- dns_rdatacommon_t common;
- isc_mem_t * mctx;
- isc_uint16_t flags;
- isc_uint8_t protocol;
- isc_uint8_t algorithm;
- isc_uint16_t datalen;
- unsigned char * data;
+typedef struct dns_rdata_key {
+ dns_rdatacommon_t common;
+ isc_mem_t * mctx;
+ isc_uint16_t flags;
+ isc_uint8_t protocol;
+ isc_uint8_t algorithm;
+ isc_uint16_t datalen;
+ unsigned char * data;
} dns_rdata_key_t;
diff --git a/lib/dns/rdata/generic/lp_107.c b/lib/dns/rdata/generic/lp_107.c
index 08d6b1763593..b9e2f039f824 100644
--- a/lib/dns/rdata/generic/lp_107.c
+++ b/lib/dns/rdata/generic/lp_107.c
@@ -46,7 +46,8 @@ fromtext_lp(ARGS_FROMTEXT) {
dns_name_init(&name, NULL);
buffer_fromregion(&buffer, &token.value.as_region);
- origin = (origin != NULL) ? origin : dns_rootname;
+ if (origin == NULL)
+ origin = dns_rootname;
return (dns_name_fromtext(&name, &buffer, origin, options, target));
}
diff --git a/lib/dns/rdata/generic/mb_7.c b/lib/dns/rdata/generic/mb_7.c
index 47c7308ebb03..cd92af512040 100644
--- a/lib/dns/rdata/generic/mb_7.c
+++ b/lib/dns/rdata/generic/mb_7.c
@@ -41,7 +41,8 @@ fromtext_mb(ARGS_FROMTEXT) {
dns_name_init(&name, NULL);
buffer_fromregion(&buffer, &token.value.as_region);
- origin = (origin != NULL) ? origin : dns_rootname;
+ if (origin == NULL)
+ origin = dns_rootname;
RETTOK(dns_name_fromtext(&name, &buffer, origin, options, target));
return (ISC_R_SUCCESS);
}
diff --git a/lib/dns/rdata/generic/md_3.c b/lib/dns/rdata/generic/md_3.c
index 7485d1e49016..9738878aad4e 100644
--- a/lib/dns/rdata/generic/md_3.c
+++ b/lib/dns/rdata/generic/md_3.c
@@ -41,7 +41,8 @@ fromtext_md(ARGS_FROMTEXT) {
dns_name_init(&name, NULL);
buffer_fromregion(&buffer, &token.value.as_region);
- origin = (origin != NULL) ? origin : dns_rootname;
+ if (origin == NULL)
+ origin = dns_rootname;
RETTOK(dns_name_fromtext(&name, &buffer, origin, options, target));
return (ISC_R_SUCCESS);
}
diff --git a/lib/dns/rdata/generic/mf_4.c b/lib/dns/rdata/generic/mf_4.c
index 97402a9dc6db..f7513fdbec57 100644
--- a/lib/dns/rdata/generic/mf_4.c
+++ b/lib/dns/rdata/generic/mf_4.c
@@ -41,7 +41,8 @@ fromtext_mf(ARGS_FROMTEXT) {
dns_name_init(&name, NULL);
buffer_fromregion(&buffer, &token.value.as_region);
- origin = (origin != NULL) ? origin : dns_rootname;
+ if (origin == NULL)
+ origin = dns_rootname;
RETTOK(dns_name_fromtext(&name, &buffer, origin, options, target));
return (ISC_R_SUCCESS);
}
diff --git a/lib/dns/rdata/generic/mg_8.c b/lib/dns/rdata/generic/mg_8.c
index 6c3b7e2b2d41..3f50a9ed3447 100644
--- a/lib/dns/rdata/generic/mg_8.c
+++ b/lib/dns/rdata/generic/mg_8.c
@@ -41,7 +41,8 @@ fromtext_mg(ARGS_FROMTEXT) {
dns_name_init(&name, NULL);
buffer_fromregion(&buffer, &token.value.as_region);
- origin = (origin != NULL) ? origin : dns_rootname;
+ if (origin == NULL)
+ origin = dns_rootname;
RETTOK(dns_name_fromtext(&name, &buffer, origin, options, target));
return (ISC_R_SUCCESS);
}
diff --git a/lib/dns/rdata/generic/minfo_14.c b/lib/dns/rdata/generic/minfo_14.c
index 2a868f857f8f..173567ef6b35 100644
--- a/lib/dns/rdata/generic/minfo_14.c
+++ b/lib/dns/rdata/generic/minfo_14.c
@@ -38,13 +38,15 @@ fromtext_minfo(ARGS_FROMTEXT) {
UNUSED(rdclass);
UNUSED(callbacks);
+ if (origin == NULL)
+ origin = dns_rootname;
+
for (i = 0; i < 2; i++) {
RETERR(isc_lex_getmastertoken(lexer, &token,
isc_tokentype_string,
ISC_FALSE));
dns_name_init(&name, NULL);
buffer_fromregion(&buffer, &token.value.as_region);
- origin = (origin != NULL) ? origin : dns_rootname;
RETTOK(dns_name_fromtext(&name, &buffer, origin,
options, target));
ok = ISC_TRUE;
diff --git a/lib/dns/rdata/generic/mr_9.c b/lib/dns/rdata/generic/mr_9.c
index 7e69cf1cfe85..c82ad218868a 100644
--- a/lib/dns/rdata/generic/mr_9.c
+++ b/lib/dns/rdata/generic/mr_9.c
@@ -41,7 +41,8 @@ fromtext_mr(ARGS_FROMTEXT) {
dns_name_init(&name, NULL);
buffer_fromregion(&buffer, &token.value.as_region);
- origin = (origin != NULL) ? origin : dns_rootname;
+ if (origin == NULL)
+ origin = dns_rootname;
RETTOK(dns_name_fromtext(&name, &buffer, origin, options, target));
return (ISC_R_SUCCESS);
}
diff --git a/lib/dns/rdata/generic/mx_15.c b/lib/dns/rdata/generic/mx_15.c
index 7364b4ac1fd8..37fd7e6e5ba8 100644
--- a/lib/dns/rdata/generic/mx_15.c
+++ b/lib/dns/rdata/generic/mx_15.c
@@ -77,7 +77,8 @@ fromtext_mx(ARGS_FROMTEXT) {
dns_name_init(&name, NULL);
buffer_fromregion(&buffer, &token.value.as_region);
- origin = (origin != NULL) ? origin : dns_rootname;
+ if (origin == NULL)
+ origin = dns_rootname;
RETTOK(dns_name_fromtext(&name, &buffer, origin, options, target));
ok = ISC_TRUE;
if ((options & DNS_RDATA_CHECKNAMES) != 0)
diff --git a/lib/dns/rdata/generic/naptr_35.c b/lib/dns/rdata/generic/naptr_35.c
index e8cbda87b74e..418a9d25f143 100644
--- a/lib/dns/rdata/generic/naptr_35.c
+++ b/lib/dns/rdata/generic/naptr_35.c
@@ -181,7 +181,8 @@ fromtext_naptr(ARGS_FROMTEXT) {
ISC_FALSE));
dns_name_init(&name, NULL);
buffer_fromregion(&buffer, &token.value.as_region);
- origin = (origin != NULL) ? origin : dns_rootname;
+ if (origin == NULL)
+ origin = dns_rootname;
RETTOK(dns_name_fromtext(&name, &buffer, origin, options, target));
return (ISC_R_SUCCESS);
}
diff --git a/lib/dns/rdata/generic/ninfo_56.c b/lib/dns/rdata/generic/ninfo_56.c
new file mode 100644
index 000000000000..f31f47ed65ef
--- /dev/null
+++ b/lib/dns/rdata/generic/ninfo_56.c
@@ -0,0 +1,196 @@
+/*
+ * Copyright (C) 2015 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef RDATA_GENERIC_NINFO_56_C
+#define RDATA_GENERIC_NINFO_56_C
+
+#define RRTYPE_NINFO_ATTRIBUTES (0)
+
+static inline isc_result_t
+fromtext_ninfo(ARGS_FROMTEXT) {
+
+ REQUIRE(type == dns_rdatatype_ninfo);
+
+ UNUSED(type);
+ UNUSED(rdclass);
+ UNUSED(origin);
+ UNUSED(options);
+ UNUSED(callbacks);
+
+ return (generic_fromtext_txt(rdclass, type, lexer, origin, options,
+ target, callbacks));
+}
+
+static inline isc_result_t
+totext_ninfo(ARGS_TOTEXT) {
+
+ UNUSED(tctx);
+
+ REQUIRE(rdata->type == dns_rdatatype_ninfo);
+
+ return (generic_totext_txt(rdata, tctx, target));
+}
+
+static inline isc_result_t
+fromwire_ninfo(ARGS_FROMWIRE) {
+
+ REQUIRE(type == dns_rdatatype_ninfo);
+
+ UNUSED(type);
+ UNUSED(dctx);
+ UNUSED(rdclass);
+ UNUSED(options);
+
+ return (generic_fromwire_txt(rdclass, type, source, dctx, options,
+ target));
+}
+
+static inline isc_result_t
+towire_ninfo(ARGS_TOWIRE) {
+
+ REQUIRE(rdata->type == dns_rdatatype_ninfo);
+
+ UNUSED(cctx);
+
+ return (mem_tobuffer(target, rdata->data, rdata->length));
+}
+
+static inline int
+compare_ninfo(ARGS_COMPARE) {
+ isc_region_t r1;
+ isc_region_t r2;
+
+ REQUIRE(rdata1->type == rdata2->type);
+ REQUIRE(rdata1->rdclass == rdata2->rdclass);
+ REQUIRE(rdata1->type == dns_rdatatype_ninfo);
+
+ dns_rdata_toregion(rdata1, &r1);
+ dns_rdata_toregion(rdata2, &r2);
+ return (isc_region_compare(&r1, &r2));
+}
+
+static inline isc_result_t
+fromstruct_ninfo(ARGS_FROMSTRUCT) {
+
+ REQUIRE(type == dns_rdatatype_ninfo);
+
+ return (generic_fromstruct_txt(rdclass, type, source, target));
+}
+
+static inline isc_result_t
+tostruct_ninfo(ARGS_TOSTRUCT) {
+ dns_rdata_ninfo_t *txt = target;
+
+ REQUIRE(rdata->type == dns_rdatatype_ninfo);
+
+ txt->common.rdclass = rdata->rdclass;
+ txt->common.rdtype = rdata->type;
+ ISC_LINK_INIT(&txt->common, link);
+
+ return (generic_tostruct_txt(rdata, target, mctx));
+}
+
+static inline void
+freestruct_ninfo(ARGS_FREESTRUCT) {
+ dns_rdata_ninfo_t *ninfo = source;
+
+ REQUIRE(source != NULL);
+ REQUIRE(ninfo->common.rdtype == dns_rdatatype_ninfo);
+
+ generic_freestruct_txt(source);
+}
+
+static inline isc_result_t
+additionaldata_ninfo(ARGS_ADDLDATA) {
+ REQUIRE(rdata->type == dns_rdatatype_ninfo);
+
+ UNUSED(rdata);
+ UNUSED(add);
+ UNUSED(arg);
+
+ return (ISC_R_SUCCESS);
+}
+
+static inline isc_result_t
+digest_ninfo(ARGS_DIGEST) {
+ isc_region_t r;
+
+ REQUIRE(rdata->type == dns_rdatatype_ninfo);
+
+ dns_rdata_toregion(rdata, &r);
+
+ return ((digest)(arg, &r));
+}
+
+static inline isc_boolean_t
+checkowner_ninfo(ARGS_CHECKOWNER) {
+
+ REQUIRE(type == dns_rdatatype_ninfo);
+
+ UNUSED(name);
+ UNUSED(type);
+ UNUSED(rdclass);
+ UNUSED(wildcard);
+
+ return (ISC_TRUE);
+}
+
+static inline isc_boolean_t
+checknames_ninfo(ARGS_CHECKNAMES) {
+
+ REQUIRE(rdata->type == dns_rdatatype_ninfo);
+
+ UNUSED(rdata);
+ UNUSED(owner);
+ UNUSED(bad);
+
+ return (ISC_TRUE);
+}
+
+static inline isc_result_t
+casecompare_ninfo(ARGS_COMPARE) {
+ return (compare_ninfo(rdata1, rdata2));
+}
+
+isc_result_t
+dns_rdata_ninfo_first(dns_rdata_ninfo_t *ninfo) {
+
+ REQUIRE(ninfo != NULL);
+ REQUIRE(ninfo->common.rdtype == dns_rdatatype_ninfo);
+
+ return (generic_txt_first(ninfo));
+}
+
+isc_result_t
+dns_rdata_ninfo_next(dns_rdata_ninfo_t *ninfo) {
+
+ REQUIRE(ninfo != NULL);
+ REQUIRE(ninfo->common.rdtype == dns_rdatatype_ninfo);
+
+ return (generic_txt_next(ninfo));
+}
+
+isc_result_t
+dns_rdata_ninfo_current(dns_rdata_ninfo_t *ninfo,
+ dns_rdata_ninfo_string_t *string)
+{
+
+ REQUIRE(ninfo != NULL);
+ REQUIRE(ninfo->common.rdtype == dns_rdatatype_ninfo);
+
+ return (generic_txt_current(ninfo, string));
+}
+#endif /* RDATA_GENERIC_NINFO_56_C */
diff --git a/lib/dns/rdata/generic/ninfo_56.h b/lib/dns/rdata/generic/ninfo_56.h
new file mode 100644
index 000000000000..343cae387b0e
--- /dev/null
+++ b/lib/dns/rdata/generic/ninfo_56.h
@@ -0,0 +1,39 @@
+/*
+ * Copyright (C) 2015 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* */
+#ifndef GENERIC_NINFO_56_H
+#define GENERIC_NINFO_56_H 1
+
+typedef struct dns_rdata_txt_string dns_rdata_ninfo_string_t;
+
+typedef struct dns_rdata_txt dns_rdata_ninfo_t;
+
+/*
+ * ISC_LANG_BEGINDECLS and ISC_LANG_ENDDECLS are already done
+ * via rdatastructpre.h and rdatastructsuf.h.
+ */
+
+isc_result_t
+dns_rdata_ninfo_first(dns_rdata_ninfo_t *);
+
+isc_result_t
+dns_rdata_ninfo_next(dns_rdata_ninfo_t *);
+
+isc_result_t
+dns_rdata_ninfo_current(dns_rdata_ninfo_t *, dns_rdata_ninfo_string_t *);
+
+#endif /* GENERIC_NINFO_16_H */
diff --git a/lib/dns/rdata/generic/ns_2.c b/lib/dns/rdata/generic/ns_2.c
index d7e095b09bf2..eaac08c289d3 100644
--- a/lib/dns/rdata/generic/ns_2.c
+++ b/lib/dns/rdata/generic/ns_2.c
@@ -42,7 +42,8 @@ fromtext_ns(ARGS_FROMTEXT) {
dns_name_init(&name, NULL);
buffer_fromregion(&buffer, &token.value.as_region);
- origin = (origin != NULL) ? origin : dns_rootname;
+ if (origin == NULL)
+ origin = dns_rootname;
RETTOK(dns_name_fromtext(&name, &buffer, origin, options, target));
ok = ISC_TRUE;
if ((options & DNS_RDATA_CHECKNAMES) != 0)
diff --git a/lib/dns/rdata/generic/nsec3_50.c b/lib/dns/rdata/generic/nsec3_50.c
index 2aec339c2453..b8245a0417a9 100644
--- a/lib/dns/rdata/generic/nsec3_50.c
+++ b/lib/dns/rdata/generic/nsec3_50.c
@@ -45,13 +45,10 @@
static inline isc_result_t
fromtext_nsec3(ARGS_FROMTEXT) {
isc_token_t token;
- unsigned char bm[8*1024]; /* 64k bits */
- dns_rdatatype_t covered;
- int octet;
- int window;
unsigned int flags;
unsigned char hashalg;
isc_buffer_t b;
+ unsigned char buf[256];
REQUIRE(type == dns_rdatatype_nsec3);
@@ -99,50 +96,24 @@ fromtext_nsec3(ARGS_FROMTEXT) {
*/
RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string,
ISC_FALSE));
- isc_buffer_init(&b, bm, sizeof(bm));
+ isc_buffer_init(&b, buf, sizeof(buf));
RETTOK(isc_base32hexnp_decodestring(DNS_AS_STR(token), &b));
if (isc_buffer_usedlength(&b) > 0xffU)
RETTOK(ISC_R_RANGE);
RETERR(uint8_tobuffer(isc_buffer_usedlength(&b), target));
- RETERR(mem_tobuffer(target, &bm, isc_buffer_usedlength(&b)));
-
- memset(bm, 0, sizeof(bm));
- do {
- RETERR(isc_lex_getmastertoken(lexer, &token,
- isc_tokentype_string, ISC_TRUE));
- if (token.type != isc_tokentype_string)
- break;
- RETTOK(dns_rdatatype_fromtext(&covered,
- &token.value.as_textregion));
- bm[covered/8] |= (0x80>>(covered%8));
- } while (1);
- isc_lex_ungettoken(lexer, &token);
- for (window = 0; window < 256 ; window++) {
- /*
- * Find if we have a type in this window.
- */
- for (octet = 31; octet >= 0; octet--)
- if (bm[window * 32 + octet] != 0)
- break;
- if (octet < 0)
- continue;
- RETERR(uint8_tobuffer(window, target));
- RETERR(uint8_tobuffer(octet + 1, target));
- RETERR(mem_tobuffer(target, &bm[window * 32], octet + 1));
- }
- return (ISC_R_SUCCESS);
+ RETERR(mem_tobuffer(target, &buf, isc_buffer_usedlength(&b)));
+
+ return (typemap_fromtext(lexer, target, ISC_TRUE));
}
static inline isc_result_t
totext_nsec3(ARGS_TOTEXT) {
isc_region_t sr;
- unsigned int i, j, k;
- unsigned int window, len;
+ unsigned int i, j;
unsigned char hash;
unsigned char flags;
char buf[sizeof("TYPE65535")];
isc_uint32_t iterations;
- isc_boolean_t first;
REQUIRE(rdata->type == dns_rdatatype_nsec3);
REQUIRE(rdata->length != 0);
@@ -197,39 +168,7 @@ totext_nsec3(ARGS_TOTEXT) {
if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) == 0)
RETERR(str_totext(" ", target));
- /* Types covered */
- first = ISC_TRUE;
- for (i = 0; i < sr.length; i += len) {
- if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0) {
- RETERR(str_totext(tctx->linebreak, target));
- first = ISC_TRUE;
- }
- INSIST(i + 2 <= sr.length);
- window = sr.base[i];
- len = sr.base[i + 1];
- INSIST(len > 0 && len <= 32);
- i += 2;
- INSIST(i + len <= sr.length);
- for (j = 0; j < len; j++) {
- dns_rdatatype_t t;
- if (sr.base[i + j] == 0)
- continue;
- for (k = 0; k < 8; k++) {
- if ((sr.base[i + j] & (0x80 >> k)) == 0)
- continue;
- t = window * 256 + j * 8 + k;
- if (!first)
- RETERR(str_totext(" ", target));
- first = ISC_FALSE;
- if (dns_rdatatype_isknown(t)) {
- RETERR(dns_rdatatype_totext(t, target));
- } else {
- sprintf(buf, "TYPE%u", t);
- RETERR(str_totext(buf, target));
- }
- }
- }
- }
+ RETERR(typemap_totext(&sr, tctx, target));
if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0)
RETERR(str_totext(" )", target));
@@ -240,11 +179,7 @@ totext_nsec3(ARGS_TOTEXT) {
static inline isc_result_t
fromwire_nsec3(ARGS_FROMWIRE) {
isc_region_t sr, rr;
- unsigned int window, lastwindow = 0;
- unsigned int len;
unsigned int saltlen, hashlen;
- isc_boolean_t first = ISC_TRUE;
- unsigned int i;
REQUIRE(type == dns_rdatatype_nsec3);
@@ -275,40 +210,8 @@ fromwire_nsec3(ARGS_FROMWIRE) {
RETERR(DNS_R_FORMERR);
isc_region_consume(&sr, hashlen);
- for (i = 0; i < sr.length; i += len) {
- /*
- * Check for overflow.
- */
- if (i + 2 > sr.length)
- RETERR(DNS_R_FORMERR);
- window = sr.base[i];
- len = sr.base[i + 1];
- i += 2;
- /*
- * Check that bitmap windows are in the correct order.
- */
- if (!first && window <= lastwindow)
- RETERR(DNS_R_FORMERR);
- /*
- * Check for legal lengths.
- */
- if (len < 1 || len > 32)
- RETERR(DNS_R_FORMERR);
- /*
- * Check for overflow.
- */
- if (i + len > sr.length)
- RETERR(DNS_R_FORMERR);
- /*
- * The last octet of the bitmap must be non zero.
- */
- if (sr.base[i + len - 1] == 0)
- RETERR(DNS_R_FORMERR);
- lastwindow = window;
- first = ISC_FALSE;
- }
- if (i != sr.length)
- return (DNS_R_EXTRADATA);
+ RETERR(typemap_test(&sr, ISC_TRUE));
+
RETERR(mem_tobuffer(target, rr.base, rr.length));
isc_buffer_forward(source, rr.length);
return (ISC_R_SUCCESS);
@@ -346,8 +249,7 @@ compare_nsec3(ARGS_COMPARE) {
static inline isc_result_t
fromstruct_nsec3(ARGS_FROMSTRUCT) {
dns_rdata_nsec3_t *nsec3 = source;
- unsigned int i, len, window, lastwindow = 0;
- isc_boolean_t first = ISC_TRUE;
+ isc_region_t region;
REQUIRE(type == dns_rdatatype_nsec3);
REQUIRE(source != NULL);
@@ -367,21 +269,9 @@ fromstruct_nsec3(ARGS_FROMSTRUCT) {
RETERR(uint8_tobuffer(nsec3->next_length, target));
RETERR(mem_tobuffer(target, nsec3->next, nsec3->next_length));
- /*
- * Perform sanity check.
- */
- for (i = 0; i < nsec3->len ; i += len) {
- INSIST(i + 2 <= nsec3->len);
- window = nsec3->typebits[i];
- len = nsec3->typebits[i+1];
- i += 2;
- INSIST(first || window > lastwindow);
- INSIST(len > 0 && len <= 32);
- INSIST(i + len <= nsec3->len);
- INSIST(nsec3->typebits[i + len - 1] != 0);
- lastwindow = window;
- first = ISC_FALSE;
- }
+ region.base = nsec3->typebits;
+ region.length = nsec3->len;
+ RETERR(typemap_test(&region, ISC_TRUE));
return (mem_tobuffer(target, nsec3->typebits, nsec3->len));
}
diff --git a/lib/dns/rdata/generic/nsec_47.c b/lib/dns/rdata/generic/nsec_47.c
index 64bd757fd33a..3e80612a7b44 100644
--- a/lib/dns/rdata/generic/nsec_47.c
+++ b/lib/dns/rdata/generic/nsec_47.c
@@ -35,10 +35,6 @@ fromtext_nsec(ARGS_FROMTEXT) {
isc_token_t token;
dns_name_t name;
isc_buffer_t buffer;
- unsigned char bm[8*1024]; /* 64k bits */
- dns_rdatatype_t covered;
- int octet;
- int window;
REQUIRE(type == dns_rdatatype_nsec);
@@ -53,42 +49,17 @@ fromtext_nsec(ARGS_FROMTEXT) {
ISC_FALSE));
dns_name_init(&name, NULL);
buffer_fromregion(&buffer, &token.value.as_region);
- origin = (origin != NULL) ? origin : dns_rootname;
+ if (origin == NULL)
+ origin = dns_rootname;
RETTOK(dns_name_fromtext(&name, &buffer, origin, options, target));
- memset(bm, 0, sizeof(bm));
- do {
- RETERR(isc_lex_getmastertoken(lexer, &token,
- isc_tokentype_string, ISC_TRUE));
- if (token.type != isc_tokentype_string)
- break;
- RETTOK(dns_rdatatype_fromtext(&covered,
- &token.value.as_textregion));
- bm[covered/8] |= (0x80>>(covered%8));
- } while (1);
- isc_lex_ungettoken(lexer, &token);
- for (window = 0; window < 256 ; window++) {
- /*
- * Find if we have a type in this window.
- */
- for (octet = 31; octet >= 0; octet--)
- if (bm[window * 32 + octet] != 0)
- break;
- if (octet < 0)
- continue;
- RETERR(uint8_tobuffer(window, target));
- RETERR(uint8_tobuffer(octet + 1, target));
- RETERR(mem_tobuffer(target, &bm[window * 32], octet + 1));
- }
- return (ISC_R_SUCCESS);
+ return (typemap_fromtext(lexer, target, ISC_FALSE));
}
static inline isc_result_t
totext_nsec(ARGS_TOTEXT) {
isc_region_t sr;
- unsigned int i, j, k;
dns_name_t name;
- unsigned int window, len;
REQUIRE(rdata->type == dns_rdatatype_nsec);
REQUIRE(rdata->length != 0);
@@ -100,45 +71,13 @@ totext_nsec(ARGS_TOTEXT) {
dns_name_fromregion(&name, &sr);
isc_region_consume(&sr, name_length(&name));
RETERR(dns_name_totext(&name, ISC_FALSE, target));
-
-
- for (i = 0; i < sr.length; i += len) {
- INSIST(i + 2 <= sr.length);
- window = sr.base[i];
- len = sr.base[i + 1];
- INSIST(len > 0 && len <= 32);
- i += 2;
- INSIST(i + len <= sr.length);
- for (j = 0; j < len; j++) {
- dns_rdatatype_t t;
- if (sr.base[i + j] == 0)
- continue;
- for (k = 0; k < 8; k++) {
- if ((sr.base[i + j] & (0x80 >> k)) == 0)
- continue;
- t = window * 256 + j * 8 + k;
- RETERR(str_totext(" ", target));
- if (dns_rdatatype_isknown(t)) {
- RETERR(dns_rdatatype_totext(t, target));
- } else {
- char buf[sizeof("TYPE65535")];
- sprintf(buf, "TYPE%u", t);
- RETERR(str_totext(buf, target));
- }
- }
- }
- }
- return (ISC_R_SUCCESS);
+ return (typemap_totext(&sr, NULL, target));
}
static /* inline */ isc_result_t
fromwire_nsec(ARGS_FROMWIRE) {
isc_region_t sr;
dns_name_t name;
- unsigned int window, lastwindow = 0;
- unsigned int len;
- isc_boolean_t first = ISC_TRUE;
- unsigned int i;
REQUIRE(type == dns_rdatatype_nsec);
@@ -151,42 +90,7 @@ fromwire_nsec(ARGS_FROMWIRE) {
RETERR(dns_name_fromwire(&name, source, dctx, options, target));
isc_buffer_activeregion(source, &sr);
- for (i = 0; i < sr.length; i += len) {
- /*
- * Check for overflow.
- */
- if (i + 2 > sr.length)
- RETERR(DNS_R_FORMERR);
- window = sr.base[i];
- len = sr.base[i + 1];
- i += 2;
- /*
- * Check that bitmap windows are in the correct order.
- */
- if (!first && window <= lastwindow)
- RETERR(DNS_R_FORMERR);
- /*
- * Check for legal lengths.
- */
- if (len < 1 || len > 32)
- RETERR(DNS_R_FORMERR);
- /*
- * Check for overflow.
- */
- if (i + len > sr.length)
- RETERR(DNS_R_FORMERR);
- /*
- * The last octet of the bitmap must be non zero.
- */
- if (sr.base[i + len - 1] == 0)
- RETERR(DNS_R_FORMERR);
- lastwindow = window;
- first = ISC_FALSE;
- }
- if (i != sr.length)
- return (DNS_R_EXTRADATA);
- if (first)
- RETERR(DNS_R_FORMERR);
+ RETERR(typemap_test(&sr, ISC_FALSE));
RETERR(mem_tobuffer(target, sr.base, sr.length));
isc_buffer_forward(source, sr.length);
return (ISC_R_SUCCESS);
@@ -231,8 +135,6 @@ static inline isc_result_t
fromstruct_nsec(ARGS_FROMSTRUCT) {
dns_rdata_nsec_t *nsec = source;
isc_region_t region;
- unsigned int i, len, window, lastwindow = 0;
- isc_boolean_t first = ISC_TRUE;
REQUIRE(type == dns_rdatatype_nsec);
REQUIRE(source != NULL);
@@ -245,22 +147,10 @@ fromstruct_nsec(ARGS_FROMSTRUCT) {
dns_name_toregion(&nsec->next, &region);
RETERR(isc_buffer_copyregion(target, &region));
- /*
- * Perform sanity check.
- */
- for (i = 0; i < nsec->len ; i += len) {
- INSIST(i + 2 <= nsec->len);
- window = nsec->typebits[i];
- len = nsec->typebits[i+1];
- i += 2;
- INSIST(first || window > lastwindow);
- INSIST(len > 0 && len <= 32);
- INSIST(i + len <= nsec->len);
- INSIST(nsec->typebits[i + len - 1] != 0);
- lastwindow = window;
- first = ISC_FALSE;
- }
- INSIST(!first);
+
+ region.base = nsec->typebits;
+ region.length = nsec->len;
+ RETERR(typemap_test(&region, ISC_FALSE));
return (mem_tobuffer(target, nsec->typebits, nsec->len));
}
diff --git a/lib/dns/rdata/generic/nxt_30.c b/lib/dns/rdata/generic/nxt_30.c
index fbb34e9818ee..b654611570ea 100644
--- a/lib/dns/rdata/generic/nxt_30.c
+++ b/lib/dns/rdata/generic/nxt_30.c
@@ -55,7 +55,8 @@ fromtext_nxt(ARGS_FROMTEXT) {
ISC_FALSE));
dns_name_init(&name, NULL);
buffer_fromregion(&buffer, &token.value.as_region);
- origin = (origin != NULL) ? origin : dns_rootname;
+ if (origin == NULL)
+ origin = dns_rootname;
RETTOK(dns_name_fromtext(&name, &buffer, origin, options, target));
memset(bm, 0, sizeof(bm));
diff --git a/lib/dns/rdata/generic/ptr_12.c b/lib/dns/rdata/generic/ptr_12.c
index e3f65cf28561..b81bf1f2a8e0 100644
--- a/lib/dns/rdata/generic/ptr_12.c
+++ b/lib/dns/rdata/generic/ptr_12.c
@@ -41,7 +41,8 @@ fromtext_ptr(ARGS_FROMTEXT) {
dns_name_init(&name, NULL);
buffer_fromregion(&buffer, &token.value.as_region);
- origin = (origin != NULL) ? origin : dns_rootname;
+ if (origin == NULL)
+ origin = dns_rootname;
RETTOK(dns_name_fromtext(&name, &buffer, origin, options, target));
if (rdclass == dns_rdataclass_in &&
(options & DNS_RDATA_CHECKNAMES) != 0 &&
diff --git a/lib/dns/rdata/generic/rkey_57.c b/lib/dns/rdata/generic/rkey_57.c
new file mode 100644
index 000000000000..a57d1bc13f8d
--- /dev/null
+++ b/lib/dns/rdata/generic/rkey_57.c
@@ -0,0 +1,173 @@
+/*
+ * Copyright (C) 2015 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef RDATA_GENERIC_RKEY_57_C
+#define RDATA_GENERIC_RKEY_57_C
+
+#define RRTYPE_RKEY_ATTRIBUTES 0
+
+static inline isc_result_t
+fromtext_rkey(ARGS_FROMTEXT) {
+
+ REQUIRE(type == dns_rdatatype_rkey);
+
+ return (generic_fromtext_key(rdclass, type, lexer, origin,
+ options, target, callbacks));
+}
+
+static inline isc_result_t
+totext_rkey(ARGS_TOTEXT) {
+
+ REQUIRE(rdata != NULL);
+ REQUIRE(rdata->type == dns_rdatatype_rkey);
+
+ return (generic_totext_key(rdata, tctx, target));
+}
+
+static inline isc_result_t
+fromwire_rkey(ARGS_FROMWIRE) {
+
+ REQUIRE(type == dns_rdatatype_rkey);
+
+ return (generic_fromwire_key(rdclass, type, source, dctx,
+ options, target));
+}
+
+static inline isc_result_t
+towire_rkey(ARGS_TOWIRE) {
+ isc_region_t sr;
+
+ REQUIRE(rdata != NULL);
+ REQUIRE(rdata->type == dns_rdatatype_rkey);
+ REQUIRE(rdata->length != 0);
+
+ UNUSED(cctx);
+
+ dns_rdata_toregion(rdata, &sr);
+ return (mem_tobuffer(target, sr.base, sr.length));
+}
+
+static inline int
+compare_rkey(ARGS_COMPARE) {
+ isc_region_t r1;
+ isc_region_t r2;
+
+ REQUIRE(rdata1 != NULL);
+ REQUIRE(rdata2 != NULL);
+ REQUIRE(rdata1->type == rdata2->type);
+ REQUIRE(rdata1->rdclass == rdata2->rdclass);
+ REQUIRE(rdata1->type == dns_rdatatype_rkey);
+ REQUIRE(rdata1->length != 0);
+ REQUIRE(rdata2->length != 0);
+
+ dns_rdata_toregion(rdata1, &r1);
+ dns_rdata_toregion(rdata2, &r2);
+ return (isc_region_compare(&r1, &r2));
+}
+
+static inline isc_result_t
+fromstruct_rkey(ARGS_FROMSTRUCT) {
+
+ REQUIRE(type == dns_rdatatype_rkey);
+
+ return (generic_fromstruct_key(rdclass, type, source, target));
+}
+
+static inline isc_result_t
+tostruct_rkey(ARGS_TOSTRUCT) {
+ dns_rdata_rkey_t *rkey = target;
+
+ REQUIRE(rkey != NULL);
+ REQUIRE(rdata != NULL);
+ REQUIRE(rdata->type == dns_rdatatype_rkey);
+
+ rkey->common.rdclass = rdata->rdclass;
+ rkey->common.rdtype = rdata->type;
+ ISC_LINK_INIT(&rkey->common, link);
+
+ return (generic_tostruct_key(rdata, target, mctx));
+}
+
+static inline void
+freestruct_rkey(ARGS_FREESTRUCT) {
+ dns_rdata_rkey_t *rkey = (dns_rdata_rkey_t *) source;
+
+ REQUIRE(rkey != NULL);
+ REQUIRE(rkey->common.rdtype == dns_rdatatype_rkey);
+
+ generic_freestruct_key(source);
+}
+
+static inline isc_result_t
+additionaldata_rkey(ARGS_ADDLDATA) {
+
+ REQUIRE(rdata->type == dns_rdatatype_rkey);
+
+ UNUSED(rdata);
+ UNUSED(add);
+ UNUSED(arg);
+
+ return (ISC_R_SUCCESS);
+}
+
+static inline isc_result_t
+digest_rkey(ARGS_DIGEST) {
+ isc_region_t r;
+
+ REQUIRE(rdata != NULL);
+ REQUIRE(rdata->type == dns_rdatatype_rkey);
+
+ dns_rdata_toregion(rdata, &r);
+
+ return ((digest)(arg, &r));
+}
+
+static inline isc_boolean_t
+checkowner_rkey(ARGS_CHECKOWNER) {
+
+ REQUIRE(type == dns_rdatatype_rkey);
+
+ UNUSED(name);
+ UNUSED(type);
+ UNUSED(rdclass);
+ UNUSED(wildcard);
+
+ return (ISC_TRUE);
+}
+
+static inline isc_boolean_t
+checknames_rkey(ARGS_CHECKNAMES) {
+
+ REQUIRE(rdata != NULL);
+ REQUIRE(rdata->type == dns_rdatatype_rkey);
+
+ UNUSED(rdata);
+ UNUSED(owner);
+ UNUSED(bad);
+
+ return (ISC_TRUE);
+}
+
+static inline int
+casecompare_rkey(ARGS_COMPARE) {
+
+ /*
+ * Treat ALG 253 (private DNS) subtype name case sensistively.
+ */
+ return (compare_rkey(rdata1, rdata2));
+}
+
+#endif /* RDATA_GENERIC_RKEY_57_C */
diff --git a/lib/dns/rdata/generic/rkey_57.h b/lib/dns/rdata/generic/rkey_57.h
new file mode 100644
index 000000000000..330b3fbad8e4
--- /dev/null
+++ b/lib/dns/rdata/generic/rkey_57.h
@@ -0,0 +1,22 @@
+/*
+ * Copyright (C) 2015 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef GENERIC_RKEY_57_H
+#define GENERIC_RKEY_57_H 1
+
+typedef struct dns_rdata_key dns_rdata_rkey_t;
+
+#endif /* GENERIC_RKEY_57_H */
diff --git a/lib/dns/rdata/generic/rp_17.c b/lib/dns/rdata/generic/rp_17.c
index e67c25ec7a1e..440a75a140a2 100644
--- a/lib/dns/rdata/generic/rp_17.c
+++ b/lib/dns/rdata/generic/rp_17.c
@@ -38,7 +38,8 @@ fromtext_rp(ARGS_FROMTEXT) {
UNUSED(rdclass);
UNUSED(callbacks);
- origin = (origin != NULL) ? origin : dns_rootname;
+ if (origin == NULL)
+ origin = dns_rootname;
for (i = 0; i < 2; i++) {
RETERR(isc_lex_getmastertoken(lexer, &token,
diff --git a/lib/dns/rdata/generic/rrsig_46.c b/lib/dns/rdata/generic/rrsig_46.c
index 8ae9319c5cf0..43ca2d3a51d8 100644
--- a/lib/dns/rdata/generic/rrsig_46.c
+++ b/lib/dns/rdata/generic/rrsig_46.c
@@ -141,7 +141,8 @@ fromtext_rrsig(ARGS_FROMTEXT) {
ISC_FALSE));
dns_name_init(&name, NULL);
buffer_fromregion(&buffer, &token.value.as_region);
- origin = (origin != NULL) ? origin : dns_rootname;
+ if (origin == NULL)
+ origin = dns_rootname;
RETTOK(dns_name_fromtext(&name, &buffer, origin, options, target));
/*
diff --git a/lib/dns/rdata/generic/rt_21.c b/lib/dns/rdata/generic/rt_21.c
index a9a89b268f35..ce6e99a0bbff 100644
--- a/lib/dns/rdata/generic/rt_21.c
+++ b/lib/dns/rdata/generic/rt_21.c
@@ -50,7 +50,8 @@ fromtext_rt(ARGS_FROMTEXT) {
dns_name_init(&name, NULL);
buffer_fromregion(&buffer, &token.value.as_region);
- origin = (origin != NULL) ? origin : dns_rootname;
+ if (origin == NULL)
+ origin = dns_rootname;
RETTOK(dns_name_fromtext(&name, &buffer, origin, options, target));
ok = ISC_TRUE;
if ((options & DNS_RDATA_CHECKNAMES) != 0)
diff --git a/lib/dns/rdata/generic/sig_24.c b/lib/dns/rdata/generic/sig_24.c
index af9c7daaa498..0dff80af618e 100644
--- a/lib/dns/rdata/generic/sig_24.c
+++ b/lib/dns/rdata/generic/sig_24.c
@@ -115,7 +115,8 @@ fromtext_sig(ARGS_FROMTEXT) {
ISC_FALSE));
dns_name_init(&name, NULL);
buffer_fromregion(&buffer, &token.value.as_region);
- origin = (origin != NULL) ? origin : dns_rootname;
+ if (origin == NULL)
+ origin = dns_rootname;
RETTOK(dns_name_fromtext(&name, &buffer, origin, options, target));
/*
diff --git a/lib/dns/rdata/generic/sink_40.c b/lib/dns/rdata/generic/sink_40.c
new file mode 100644
index 000000000000..dafa94bebf28
--- /dev/null
+++ b/lib/dns/rdata/generic/sink_40.c
@@ -0,0 +1,283 @@
+/*
+ * Copyright (C) 2015 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef RDATA_GENERIC_SINK_40_C
+#define RDATA_GENERIC_SINK_40_C
+
+#include <dst/dst.h>
+
+#define RRTYPE_SINK_ATTRIBUTES (0)
+
+static inline isc_result_t
+fromtext_sink(ARGS_FROMTEXT) {
+ isc_token_t token;
+
+ REQUIRE(type == dns_rdatatype_sink);
+
+ UNUSED(type);
+ UNUSED(rdclass);
+ UNUSED(origin);
+ UNUSED(options);
+ UNUSED(callbacks);
+
+ /* meaning */
+ RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number,
+ ISC_FALSE));
+ if (token.value.as_ulong > 0xffU)
+ RETTOK(ISC_R_RANGE);
+ RETERR(uint8_tobuffer(token.value.as_ulong, target));
+
+ /* coding */
+ RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number,
+ ISC_FALSE));
+ if (token.value.as_ulong > 0xffU)
+ RETTOK(ISC_R_RANGE);
+ RETERR(uint8_tobuffer(token.value.as_ulong, target));
+
+ /* subcoding */
+ RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number,
+ ISC_FALSE));
+ if (token.value.as_ulong > 0xffU)
+ RETTOK(ISC_R_RANGE);
+ RETERR(uint8_tobuffer(token.value.as_ulong, target));
+
+ return(isc_base64_tobuffer(lexer, target, -1));
+}
+
+static inline isc_result_t
+totext_sink(ARGS_TOTEXT) {
+ isc_region_t sr;
+ char buf[sizeof("255 255 255")];
+ isc_uint8_t meaning, coding, subcoding;
+
+ REQUIRE(rdata->type == dns_rdatatype_sink);
+ REQUIRE(rdata->length >= 3);
+
+ dns_rdata_toregion(rdata, &sr);
+
+ /* Meaning, Coding and Subcoding */
+ meaning = uint8_fromregion(&sr);
+ isc_region_consume(&sr, 1);
+ coding = uint8_fromregion(&sr);
+ isc_region_consume(&sr, 1);
+ subcoding = uint8_fromregion(&sr);
+ isc_region_consume(&sr, 1);
+ sprintf(buf, "%u %u %u", meaning, coding, subcoding);
+ RETERR(str_totext(buf, target));
+
+ if (sr.length == 0U)
+ return (ISC_R_SUCCESS);
+
+ /* data */
+ if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0)
+ RETERR(str_totext(" (", target));
+
+ RETERR(str_totext(tctx->linebreak, target));
+
+ if (tctx->width == 0) /* No splitting */
+ RETERR(isc_base64_totext(&sr, 60, "", target));
+ else
+ RETERR(isc_base64_totext(&sr, tctx->width - 2,
+ tctx->linebreak, target));
+
+ if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0)
+ RETERR(str_totext(" )", target));
+
+ return (ISC_R_SUCCESS);
+}
+
+static inline isc_result_t
+fromwire_sink(ARGS_FROMWIRE) {
+ isc_region_t sr;
+
+ REQUIRE(type == dns_rdatatype_sink);
+
+ UNUSED(type);
+ UNUSED(rdclass);
+ UNUSED(dctx);
+ UNUSED(options);
+
+ isc_buffer_activeregion(source, &sr);
+ if (sr.length < 3)
+ return (ISC_R_UNEXPECTEDEND);
+
+ RETERR(mem_tobuffer(target, sr.base, sr.length));
+ isc_buffer_forward(source, sr.length);
+ return (ISC_R_SUCCESS);
+}
+
+static inline isc_result_t
+towire_sink(ARGS_TOWIRE) {
+
+ REQUIRE(rdata->type == dns_rdatatype_sink);
+ REQUIRE(rdata->length >= 3);
+
+ UNUSED(cctx);
+
+ return (mem_tobuffer(target, rdata->data, rdata->length));
+}
+
+static inline int
+compare_sink(ARGS_COMPARE) {
+ isc_region_t r1;
+ isc_region_t r2;
+
+ REQUIRE(rdata1->type == rdata2->type);
+ REQUIRE(rdata1->rdclass == rdata2->rdclass);
+ REQUIRE(rdata1->type == dns_rdatatype_sink);
+ REQUIRE(rdata1->length >= 3);
+ REQUIRE(rdata2->length >= 3);
+
+ dns_rdata_toregion(rdata1, &r1);
+ dns_rdata_toregion(rdata2, &r2);
+ return (isc_region_compare(&r1, &r2));
+}
+
+static inline isc_result_t
+fromstruct_sink(ARGS_FROMSTRUCT) {
+ dns_rdata_sink_t *sink = source;
+
+ REQUIRE(type == dns_rdatatype_sink);
+ REQUIRE(source != NULL);
+ REQUIRE(sink->common.rdtype == type);
+ REQUIRE(sink->common.rdclass == rdclass);
+
+ UNUSED(type);
+ UNUSED(rdclass);
+
+ /* Meaning */
+ RETERR(uint8_tobuffer(sink->meaning, target));
+
+ /* Coding */
+ RETERR(uint8_tobuffer(sink->coding, target));
+
+ /* Subcoding */
+ RETERR(uint8_tobuffer(sink->subcoding, target));
+
+ /* Data */
+ return (mem_tobuffer(target, sink->data, sink->datalen));
+}
+
+static inline isc_result_t
+tostruct_sink(ARGS_TOSTRUCT) {
+ dns_rdata_sink_t *sink = target;
+ isc_region_t sr;
+
+ REQUIRE(rdata->type == dns_rdatatype_sink);
+ REQUIRE(target != NULL);
+ REQUIRE(rdata->length >= 3);
+
+ sink->common.rdclass = rdata->rdclass;
+ sink->common.rdtype = rdata->type;
+ ISC_LINK_INIT(&sink->common, link);
+
+ dns_rdata_toregion(rdata, &sr);
+
+ /* Meaning */
+ if (sr.length < 1)
+ return (ISC_R_UNEXPECTEDEND);
+ sink->meaning = uint8_fromregion(&sr);
+ isc_region_consume(&sr, 1);
+
+ /* Coding */
+ if (sr.length < 1)
+ return (ISC_R_UNEXPECTEDEND);
+ sink->coding = uint8_fromregion(&sr);
+ isc_region_consume(&sr, 1);
+
+ /* Subcoding */
+ if (sr.length < 1)
+ return (ISC_R_UNEXPECTEDEND);
+ sink->subcoding = uint8_fromregion(&sr);
+ isc_region_consume(&sr, 1);
+
+ /* Data */
+ sink->datalen = sr.length;
+ sink->data = mem_maybedup(mctx, sr.base, sink->datalen);
+ if (sink->data == NULL)
+ return (ISC_R_NOMEMORY);
+
+ sink->mctx = mctx;
+ return (ISC_R_SUCCESS);
+}
+
+static inline void
+freestruct_sink(ARGS_FREESTRUCT) {
+ dns_rdata_sink_t *sink = (dns_rdata_sink_t *) source;
+
+ REQUIRE(source != NULL);
+ REQUIRE(sink->common.rdtype == dns_rdatatype_sink);
+
+ if (sink->mctx == NULL)
+ return;
+
+ if (sink->data != NULL)
+ isc_mem_free(sink->mctx, sink->data);
+ sink->mctx = NULL;
+}
+
+static inline isc_result_t
+additionaldata_sink(ARGS_ADDLDATA) {
+ REQUIRE(rdata->type == dns_rdatatype_sink);
+
+ UNUSED(rdata);
+ UNUSED(add);
+ UNUSED(arg);
+
+ return (ISC_R_SUCCESS);
+}
+
+static inline isc_result_t
+digest_sink(ARGS_DIGEST) {
+ isc_region_t r;
+
+ REQUIRE(rdata->type == dns_rdatatype_sink);
+
+ dns_rdata_toregion(rdata, &r);
+
+ return ((digest)(arg, &r));
+}
+
+static inline isc_boolean_t
+checkowner_sink(ARGS_CHECKOWNER) {
+
+ REQUIRE(type == dns_rdatatype_sink);
+
+ UNUSED(name);
+ UNUSED(type);
+ UNUSED(rdclass);
+ UNUSED(wildcard);
+
+ return (ISC_TRUE);
+}
+
+static inline isc_boolean_t
+checknames_sink(ARGS_CHECKNAMES) {
+
+ REQUIRE(rdata->type == dns_rdatatype_sink);
+
+ UNUSED(rdata);
+ UNUSED(owner);
+ UNUSED(bad);
+
+ return (ISC_TRUE);
+}
+
+static inline int
+casecompare_sink(ARGS_COMPARE) {
+ return (compare_sink(rdata1, rdata2));
+}
+#endif /* RDATA_GENERIC_SINK_40_C */
diff --git a/lib/dns/rdata/generic/sink_40.h b/lib/dns/rdata/generic/sink_40.h
new file mode 100644
index 000000000000..e6a2400c4668
--- /dev/null
+++ b/lib/dns/rdata/generic/sink_40.h
@@ -0,0 +1,30 @@
+/*
+ * Copyright (C) 2015 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef GENERIC_SINK_40_H
+#define GENERIC_SINK_40_H 1
+
+typedef struct dns_rdata_sink_t {
+ dns_rdatacommon_t common;
+ isc_mem_t * mctx;
+ isc_uint8_t meaning;
+ isc_uint8_t coding;
+ isc_uint8_t subcoding;
+ isc_uint16_t datalen;
+ unsigned char * data;
+} dns_rdata_sink_t;
+
+#endif /* GENERIC_SINK_40_H */
diff --git a/lib/dns/rdata/generic/smimea_53.c b/lib/dns/rdata/generic/smimea_53.c
new file mode 100644
index 000000000000..e46655b6c6bc
--- /dev/null
+++ b/lib/dns/rdata/generic/smimea_53.c
@@ -0,0 +1,161 @@
+/*
+ * Copyright (C) 2015 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef RDATA_GENERIC_SMIMEA_53_C
+#define RDATA_GENERIC_SMIMEA_53_C
+
+#define RRTYPE_SMIMEA_ATTRIBUTES 0
+
+static inline isc_result_t
+fromtext_smimea(ARGS_FROMTEXT) {
+
+ REQUIRE(type == dns_rdatatype_smimea);
+
+ return (generic_fromtext_tlsa(rdclass, type, lexer, origin, options,
+ target, callbacks));
+}
+
+static inline isc_result_t
+totext_smimea(ARGS_TOTEXT) {
+
+ REQUIRE(rdata->type == dns_rdatatype_smimea);
+
+ return (generic_totext_tlsa(rdata, tctx, target));
+}
+
+static inline isc_result_t
+fromwire_smimea(ARGS_FROMWIRE) {
+
+ REQUIRE(type == dns_rdatatype_smimea);
+
+ return (generic_fromwire_tlsa(rdclass, type, source, dctx, options,
+ target));
+}
+
+static inline isc_result_t
+towire_smimea(ARGS_TOWIRE) {
+ isc_region_t sr;
+
+ REQUIRE(rdata->type == dns_rdatatype_smimea);
+ REQUIRE(rdata->length != 0);
+
+ UNUSED(cctx);
+
+ dns_rdata_toregion(rdata, &sr);
+ return (mem_tobuffer(target, sr.base, sr.length));
+}
+
+static inline int
+compare_smimea(ARGS_COMPARE) {
+ isc_region_t r1;
+ isc_region_t r2;
+
+ REQUIRE(rdata1->type == rdata2->type);
+ REQUIRE(rdata1->rdclass == rdata2->rdclass);
+ REQUIRE(rdata1->type == dns_rdatatype_smimea);
+ REQUIRE(rdata1->length != 0);
+ REQUIRE(rdata2->length != 0);
+
+ dns_rdata_toregion(rdata1, &r1);
+ dns_rdata_toregion(rdata2, &r2);
+ return (isc_region_compare(&r1, &r2));
+}
+
+static inline isc_result_t
+fromstruct_smimea(ARGS_FROMSTRUCT) {
+
+ REQUIRE(type == dns_rdatatype_smimea);
+
+ return (generic_fromstruct_tlsa(rdclass, type, source, target));
+}
+
+static inline isc_result_t
+tostruct_smimea(ARGS_TOSTRUCT) {
+ dns_rdata_txt_t *txt = target;
+
+ REQUIRE(rdata->type == dns_rdatatype_smimea);
+ REQUIRE(target != NULL);
+
+ txt->common.rdclass = rdata->rdclass;
+ txt->common.rdtype = rdata->type;
+ ISC_LINK_INIT(&txt->common, link);
+
+ return (generic_tostruct_tlsa(rdata, target, mctx));
+}
+
+static inline void
+freestruct_smimea(ARGS_FREESTRUCT) {
+ dns_rdata_txt_t *txt = source;
+
+ REQUIRE(source != NULL);
+ REQUIRE(txt->common.rdtype == dns_rdatatype_smimea);
+
+ generic_freestruct_tlsa(source);
+}
+
+static inline isc_result_t
+additionaldata_smimea(ARGS_ADDLDATA) {
+ REQUIRE(rdata->type == dns_rdatatype_smimea);
+
+ UNUSED(rdata);
+ UNUSED(add);
+ UNUSED(arg);
+
+ return (ISC_R_SUCCESS);
+}
+
+static inline isc_result_t
+digest_smimea(ARGS_DIGEST) {
+ isc_region_t r;
+
+ REQUIRE(rdata->type == dns_rdatatype_smimea);
+
+ dns_rdata_toregion(rdata, &r);
+
+ return ((digest)(arg, &r));
+}
+
+static inline isc_boolean_t
+checkowner_smimea(ARGS_CHECKOWNER) {
+
+ REQUIRE(type == dns_rdatatype_smimea);
+
+ UNUSED(name);
+ UNUSED(type);
+ UNUSED(rdclass);
+ UNUSED(wildcard);
+
+ return (ISC_TRUE);
+}
+
+static inline isc_boolean_t
+checknames_smimea(ARGS_CHECKNAMES) {
+
+ REQUIRE(rdata->type == dns_rdatatype_smimea);
+
+ UNUSED(rdata);
+ UNUSED(owner);
+ UNUSED(bad);
+
+ return (ISC_TRUE);
+}
+
+static inline int
+casecompare_smimea(ARGS_COMPARE) {
+ return (compare_smimea(rdata1, rdata2));
+}
+
+#endif /* RDATA_GENERIC_SMIMEA_53_C */
diff --git a/lib/dns/rdata/generic/smimea_53.h b/lib/dns/rdata/generic/smimea_53.h
new file mode 100644
index 000000000000..9adc988a18bc
--- /dev/null
+++ b/lib/dns/rdata/generic/smimea_53.h
@@ -0,0 +1,22 @@
+/*
+ * Copyright (C) 2015 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef GENERIC_SMIMEA_53_H
+#define GENERIC_SMIMEA_53_H 1
+
+typedef struct dns_rdata_tlsa dns_rdata_smimea_t;
+
+#endif /* GENERIC_SMIMEA_53_H */
diff --git a/lib/dns/rdata/generic/soa_6.c b/lib/dns/rdata/generic/soa_6.c
index b407813811a4..ec26a3d5f5eb 100644
--- a/lib/dns/rdata/generic/soa_6.c
+++ b/lib/dns/rdata/generic/soa_6.c
@@ -39,7 +39,8 @@ fromtext_soa(ARGS_FROMTEXT) {
UNUSED(rdclass);
UNUSED(callbacks);
- origin = (origin != NULL) ? origin : dns_rootname;
+ if (origin == NULL)
+ origin = dns_rootname;
for (i = 0; i < 2; i++) {
RETERR(isc_lex_getmastertoken(lexer, &token,
diff --git a/lib/dns/rdata/generic/spf_99.c b/lib/dns/rdata/generic/spf_99.c
index 8ad4f02b9af4..2fa1174d4237 100644
--- a/lib/dns/rdata/generic/spf_99.c
+++ b/lib/dns/rdata/generic/spf_99.c
@@ -26,8 +26,6 @@
static inline isc_result_t
fromtext_spf(ARGS_FROMTEXT) {
- isc_token_t token;
- int strings;
REQUIRE(type == dns_rdatatype_spf);
@@ -37,44 +35,22 @@ fromtext_spf(ARGS_FROMTEXT) {
UNUSED(options);
UNUSED(callbacks);
- strings = 0;
- for (;;) {
- RETERR(isc_lex_getmastertoken(lexer, &token,
- isc_tokentype_qstring,
- ISC_TRUE));
- if (token.type != isc_tokentype_qstring &&
- token.type != isc_tokentype_string)
- break;
- RETTOK(txt_fromtext(&token.value.as_textregion, target));
- strings++;
- }
- /* Let upper layer handle eol/eof. */
- isc_lex_ungettoken(lexer, &token);
- return (strings == 0 ? ISC_R_UNEXPECTEDEND : ISC_R_SUCCESS);
+ return (generic_fromtext_txt(rdclass, type, lexer, origin, options,
+ target, callbacks));
}
static inline isc_result_t
totext_spf(ARGS_TOTEXT) {
- isc_region_t region;
UNUSED(tctx);
REQUIRE(rdata->type == dns_rdatatype_spf);
- dns_rdata_toregion(rdata, &region);
-
- while (region.length > 0) {
- RETERR(txt_totext(&region, ISC_TRUE, target));
- if (region.length > 0)
- RETERR(str_totext(" ", target));
- }
-
- return (ISC_R_SUCCESS);
+ return (generic_totext_txt(rdata, tctx, target));
}
static inline isc_result_t
fromwire_spf(ARGS_FROMWIRE) {
- isc_result_t result;
REQUIRE(type == dns_rdatatype_spf);
@@ -83,29 +59,18 @@ fromwire_spf(ARGS_FROMWIRE) {
UNUSED(rdclass);
UNUSED(options);
- do {
- result = txt_fromwire(source, target);
- if (result != ISC_R_SUCCESS)
- return (result);
- } while (!buffer_empty(source));
- return (ISC_R_SUCCESS);
+ return (generic_fromwire_txt(rdclass, type, source, dctx, options,
+ target));
}
static inline isc_result_t
towire_spf(ARGS_TOWIRE) {
- isc_region_t region;
REQUIRE(rdata->type == dns_rdatatype_spf);
UNUSED(cctx);
- isc_buffer_availableregion(target, &region);
- if (region.length < rdata->length)
- return (ISC_R_NOSPACE);
-
- memmove(region.base, rdata->data, rdata->length);
- isc_buffer_add(target, rdata->length);
- return (ISC_R_SUCCESS);
+ return (mem_tobuffer(target, rdata->data, rdata->length));
}
static inline int
@@ -124,53 +89,24 @@ compare_spf(ARGS_COMPARE) {
static inline isc_result_t
fromstruct_spf(ARGS_FROMSTRUCT) {
- dns_rdata_spf_t *txt = source;
- isc_region_t region;
- isc_uint8_t length;
REQUIRE(type == dns_rdatatype_spf);
- REQUIRE(source != NULL);
- REQUIRE(txt->common.rdtype == type);
- REQUIRE(txt->common.rdclass == rdclass);
- REQUIRE(txt->txt != NULL && txt->txt_len != 0);
- UNUSED(type);
- UNUSED(rdclass);
-
- region.base = txt->txt;
- region.length = txt->txt_len;
- while (region.length > 0) {
- length = uint8_fromregion(&region);
- isc_region_consume(&region, 1);
- if (region.length <= length)
- return (ISC_R_UNEXPECTEDEND);
- isc_region_consume(&region, length);
- }
-
- return (mem_tobuffer(target, txt->txt, txt->txt_len));
+ return (generic_fromstruct_txt(rdclass, type, source, target));
}
static inline isc_result_t
tostruct_spf(ARGS_TOSTRUCT) {
- dns_rdata_spf_t *txt = target;
- isc_region_t r;
+ dns_rdata_spf_t *spf = target;
REQUIRE(rdata->type == dns_rdatatype_spf);
REQUIRE(target != NULL);
- txt->common.rdclass = rdata->rdclass;
- txt->common.rdtype = rdata->type;
- ISC_LINK_INIT(&txt->common, link);
+ spf->common.rdclass = rdata->rdclass;
+ spf->common.rdtype = rdata->type;
+ ISC_LINK_INIT(&spf->common, link);
- dns_rdata_toregion(rdata, &r);
- txt->txt_len = r.length;
- txt->txt = mem_maybedup(mctx, r.base, r.length);
- if (txt->txt == NULL)
- return (ISC_R_NOMEMORY);
-
- txt->offset = 0;
- txt->mctx = mctx;
- return (ISC_R_SUCCESS);
+ return (generic_tostruct_txt(rdata, target, mctx));
}
static inline void
@@ -180,12 +116,7 @@ freestruct_spf(ARGS_FREESTRUCT) {
REQUIRE(source != NULL);
REQUIRE(txt->common.rdtype == dns_rdatatype_spf);
- if (txt->mctx == NULL)
- return;
-
- if (txt->txt != NULL)
- isc_mem_free(txt->mctx, txt->txt);
- txt->mctx = NULL;
+ generic_freestruct_txt(source);
}
static inline isc_result_t
diff --git a/lib/dns/rdata/generic/ta_32768.c b/lib/dns/rdata/generic/ta_32768.c
new file mode 100644
index 000000000000..d802211f37fc
--- /dev/null
+++ b/lib/dns/rdata/generic/ta_32768.c
@@ -0,0 +1,170 @@
+/*
+ * Copyright (C) 2015 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* http://www.watson.org/~weiler/INI1999-19.pdf */
+
+#ifndef RDATA_GENERIC_TA_32768_C
+#define RDATA_GENERIC_TA_32768_C
+
+#define RRTYPE_TA_ATTRIBUTES 0
+
+static inline isc_result_t
+fromtext_ta(ARGS_FROMTEXT) {
+
+ REQUIRE(type == dns_rdatatype_ta);
+
+ return (generic_fromtext_ds(rdclass, type, lexer, origin, options,
+ target, callbacks));
+}
+
+static inline isc_result_t
+totext_ta(ARGS_TOTEXT) {
+
+ REQUIRE(rdata->type == dns_rdatatype_ta);
+
+ return (generic_totext_ds(rdata, tctx, target));
+}
+
+static inline isc_result_t
+fromwire_ta(ARGS_FROMWIRE) {
+
+ REQUIRE(type == dns_rdatatype_ta);
+
+ return (generic_fromwire_ds(rdclass, type, source, dctx, options,
+ target));
+}
+
+static inline isc_result_t
+towire_ta(ARGS_TOWIRE) {
+ isc_region_t sr;
+
+ REQUIRE(rdata->type == dns_rdatatype_ta);
+ REQUIRE(rdata->length != 0);
+
+ UNUSED(cctx);
+
+ dns_rdata_toregion(rdata, &sr);
+ return (mem_tobuffer(target, sr.base, sr.length));
+}
+
+static inline int
+compare_ta(ARGS_COMPARE) {
+ isc_region_t r1;
+ isc_region_t r2;
+
+ REQUIRE(rdata1->type == rdata2->type);
+ REQUIRE(rdata1->rdclass == rdata2->rdclass);
+ REQUIRE(rdata1->type == dns_rdatatype_ta);
+ REQUIRE(rdata1->length != 0);
+ REQUIRE(rdata2->length != 0);
+
+ dns_rdata_toregion(rdata1, &r1);
+ dns_rdata_toregion(rdata2, &r2);
+ return (isc_region_compare(&r1, &r2));
+}
+
+static inline isc_result_t
+fromstruct_ta(ARGS_FROMSTRUCT) {
+
+ REQUIRE(type == dns_rdatatype_ta);
+
+ return (generic_fromstruct_ds(rdclass, type, source, target));
+}
+
+static inline isc_result_t
+tostruct_ta(ARGS_TOSTRUCT) {
+ dns_rdata_ds_t *ds = target;
+
+ REQUIRE(rdata->type == dns_rdatatype_ta);
+
+ /*
+ * Checked by generic_tostruct_ds().
+ */
+ ds->common.rdclass = rdata->rdclass;
+ ds->common.rdtype = rdata->type;
+ ISC_LINK_INIT(&ds->common, link);
+
+ return (generic_tostruct_ds(rdata, target, mctx));
+}
+
+static inline void
+freestruct_ta(ARGS_FREESTRUCT) {
+ dns_rdata_ta_t *ds = source;
+
+ REQUIRE(ds != NULL);
+ REQUIRE(ds->common.rdtype == dns_rdatatype_ta);
+
+ if (ds->mctx == NULL)
+ return;
+
+ if (ds->digest != NULL)
+ isc_mem_free(ds->mctx, ds->digest);
+ ds->mctx = NULL;
+}
+
+static inline isc_result_t
+additionaldata_ta(ARGS_ADDLDATA) {
+ REQUIRE(rdata->type == dns_rdatatype_ta);
+
+ UNUSED(rdata);
+ UNUSED(add);
+ UNUSED(arg);
+
+ return (ISC_R_SUCCESS);
+}
+
+static inline isc_result_t
+digest_ta(ARGS_DIGEST) {
+ isc_region_t r;
+
+ REQUIRE(rdata->type == dns_rdatatype_ta);
+
+ dns_rdata_toregion(rdata, &r);
+
+ return ((digest)(arg, &r));
+}
+
+static inline isc_boolean_t
+checkowner_ta(ARGS_CHECKOWNER) {
+
+ REQUIRE(type == dns_rdatatype_ta);
+
+ UNUSED(name);
+ UNUSED(type);
+ UNUSED(rdclass);
+ UNUSED(wildcard);
+
+ return (ISC_TRUE);
+}
+
+static inline isc_boolean_t
+checknames_ta(ARGS_CHECKNAMES) {
+
+ REQUIRE(rdata->type == dns_rdatatype_ta);
+
+ UNUSED(rdata);
+ UNUSED(owner);
+ UNUSED(bad);
+
+ return (ISC_TRUE);
+}
+
+static inline int
+casecompare_ta(ARGS_COMPARE) {
+ return (compare_ta(rdata1, rdata2));
+}
+
+#endif /* RDATA_GENERIC_TA_32768_C */
diff --git a/lib/dns/rdata/generic/ta_32768.h b/lib/dns/rdata/generic/ta_32768.h
new file mode 100644
index 000000000000..3e50ed05c0ed
--- /dev/null
+++ b/lib/dns/rdata/generic/ta_32768.h
@@ -0,0 +1,25 @@
+/*
+ * Copyright (C) 2015 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef GENERIC_TA_32768_H
+#define GENERIC_TA_32768_H 1
+
+/*
+ * TA records are identical to DS records.
+ */
+typedef struct dns_rdata_ds dns_rdata_ta_t;
+
+#endif /* GENERIC_TA_32768_H */
diff --git a/lib/dns/rdata/generic/talink_58.c b/lib/dns/rdata/generic/talink_58.c
new file mode 100644
index 000000000000..db4662469042
--- /dev/null
+++ b/lib/dns/rdata/generic/talink_58.c
@@ -0,0 +1,269 @@
+/*
+ * Copyright (C) 2015 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef RDATA_GENERIC_TALINK_58_C
+#define RDATA_GENERIC_TALINK_58_C
+
+#define RRTYPE_TALINK_ATTRIBUTES 0
+
+static inline isc_result_t
+fromtext_talink(ARGS_FROMTEXT) {
+ isc_token_t token;
+ dns_name_t name;
+ isc_buffer_t buffer;
+ int i;
+
+ REQUIRE(type == dns_rdatatype_talink);
+
+ UNUSED(type);
+ UNUSED(rdclass);
+ UNUSED(callbacks);
+
+ if (origin == NULL)
+ origin = dns_rootname;
+
+ for (i = 0; i < 2; i++) {
+ RETERR(isc_lex_getmastertoken(lexer, &token,
+ isc_tokentype_string,
+ ISC_FALSE));
+
+ dns_name_init(&name, NULL);
+ buffer_fromregion(&buffer, &token.value.as_region);
+ RETTOK(dns_name_fromtext(&name, &buffer, origin,
+ options, target));
+ }
+
+ return (ISC_R_SUCCESS);
+}
+
+static inline isc_result_t
+totext_talink(ARGS_TOTEXT) {
+ isc_region_t dregion;
+ dns_name_t prev;
+ dns_name_t next;
+ dns_name_t prefix;
+ isc_boolean_t sub;
+
+ REQUIRE(rdata->type == dns_rdatatype_talink);
+ REQUIRE(rdata->length != 0);
+
+ dns_name_init(&prev, NULL);
+ dns_name_init(&next, NULL);
+ dns_name_init(&prefix, NULL);
+
+ dns_rdata_toregion(rdata, &dregion);
+
+ dns_name_fromregion(&prev, &dregion);
+ isc_region_consume(&dregion, name_length(&prev));
+
+ dns_name_fromregion(&next, &dregion);
+ isc_region_consume(&dregion, name_length(&next));
+
+ sub = name_prefix(&prev, tctx->origin, &prefix);
+ RETERR(dns_name_totext(&prefix, sub, target));
+
+ RETERR(str_totext(" ", target));
+
+ sub = name_prefix(&next, tctx->origin, &prefix);
+ return(dns_name_totext(&prefix, sub, target));
+}
+
+static inline isc_result_t
+fromwire_talink(ARGS_FROMWIRE) {
+ dns_name_t prev;
+ dns_name_t next;
+
+ REQUIRE(type == dns_rdatatype_talink);
+
+ UNUSED(type);
+ UNUSED(rdclass);
+
+ dns_decompress_setmethods(dctx, DNS_COMPRESS_NONE);
+
+ dns_name_init(&prev, NULL);
+ dns_name_init(&next, NULL);
+
+ RETERR(dns_name_fromwire(&prev, source, dctx, options, target));
+ return(dns_name_fromwire(&next, source, dctx, options, target));
+}
+
+static inline isc_result_t
+towire_talink(ARGS_TOWIRE) {
+ isc_region_t sregion;
+ dns_name_t prev;
+ dns_name_t next;
+ dns_offsets_t moffsets;
+ dns_offsets_t roffsets;
+
+ REQUIRE(rdata->type == dns_rdatatype_talink);
+ REQUIRE(rdata->length != 0);
+
+ dns_compress_setmethods(cctx, DNS_COMPRESS_NONE);
+
+ dns_name_init(&prev, moffsets);
+ dns_name_init(&next, roffsets);
+
+ dns_rdata_toregion(rdata, &sregion);
+
+ dns_name_fromregion(&prev, &sregion);
+ isc_region_consume(&sregion, name_length(&prev));
+ RETERR(dns_name_towire(&prev, cctx, target));
+
+ dns_name_fromregion(&next, &sregion);
+ isc_region_consume(&sregion, name_length(&next));
+ return(dns_name_towire(&next, cctx, target));
+}
+
+static inline int
+compare_talink(ARGS_COMPARE) {
+ isc_region_t region1;
+ isc_region_t region2;
+
+ REQUIRE(rdata1->type == rdata2->type);
+ REQUIRE(rdata1->rdclass == rdata2->rdclass);
+ REQUIRE(rdata1->type == dns_rdatatype_talink);
+ REQUIRE(rdata1->length != 0);
+ REQUIRE(rdata2->length != 0);
+
+ dns_rdata_toregion(rdata1, &region1);
+ dns_rdata_toregion(rdata2, &region2);
+ return (isc_region_compare(&region1, &region2));
+}
+
+static inline isc_result_t
+fromstruct_talink(ARGS_FROMSTRUCT) {
+ dns_rdata_talink_t *talink = source;
+ isc_region_t region;
+
+ REQUIRE(type == dns_rdatatype_talink);
+ REQUIRE(source != NULL);
+ REQUIRE(talink->common.rdtype == type);
+ REQUIRE(talink->common.rdclass == rdclass);
+
+ UNUSED(type);
+ UNUSED(rdclass);
+
+ dns_name_toregion(&talink->prev, &region);
+ RETERR(isc_buffer_copyregion(target, &region));
+ dns_name_toregion(&talink->next, &region);
+ return(isc_buffer_copyregion(target, &region));
+}
+
+static inline isc_result_t
+tostruct_talink(ARGS_TOSTRUCT) {
+ isc_region_t region;
+ dns_rdata_talink_t *talink = target;
+ dns_name_t name;
+ isc_result_t result;
+
+ REQUIRE(rdata->type == dns_rdatatype_talink);
+ REQUIRE(target != NULL);
+ REQUIRE(rdata->length != 0);
+
+ talink->common.rdclass = rdata->rdclass;
+ talink->common.rdtype = rdata->type;
+ ISC_LINK_INIT(&talink->common, link);
+
+ dns_rdata_toregion(rdata, &region);
+
+ dns_name_init(&name, NULL);
+ dns_name_fromregion(&name, &region);
+ isc_region_consume(&region, name_length(&name));
+ dns_name_init(&talink->prev, NULL);
+ RETERR(name_duporclone(&name, mctx, &talink->prev));
+
+ dns_name_fromregion(&name, &region);
+ isc_region_consume(&region, name_length(&name));
+ dns_name_init(&talink->next, NULL);
+ result = name_duporclone(&name, mctx, &talink->next);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
+
+ talink->mctx = mctx;
+ return (ISC_R_SUCCESS);
+
+ cleanup:
+ if (mctx != NULL)
+ dns_name_free(&talink->prev, mctx);
+ return (ISC_R_NOMEMORY);
+}
+
+static inline void
+freestruct_talink(ARGS_FREESTRUCT) {
+ dns_rdata_talink_t *talink = source;
+
+ REQUIRE(source != NULL);
+ REQUIRE(talink->common.rdtype == dns_rdatatype_talink);
+
+ if (talink->mctx == NULL)
+ return;
+
+ dns_name_free(&talink->prev, talink->mctx);
+ dns_name_free(&talink->next, talink->mctx);
+ talink->mctx = NULL;
+}
+
+static inline isc_result_t
+additionaldata_talink(ARGS_ADDLDATA) {
+ UNUSED(rdata);
+ UNUSED(add);
+ UNUSED(arg);
+
+ REQUIRE(rdata->type == dns_rdatatype_talink);
+
+ return (ISC_R_SUCCESS);
+}
+
+static inline isc_result_t
+digest_talink(ARGS_DIGEST) {
+ isc_region_t r;
+
+ REQUIRE(rdata->type == dns_rdatatype_talink);
+
+ dns_rdata_toregion(rdata, &r);
+ return ((digest)(arg, &r));
+}
+
+static inline isc_boolean_t
+checkowner_talink(ARGS_CHECKOWNER) {
+
+ REQUIRE(type == dns_rdatatype_talink);
+
+ UNUSED(name);
+ UNUSED(type);
+ UNUSED(rdclass);
+ UNUSED(wildcard);
+
+ return (ISC_TRUE);
+}
+
+static inline isc_boolean_t
+checknames_talink(ARGS_CHECKNAMES) {
+
+ REQUIRE(rdata->type == dns_rdatatype_talink);
+
+ UNUSED(bad);
+ UNUSED(owner);
+
+ return (ISC_TRUE);
+}
+
+static inline int
+casecompare_talink(ARGS_COMPARE) {
+ return (compare_talink(rdata1, rdata2));
+}
+
+#endif /* RDATA_GENERIC_TALINK_58_C */
diff --git a/lib/dns/rdata/generic/talink_58.h b/lib/dns/rdata/generic/talink_58.h
new file mode 100644
index 000000000000..6e52d381818f
--- /dev/null
+++ b/lib/dns/rdata/generic/talink_58.h
@@ -0,0 +1,29 @@
+/*
+ * Copyright (C) 2015 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* http://www.iana.org/assignments/dns-parameters/TALINK/talink-completed-template */
+
+#ifndef GENERIC_TALINK_58_H
+#define GENERIC_TALINK_58_H 1
+
+typedef struct dns_rdata_talink {
+ dns_rdatacommon_t common;
+ isc_mem_t *mctx;
+ dns_name_t prev;
+ dns_name_t next;
+} dns_rdata_talink_t;
+
+#endif /* GENERIC_TALINK_58_H */
diff --git a/lib/dns/rdata/generic/tkey_249.c b/lib/dns/rdata/generic/tkey_249.c
index e87b88065c97..3cf702383f2f 100644
--- a/lib/dns/rdata/generic/tkey_249.c
+++ b/lib/dns/rdata/generic/tkey_249.c
@@ -50,7 +50,8 @@ fromtext_tkey(ARGS_FROMTEXT) {
ISC_FALSE));
dns_name_init(&name, NULL);
buffer_fromregion(&buffer, &token.value.as_region);
- origin = (origin != NULL) ? origin : dns_rootname;
+ if (origin == NULL)
+ origin = dns_rootname;
RETTOK(dns_name_fromtext(&name, &buffer, origin, options, target));
diff --git a/lib/dns/rdata/generic/tlsa_52.c b/lib/dns/rdata/generic/tlsa_52.c
index d09a5289a805..cbb73775ebe2 100644
--- a/lib/dns/rdata/generic/tlsa_52.c
+++ b/lib/dns/rdata/generic/tlsa_52.c
@@ -14,8 +14,6 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id$ */
-
/* rfc6698.txt */
#ifndef RDATA_GENERIC_TLSA_52_C
@@ -24,11 +22,9 @@
#define RRTYPE_TLSA_ATTRIBUTES 0
static inline isc_result_t
-fromtext_tlsa(ARGS_FROMTEXT) {
+generic_fromtext_tlsa(ARGS_FROMTEXT) {
isc_token_t token;
- REQUIRE(type == dns_rdatatype_tlsa);
-
UNUSED(type);
UNUSED(rdclass);
UNUSED(origin);
@@ -69,12 +65,11 @@ fromtext_tlsa(ARGS_FROMTEXT) {
}
static inline isc_result_t
-totext_tlsa(ARGS_TOTEXT) {
+generic_totext_tlsa(ARGS_TOTEXT) {
isc_region_t sr;
char buf[sizeof("64000 ")];
unsigned int n;
- REQUIRE(rdata->type == dns_rdatatype_tlsa);
REQUIRE(rdata->length != 0);
UNUSED(tctx);
@@ -122,11 +117,9 @@ totext_tlsa(ARGS_TOTEXT) {
}
static inline isc_result_t
-fromwire_tlsa(ARGS_FROMWIRE) {
+generic_fromwire_tlsa(ARGS_FROMWIRE) {
isc_region_t sr;
- REQUIRE(type == dns_rdatatype_tlsa);
-
UNUSED(type);
UNUSED(rdclass);
UNUSED(dctx);
@@ -142,6 +135,32 @@ fromwire_tlsa(ARGS_FROMWIRE) {
}
static inline isc_result_t
+fromtext_tlsa(ARGS_FROMTEXT) {
+
+ REQUIRE(type == dns_rdatatype_tlsa);
+
+ return (generic_fromtext_tlsa(rdclass, type, lexer, origin, options,
+ target, callbacks));
+}
+
+static inline isc_result_t
+totext_tlsa(ARGS_TOTEXT) {
+
+ REQUIRE(rdata->type == dns_rdatatype_tlsa);
+
+ return (generic_totext_tlsa(rdata, tctx, target));
+}
+
+static inline isc_result_t
+fromwire_tlsa(ARGS_FROMWIRE) {
+
+ REQUIRE(type == dns_rdatatype_tlsa);
+
+ return (generic_fromwire_tlsa(rdclass, type, source, dctx, options,
+ target));
+}
+
+static inline isc_result_t
towire_tlsa(ARGS_TOWIRE) {
isc_region_t sr;
@@ -171,10 +190,9 @@ compare_tlsa(ARGS_COMPARE) {
}
static inline isc_result_t
-fromstruct_tlsa(ARGS_FROMSTRUCT) {
+generic_fromstruct_tlsa(ARGS_FROMSTRUCT) {
dns_rdata_tlsa_t *tlsa = source;
- REQUIRE(type == dns_rdatatype_tlsa);
REQUIRE(source != NULL);
REQUIRE(tlsa->common.rdtype == type);
REQUIRE(tlsa->common.rdclass == rdclass);
@@ -190,11 +208,10 @@ fromstruct_tlsa(ARGS_FROMSTRUCT) {
}
static inline isc_result_t
-tostruct_tlsa(ARGS_TOSTRUCT) {
+generic_tostruct_tlsa(ARGS_TOSTRUCT) {
dns_rdata_tlsa_t *tlsa = target;
isc_region_t region;
- REQUIRE(rdata->type == dns_rdatatype_tlsa);
REQUIRE(target != NULL);
REQUIRE(rdata->length != 0);
@@ -221,11 +238,10 @@ tostruct_tlsa(ARGS_TOSTRUCT) {
}
static inline void
-freestruct_tlsa(ARGS_FREESTRUCT) {
+generic_freestruct_tlsa(ARGS_FREESTRUCT) {
dns_rdata_tlsa_t *tlsa = source;
REQUIRE(tlsa != NULL);
- REQUIRE(tlsa->common.rdtype == dns_rdatatype_tlsa);
if (tlsa->mctx == NULL)
return;
@@ -236,6 +252,38 @@ freestruct_tlsa(ARGS_FREESTRUCT) {
}
static inline isc_result_t
+fromstruct_tlsa(ARGS_FROMSTRUCT) {
+
+ REQUIRE(type == dns_rdatatype_tlsa);
+
+ return (generic_fromstruct_tlsa(rdclass, type, source, target));
+}
+
+static inline isc_result_t
+tostruct_tlsa(ARGS_TOSTRUCT) {
+ dns_rdata_txt_t *txt = target;
+
+ REQUIRE(rdata->type == dns_rdatatype_tlsa);
+ REQUIRE(target != NULL);
+
+ txt->common.rdclass = rdata->rdclass;
+ txt->common.rdtype = rdata->type;
+ ISC_LINK_INIT(&txt->common, link);
+
+ return (generic_tostruct_tlsa(rdata, target, mctx));
+}
+
+static inline void
+freestruct_tlsa(ARGS_FREESTRUCT) {
+ dns_rdata_txt_t *txt = source;
+
+ REQUIRE(source != NULL);
+ REQUIRE(txt->common.rdtype == dns_rdatatype_tlsa);
+
+ generic_freestruct_tlsa(source);
+}
+
+static inline isc_result_t
additionaldata_tlsa(ARGS_ADDLDATA) {
REQUIRE(rdata->type == dns_rdatatype_tlsa);
diff --git a/lib/dns/rdata/generic/txt_16.c b/lib/dns/rdata/generic/txt_16.c
index aa7c3a0ab138..2ebd46c3169c 100644
--- a/lib/dns/rdata/generic/txt_16.c
+++ b/lib/dns/rdata/generic/txt_16.c
@@ -15,8 +15,6 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: txt_16.c,v 1.47 2009/12/04 22:06:37 tbox Exp $ */
-
/* Reviewed: Thu Mar 16 15:40:00 PST 2000 by bwelling */
#ifndef RDATA_GENERIC_TXT_16_C
@@ -25,12 +23,10 @@
#define RRTYPE_TXT_ATTRIBUTES (0)
static inline isc_result_t
-fromtext_txt(ARGS_FROMTEXT) {
+generic_fromtext_txt(ARGS_FROMTEXT) {
isc_token_t token;
int strings;
- REQUIRE(type == dns_rdatatype_txt);
-
UNUSED(type);
UNUSED(rdclass);
UNUSED(origin);
@@ -61,13 +57,11 @@ fromtext_txt(ARGS_FROMTEXT) {
}
static inline isc_result_t
-totext_txt(ARGS_TOTEXT) {
+generic_totext_txt(ARGS_TOTEXT) {
isc_region_t region;
UNUSED(tctx);
- REQUIRE(rdata->type == dns_rdatatype_txt);
-
dns_rdata_toregion(rdata, &region);
while (region.length > 0) {
@@ -80,11 +74,9 @@ totext_txt(ARGS_TOTEXT) {
}
static inline isc_result_t
-fromwire_txt(ARGS_FROMWIRE) {
+generic_fromwire_txt(ARGS_FROMWIRE) {
isc_result_t result;
- REQUIRE(type == dns_rdatatype_txt);
-
UNUSED(type);
UNUSED(dctx);
UNUSED(rdclass);
@@ -99,20 +91,39 @@ fromwire_txt(ARGS_FROMWIRE) {
}
static inline isc_result_t
+fromtext_txt(ARGS_FROMTEXT) {
+
+ REQUIRE(type == dns_rdatatype_txt);
+
+ return (generic_fromtext_txt(rdclass, type, lexer, origin, options,
+ target, callbacks));
+}
+
+static inline isc_result_t
+totext_txt(ARGS_TOTEXT) {
+
+ REQUIRE(rdata->type == dns_rdatatype_txt);
+
+ return (generic_totext_txt(rdata, tctx, target));
+}
+
+static inline isc_result_t
+fromwire_txt(ARGS_FROMWIRE) {
+
+ REQUIRE(type == dns_rdatatype_txt);
+
+ return (generic_fromwire_txt(rdclass, type, source, dctx, options,
+ target));
+}
+
+static inline isc_result_t
towire_txt(ARGS_TOWIRE) {
- isc_region_t region;
REQUIRE(rdata->type == dns_rdatatype_txt);
UNUSED(cctx);
- isc_buffer_availableregion(target, &region);
- if (region.length < rdata->length)
- return (ISC_R_NOSPACE);
-
- memmove(region.base, rdata->data, rdata->length);
- isc_buffer_add(target, rdata->length);
- return (ISC_R_SUCCESS);
+ return (mem_tobuffer(target, rdata->data, rdata->length));
}
static inline int
@@ -130,12 +141,11 @@ compare_txt(ARGS_COMPARE) {
}
static inline isc_result_t
-fromstruct_txt(ARGS_FROMSTRUCT) {
+generic_fromstruct_txt(ARGS_FROMSTRUCT) {
dns_rdata_txt_t *txt = source;
isc_region_t region;
isc_uint8_t length;
- REQUIRE(type == dns_rdatatype_txt);
REQUIRE(source != NULL);
REQUIRE(txt->common.rdtype == type);
REQUIRE(txt->common.rdclass == rdclass);
@@ -158,16 +168,14 @@ fromstruct_txt(ARGS_FROMSTRUCT) {
}
static inline isc_result_t
-tostruct_txt(ARGS_TOSTRUCT) {
+generic_tostruct_txt(ARGS_TOSTRUCT) {
dns_rdata_txt_t *txt = target;
isc_region_t r;
- REQUIRE(rdata->type == dns_rdatatype_txt);
REQUIRE(target != NULL);
-
- txt->common.rdclass = rdata->rdclass;
- txt->common.rdtype = rdata->type;
- ISC_LINK_INIT(&txt->common, link);
+ REQUIRE(txt->common.rdclass == rdata->rdclass);
+ REQUIRE(txt->common.rdtype == rdata->type);
+ REQUIRE(!ISC_LINK_LINKED(&txt->common, link));
dns_rdata_toregion(rdata, &r);
txt->txt_len = r.length;
@@ -181,11 +189,10 @@ tostruct_txt(ARGS_TOSTRUCT) {
}
static inline void
-freestruct_txt(ARGS_FREESTRUCT) {
+generic_freestruct_txt(ARGS_FREESTRUCT) {
dns_rdata_txt_t *txt = source;
REQUIRE(source != NULL);
- REQUIRE(txt->common.rdtype == dns_rdatatype_txt);
if (txt->mctx == NULL)
return;
@@ -196,6 +203,38 @@ freestruct_txt(ARGS_FREESTRUCT) {
}
static inline isc_result_t
+fromstruct_txt(ARGS_FROMSTRUCT) {
+
+ REQUIRE(type == dns_rdatatype_txt);
+
+ return (generic_fromstruct_txt(rdclass, type, source, target));
+}
+
+static inline isc_result_t
+tostruct_txt(ARGS_TOSTRUCT) {
+ dns_rdata_txt_t *txt = target;
+
+ REQUIRE(rdata->type == dns_rdatatype_txt);
+ REQUIRE(target != NULL);
+
+ txt->common.rdclass = rdata->rdclass;
+ txt->common.rdtype = rdata->type;
+ ISC_LINK_INIT(&txt->common, link);
+
+ return (generic_tostruct_txt(rdata, target, mctx));
+}
+
+static inline void
+freestruct_txt(ARGS_FREESTRUCT) {
+ dns_rdata_txt_t *txt = source;
+
+ REQUIRE(source != NULL);
+ REQUIRE(txt->common.rdtype == dns_rdatatype_txt);
+
+ generic_freestruct_txt(source);
+}
+
+static inline isc_result_t
additionaldata_txt(ARGS_ADDLDATA) {
REQUIRE(rdata->type == dns_rdatatype_txt);
@@ -247,11 +286,10 @@ casecompare_txt(ARGS_COMPARE) {
return (compare_txt(rdata1, rdata2));
}
-isc_result_t
-dns_rdata_txt_first(dns_rdata_txt_t *txt) {
+static isc_result_t
+generic_txt_first(dns_rdata_txt_t *txt) {
REQUIRE(txt != NULL);
- REQUIRE(txt->common.rdtype == dns_rdatatype_txt);
REQUIRE(txt->txt != NULL || txt->txt_len == 0);
if (txt->txt_len == 0)
@@ -261,13 +299,12 @@ dns_rdata_txt_first(dns_rdata_txt_t *txt) {
return (ISC_R_SUCCESS);
}
-isc_result_t
-dns_rdata_txt_next(dns_rdata_txt_t *txt) {
+static isc_result_t
+generic_txt_next(dns_rdata_txt_t *txt) {
isc_region_t r;
isc_uint8_t length;
REQUIRE(txt != NULL);
- REQUIRE(txt->common.rdtype == dns_rdatatype_txt);
REQUIRE(txt->txt != NULL && txt->txt_len != 0);
INSIST(txt->offset + 1 <= txt->txt_len);
@@ -281,13 +318,12 @@ dns_rdata_txt_next(dns_rdata_txt_t *txt) {
return (ISC_R_SUCCESS);
}
-isc_result_t
-dns_rdata_txt_current(dns_rdata_txt_t *txt, dns_rdata_txt_string_t *string) {
+static isc_result_t
+generic_txt_current(dns_rdata_txt_t *txt, dns_rdata_txt_string_t *string) {
isc_region_t r;
REQUIRE(txt != NULL);
REQUIRE(string != NULL);
- REQUIRE(txt->common.rdtype == dns_rdatatype_txt);
REQUIRE(txt->txt != NULL);
REQUIRE(txt->offset < txt->txt_len);
@@ -302,4 +338,31 @@ dns_rdata_txt_current(dns_rdata_txt_t *txt, dns_rdata_txt_string_t *string) {
return (ISC_R_SUCCESS);
}
+
+isc_result_t
+dns_rdata_txt_first(dns_rdata_txt_t *txt) {
+
+ REQUIRE(txt != NULL);
+ REQUIRE(txt->common.rdtype == dns_rdatatype_txt);
+
+ return (generic_txt_first(txt));
+}
+
+isc_result_t
+dns_rdata_txt_next(dns_rdata_txt_t *txt) {
+
+ REQUIRE(txt != NULL);
+ REQUIRE(txt->common.rdtype == dns_rdatatype_txt);
+
+ return (generic_txt_next(txt));
+}
+
+isc_result_t
+dns_rdata_txt_current(dns_rdata_txt_t *txt, dns_rdata_txt_string_t *string) {
+
+ REQUIRE(txt != NULL);
+ REQUIRE(txt->common.rdtype == dns_rdatatype_txt);
+
+ return (generic_txt_current(txt, string));
+}
#endif /* RDATA_GENERIC_TXT_16_C */
diff --git a/lib/dns/rdata/in_1/a6_38.c b/lib/dns/rdata/in_1/a6_38.c
index 05a21ade89d2..d8b76e54b684 100644
--- a/lib/dns/rdata/in_1/a6_38.c
+++ b/lib/dns/rdata/in_1/a6_38.c
@@ -83,7 +83,8 @@ fromtext_in_a6(ARGS_FROMTEXT) {
ISC_FALSE));
dns_name_init(&name, NULL);
buffer_fromregion(&buffer, &token.value.as_region);
- origin = (origin != NULL) ? origin : dns_rootname;
+ if (origin == NULL)
+ origin = dns_rootname;
RETTOK(dns_name_fromtext(&name, &buffer, origin, options, target));
ok = ISC_TRUE;
if ((options & DNS_RDATA_CHECKNAMES) != 0)
diff --git a/lib/dns/rdata/in_1/kx_36.c b/lib/dns/rdata/in_1/kx_36.c
index 8b911eb07c2a..9a4130571da2 100644
--- a/lib/dns/rdata/in_1/kx_36.c
+++ b/lib/dns/rdata/in_1/kx_36.c
@@ -49,7 +49,8 @@ fromtext_in_kx(ARGS_FROMTEXT) {
ISC_FALSE));
dns_name_init(&name, NULL);
buffer_fromregion(&buffer, &token.value.as_region);
- origin = (origin != NULL) ? origin : dns_rootname;
+ if (origin == NULL)
+ origin = dns_rootname;
RETTOK(dns_name_fromtext(&name, &buffer, origin, options, target));
return (ISC_R_SUCCESS);
}
diff --git a/lib/dns/rdata/in_1/nsap-ptr_23.c b/lib/dns/rdata/in_1/nsap-ptr_23.c
index d8b43f2edca4..764a85c091a9 100644
--- a/lib/dns/rdata/in_1/nsap-ptr_23.c
+++ b/lib/dns/rdata/in_1/nsap-ptr_23.c
@@ -44,7 +44,8 @@ fromtext_in_nsap_ptr(ARGS_FROMTEXT) {
dns_name_init(&name, NULL);
buffer_fromregion(&buffer, &token.value.as_region);
- origin = (origin != NULL) ? origin : dns_rootname;
+ if (origin == NULL)
+ origin = dns_rootname;
RETTOK(dns_name_fromtext(&name, &buffer, origin, options, target));
return (ISC_R_SUCCESS);
}
diff --git a/lib/dns/rdata/in_1/px_26.c b/lib/dns/rdata/in_1/px_26.c
index 4cf0ae418ac0..11d145ae2a86 100644
--- a/lib/dns/rdata/in_1/px_26.c
+++ b/lib/dns/rdata/in_1/px_26.c
@@ -39,6 +39,9 @@ fromtext_in_px(ARGS_FROMTEXT) {
UNUSED(rdclass);
UNUSED(callbacks);
+ if (origin == NULL)
+ origin = dns_rootname;
+
/*
* Preference.
*/
@@ -55,7 +58,6 @@ fromtext_in_px(ARGS_FROMTEXT) {
ISC_FALSE));
dns_name_init(&name, NULL);
buffer_fromregion(&buffer, &token.value.as_region);
- origin = (origin != NULL) ? origin : dns_rootname;
RETTOK(dns_name_fromtext(&name, &buffer, origin, options, target));
/*
@@ -65,7 +67,6 @@ fromtext_in_px(ARGS_FROMTEXT) {
ISC_FALSE));
dns_name_init(&name, NULL);
buffer_fromregion(&buffer, &token.value.as_region);
- origin = (origin != NULL) ? origin : dns_rootname;
RETTOK(dns_name_fromtext(&name, &buffer, origin, options, target));
return (ISC_R_SUCCESS);
}
diff --git a/lib/dns/rdata/in_1/srv_33.c b/lib/dns/rdata/in_1/srv_33.c
index b97d410272f6..15b29d544e8f 100644
--- a/lib/dns/rdata/in_1/srv_33.c
+++ b/lib/dns/rdata/in_1/srv_33.c
@@ -74,7 +74,8 @@ fromtext_in_srv(ARGS_FROMTEXT) {
ISC_FALSE));
dns_name_init(&name, NULL);
buffer_fromregion(&buffer, &token.value.as_region);
- origin = (origin != NULL) ? origin : dns_rootname;
+ if (origin == NULL)
+ origin = dns_rootname;
RETTOK(dns_name_fromtext(&name, &buffer, origin, options, target));
ok = ISC_TRUE;
if ((options & DNS_RDATA_CHECKNAMES) != 0)
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index 30f9be7da52b..5f75bc08396e 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -103,6 +103,13 @@
"fctx %p(%s): [result: %s] %s %s", \
fctx, fctx->info, \
isc_result_totext(res), (m1), (m2))
+#define FCTXTRACE5(m1, m2, v) \
+ isc_log_write(dns_lctx, \
+ DNS_LOGCATEGORY_RESOLVER, \
+ DNS_LOGMODULE_RESOLVER, \
+ ISC_LOG_DEBUG(3), \
+ "fctx %p(%s): %s %s%u", \
+ fctx, fctx->info, (m1), (m2), (v))
#define FTRACE(m) isc_log_write(dns_lctx, \
DNS_LOGCATEGORY_RESOLVER, \
DNS_LOGMODULE_RESOLVER, \
@@ -125,6 +132,8 @@
#define FCTXTRACE3(m1, res) do { UNUSED(m1); UNUSED(res); } while (0)
#define FCTXTRACE4(m1, m2, res) \
do { UNUSED(m1); UNUSED(m2); UNUSED(res); } while (0)
+#define FCTXTRACE5(m1, m2, v) \
+ do { UNUSED(m1); UNUSED(m2); UNUSED(v); } while (0)
#define FTRACE(m) do { UNUSED(m); } while (0)
#define QTRACE(m) do { UNUSED(m); } while (0)
#endif /* WANT_QUERYTRACE */
@@ -866,7 +875,8 @@ resquery_destroy(resquery_t **queryp) {
static void
fctx_cancelquery(resquery_t **queryp, dns_dispatchevent_t **deventp,
- isc_time_t *finish, isc_boolean_t no_response)
+ isc_time_t *finish, isc_boolean_t no_response,
+ isc_boolean_t age_untried)
{
fetchctx_t *fctx;
resquery_t *query;
@@ -948,14 +958,14 @@ fctx_cancelquery(resquery_t **queryp, dns_dispatchevent_t **deventp,
* Age RTTs of servers not tried.
*/
isc_stdtime_get(&now);
- if (finish != NULL)
+ if (finish != NULL || age_untried)
for (addrinfo = ISC_LIST_HEAD(fctx->forwaddrs);
addrinfo != NULL;
addrinfo = ISC_LIST_NEXT(addrinfo, publink))
if (UNMARKED(addrinfo))
dns_adb_agesrtt(fctx->adb, addrinfo, now);
- if (finish != NULL && TRIEDFIND(fctx))
+ if ((finish != NULL || age_untried) && TRIEDFIND(fctx))
for (find = ISC_LIST_HEAD(fctx->finds);
find != NULL;
find = ISC_LIST_NEXT(find, publink))
@@ -966,7 +976,7 @@ fctx_cancelquery(resquery_t **queryp, dns_dispatchevent_t **deventp,
dns_adb_agesrtt(fctx->adb, addrinfo,
now);
- if (finish != NULL && TRIEDALT(fctx)) {
+ if ((finish != NULL || age_untried) && TRIEDALT(fctx)) {
for (addrinfo = ISC_LIST_HEAD(fctx->altaddrs);
addrinfo != NULL;
addrinfo = ISC_LIST_NEXT(addrinfo, publink))
@@ -1037,7 +1047,9 @@ fctx_cancelquery(resquery_t **queryp, dns_dispatchevent_t **deventp,
}
static void
-fctx_cancelqueries(fetchctx_t *fctx, isc_boolean_t no_response) {
+fctx_cancelqueries(fetchctx_t *fctx, isc_boolean_t no_response,
+ isc_boolean_t age_untried)
+{
resquery_t *query, *next_query;
FCTXTRACE("cancelqueries");
@@ -1046,7 +1058,8 @@ fctx_cancelqueries(fetchctx_t *fctx, isc_boolean_t no_response) {
query != NULL;
query = next_query) {
next_query = ISC_LIST_NEXT(query, link);
- fctx_cancelquery(&query, NULL, NULL, no_response);
+ fctx_cancelquery(&query, NULL, NULL, no_response,
+ age_untried);
}
}
@@ -1113,9 +1126,11 @@ fctx_cleanupaltaddrs(fetchctx_t *fctx) {
}
static inline void
-fctx_stopeverything(fetchctx_t *fctx, isc_boolean_t no_response) {
+fctx_stopeverything(fetchctx_t *fctx, isc_boolean_t no_response,
+ isc_boolean_t age_untried)
+{
FCTXTRACE("stopeverything");
- fctx_cancelqueries(fctx, no_response);
+ fctx_cancelqueries(fctx, no_response, age_untried);
fctx_cleanupfinds(fctx);
fctx_cleanupaltfinds(fctx);
fctx_cleanupforwaddrs(fctx);
@@ -1354,7 +1369,8 @@ log_edns(fetchctx_t *fctx) {
static void
fctx_done(fetchctx_t *fctx, isc_result_t result, int line) {
dns_resolver_t *res;
- isc_boolean_t no_response;
+ isc_boolean_t no_response = ISC_FALSE;
+ isc_boolean_t age_untried = ISC_FALSE;
REQUIRE(line >= 0);
@@ -1368,11 +1384,11 @@ fctx_done(fetchctx_t *fctx, isc_result_t result, int line) {
*/
log_edns(fctx);
no_response = ISC_TRUE;
- } else
- no_response = ISC_FALSE;
+ } else if (result == ISC_R_TIMEDOUT)
+ age_untried = ISC_TRUE;
fctx->reason = NULL;
- fctx_stopeverything(fctx, no_response);
+ fctx_stopeverything(fctx, no_response, age_untried);
LOCK(&res->buckets[fctx->bucketnum].lock);
@@ -1422,7 +1438,8 @@ process_sendevent(resquery_t *query, isc_event_t *event) {
*/
add_bad(fctx, query->addrinfo, sevent->result,
badns_unreachable);
- fctx_cancelquery(&query, NULL, NULL, ISC_TRUE);
+ fctx_cancelquery(&query, NULL, NULL, ISC_TRUE,
+ ISC_FALSE);
retry = ISC_TRUE;
break;
@@ -1431,7 +1448,8 @@ process_sendevent(resquery_t *query, isc_event_t *event) {
"unexpected event result; responding",
sevent->result);
- fctx_cancelquery(&query, NULL, NULL, ISC_FALSE);
+ fctx_cancelquery(&query, NULL, NULL, ISC_FALSE,
+ ISC_FALSE);
break;
}
}
@@ -2327,7 +2345,8 @@ resquery_connected(isc_task_t *task, isc_event_t *event) {
FCTXTRACE("query canceled: idle timer failed; "
"responding");
- fctx_cancelquery(&query, NULL, NULL, ISC_FALSE);
+ fctx_cancelquery(&query, NULL, NULL, ISC_FALSE,
+ ISC_FALSE);
fctx_done(fctx, result, __LINE__);
break;
}
@@ -2366,7 +2385,7 @@ resquery_connected(isc_task_t *task, isc_event_t *event) {
FCTXTRACE("query canceled: "
"resquery_send() failed; responding");
- fctx_cancelquery(&query, NULL, NULL, ISC_FALSE);
+ fctx_cancelquery(&query, NULL, NULL, ISC_FALSE, ISC_FALSE);
fctx_done(fctx, result, __LINE__);
}
break;
@@ -2385,7 +2404,7 @@ resquery_connected(isc_task_t *task, isc_event_t *event) {
* No route to remote.
*/
isc_socket_detach(&query->tcpsocket);
- fctx_cancelquery(&query, NULL, NULL, ISC_TRUE);
+ fctx_cancelquery(&query, NULL, NULL, ISC_TRUE, ISC_FALSE);
retry = ISC_TRUE;
break;
@@ -2395,7 +2414,7 @@ resquery_connected(isc_task_t *task, isc_event_t *event) {
sevent->result);
isc_socket_detach(&query->tcpsocket);
- fctx_cancelquery(&query, NULL, NULL, ISC_FALSE);
+ fctx_cancelquery(&query, NULL, NULL, ISC_FALSE, ISC_FALSE);
break;
}
}
@@ -2858,7 +2877,7 @@ fctx_getaddresses(fetchctx_t *fctx, isc_boolean_t badcache) {
isc_boolean_t all_spilled = ISC_TRUE;
#endif /* ENABLE_FETCHLIMIT */
- FCTXTRACE("getaddresses");
+ FCTXTRACE5("getaddresses", "fctx->depth=", fctx->depth);
/*
* Don't pound on remote servers. (Failsafe!)
@@ -2874,8 +2893,9 @@ fctx_getaddresses(fetchctx_t *fctx, isc_boolean_t badcache) {
if (fctx->depth > res->maxdepth) {
isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
DNS_LOGMODULE_RESOLVER, ISC_LOG_DEBUG(3),
- "too much NS indirection resolving '%s'",
- fctx->info);
+ "too much NS indirection resolving '%s' "
+ "(depth=%u, maxdepth=%u)",
+ fctx->info, fctx->depth, res->maxdepth);
return (DNS_R_SERVFAIL);
}
@@ -3172,6 +3192,9 @@ possibly_mark(fetchctx_t *fctx, dns_adbaddrinfo_t *addr)
if (aborted) {
addr->flags |= FCTX_ADDRINFO_MARK;
msg = "ignoring blackholed / bogus server: ";
+ } else if (isc_sockaddr_isnetzero(sa)) {
+ addr->flags |= FCTX_ADDRINFO_MARK;
+ msg = "ignoring net zero address: ";
} else if (isc_sockaddr_ismulticast(sa)) {
addr->flags |= FCTX_ADDRINFO_MARK;
msg = "ignoring multicast address: ";
@@ -3346,7 +3369,7 @@ fctx_try(fetchctx_t *fctx, isc_boolean_t retrying, isc_boolean_t badcache) {
unsigned int bucketnum;
isc_boolean_t bucket_empty;
- FCTXTRACE("try");
+ FCTXTRACE5("try", "fctx->qc=", isc_counter_used(fctx->qc));
REQUIRE(!ADDRWAIT(fctx));
@@ -3356,8 +3379,10 @@ fctx_try(fetchctx_t *fctx, isc_boolean_t retrying, isc_boolean_t badcache) {
if (isc_counter_used(fctx->qc) > res->maxqueries) {
isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
DNS_LOGMODULE_RESOLVER, ISC_LOG_DEBUG(3),
- "exceeded max queries resolving '%s'",
- fctx->info);
+ "exceeded max queries resolving '%s' "
+ "(querycount=%u, maxqueries=%u)",
+ fctx->info,
+ isc_counter_used(fctx->qc), res->maxqueries);
fctx_done(fctx, DNS_R_SERVFAIL, __LINE__);
return;
}
@@ -3371,7 +3396,7 @@ fctx_try(fetchctx_t *fctx, isc_boolean_t retrying, isc_boolean_t badcache) {
if (addrinfo == NULL) {
/* We have no more addresses. Start over. */
- fctx_cancelqueries(fctx, ISC_TRUE);
+ fctx_cancelqueries(fctx, ISC_TRUE, ISC_FALSE);
fctx_cleanupfinds(fctx);
fctx_cleanupaltfinds(fctx);
fctx_cleanupforwaddrs(fctx);
@@ -3589,7 +3614,7 @@ fctx_timeout(isc_task_t *task, isc_event_t *event) {
isc_time_compare(&tevent->due, &query->start) >= 0)
{
FCTXTRACE("query timed out; no response");
- fctx_cancelquery(&query, NULL, NULL, ISC_TRUE);
+ fctx_cancelquery(&query, NULL, NULL, ISC_TRUE, ISC_FALSE);
}
fctx->attributes &= ~FCTX_ATTR_ADDRWAIT;
@@ -3683,7 +3708,7 @@ fctx_doshutdown(isc_task_t *task, isc_event_t *event) {
* fetch. To avoid deadlock with the ADB, we must do this
* before we lock the bucket lock.
*/
- fctx_stopeverything(fctx, ISC_FALSE);
+ fctx_stopeverything(fctx, ISC_FALSE, ISC_FALSE);
LOCK(&res->buckets[bucketnum].lock);
@@ -4025,13 +4050,12 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type,
&fctx->nameservers,
NULL);
if (result != ISC_R_SUCCESS)
- goto cleanup_name;
+ goto cleanup_nameservers;
result = dns_name_dup(domain, mctx, &fctx->domain);
- if (result != ISC_R_SUCCESS) {
- dns_rdataset_disassociate(&fctx->nameservers);
- goto cleanup_name;
- }
+ if (result != ISC_R_SUCCESS)
+ goto cleanup_nameservers;
+
fctx->ns_ttl = fctx->nameservers.ttl;
fctx->ns_ttl_ok = ISC_TRUE;
} else {
@@ -4160,6 +4184,8 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type,
cleanup_domain:
if (dns_name_countlabels(&fctx->domain) > 0)
dns_name_free(&fctx->domain, mctx);
+
+ cleanup_nameservers:
if (dns_rdataset_isassociated(&fctx->nameservers))
dns_rdataset_disassociate(&fctx->nameservers);
@@ -7395,7 +7421,7 @@ resquery_response(isc_task_t *task, isc_event_t *event) {
}
}
- dns_message_setclass(message, fctx->res->rdclass);
+ dns_message_setclass(message, res->rdclass);
if ((options & DNS_FETCHOPT_TCP) == 0)
dns_adb_plainresponse(fctx->adb, query->addrinfo);
@@ -7472,7 +7498,7 @@ resquery_response(isc_task_t *task, isc_event_t *event) {
*/
log_packet(message, ISC_LOG_DEBUG(10), res->mctx);
- if (message->rdclass != fctx->res->rdclass) {
+ if (message->rdclass != res->rdclass) {
resend = ISC_TRUE;
FCTXTRACE("bad class");
goto done;
@@ -7945,7 +7971,7 @@ resquery_response(isc_task_t *task, isc_event_t *event) {
*
* XXXRTH Don't cancel the query if waiting for validation?
*/
- fctx_cancelquery(&query, &devent, finish, no_response);
+ fctx_cancelquery(&query, &devent, finish, no_response, ISC_FALSE);
if (keep_trying) {
if (result == DNS_R_FORMERR)
@@ -8016,7 +8042,7 @@ resquery_response(isc_task_t *task, isc_event_t *event) {
fctx->ns_ttl = fctx->nameservers.ttl;
fctx->ns_ttl_ok = ISC_TRUE;
- fctx_cancelqueries(fctx, ISC_TRUE);
+ fctx_cancelqueries(fctx, ISC_TRUE, ISC_FALSE);
fctx_cleanupfinds(fctx);
fctx_cleanupaltfinds(fctx);
fctx_cleanupforwaddrs(fctx);
@@ -8049,7 +8075,7 @@ resquery_response(isc_task_t *task, isc_event_t *event) {
* DNSSEC validator to validate the answer.
*/
FCTXTRACE("wait for validator");
- fctx_cancelqueries(fctx, ISC_TRUE);
+ fctx_cancelqueries(fctx, ISC_TRUE, ISC_FALSE);
/*
* We must not retransmit while the validator is working;
* it has references to the current rmessage.
@@ -8060,7 +8086,7 @@ resquery_response(isc_task_t *task, isc_event_t *event) {
} else if (result == DNS_R_CHASEDSSERVERS) {
unsigned int n;
add_bad(fctx, addrinfo, result, broken_type);
- fctx_cancelqueries(fctx, ISC_TRUE);
+ fctx_cancelqueries(fctx, ISC_TRUE, ISC_FALSE);
fctx_cleanupfinds(fctx);
fctx_cleanupforwaddrs(fctx);
@@ -8586,6 +8612,7 @@ dns_resolver_prime(dns_resolver_t *res) {
&res->primefetch);
UNLOCK(&res->primelock);
if (result != ISC_R_SUCCESS) {
+ isc_mem_put(res->mctx, rdataset, sizeof(*rdataset));
LOCK(&res->lock);
INSIST(res->priming);
res->priming = ISC_FALSE;
diff --git a/lib/dns/rootns.c b/lib/dns/rootns.c
index 97b5101200e2..d395855ea2c5 100644
--- a/lib/dns/rootns.c
+++ b/lib/dns/rootns.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2008, 2010, 2012-2015 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2008, 2010, 2012-2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -79,7 +79,7 @@ static char root_ns[] =
"K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129\n"
"K.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:7FD::1\n"
"L.ROOT-SERVERS.NET. 3600000 IN A 199.7.83.42\n"
-"L.ROOT-SERVERS.NET. 604800 IN AAAA 2001:500:3::42\n"
+"L.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:9f::42\n"
"M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33\n"
"M.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:DC3::35\n";
diff --git a/lib/dns/sdlz.c b/lib/dns/sdlz.c
index 3b245419d099..e70532021719 100644
--- a/lib/dns/sdlz.c
+++ b/lib/dns/sdlz.c
@@ -606,7 +606,7 @@ findnodeext(dns_db_t *db, dns_name_t *name, isc_boolean_t create,
* if the host (namestr) was not found, try to lookup a
* "wildcard" host.
*/
- if (result != ISC_R_SUCCESS && !create)
+ if (result == ISC_R_NOTFOUND && !create)
result = sdlz->dlzimp->methods->lookup(zonestr, "*",
sdlz->dlzimp->driverarg,
sdlz->dbdata, node,
@@ -614,7 +614,10 @@ findnodeext(dns_db_t *db, dns_name_t *name, isc_boolean_t create,
MAYBE_UNLOCK(sdlz->dlzimp);
- if (result != ISC_R_SUCCESS && !isorigin && !create) {
+ if (result == ISC_R_NOTFOUND && (isorigin || create))
+ result = ISC_R_SUCCESS;
+
+ if (result != ISC_R_SUCCESS) {
destroynode(node);
return (result);
}
@@ -879,10 +882,11 @@ findext(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
dns_name_getlabelsequence(name, nlabels - i, i, xname);
result = findnodeext(db, xname, ISC_FALSE,
methods, clientinfo, &node);
- if (result != ISC_R_SUCCESS) {
+ if (result == ISC_R_NOTFOUND) {
result = DNS_R_NXDOMAIN;
continue;
- }
+ } else if (result != ISC_R_SUCCESS)
+ break;
/*
* Look for a DNAME at the current label, unless this is
diff --git a/lib/dns/tkey.c b/lib/dns/tkey.c
index 0b5440a67d80..0012bbff4464 100644
--- a/lib/dns/tkey.c
+++ b/lib/dns/tkey.c
@@ -987,7 +987,7 @@ dns_tkey_builddhquery(dns_message_t *msg, dst_key_t *key, dns_name_t *name,
if (nonce != NULL)
isc_buffer_usedregion(nonce, &r);
else {
- r.base = isc_mem_get(msg->mctx, 0);
+ r.base = NULL;
r.length = 0;
}
tkey.error = 0;
@@ -998,9 +998,6 @@ dns_tkey_builddhquery(dns_message_t *msg, dst_key_t *key, dns_name_t *name,
RETERR(buildquery(msg, name, &tkey, ISC_FALSE));
- if (nonce == NULL)
- isc_mem_put(msg->mctx, r.base, 0);
-
RETERR(dns_message_gettemprdata(msg, &rdata));
RETERR(isc_buffer_allocate(msg->mctx, &dynbuf, 1024));
RETERR(dst_key_todns(key, dynbuf));
@@ -1231,12 +1228,10 @@ dns_tkey_processdhresponse(dns_message_t *qmsg, dns_message_t *rmsg,
if (nonce != NULL)
isc_buffer_usedregion(nonce, &r2);
else {
- r2.base = isc_mem_get(rmsg->mctx, 0);
+ r2.base = NULL;
r2.length = 0;
}
RETERR(compute_secret(shared, &r2, &r, &secret));
- if (nonce == NULL)
- isc_mem_put(rmsg->mctx, r2.base, 0);
isc_buffer_usedregion(&secret, &r);
result = dns_tsigkey_create(tkeyname, &rtkey.algorithm,
diff --git a/lib/dns/update.c b/lib/dns/update.c
index 268e25047241..10910ca507fb 100644
--- a/lib/dns/update.c
+++ b/lib/dns/update.c
@@ -1360,7 +1360,7 @@ struct dns_update_state {
unsigned int nkeys;
isc_stdtime_t inception, expire;
dns_ttl_t nsecttl;
- isc_boolean_t check_ksk, keyset_kskonly;
+ isc_boolean_t check_ksk, keyset_kskonly, build_nsec3;
enum { sign_updates, remove_orphaned, build_chain, process_nsec,
sign_nsec, update_nsec3, process_nsec3, sign_nsec3 } state;
};
@@ -1375,7 +1375,7 @@ dns_update_signaturesinc(dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db,
dns_update_state_t mystate, *state;
dns_difftuple_t *t, *next;
- isc_boolean_t flag, build_nsec, build_nsec3;
+ isc_boolean_t flag, build_nsec;
unsigned int i;
isc_stdtime_t now;
dns_rdata_soa_t soa;
@@ -1404,6 +1404,7 @@ dns_update_signaturesinc(dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db,
dns_diff_init(diff->mctx, &state->nsec_mindiff);
dns_diff_init(diff->mctx, &state->work);
state->nkeys = 0;
+ state->build_nsec3 = ISC_FALSE;
result = find_zone_keys(zone, db, newver, diff->mctx,
DNS_MAXZONEKEYS, state->zone_keys,
@@ -1568,7 +1569,7 @@ dns_update_signaturesinc(dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db,
* See if we need to build NSEC or NSEC3 chains.
*/
CHECK(dns_private_chains(db, newver, privatetype, &build_nsec,
- &build_nsec3));
+ &state->build_nsec3));
if (!build_nsec) {
state->state = update_nsec3;
goto next_state;
@@ -1831,7 +1832,7 @@ dns_update_signaturesinc(dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db,
INSIST(ISC_LIST_EMPTY(state->nsec_diff.tuples));
INSIST(ISC_LIST_EMPTY(state->nsec_mindiff.tuples));
- if (!build_nsec3) {
+ if (!state->build_nsec3) {
update_log(log, zone, ISC_LOG_DEBUG(3),
"no NSEC3 chains to rebuild");
goto failure;
diff --git a/lib/dns/view.c b/lib/dns/view.c
index da1136c075ac..5876a4b9dfa5 100644
--- a/lib/dns/view.c
+++ b/lib/dns/view.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -1846,14 +1846,29 @@ dns_view_untrust(dns_view_t *view, dns_name_t *keyname,
isc_buffer_init(&buffer, data, sizeof(data));
dns_rdata_fromstruct(&rdata, dnskey->common.rdclass,
dns_rdatatype_dnskey, dnskey, &buffer);
+
result = dns_dnssec_keyfromrdata(keyname, &rdata, mctx, &key);
if (result != ISC_R_SUCCESS)
return;
+
result = dns_view_getsecroots(view, &sr);
if (result == ISC_R_SUCCESS) {
- dns_keytable_deletekeynode(sr, key);
+ result = dns_keytable_deletekeynode(sr, key);
+
+ /*
+ * If key was found in secroots, then it was a
+ * configured trust anchor, and we want to fail
+ * secure. If there are no other configured keys,
+ * then leave a null key so that we can't validate
+ * anymore.
+ */
+
+ if (result == ISC_R_SUCCESS)
+ dns_keytable_marksecure(sr, keyname);
+
dns_keytable_detach(&sr);
}
+
dst_key_free(&key);
}
diff --git a/lib/dns/xfrin.c b/lib/dns/xfrin.c
index a2bc35dc8a55..aec238d3fc1a 100644
--- a/lib/dns/xfrin.c
+++ b/lib/dns/xfrin.c
@@ -292,6 +292,9 @@ axfr_putdata(dns_xfrin_ctx_t *xfr, dns_diffop_t op,
dns_difftuple_t *tuple = NULL;
+ if (rdata->rdclass != xfr->rdclass)
+ return(DNS_R_BADCLASS);
+
CHECK(dns_zone_checknames(xfr->zone, name, rdata));
CHECK(dns_difftuple_create(xfr->diff.mctx, op,
name, ttl, rdata, &tuple));
@@ -377,8 +380,11 @@ ixfr_putdata(dns_xfrin_ctx_t *xfr, dns_diffop_t op,
dns_name_t *name, dns_ttl_t ttl, dns_rdata_t *rdata)
{
isc_result_t result;
-
dns_difftuple_t *tuple = NULL;
+
+ if (rdata->rdclass != xfr->rdclass)
+ return(DNS_R_BADCLASS);
+
if (op == DNS_DIFFOP_ADD)
CHECK(dns_zone_checknames(xfr->zone, name, rdata));
CHECK(dns_difftuple_create(xfr->diff.mctx, op,
@@ -1224,10 +1230,17 @@ xfrin_recv_done(isc_task_t *task, isc_event_t *ev) {
DNS_MESSAGEPARSE_PRESERVEORDER);
if (result != ISC_R_SUCCESS || msg->rcode != dns_rcode_noerror ||
+ msg->opcode != dns_opcode_query ||msg->rdclass != xfr->rdclass ||
(xfr->checkid && msg->id != xfr->id)) {
- if (result == ISC_R_SUCCESS)
+ if (result == ISC_R_SUCCESS && msg->rcode != dns_rcode_noerror)
result = ISC_RESULTCLASS_DNSRCODE + msg->rcode; /*XXX*/
- if (result == ISC_R_SUCCESS || result == DNS_R_NOERROR)
+ else if (result == ISC_R_SUCCESS &&
+ msg->opcode != dns_opcode_query)
+ result = DNS_R_UNEXPECTEDOPCODE;
+ else if (result == ISC_R_SUCCESS &&
+ msg->rdclass != xfr->rdclass)
+ result = DNS_R_BADCLASS;
+ else if (result == ISC_R_SUCCESS || result == DNS_R_NOERROR)
result = DNS_R_UNEXPECTEDID;
if (xfr->reqtype == dns_rdatatype_axfr ||
xfr->reqtype == dns_rdatatype_soa)
diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index d334bebc436c..490248a68910 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -1052,6 +1052,8 @@ zone_free(dns_zone_t *zone) {
isc_task_detach(&zone->task);
if (zone->loadtask != NULL)
isc_task_detach(&zone->loadtask);
+ if (zone->view != NULL)
+ dns_view_weakdetach(&zone->view);
/* Unmanaged objects */
for (signing = ISC_LIST_HEAD(zone->signing);
@@ -3408,7 +3410,8 @@ compute_tag(dns_name_t *name, dns_rdata_dnskey_t *dnskey, isc_mem_t *mctx,
*/
static void
trust_key(dns_zone_t *zone, dns_name_t *keyname,
- dns_rdata_dnskey_t *dnskey, isc_mem_t *mctx) {
+ dns_rdata_dnskey_t *dnskey, isc_mem_t *mctx)
+{
isc_result_t result;
dns_rdata_t rdata = DNS_RDATA_INIT;
unsigned char data[4096];
@@ -8540,13 +8543,12 @@ keyfetch_done(isc_task_t *task, isc_event_t *event) {
*/
deletekey = ISC_TRUE;
} else if (keydata.removehd == 0) {
- /* Remove from secroots */
+ /*
+ * Remove key from secroots.
+ */
dns_view_untrust(zone->view, keyname,
&dnskey, mctx);
- /* But ensure there's a null key */
- fail_secure(zone, keyname);
-
/* If initializing, delete now */
if (keydata.addhd == 0)
deletekey = ISC_TRUE;
@@ -8855,7 +8857,8 @@ zone_refreshkeys(dns_zone_t *zone) {
result = dns_resolver_createfetch(zone->view->resolver,
kname, dns_rdatatype_dnskey,
NULL, NULL, NULL,
- DNS_FETCHOPT_NOVALIDATE,
+ DNS_FETCHOPT_NOVALIDATE|
+ DNS_FETCHOPT_UNSHARED,
zone->task,
keyfetch_done, kfetch,
&kfetch->dnskeyset,
@@ -9303,6 +9306,7 @@ static void
dump_done(void *arg, isc_result_t result) {
const char me[] = "dump_done";
dns_zone_t *zone = arg;
+ dns_zone_t *secure = NULL;
dns_db_t *db;
dns_dbversion_t *version;
isc_boolean_t again = ISC_FALSE;
@@ -9316,30 +9320,54 @@ dump_done(void *arg, isc_result_t result) {
if (result == ISC_R_SUCCESS && zone->journal != NULL &&
zone->journalsize != -1) {
-
/*
* We don't own these, zone->dctx must stay valid.
*/
db = dns_dumpctx_db(zone->dctx);
version = dns_dumpctx_version(zone->dctx);
-
tresult = dns_db_getsoaserial(db, version, &serial);
+
+ /*
+ * Handle lock order inversion.
+ */
+ again:
+ LOCK_ZONE(zone);
+ if (inline_raw(zone)) {
+ secure = zone->secure;
+ INSIST(secure != zone);
+ TRYLOCK_ZONE(result, secure);
+ if (result != ISC_R_SUCCESS) {
+ UNLOCK_ZONE(zone);
+ secure = NULL;
+#if ISC_PLATFORM_USETHREADS
+ isc_thread_yield();
+#endif
+ goto again;
+ }
+ }
+
/*
* If there is a secure version of this zone
* use its serial if it is less than ours.
*/
- if (tresult == ISC_R_SUCCESS && inline_raw(zone) &&
- zone->secure->db != NULL)
- {
+ if (tresult == ISC_R_SUCCESS && secure != NULL) {
isc_uint32_t sserial;
isc_result_t mresult;
- mresult = dns_db_getsoaserial(zone->secure->db,
- NULL, &sserial);
- if (mresult == ISC_R_SUCCESS &&
- isc_serial_lt(sserial, serial))
- serial = sserial;
+ ZONEDB_LOCK(&secure->dblock, isc_rwlocktype_read);
+ if (secure->db != NULL) {
+ mresult = dns_db_getsoaserial(zone->secure->db,
+ NULL, &sserial);
+ if (mresult == ISC_R_SUCCESS &&
+ isc_serial_lt(sserial, serial))
+ serial = sserial;
+ }
+ ZONEDB_UNLOCK(&secure->dblock, isc_rwlocktype_read);
}
+ if (secure != NULL)
+ UNLOCK_ZONE(secure);
+ UNLOCK_ZONE(zone);
+
/*
* Note: we are task locked here so we can test
* zone->xfr safely.
@@ -10041,6 +10069,9 @@ notify_send(dns_notify_t *notify) {
REQUIRE(DNS_NOTIFY_VALID(notify));
REQUIRE(LOCKED_ZONE(notify->zone));
+ if (DNS_ZONE_FLAG(notify->zone, DNS_ZONEFLG_EXITING))
+ return;
+
for (ai = ISC_LIST_HEAD(notify->find->list);
ai != NULL;
ai = ISC_LIST_NEXT(ai, publink)) {
@@ -10116,7 +10147,8 @@ zone_notify(dns_zone_t *zone, isc_time_t *now) {
DNS_ZONE_TIME_ADD(now, zone->notifydelay, &zone->notifytime);
UNLOCK_ZONE(zone);
- if (! DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED))
+ if (DNS_ZONE_FLAG(zone, DNS_ZONEFLG_EXITING) ||
+ ! DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADED))
return;
if (notifytype == dns_notifytype_no)
@@ -11644,9 +11676,6 @@ zone_shutdown(isc_task_t *task, isc_event_t *event) {
zone->irefs--;
}
- if (zone->view != NULL)
- dns_view_weakdetach(&zone->view);
-
/*
* We have now canceled everything set the flag to allow exit_check()
* to succeed. We must not unlock between setting this flag and
@@ -17428,7 +17457,7 @@ dns_zone_keydone(dns_zone_t *zone, const char *keystr) {
kd->all = ISC_TRUE;
else {
isc_textregion_t r;
- char *algstr;
+ const char *algstr;
dns_keytag_t keyid;
dns_secalg_t alg;
size_t n;
diff --git a/lib/export/dns/Makefile.in b/lib/export/dns/Makefile.in
index f575f8673244..033b021fae5f 100644
--- a/lib/export/dns/Makefile.in
+++ b/lib/export/dns/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2009-2013 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2009-2013, 2015, 2016 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@@ -22,7 +22,7 @@ export_srcdir = @top_srcdir@/lib/export
.NOTPARALLEL:
.NO_PARALLEL:
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
@LIBDNS_API@
@@ -79,7 +79,7 @@ OPENSSLLINKSRCS = openssl_link.c openssldh_link.c openssldsa_link.c \
DSTSRCS = @OPENSSLLINKSRCS@ \
dst_api.c dst_lib.c dst_parse.c \
dst_result.c gssapi_link.c gssapictx.c \
- hmac_link.c key.c
+ hmac_link.c key.c
DNSSRCS = acl.c adb.c byaddr.c \
cache.c callbacks.c client.c compress.c \
@@ -168,7 +168,8 @@ code.h: gen
./gen -s ${srcdir} > code.h
gen: ${srcdir}/gen.c
- ${CC} ${ALL_CFLAGS} ${LDFLAGS} -o $@ ${srcdir}/gen.c ${LIBS}
+ ${BUILD_CC} ${BUILD_CFLAGS} -I${top_srcdir}/lib/isc/include \
+ ${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} -o $@ ${srcdir}/gen.c ${BUILD_LIBS}
#We don't need rbtdb64 for this library
#rbtdb64.@O@: rbtdb.c
diff --git a/lib/export/dns/include/dns/Makefile.in b/lib/export/dns/include/dns/Makefile.in
index b7f51b4a3be2..29a740bd3e1c 100644
--- a/lib/export/dns/include/dns/Makefile.in
+++ b/lib/export/dns/include/dns/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2009, 2012 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2009, 2012, 2015 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@@ -17,7 +17,7 @@
srcdir = @srcdir@
top_srcdir = @top_srcdir@
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
HEADERS = acl.h adb.h byaddr.h \
cache.h callbacks.h cert.h client.h compress.h \
diff --git a/lib/export/dns/include/dst/Makefile.in b/lib/export/dns/include/dst/Makefile.in
index f6f540a2ea82..a565db5b3991 100644
--- a/lib/export/dns/include/dst/Makefile.in
+++ b/lib/export/dns/include/dst/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2009, 2012 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2009, 2012, 2015 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@@ -17,7 +17,7 @@
srcdir = @srcdir@
top_srcdir = @top_srcdir@
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
HEADERS = dst.h gssapi.h lib.h result.h
diff --git a/lib/export/irs/Makefile.in b/lib/export/irs/Makefile.in
index b2520f9eb76e..0044c5c70b25 100644
--- a/lib/export/irs/Makefile.in
+++ b/lib/export/irs/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2009, 2011-2013 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2009, 2011-2013, 2015 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@@ -18,7 +18,7 @@ top_srcdir = @top_srcdir@
srcdir = @top_srcdir@/lib/irs
export_srcdir = @top_srcdir@/lib/export
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
@LIBIRS_API@
diff --git a/lib/export/irs/include/irs/Makefile.in b/lib/export/irs/include/irs/Makefile.in
index 530e67c847ef..f31f4e4c7d10 100644
--- a/lib/export/irs/include/irs/Makefile.in
+++ b/lib/export/irs/include/irs/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2009, 2012 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2009, 2012, 2015 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@@ -12,8 +12,6 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.3 2009/09/02 23:48:02 tbox Exp $
-
srcdir = @srcdir@
top_srcdir = @top_srcdir@
diff --git a/lib/export/isc/Makefile.in b/lib/export/isc/Makefile.in
index c02ce96021e5..a15ea83d84fa 100644
--- a/lib/export/isc/Makefile.in
+++ b/lib/export/isc/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2009, 2010, 2012-2014 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2009, 2010, 2012-2015 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@@ -18,7 +18,7 @@ top_srcdir = @top_srcdir@
srcdir = @top_srcdir@/lib/isc
export_srcdir = @top_srcdir@/lib/export
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
@LIBISC_API@
diff --git a/lib/export/isc/include/isc/Makefile.in b/lib/export/isc/include/isc/Makefile.in
index 8c7eff8efa24..2d4a1eccee1f 100644
--- a/lib/export/isc/include/isc/Makefile.in
+++ b/lib/export/isc/include/isc/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2009, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2009, 2012, 2013, 2015 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@@ -18,7 +18,7 @@ srcdir = @srcdir@
top_srcdir = @top_srcdir@
export_srcdir = @top_srcdir@/lib/export
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
#
# Only list headers that are to be installed and are not
diff --git a/lib/export/isc/nothreads/include/isc/Makefile.in b/lib/export/isc/nothreads/include/isc/Makefile.in
index 9bda987ddcd1..e79943685ba1 100644
--- a/lib/export/isc/nothreads/include/isc/Makefile.in
+++ b/lib/export/isc/nothreads/include/isc/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2009, 2012 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2009, 2012, 2015 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@@ -17,7 +17,7 @@
srcdir = @srcdir@
top_srcdir = @top_srcdir@
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
HEADERS = condition.h mutex.h once.h thread.h
diff --git a/lib/export/isc/pthreads/include/isc/Makefile.in b/lib/export/isc/pthreads/include/isc/Makefile.in
index 431976853726..0ccf7be43d37 100644
--- a/lib/export/isc/pthreads/include/isc/Makefile.in
+++ b/lib/export/isc/pthreads/include/isc/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2009, 2012 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2009, 2012, 2015 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@@ -17,7 +17,7 @@
srcdir = @srcdir@
top_srcdir = @top_srcdir@
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
HEADERS = condition.h mutex.h once.h thread.h
diff --git a/lib/export/isc/unix/include/isc/Makefile.in b/lib/export/isc/unix/include/isc/Makefile.in
index ebbc97362f03..d40644ce112f 100644
--- a/lib/export/isc/unix/include/isc/Makefile.in
+++ b/lib/export/isc/unix/include/isc/Makefile.in
@@ -17,7 +17,7 @@
srcdir = @srcdir@
top_srcdir = @top_srcdir@
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
HEADERS = dir.h int.h net.h netdb.h offset.h stat.h stdtime.h \
syslog.h time.h
diff --git a/lib/export/isccfg/Makefile.in b/lib/export/isccfg/Makefile.in
index 2a791a4de6fd..8626d0ba38cb 100644
--- a/lib/export/isccfg/Makefile.in
+++ b/lib/export/isccfg/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2009, 2011-2013 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2009, 2011-2013, 2015 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@@ -18,7 +18,7 @@ top_srcdir = @top_srcdir@
srcdir = @top_srcdir@/lib/isccfg
export_srcdir = @top_srcdir@/lib/export
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
@LIBISCCFG_API@
diff --git a/lib/export/isccfg/include/isccfg/Makefile.in b/lib/export/isccfg/include/isccfg/Makefile.in
index 57a344cc24e3..d944f55e6515 100644
--- a/lib/export/isccfg/include/isccfg/Makefile.in
+++ b/lib/export/isccfg/include/isccfg/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2009, 2012 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2009, 2012, 2015 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@@ -17,7 +17,7 @@
srcdir = @srcdir@
top_srcdir = @top_srcdir@
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
#
# Only list headers that are to be installed and are not
diff --git a/lib/export/samples/Makefile.in b/lib/export/samples/Makefile.in
index 194aaeb24a20..601ba77ddb7b 100644
--- a/lib/export/samples/Makefile.in
+++ b/lib/export/samples/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2009, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2009, 2012, 2013, 2015 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@@ -18,7 +18,7 @@ srcdir = @srcdir@
top_srcdir = @top_srcdir@
export_srcdir = @top_srcdir@/lib/export
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
@BIND9_MAKE_INCLUDES@
diff --git a/lib/irs/Makefile.in b/lib/irs/Makefile.in
index ba802bf47833..4028ff99c032 100644
--- a/lib/irs/Makefile.in
+++ b/lib/irs/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2009, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2009, 2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@@ -18,7 +18,7 @@ srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
@LIBIRS_API@
diff --git a/lib/irs/resconf.c b/lib/irs/resconf.c
index cb2400795549..de953ff62e02 100644
--- a/lib/irs/resconf.c
+++ b/lib/irs/resconf.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2009, 2011, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009, 2011, 2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -170,11 +170,12 @@ eatwhite(FILE *fp) {
static int
getword(FILE *fp, char *buffer, size_t size) {
int ch;
- char *p = buffer;
+ char *p;
REQUIRE(buffer != NULL);
REQUIRE(size > 0U);
+ p = buffer;
*p = '\0';
ch = eatwhite(fp);
diff --git a/lib/isc/Makefile.in b/lib/isc/Makefile.in
index 3176a267988d..8b2c0608aced 100644
--- a/lib/isc/Makefile.in
+++ b/lib/isc/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2003 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -17,7 +17,7 @@ srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
@LIBISC_API@
diff --git a/lib/isc/alpha/include/isc/Makefile.in b/lib/isc/alpha/include/isc/Makefile.in
index 4927e210f38e..df7561585b0a 100644
--- a/lib/isc/alpha/include/isc/Makefile.in
+++ b/lib/isc/alpha/include/isc/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2007, 2012, 2015 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@@ -18,7 +18,7 @@ srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
HEADERS = atomic.h
diff --git a/lib/isc/api b/lib/isc/api
index 9a572b2d2e74..7de96ec52e86 100644
--- a/lib/isc/api
+++ b/lib/isc/api
@@ -4,6 +4,6 @@
# 9.8: 80-89, 120-129
# 9.9: 90-109
# 9.9-sub: 130-139
-LIBINTERFACE = 106
-LIBREVISION = 0
-LIBAGE = 0
+LIBINTERFACE = 107
+LIBREVISION = 1
+LIBAGE = 1
diff --git a/lib/isc/base32.c b/lib/isc/base32.c
index 2ee99b182426..e472439eba5e 100644
--- a/lib/isc/base32.c
+++ b/lib/isc/base32.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008, 2009, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2008, 2009, 2013-2015 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -170,7 +170,7 @@ base32_decode_init(base32_decode_ctx_t *ctx, int length, const char base[],
static inline isc_result_t
base32_decode_char(base32_decode_ctx_t *ctx, int c) {
- char *s;
+ const char *s;
unsigned int last;
if (ctx->seen_end)
diff --git a/lib/isc/base64.c b/lib/isc/base64.c
index 6b4cb1bf7c63..554097c47eb5 100644
--- a/lib/isc/base64.c
+++ b/lib/isc/base64.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2009, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2009, 2013-2015 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -118,7 +118,7 @@ base64_decode_init(base64_decode_ctx_t *ctx, int length, isc_buffer_t *target)
static inline isc_result_t
base64_decode_char(base64_decode_ctx_t *ctx, int c) {
- char *s;
+ const char *s;
if (ctx->seen_end)
return (ISC_R_BADBASE64);
diff --git a/lib/isc/buffer.c b/lib/isc/buffer.c
index 2d15e248575c..d0f08d767113 100644
--- a/lib/isc/buffer.c
+++ b/lib/isc/buffer.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2008, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2008, 2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -462,6 +462,8 @@ isc_buffer_allocate(isc_mem_t *mctx, isc_buffer_t **dynbuffer,
length);
dbuf->mctx = mctx;
+ ENSURE(ISC_BUFFER_VALID(dbuf));
+
*dynbuffer = dbuf;
return (ISC_R_SUCCESS);
diff --git a/lib/isc/commandline.c b/lib/isc/commandline.c
index 416fba1927a6..e58b1b8ceddc 100644
--- a/lib/isc/commandline.c
+++ b/lib/isc/commandline.c
@@ -95,7 +95,7 @@ static char endopt = '\0';
int
isc_commandline_parse(int argc, char * const *argv, const char *options) {
static char *place = ENDOPT;
- char *option; /* Index into *options of option. */
+ const char *option; /* Index into *options of option. */
REQUIRE(argc >= 0 && argv != NULL && options != NULL);
diff --git a/lib/isc/hash.c b/lib/isc/hash.c
index 6ee8dcf5a1f7..8fd58532838d 100644
--- a/lib/isc/hash.c
+++ b/lib/isc/hash.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007, 2009, 2013-2015 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2009, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -399,3 +399,152 @@ isc_hash_calc(const unsigned char *key, unsigned int keylen,
return (hash_calc(hash, key, keylen, case_sensitive));
}
+
+static isc_uint32_t fnv_offset_basis;
+static isc_once_t fnv_once = ISC_ONCE_INIT;
+
+static void
+fnv_initialize(void) {
+ /*
+ * This function should not leave fnv_offset_basis set to
+ * 0. Also, after this function has been called, if it is called
+ * again, it should not change fnv_offset_basis.
+ */
+ while (fnv_offset_basis == 0) {
+ isc_random_get(&fnv_offset_basis);
+ }
+}
+
+isc_uint32_t
+isc_hash_function(const void *data, size_t length,
+ isc_boolean_t case_sensitive,
+ const isc_uint32_t *previous_hashp)
+{
+ isc_uint32_t hval;
+ const unsigned char *bp;
+ const unsigned char *be;
+
+ INSIST(data == NULL || length > 0);
+ RUNTIME_CHECK(isc_once_do(&fnv_once, fnv_initialize) == ISC_R_SUCCESS);
+
+ hval = ISC_UNLIKELY(previous_hashp != NULL) ?
+ *previous_hashp : fnv_offset_basis;
+
+ if (length == 0)
+ return (hval);
+
+ bp = (const unsigned char *) data;
+ be = bp + length;
+
+ /*
+ * Fowler-Noll-Vo FNV-1a hash function.
+ *
+ * NOTE: A random fnv_offset_basis is used by default to avoid
+ * collision attacks as the hash function is reversible. This
+ * makes the mapping non-deterministic, but the distribution in
+ * the domain is still uniform.
+ */
+
+ if (case_sensitive) {
+ while (bp < be - 4) {
+ hval ^= (isc_uint32_t) bp[0];
+ hval *= 16777619;
+ hval ^= (isc_uint32_t) bp[1];
+ hval *= 16777619;
+ hval ^= (isc_uint32_t) bp[2];
+ hval *= 16777619;
+ hval ^= (isc_uint32_t) bp[3];
+ hval *= 16777619;
+ bp += 4;
+ }
+ while (bp < be) {
+ hval ^= (isc_uint32_t) *bp++;
+ hval *= 16777619;
+ }
+ } else {
+ while (bp < be - 4) {
+ hval ^= (isc_uint32_t) maptolower[bp[0]];
+ hval *= 16777619;
+ hval ^= (isc_uint32_t) maptolower[bp[1]];
+ hval *= 16777619;
+ hval ^= (isc_uint32_t) maptolower[bp[2]];
+ hval *= 16777619;
+ hval ^= (isc_uint32_t) maptolower[bp[3]];
+ hval *= 16777619;
+ bp += 4;
+ }
+ while (bp < be) {
+ hval ^= (isc_uint32_t) maptolower[*bp++];
+ hval *= 16777619;
+ }
+ }
+
+ return (hval);
+}
+
+isc_uint32_t
+isc_hash_function_reverse(const void *data, size_t length,
+ isc_boolean_t case_sensitive,
+ const isc_uint32_t *previous_hashp)
+{
+ isc_uint32_t hval;
+ const unsigned char *bp;
+ const unsigned char *be;
+
+ INSIST(data == NULL || length > 0);
+ RUNTIME_CHECK(isc_once_do(&fnv_once, fnv_initialize) == ISC_R_SUCCESS);
+
+ hval = ISC_UNLIKELY(previous_hashp != NULL) ?
+ *previous_hashp : fnv_offset_basis;
+
+ if (length == 0)
+ return (hval);
+
+ bp = (const unsigned char *) data;
+ be = bp + length;
+
+ /*
+ * Fowler-Noll-Vo FNV-1a hash function.
+ *
+ * NOTE: A random fnv_offset_basis is used by default to avoid
+ * collision attacks as the hash function is reversible. This
+ * makes the mapping non-deterministic, but the distribution in
+ * the domain is still uniform.
+ */
+
+ if (case_sensitive) {
+ while (be >= bp + 4) {
+ be -= 4;
+ hval ^= (isc_uint32_t) be[3];
+ hval *= 16777619;
+ hval ^= (isc_uint32_t) be[2];
+ hval *= 16777619;
+ hval ^= (isc_uint32_t) be[1];
+ hval *= 16777619;
+ hval ^= (isc_uint32_t) be[0];
+ hval *= 16777619;
+ }
+ while (--be >= bp) {
+ hval ^= (isc_uint32_t) *be;
+ hval *= 16777619;
+ }
+ } else {
+ while (be >= bp + 4) {
+ be -= 4;
+ hval ^= (isc_uint32_t) maptolower[be[3]];
+ hval *= 16777619;
+ hval ^= (isc_uint32_t) maptolower[be[2]];
+ hval *= 16777619;
+ hval ^= (isc_uint32_t) maptolower[be[1]];
+ hval *= 16777619;
+ hval ^= (isc_uint32_t) maptolower[be[0]];
+ hval *= 16777619;
+ }
+ while (--be >= bp) {
+ hval ^= (isc_uint32_t) maptolower[*be];
+ hval *= 16777619;
+ }
+ }
+
+ return (hval);
+}
diff --git a/lib/isc/hex.c b/lib/isc/hex.c
index 00903c7374cf..9e565c8a1c24 100644
--- a/lib/isc/hex.c
+++ b/lib/isc/hex.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2008, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2008, 2013-2015 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -95,7 +95,7 @@ hex_decode_init(hex_decode_ctx_t *ctx, int length, isc_buffer_t *target)
static inline isc_result_t
hex_decode_char(hex_decode_ctx_t *ctx, int c) {
- char *s;
+ const char *s;
if ((s = strchr(hex, toupper(c))) == NULL)
return (ISC_R_BADHEX);
diff --git a/lib/isc/httpd.c b/lib/isc/httpd.c
index 241c1d53a8d5..b33f3577f994 100644
--- a/lib/isc/httpd.c
+++ b/lib/isc/httpd.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006-2008, 2010-2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2006-2008, 2010-2012, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -360,6 +360,73 @@ httpdmgr_destroy(isc_httpdmgr_t *httpdmgr) {
#define LENGTHOK(s) (httpd->recvbuf - (s) < (int)httpd->recvlen)
#define BUFLENOK(s) (httpd->recvbuf - (s) < HTTP_RECVLEN)
+/*
+ * Look for the given header in headers.
+ * If value is specified look for it terminated with a character in eov.
+ */
+static isc_boolean_t
+have_header(isc_httpd_t *httpd, const char *header, const char *value,
+ const char *eov)
+{
+ char *cr, *nl, *h;
+ size_t hlen, vlen = 0;
+
+ h = httpd->headers;
+ hlen = strlen(header);
+ if (value != NULL) {
+ INSIST(eov != NULL);
+ vlen = strlen(value);
+ }
+
+ for (;;) {
+ if (strncasecmp(h, header, hlen) != 0) {
+ /*
+ * Skip to next line;
+ */
+ cr = strchr(h, '\r');
+ if (cr != NULL && cr[1] == '\n')
+ cr++;
+ nl = strchr(h, '\n');
+
+ /* last header? */
+ h = cr;
+ if (h == NULL || (nl != NULL && nl < h))
+ h = nl;
+ if (h == NULL)
+ return (ISC_FALSE);
+ h++;
+ continue;
+ }
+
+ if (value == NULL)
+ return (ISC_TRUE);
+
+ /*
+ * Skip optional leading white space.
+ */
+ h += hlen;
+ while (*h == ' ' || *h == '\t')
+ h++;
+ /*
+ * Terminate token search on NULL or EOL.
+ */
+ while (*h != 0 && *h != '\r' && *h != '\n') {
+ if (strncasecmp(h, value, vlen) == 0)
+ if (strchr(eov, h[vlen]) != NULL)
+ return (ISC_TRUE);
+ /*
+ * Skip to next token.
+ */
+ h += strcspn(h, eov);
+ if (h[0] == '\r' && h[1] == '\n')
+ h++;
+ if (h[0] != 0)
+ h++;
+ }
+ return (ISC_FALSE);
+ }
+}
+
static isc_result_t
process_request(isc_httpd_t *httpd, int length) {
char *s;
@@ -378,15 +445,20 @@ process_request(isc_httpd_t *httpd, int length) {
* more data.
*/
s = strstr(httpd->recvbuf, "\r\n\r\n");
- delim = 1;
+ delim = 2;
if (s == NULL) {
s = strstr(httpd->recvbuf, "\n\n");
- delim = 2;
+ delim = 1;
}
if (s == NULL)
return (ISC_R_NOTFOUND);
/*
+ * NUL terminate request at the blank line.
+ */
+ s[delim] = 0;
+
+ /*
* Determine if this is a POST or GET method. Any other values will
* cause an error to be returned.
*/
@@ -444,7 +516,7 @@ process_request(isc_httpd_t *httpd, int length) {
}
httpd->url = p;
- p = s + delim;
+ p = s + 1;
s = p;
/*
@@ -459,7 +531,7 @@ process_request(isc_httpd_t *httpd, int length) {
/*
* Extract the HTTP/1.X protocol. We will bounce on anything but
- * HTTP/1.1 for now.
+ * HTTP/1.0 or HTTP/1.1 for now.
*/
while (LENGTHOK(s) && BUFLENOK(s) &&
(*s != '\n' && *s != '\r' && *s != '\0'))
@@ -468,24 +540,30 @@ process_request(isc_httpd_t *httpd, int length) {
return (ISC_R_NOTFOUND);
if (!BUFLENOK(s))
return (ISC_R_NOMEMORY);
+ /*
+ * Check that we have the expected eol delimiter.
+ */
+ if (strncmp(s, delim == 1 ? "\n" : "\r\n", delim) != 0)
+ return (ISC_R_RANGE);
*s = 0;
if ((strncmp(p, "HTTP/1.0", 8) != 0)
&& (strncmp(p, "HTTP/1.1", 8) != 0))
return (ISC_R_RANGE);
httpd->protocol = p;
- p = s + 1;
+ p = s + delim; /* skip past eol */
s = p;
httpd->headers = s;
- if (strstr(s, "Connection: close") != NULL)
+ if (have_header(httpd, "Connection:", "close", ", \t\r\n"))
httpd->flags |= HTTPD_CLOSE;
- if (strstr(s, "Host: ") != NULL)
+ if (have_header(httpd, "Host:", NULL, NULL))
httpd->flags |= HTTPD_FOUNDHOST;
if (strncmp(httpd->protocol, "HTTP/1.0", 8) == 0) {
- if (strcasestr(s, "Connection: Keep-Alive") != NULL)
+ if (have_header(httpd, "Connection:", "Keep-Alive",
+ ", \t\r\n"))
httpd->flags |= HTTPD_KEEPALIVE;
else
httpd->flags |= HTTPD_CLOSE;
@@ -838,7 +916,7 @@ isc_httpd_response(isc_httpd_t *httpd) {
return (result);
}
- sprintf(isc_buffer_used(&httpd->headerbuffer), "%s %03d %s\r\n",
+ sprintf(isc_buffer_used(&httpd->headerbuffer), "%s %03u %s\r\n",
httpd->protocol, httpd->retcode, httpd->retmsg);
isc_buffer_add(&httpd->headerbuffer, needlen);
diff --git a/lib/isc/ia64/include/isc/Makefile.in b/lib/isc/ia64/include/isc/Makefile.in
index 4927e210f38e..df7561585b0a 100644
--- a/lib/isc/ia64/include/isc/Makefile.in
+++ b/lib/isc/ia64/include/isc/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2007, 2012, 2015 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@@ -18,7 +18,7 @@ srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
HEADERS = atomic.h
diff --git a/lib/isc/include/isc/Makefile.in b/lib/isc/include/isc/Makefile.in
index 572bb3e1046b..15b55069b13b 100644
--- a/lib/isc/include/isc/Makefile.in
+++ b/lib/isc/include/isc/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004-2009, 2012-2014 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2009, 2012-2015 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2001, 2003 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -17,7 +17,7 @@ srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
#
# Only list headers that are to be installed and are not
diff --git a/lib/isc/include/isc/assertions.h b/lib/isc/include/isc/assertions.h
index 2c81b1ae9880..ebe96922dcbe 100644
--- a/lib/isc/include/isc/assertions.h
+++ b/lib/isc/include/isc/assertions.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2009, 2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1997-2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -83,7 +83,7 @@ isc_assertion_typetotext(isc_assertiontype_t type);
#if ISC_CHECK_REQUIRE != 0
#define ISC_REQUIRE(cond) \
- ((void) ((cond) || \
+ ((void) (ISC_LIKELY(cond) || \
((isc_assertion_failed)(__FILE__, __LINE__, \
isc_assertiontype_require, \
#cond), 0)))
@@ -93,7 +93,7 @@ isc_assertion_typetotext(isc_assertiontype_t type);
#if ISC_CHECK_ENSURE != 0
#define ISC_ENSURE(cond) \
- ((void) ((cond) || \
+ ((void) (ISC_LIKELY(cond) || \
((isc_assertion_failed)(__FILE__, __LINE__, \
isc_assertiontype_ensure, \
#cond), 0)))
@@ -103,7 +103,7 @@ isc_assertion_typetotext(isc_assertiontype_t type);
#if ISC_CHECK_INSIST != 0
#define ISC_INSIST(cond) \
- ((void) ((cond) || \
+ ((void) (ISC_LIKELY(cond) || \
((isc_assertion_failed)(__FILE__, __LINE__, \
isc_assertiontype_insist, \
#cond), 0)))
@@ -113,7 +113,7 @@ isc_assertion_typetotext(isc_assertiontype_t type);
#if ISC_CHECK_INVARIANT != 0
#define ISC_INVARIANT(cond) \
- ((void) ((cond) || \
+ ((void) (ISC_LIKELY(cond) || \
((isc_assertion_failed)(__FILE__, __LINE__, \
isc_assertiontype_invariant, \
#cond), 0)))
diff --git a/lib/isc/include/isc/error.h b/lib/isc/include/isc/error.h
index e0cdfa83e7cb..b6cac178e3d0 100644
--- a/lib/isc/include/isc/error.h
+++ b/lib/isc/include/isc/error.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2009, 2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -55,7 +55,7 @@ void
isc_error_runtimecheck(const char *, int, const char *);
#define ISC_ERROR_RUNTIMECHECK(cond) \
- ((void) ((cond) || \
+ ((void) (ISC_LIKELY(cond) || \
((isc_error_runtimecheck)(__FILE__, __LINE__, #cond), 0)))
ISC_LANG_ENDDECLS
diff --git a/lib/isc/include/isc/file.h b/lib/isc/include/isc/file.h
index 7137410b613d..97e4fd323e02 100644
--- a/lib/isc/include/isc/file.h
+++ b/lib/isc/include/isc/file.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007, 2009, 2011-2014 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2009, 2011-2015 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -312,8 +312,8 @@ isc_file_safecreate(const char *filename, FILE **fp);
*/
isc_result_t
-isc_file_splitpath(isc_mem_t *mctx, char *path,
- char **dirname, char **basename);
+isc_file_splitpath(isc_mem_t *mctx, const char *path,
+ char **dirname, char const **basename);
/*%<
* Split a path into dirname and basename. If 'path' contains no slash
* (or, on windows, backslash), then '*dirname' is set to ".".
diff --git a/lib/isc/include/isc/hash.h b/lib/isc/include/isc/hash.h
index 0bfe936d7f95..46cdf78b4923 100644
--- a/lib/isc/include/isc/hash.h
+++ b/lib/isc/include/isc/hash.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007, 2009, 2013 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2009, 2013, 2015, 2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -180,6 +180,45 @@ isc_hash_calc(const unsigned char *key, unsigned int keylen,
*/
/*@}*/
+isc_uint32_t
+isc_hash_function(const void *data, size_t length,
+ isc_boolean_t case_sensitive,
+ const isc_uint32_t *previous_hashp);
+isc_uint32_t
+isc_hash_function_reverse(const void *data, size_t length,
+ isc_boolean_t case_sensitive,
+ const isc_uint32_t *previous_hashp);
+/*!<
+ * \brief Calculate a hash over data.
+ *
+ * This hash function is useful for hashtables. The hash function is
+ * opaque and not important to the caller. The returned hash values are
+ * non-deterministic and will have different mapping every time a
+ * process using this library is run, but will have uniform
+ * distribution.
+ *
+ * isc_hash_function() calculates the hash from start to end over the
+ * input data. isc_hash_function_reverse() calculates the hash from the
+ * end to the start over the input data. The difference in order is
+ * useful in incremental hashing; for example, a previously hashed
+ * value for 'com' can be used as input when hashing 'example.com'.
+ *
+ * This is a new variant of isc_hash_calc() and will supercede
+ * isc_hash_calc() eventually.
+ *
+ * 'data' is the data to be hashed.
+ *
+ * 'length' is the size of the data to be hashed.
+ *
+ * 'case_sensitive' specifies whether the hash key should be treated as
+ * case_sensitive values. It should typically be ISC_FALSE if the hash key
+ * is a DNS name.
+ *
+ * 'previous_hashp' is a pointer to a previous hash value returned by
+ * this function. It can be used to perform incremental hashing. NULL
+ * must be passed during first calls.
+ */
+
ISC_LANG_ENDDECLS
#endif /* ISC_HASH_H */
diff --git a/lib/isc/include/isc/magic.h b/lib/isc/include/isc/magic.h
index 073de90dcc92..679d9d9233fb 100644
--- a/lib/isc/include/isc/magic.h
+++ b/lib/isc/include/isc/magic.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -20,6 +20,8 @@
#ifndef ISC_MAGIC_H
#define ISC_MAGIC_H 1
+#include <isc/util.h>
+
/*! \file isc/magic.h */
typedef struct {
@@ -33,8 +35,8 @@ typedef struct {
* The intent of this is to allow magic numbers to be checked even though
* the object is otherwise opaque.
*/
-#define ISC_MAGIC_VALID(a,b) (((a) != NULL) && \
- (((const isc__magic_t *)(a))->magic == (b)))
+#define ISC_MAGIC_VALID(a,b) (ISC_LIKELY((a) != NULL) && \
+ ISC_LIKELY(((const isc__magic_t *)(a))->magic == (b)))
#define ISC_MAGIC(a, b, c, d) ((a) << 24 | (b) << 16 | (c) << 8 | (d))
diff --git a/lib/isc/include/isc/netaddr.h b/lib/isc/include/isc/netaddr.h
index 954d77019b69..140d11826dd9 100644
--- a/lib/isc/include/isc/netaddr.h
+++ b/lib/isc/include/isc/netaddr.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2009, 2015 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -155,6 +155,12 @@ isc_netaddr_issitelocal(isc_netaddr_t *na);
* Returns #ISC_TRUE if the address is a site local address.
*/
+isc_boolean_t
+isc_netaddr_isnetzero(isc_netaddr_t *na);
+/*%<
+ * Returns #ISC_TRUE if the address is in net zero.
+ */
+
void
isc_netaddr_fromv4mapped(isc_netaddr_t *t, const isc_netaddr_t *s);
/*%<
diff --git a/lib/isc/include/isc/platform.h.in b/lib/isc/include/isc/platform.h.in
index 667a1454a4cd..ae2af287c338 100644
--- a/lib/isc/include/isc/platform.h.in
+++ b/lib/isc/include/isc/platform.h.in
@@ -288,12 +288,18 @@
@ISC_PLATFORM_HAVEXADDQ@
/*
- * If the "atomic swap" operation is available on this architecture,
- * ISC_PLATFORM_HAVEATOMICSTORE" will be defined.
+ * If the 32-bit "atomic swap" operation is available on this
+ * architecture, ISC_PLATFORM_HAVEATOMICSTORE" will be defined.
*/
@ISC_PLATFORM_HAVEATOMICSTORE@
/*
+ * If the 64-bit "atomic swap" operation is available on this
+ * architecture, ISC_PLATFORM_HAVEATOMICSTORE" will be defined.
+ */
+@ISC_PLATFORM_HAVEATOMICSTOREQ@
+
+/*
* If the "compare-and-exchange" operation is available on this architecture,
* ISC_PLATFORM_HAVECMPXCHG will be defined.
*/
diff --git a/lib/isc/include/isc/result.h b/lib/isc/include/isc/result.h
index ed1bc63e7364..ce881e1a2388 100644
--- a/lib/isc/include/isc/result.h
+++ b/lib/isc/include/isc/result.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2009, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2009, 2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -89,9 +89,10 @@
#define ISC_R_BADBASE32 60 /*%< bad base32 encoding */
#define ISC_R_UNSET 61 /*%< unset */
#define ISC_R_MULTIPLE 62 /*%< multiple */
+#define ISC_R_WOULDBLOCK 63 /*%< would block */
/*% Not a result code: the number of results. */
-#define ISC_R_NRESULTS 63
+#define ISC_R_NRESULTS 64
ISC_LANG_BEGINDECLS
diff --git a/lib/isc/include/isc/sockaddr.h b/lib/isc/include/isc/sockaddr.h
index 4d811dd64971..5dfc3d23f512 100644
--- a/lib/isc/include/isc/sockaddr.h
+++ b/lib/isc/include/isc/sockaddr.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007, 2009, 2012 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2009, 2012, 2015 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -220,6 +220,12 @@ isc_sockaddr_issitelocal(const isc_sockaddr_t *sa);
* Returns ISC_TRUE if the address is a sitelocal address.
*/
+isc_boolean_t
+isc_sockaddr_isnetzero(const isc_sockaddr_t *sa);
+/*%<
+ * Returns ISC_TRUE if the address is in net zero.
+ */
+
isc_result_t
isc_sockaddr_frompath(isc_sockaddr_t *sockaddr, const char *path);
/*
diff --git a/lib/isc/include/isc/socket.h b/lib/isc/include/isc/socket.h
index 97e2f7605b9c..0ee305c894b4 100644
--- a/lib/isc/include/isc/socket.h
+++ b/lib/isc/include/isc/socket.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2009, 2011-2014 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2009, 2011-2014, 2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -370,7 +370,8 @@ isc_socket_fdwatchcreate(isc_socketmgr_t *manager,
*
* Note:
*
- *\li 'fd' is the already-opened file descriptor.
+ *\li 'fd' is the already-opened file descriptor (must be less
+ * than maxsockets).
*\li This function is not available on Windows.
*\li The callback function is called "in-line" - this means the function
* needs to return as fast as possible, as all other I/O will be suspended
@@ -394,6 +395,7 @@ isc_socket_fdwatchcreate(isc_socketmgr_t *manager,
*\li #ISC_R_NOMEMORY
*\li #ISC_R_NORESOURCES
*\li #ISC_R_UNEXPECTED
+ *\li #ISC_R_RANGE
*/
isc_result_t
diff --git a/lib/isc/include/isc/util.h b/lib/isc/include/isc/util.h
index 6baf786bdeab..fc2e1882641a 100644
--- a/lib/isc/include/isc/util.h
+++ b/lib/isc/include/isc/util.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007, 2010-2012, 2015 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2010-2012, 2015, 2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -206,6 +206,17 @@
#define INSERTAFTER(li, a, e, ln) ISC_LIST_INSERTAFTER(li, a, e, ln)
#define APPENDLIST(list1, list2, link) ISC_LIST_APPENDLIST(list1, list2, link)
+/*%
+ * Performance
+ */
+#ifdef HAVE_BUILTIN_EXPECT
+#define ISC_LIKELY(x) __builtin_expect(!!(x), 1)
+#define ISC_UNLIKELY(x) __builtin_expect(!!(x), 0)
+#else
+#define ISC_LIKELY(x) (x)
+#define ISC_UNLIKELY(x) (x)
+#endif
+
/*
* Assertions
*/
diff --git a/lib/isc/md5.c b/lib/isc/md5.c
index 579d61c20b2a..55d56195f48e 100644
--- a/lib/isc/md5.c
+++ b/lib/isc/md5.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -57,6 +57,8 @@ isc_md5_invalidate(isc_md5_t *ctx) {
void
isc_md5_update(isc_md5_t *ctx, const unsigned char *buf, unsigned int len) {
+ if (len == 0U)
+ return;
RUNTIME_CHECK(EVP_DigestUpdate(ctx,
(const void *) buf,
(size_t) len) == 1);
diff --git a/lib/isc/mem.c b/lib/isc/mem.c
index 854425750bcd..dfa5e572770b 100644
--- a/lib/isc/mem.c
+++ b/lib/isc/mem.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2010, 2012-2015 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2010, 2012-2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1997-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -1987,53 +1987,43 @@ isc___mempool_get(isc_mempool_t *mpctx0 FLARG) {
/*
* Don't let the caller go over quota
*/
- if (mpctx->allocated >= mpctx->maxalloc) {
+ if (ISC_UNLIKELY(mpctx->allocated >= mpctx->maxalloc)) {
item = NULL;
goto out;
}
- /*
- * if we have a free list item, return the first here
- */
- item = mpctx->items;
- if (item != NULL) {
- mpctx->items = item->next;
- INSIST(mpctx->freecount > 0);
- mpctx->freecount--;
- mpctx->gets++;
- mpctx->allocated++;
- goto out;
- }
-
- /*
- * We need to dip into the well. Lock the memory context here and
- * fill up our free list.
- */
- MCTXLOCK(mctx, &mctx->lock);
- for (i = 0; i < mpctx->fillcount; i++) {
- if ((mctx->flags & ISC_MEMFLAG_INTERNAL) != 0) {
- item = mem_getunlocked(mctx, mpctx->size);
- } else {
- item = mem_get(mctx, mpctx->size);
- if (item != NULL)
- mem_getstats(mctx, mpctx->size);
+ if (ISC_UNLIKELY(mpctx->items == NULL)) {
+ /*
+ * We need to dip into the well. Lock the memory context
+ * here and fill up our free list.
+ */
+ MCTXLOCK(mctx, &mctx->lock);
+ for (i = 0; i < mpctx->fillcount; i++) {
+ if ((mctx->flags & ISC_MEMFLAG_INTERNAL) != 0) {
+ item = mem_getunlocked(mctx, mpctx->size);
+ } else {
+ item = mem_get(mctx, mpctx->size);
+ if (item != NULL)
+ mem_getstats(mctx, mpctx->size);
+ }
+ if (ISC_UNLIKELY(item == NULL))
+ break;
+ item->next = mpctx->items;
+ mpctx->items = item;
+ mpctx->freecount++;
}
- if (item == NULL)
- break;
- item->next = mpctx->items;
- mpctx->items = item;
- mpctx->freecount++;
+ MCTXUNLOCK(mctx, &mctx->lock);
}
- MCTXUNLOCK(mctx, &mctx->lock);
/*
* If we didn't get any items, return NULL.
*/
item = mpctx->items;
- if (item == NULL)
+ if (ISC_UNLIKELY(item == NULL))
goto out;
mpctx->items = item->next;
+ INSIST(mpctx->freecount > 0);
mpctx->freecount--;
mpctx->gets++;
mpctx->allocated++;
diff --git a/lib/isc/mips/include/isc/Makefile.in b/lib/isc/mips/include/isc/Makefile.in
index 4927e210f38e..df7561585b0a 100644
--- a/lib/isc/mips/include/isc/Makefile.in
+++ b/lib/isc/mips/include/isc/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2007, 2012, 2015 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@@ -18,7 +18,7 @@ srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
HEADERS = atomic.h
diff --git a/lib/isc/netaddr.c b/lib/isc/netaddr.c
index dcbfba42eae8..2178c7a2a7b5 100644
--- a/lib/isc/netaddr.c
+++ b/lib/isc/netaddr.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007, 2010-2012, 2014 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2010-2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -419,6 +419,22 @@ isc_netaddr_issitelocal(isc_netaddr_t *na) {
}
}
+#ifndef IN_ZERONET
+#define IN_ZERONET(x) (((x) & htonl(0xff000000U)) == 0)
+#endif
+
+isc_boolean_t
+isc_netaddr_isnetzero(isc_netaddr_t *na) {
+ switch (na->family) {
+ case AF_INET:
+ return (ISC_TF(IN_ZERONET(na->type.in.s_addr)));
+ case AF_INET6:
+ return (ISC_FALSE);
+ default:
+ return (ISC_FALSE);
+ }
+}
+
void
isc_netaddr_fromv4mapped(isc_netaddr_t *t, const isc_netaddr_t *s) {
isc_netaddr_t *src;
diff --git a/lib/isc/noatomic/include/isc/Makefile.in b/lib/isc/noatomic/include/isc/Makefile.in
index 4927e210f38e..df7561585b0a 100644
--- a/lib/isc/noatomic/include/isc/Makefile.in
+++ b/lib/isc/noatomic/include/isc/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2007, 2012, 2015 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@@ -18,7 +18,7 @@ srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
HEADERS = atomic.h
diff --git a/lib/isc/nothreads/include/isc/Makefile.in b/lib/isc/nothreads/include/isc/Makefile.in
index a2c347eaa253..f32180f3a783 100644
--- a/lib/isc/nothreads/include/isc/Makefile.in
+++ b/lib/isc/nothreads/include/isc/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2007, 2012, 2015 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2000, 2001 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -19,7 +19,7 @@ srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
HEADERS = condition.h mutex.h once.h thread.h
diff --git a/lib/isc/powerpc/include/isc/Makefile.in b/lib/isc/powerpc/include/isc/Makefile.in
index 4927e210f38e..df7561585b0a 100644
--- a/lib/isc/powerpc/include/isc/Makefile.in
+++ b/lib/isc/powerpc/include/isc/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2007, 2012, 2015 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@@ -18,7 +18,7 @@ srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
HEADERS = atomic.h
diff --git a/lib/isc/pthreads/include/isc/Makefile.in b/lib/isc/pthreads/include/isc/Makefile.in
index 7cadcf4b6f3d..68e6c76b8d6b 100644
--- a/lib/isc/pthreads/include/isc/Makefile.in
+++ b/lib/isc/pthreads/include/isc/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2007, 2012, 2015 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2001 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -19,7 +19,7 @@ srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
HEADERS = condition.h mutex.h once.h thread.h
diff --git a/lib/isc/result.c b/lib/isc/result.c
index 6cbd8b4722a1..27927e8f25d2 100644
--- a/lib/isc/result.c
+++ b/lib/isc/result.c
@@ -104,6 +104,7 @@ static const char *description[ISC_R_NRESULTS] = {
"bad base32 encoding", /*%< 60 */
"unset", /*%< 61 */
"multiple", /*%< 62 */
+ "would block", /*%< 63 */
};
#define ISC_RESULT_RESULTSET 2
diff --git a/lib/isc/sockaddr.c b/lib/isc/sockaddr.c
index cee6d700c02e..195f1c1c739d 100644
--- a/lib/isc/sockaddr.c
+++ b/lib/isc/sockaddr.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007, 2010-2012, 2014 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2010-2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -205,7 +205,6 @@ isc_sockaddr_hash(const isc_sockaddr_t *sockaddr, isc_boolean_t address_only) {
unsigned int length = 0;
const unsigned char *s = NULL;
unsigned int h = 0;
- unsigned int g;
unsigned int p = 0;
const struct in6_addr *in6;
@@ -239,12 +238,9 @@ isc_sockaddr_hash(const isc_sockaddr_t *sockaddr, isc_boolean_t address_only) {
p = 0;
}
- h = isc_hash_calc(s, length, ISC_TRUE);
- if (!address_only) {
- g = isc_hash_calc((const unsigned char *)&p, sizeof(p),
- ISC_TRUE);
- h = h ^ g; /* XXX: we should concatenate h and p first */
- }
+ h = isc_hash_function(s, length, ISC_TRUE, NULL);
+ if (!address_only)
+ h = isc_hash_function(&p, sizeof(p), ISC_TRUE, &h);
return (h);
}
@@ -368,7 +364,7 @@ isc_sockaddr_pf(const isc_sockaddr_t *sockaddr) {
void
isc_sockaddr_fromnetaddr(isc_sockaddr_t *sockaddr, const isc_netaddr_t *na,
- in_port_t port)
+ in_port_t port)
{
memset(sockaddr, 0, sizeof(*sockaddr));
sockaddr->type.sin.sin_family = na->family;
@@ -483,6 +479,17 @@ isc_sockaddr_islinklocal(const isc_sockaddr_t *sockaddr) {
return (ISC_FALSE);
}
+isc_boolean_t
+isc_sockaddr_isnetzero(const isc_sockaddr_t *sockaddr) {
+ isc_netaddr_t netaddr;
+
+ if (sockaddr->type.sa.sa_family == AF_INET) {
+ isc_netaddr_fromsockaddr(&netaddr, sockaddr);
+ return (isc_netaddr_isnetzero(&netaddr));
+ }
+ return (ISC_FALSE);
+}
+
isc_result_t
isc_sockaddr_frompath(isc_sockaddr_t *sockaddr, const char *path) {
#ifdef ISC_PLATFORM_HAVESYSUNH
diff --git a/lib/isc/sparc64/include/isc/Makefile.in b/lib/isc/sparc64/include/isc/Makefile.in
index 4927e210f38e..df7561585b0a 100644
--- a/lib/isc/sparc64/include/isc/Makefile.in
+++ b/lib/isc/sparc64/include/isc/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2007, 2012, 2015 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@@ -18,7 +18,7 @@ srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
HEADERS = atomic.h
diff --git a/lib/isc/stats.c b/lib/isc/stats.c
index 03d2a8a7d103..368dadfc323e 100644
--- a/lib/isc/stats.c
+++ b/lib/isc/stats.c
@@ -35,13 +35,45 @@
#define ISC_STATS_MAGIC ISC_MAGIC('S', 't', 'a', 't')
#define ISC_STATS_VALID(x) ISC_MAGIC_VALID(x, ISC_STATS_MAGIC)
-#ifndef ISC_STATS_USEMULTIFIELDS
-#if defined(ISC_RWLOCK_USEATOMIC) && defined(ISC_PLATFORM_HAVEXADD) && !defined(ISC_PLATFORM_HAVEXADDQ)
+/*%
+ * Local macro confirming prescence of 64-bit
+ * increment and store operations, just to make
+ * the later macros simpler
+ */
+#if defined(ISC_PLATFORM_HAVEXADDQ) && defined(ISC_PLATFORM_HAVEATOMICSTOREQ)
+#define ISC_STATS_HAVEATOMICQ 1
+#else
+#define ISC_STATS_HAVEATOMICQ 0
+#endif
+
+/*%
+ * Only lock the counters if 64-bit atomic operations are
+ * not available but cheap atomic lock operations are.
+ * On a modern 64-bit system this should never be the case.
+ *
+ * Normal locks are too expensive to be used whenever a counter
+ * is updated.
+ */
+#if !ISC_STATS_HAVEATOMICQ && defined(ISC_RWLOCK_HAVEATOMIC)
+#define ISC_STATS_LOCKCOUNTERS 1
+#else
+#define ISC_STATS_LOCKCOUNTERS 0
+#endif
+
+/*%
+ * If 64-bit atomic operations are not available but
+ * 32-bit operations are then split the counter into two,
+ * using the atomic operations to try to ensure that any carry
+ * from the low word is correctly carried into the high word.
+ *
+ * Otherwise, just rely on standard 64-bit data types
+ * and operations
+ */
+#if !ISC_STATS_HAVEATOMICQ && defined(ISC_PLATFORM_HAVEXADD)
#define ISC_STATS_USEMULTIFIELDS 1
#else
#define ISC_STATS_USEMULTIFIELDS 0
#endif
-#endif /* ISC_STATS_USEMULTIFIELDS */
#if ISC_STATS_USEMULTIFIELDS
typedef struct {
@@ -65,7 +97,7 @@ struct isc_stats {
* Locked by counterlock or unlocked if efficient rwlock is not
* available.
*/
-#ifdef ISC_RWLOCK_USEATOMIC
+#if ISC_STATS_LOCKCOUNTERS
isc_rwlock_t counterlock;
#endif
isc_stat_t *counters;
@@ -111,7 +143,7 @@ create_stats(isc_mem_t *mctx, int ncounters, isc_stats_t **statsp) {
goto clean_counters;
}
-#ifdef ISC_RWLOCK_USEATOMIC
+#if ISC_STATS_LOCKCOUNTERS
result = isc_rwlock_init(&stats->counterlock, 0, 0);
if (result != ISC_R_SUCCESS)
goto clean_copiedcounters;
@@ -131,7 +163,7 @@ create_stats(isc_mem_t *mctx, int ncounters, isc_stats_t **statsp) {
clean_counters:
isc_mem_put(mctx, stats->counters, sizeof(isc_stat_t) * ncounters);
-#ifdef ISC_RWLOCK_USEATOMIC
+#if ISC_STATS_LOCKCOUNTERS
clean_copiedcounters:
isc_mem_put(mctx, stats->copiedcounters,
sizeof(isc_stat_t) * ncounters);
@@ -177,7 +209,7 @@ isc_stats_detach(isc_stats_t **statsp) {
sizeof(isc_stat_t) * stats->ncounters);
UNLOCK(&stats->lock);
DESTROYLOCK(&stats->lock);
-#ifdef ISC_RWLOCK_USEATOMIC
+#if ISC_STATS_LOCKCOUNTERS
isc_rwlock_destroy(&stats->counterlock);
#endif
isc_mem_putanddetach(&stats->mctx, stats, sizeof(*stats));
@@ -198,7 +230,7 @@ static inline void
incrementcounter(isc_stats_t *stats, int counter) {
isc_int32_t prev;
-#ifdef ISC_RWLOCK_USEATOMIC
+#if ISC_STATS_LOCKCOUNTERS
/*
* We use a "read" lock to prevent other threads from reading the
* counter while we "writing" a counter field. The write access itself
@@ -219,7 +251,7 @@ incrementcounter(isc_stats_t *stats, int counter) {
*/
if (prev == (isc_int32_t)0xffffffff)
isc_atomic_xadd((isc_int32_t *)&stats->counters[counter].hi, 1);
-#elif defined(ISC_PLATFORM_HAVEXADDQ)
+#elif ISC_STATS_HAVEATOMICQ
UNUSED(prev);
isc_atomic_xaddq((isc_int64_t *)&stats->counters[counter], 1);
#else
@@ -227,7 +259,7 @@ incrementcounter(isc_stats_t *stats, int counter) {
stats->counters[counter]++;
#endif
-#ifdef ISC_RWLOCK_USEATOMIC
+#if ISC_STATS_LOCKCOUNTERS
isc_rwlock_unlock(&stats->counterlock, isc_rwlocktype_read);
#endif
}
@@ -236,7 +268,7 @@ static inline void
decrementcounter(isc_stats_t *stats, int counter) {
isc_int32_t prev;
-#ifdef ISC_RWLOCK_USEATOMIC
+#if ISC_STATS_LOCKCOUNTERS
isc_rwlock_lock(&stats->counterlock, isc_rwlocktype_read);
#endif
@@ -245,7 +277,7 @@ decrementcounter(isc_stats_t *stats, int counter) {
if (prev == 0)
isc_atomic_xadd((isc_int32_t *)&stats->counters[counter].hi,
-1);
-#elif defined(ISC_PLATFORM_HAVEXADDQ)
+#elif ISC_STATS_HAVEATOMICQ
UNUSED(prev);
isc_atomic_xaddq((isc_int64_t *)&stats->counters[counter], -1);
#else
@@ -253,7 +285,7 @@ decrementcounter(isc_stats_t *stats, int counter) {
stats->counters[counter]--;
#endif
-#ifdef ISC_RWLOCK_USEATOMIC
+#if ISC_STATS_LOCKCOUNTERS
isc_rwlock_unlock(&stats->counterlock, isc_rwlocktype_read);
#endif
}
@@ -262,7 +294,7 @@ static void
copy_counters(isc_stats_t *stats) {
int i;
-#ifdef ISC_RWLOCK_USEATOMIC
+#if ISC_STATS_LOCKCOUNTERS
/*
* We use a "write" lock before "reading" the statistics counters as
* an exclusive lock.
@@ -270,19 +302,21 @@ copy_counters(isc_stats_t *stats) {
isc_rwlock_lock(&stats->counterlock, isc_rwlocktype_write);
#endif
-#if ISC_STATS_USEMULTIFIELDS
for (i = 0; i < stats->ncounters; i++) {
+#if ISC_STATS_USEMULTIFIELDS
stats->copiedcounters[i] =
- (isc_uint64_t)(stats->counters[i].hi) << 32 |
- stats->counters[i].lo;
- }
+ (isc_uint64_t)(stats->counters[i].hi) << 32 |
+ stats->counters[i].lo;
+#elif ISC_STATS_HAVEATOMICQ
+ /* use xaddq(..., 0) as an atomic load */
+ stats->copiedcounters[i] =
+ (isc_uint64_t)isc_atomic_xaddq((isc_int64_t *)&stats->counters[i], 0);
#else
- UNUSED(i);
- memmove(stats->copiedcounters, stats->counters,
- stats->ncounters * sizeof(isc_stat_t));
+ stats->copiedcounters[i] = stats->counters[i];
#endif
+ }
-#ifdef ISC_RWLOCK_USEATOMIC
+#if ISC_STATS_LOCKCOUNTERS
isc_rwlock_unlock(&stats->counterlock, isc_rwlocktype_write);
#endif
}
diff --git a/lib/isc/string.c b/lib/isc/string.c
index 56ec444bffaa..04a25943734d 100644
--- a/lib/isc/string.c
+++ b/lib/isc/string.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007, 2011, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2011, 2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -56,14 +56,14 @@
#include <isc/string.h>
#include <isc/util.h>
-static char digits[] = "0123456789abcdefghijklmnoprstuvwxyz";
+static const char digits[] = "0123456789abcdefghijklmnoprstuvwxyz";
isc_uint64_t
isc_string_touint64(char *source, char **end, int base) {
isc_uint64_t tmp;
isc_uint64_t overflow;
char *s = source;
- char *o;
+ const char *o;
char c;
if ((base < 0) || (base == 1) || (base > 36)) {
diff --git a/lib/isc/task.c b/lib/isc/task.c
index 3503801e4517..81785e9a835b 100644
--- a/lib/isc/task.c
+++ b/lib/isc/task.c
@@ -15,8 +15,6 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id$ */
-
/*! \file
* \author Principal Author: Bob Halley
*/
@@ -1638,11 +1636,11 @@ isc__taskmgr_dispatch(isc_taskmgr_t *manager0) {
ISC_TASKFUNC_SCOPE void
isc__taskmgr_pause(isc_taskmgr_t *manager0) {
isc__taskmgr_t *manager = (isc__taskmgr_t *)manager0;
+ manager->pause_requested = ISC_TRUE;
LOCK(&manager->lock);
while (manager->tasks_running > 0) {
WAIT(&manager->paused, &manager->lock);
}
- manager->pause_requested = ISC_TRUE;
UNLOCK(&manager->lock);
}
diff --git a/lib/isc/unix/file.c b/lib/isc/unix/file.c
index c2abd440e18c..3fc2a29125c4 100644
--- a/lib/isc/unix/file.c
+++ b/lib/isc/unix/file.c
@@ -204,8 +204,9 @@ isc_file_mktemplate(const char *path, char *buf, size_t buflen) {
isc_result_t
isc_file_template(const char *path, const char *templet, char *buf,
- size_t buflen) {
- char *s;
+ size_t buflen)
+{
+ const char *s;
REQUIRE(path != NULL);
REQUIRE(templet != NULL);
@@ -262,7 +263,7 @@ isc_file_renameunique(const char *file, char *templet) {
if (errno != EEXIST)
return (isc__errno2result(errno));
for (cp = x;;) {
- char *t;
+ const char *t;
if (*cp == '\0')
return (ISC_R_FAILURE);
t = strchr(alphnum, *cp);
@@ -461,7 +462,7 @@ isc_file_ischdiridempotent(const char *filename) {
const char *
isc_file_basename(const char *filename) {
- char *s;
+ const char *s;
REQUIRE(filename != NULL);
@@ -579,9 +580,11 @@ isc_file_safecreate(const char *filename, FILE **fp) {
}
isc_result_t
-isc_file_splitpath(isc_mem_t *mctx, char *path, char **dirname, char **basename)
+isc_file_splitpath(isc_mem_t *mctx, const char *path, char **dirname,
+ char const **basename)
{
- char *dir, *file, *slash;
+ char *dir;
+ const char *file, *slash;
if (path == NULL)
return (ISC_R_INVALIDFILE);
diff --git a/lib/isc/unix/include/isc/Makefile.in b/lib/isc/unix/include/isc/Makefile.in
index 9cd96d71b750..f37036ac10ff 100644
--- a/lib/isc/unix/include/isc/Makefile.in
+++ b/lib/isc/unix/include/isc/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004, 2007, 2012-2014 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2007, 2012-2015 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2001 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -19,7 +19,7 @@ srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
HEADERS = dir.h int.h keyboard.h net.h netdb.h offset.h stat.h \
stdtime.h strerror.h syslog.h time.h
diff --git a/lib/isc/unix/net.c b/lib/isc/unix/net.c
index c811d1ba4194..7ed73aad5b4f 100644
--- a/lib/isc/unix/net.c
+++ b/lib/isc/unix/net.c
@@ -103,10 +103,10 @@ const struct in6_addr isc_net_in6addrloop = IN6ADDR_LOOPBACK_INIT;
# if defined(WANT_IPV6)
static isc_once_t once_ipv6only = ISC_ONCE_INIT;
-# endif
-# if defined(ISC_PLATFORM_HAVEIN6PKTINFO)
+# if defined(ISC_PLATFORM_HAVEIN6PKTINFO)
static isc_once_t once_ipv6pktinfo = ISC_ONCE_INIT;
+# endif
# endif
#endif /* ISC_PLATFORM_HAVEIPV6 */
diff --git a/lib/isc/unix/socket.c b/lib/isc/unix/socket.c
index 5e6320d821c6..42fc47f6deaa 100644
--- a/lib/isc/unix/socket.c
+++ b/lib/isc/unix/socket.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1998-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -394,6 +394,9 @@ struct isc__socketmgr {
/* Locked by fdlock. */
isc__socket_t **fds;
int *fdstate;
+#if defined(USE_EPOLL)
+ uint32_t *epoll_events;
+#endif
#ifdef USE_DEVPOLL
pollinfo_t *fdpollinfo;
#endif
@@ -835,15 +838,27 @@ watch_fd(isc__socketmgr_t *manager, int fd, int msg) {
return (result);
#elif defined(USE_EPOLL)
struct epoll_event event;
+ uint32_t oldevents;
+ int ret;
+ int op;
+ oldevents = manager->epoll_events[fd];
if (msg == SELECT_POKE_READ)
- event.events = EPOLLIN;
+ manager->epoll_events[fd] |= EPOLLIN;
else
- event.events = EPOLLOUT;
+ manager->epoll_events[fd] |= EPOLLOUT;
+
+ event.events = manager->epoll_events[fd];
memset(&event.data, 0, sizeof(event.data));
event.data.fd = fd;
- if (epoll_ctl(manager->epoll_fd, EPOLL_CTL_ADD, fd, &event) == -1 &&
- errno != EEXIST) {
+
+ op = (oldevents == 0U) ? EPOLL_CTL_ADD : EPOLL_CTL_MOD;
+ ret = epoll_ctl(manager->epoll_fd, op, fd, &event);
+ if (ret == -1) {
+ if (errno == EEXIST)
+ UNEXPECTED_ERROR(__FILE__, __LINE__,
+ "epoll_ctl(ADD/MOD) returned "
+ "EEXIST for fd %d", fd);
result = isc__errno2result(errno);
}
@@ -903,15 +918,21 @@ unwatch_fd(isc__socketmgr_t *manager, int fd, int msg) {
return (result);
#elif defined(USE_EPOLL)
struct epoll_event event;
+ int ret;
+ int op;
if (msg == SELECT_POKE_READ)
- event.events = EPOLLIN;
+ manager->epoll_events[fd] &= ~(EPOLLIN);
else
- event.events = EPOLLOUT;
+ manager->epoll_events[fd] &= ~(EPOLLOUT);
+
+ event.events = manager->epoll_events[fd];
memset(&event.data, 0, sizeof(event.data));
event.data.fd = fd;
- if (epoll_ctl(manager->epoll_fd, EPOLL_CTL_DEL, fd, &event) == -1 &&
- errno != ENOENT) {
+
+ op = (event.events == 0U) ? EPOLL_CTL_DEL : EPOLL_CTL_MOD;
+ ret = epoll_ctl(manager->epoll_fd, op, fd, &event);
+ if (ret == -1 && errno != ENOENT) {
char strbuf[ISC_STRERRORSIZE];
isc__strerror(errno, strbuf, sizeof(strbuf));
UNEXPECTED_ERROR(__FILE__, __LINE__,
@@ -1553,15 +1574,19 @@ build_msghdr_recv(isc__socket_t *sock, isc_socketevent_t *dev,
msg->msg_iovlen = iovcount;
#ifdef ISC_NET_BSD44MSGHDR
- msg->msg_control = NULL;
- msg->msg_controllen = 0;
- msg->msg_flags = 0;
#if defined(USE_CMSG)
if (sock->type == isc_sockettype_udp) {
msg->msg_control = sock->recvcmsgbuf;
msg->msg_controllen = sock->recvcmsgbuflen;
+ } else {
+ msg->msg_control = NULL;
+ msg->msg_controllen = 0;
}
+#else
+ msg->msg_control = NULL;
+ msg->msg_controllen = 0;
#endif /* USE_CMSG */
+ msg->msg_flags = 0;
#else /* ISC_NET_BSD44MSGHDR */
msg->msg_accrights = NULL;
msg->msg_accrightslen = 0;
@@ -1872,8 +1897,11 @@ doio_send(isc__socket_t *sock, isc_socketevent_t *dev) {
if (send_errno == EINTR && ++attempts < NRETRIES)
goto resend;
- if (SOFT_ERROR(send_errno))
+ if (SOFT_ERROR(send_errno)) {
+ if (errno == EWOULDBLOCK || errno == EAGAIN)
+ dev->result = ISC_R_WOULDBLOCK;
return (DOIO_SOFT);
+ }
#define SOFT_OR_HARD(_system, _isc) \
if (send_errno == _system) { \
@@ -2035,7 +2063,7 @@ destroy(isc__socket_t **sockp) {
INSIST(ISC_LIST_EMPTY(sock->recv_list));
INSIST(ISC_LIST_EMPTY(sock->send_list));
INSIST(sock->connect_ev == NULL);
- REQUIRE(sock->fd == -1 || sock->fd < (int)manager->maxsocks);
+ INSIST(sock->fd >= -1 && sock->fd < (int)manager->maxsocks);
if (sock->fd >= 0) {
fd = sock->fd;
@@ -2192,8 +2220,8 @@ static void
free_socket(isc__socket_t **socketp) {
isc__socket_t *sock = *socketp;
- INSIST(sock->references == 0);
INSIST(VALID_SOCKET(sock));
+ INSIST(sock->references == 0);
INSIST(!sock->connecting);
INSIST(!sock->pending_recv);
INSIST(!sock->pending_send);
@@ -2633,6 +2661,9 @@ socket_create(isc_socketmgr_t *manager0, int pf, isc_sockettype_t type,
LOCK(&manager->fdlock[lockid]);
manager->fds[sock->fd] = sock;
manager->fdstate[sock->fd] = MANAGED;
+#if defined(USE_EPOLL)
+ manager->epoll_events[sock->fd] = 0;
+#endif
#ifdef USE_DEVPOLL
INSIST(sock->manager->fdpollinfo[sock->fd].want_read == 0 &&
sock->manager->fdpollinfo[sock->fd].want_write == 0);
@@ -2710,6 +2741,9 @@ isc__socket_open(isc_socket_t *sock0) {
LOCK(&sock->manager->fdlock[lockid]);
sock->manager->fds[sock->fd] = sock;
sock->manager->fdstate[sock->fd] = MANAGED;
+#if defined(USE_EPOLL)
+ sock->manager->epoll_events[sock->fd] = 0;
+#endif
#ifdef USE_DEVPOLL
INSIST(sock->manager->fdpollinfo[sock->fd].want_read == 0 &&
sock->manager->fdpollinfo[sock->fd].want_write == 0);
@@ -2747,6 +2781,9 @@ isc__socket_fdwatchcreate(isc_socketmgr_t *manager0, int fd, int flags,
REQUIRE(VALID_MANAGER(manager));
REQUIRE(socketp != NULL && *socketp == NULL);
+ if (fd < 0 || (unsigned int)fd >= manager->maxsocks)
+ return (ISC_R_RANGE);
+
result = allocate_socket(manager, isc_sockettype_fdwatch, &sock);
if (result != ISC_R_SUCCESS)
return (result);
@@ -2771,6 +2808,9 @@ isc__socket_fdwatchcreate(isc_socketmgr_t *manager0, int fd, int flags,
LOCK(&manager->fdlock[lockid]);
manager->fds[sock->fd] = sock;
manager->fdstate[sock->fd] = MANAGED;
+#if defined(USE_EPOLL)
+ manager->epoll_events[sock->fd] = 0;
+#endif
UNLOCK(&manager->fdlock[lockid]);
LOCK(&manager->lock);
@@ -3310,6 +3350,9 @@ internal_accept(isc_task_t *me, isc_event_t *ev) {
LOCK(&manager->fdlock[lockid]);
manager->fds[fd] = NEWCONNSOCK(dev);
manager->fdstate[fd] = MANAGED;
+#if defined(USE_EPOLL)
+ manager->epoll_events[fd] = 0;
+#endif
UNLOCK(&manager->fdlock[lockid]);
LOCK(&manager->lock);
@@ -4260,6 +4303,15 @@ isc__socketmgr_create2(isc_mem_t *mctx, isc_socketmgr_t **managerp,
result = ISC_R_NOMEMORY;
goto free_manager;
}
+#if defined(USE_EPOLL)
+ manager->epoll_events = isc_mem_get(mctx, (manager->maxsocks *
+ sizeof(uint32_t)));
+ if (manager->epoll_events == NULL) {
+ result = ISC_R_NOMEMORY;
+ goto free_manager;
+ }
+ memset(manager->epoll_events, 0, manager->maxsocks * sizeof(uint32_t));
+#endif
manager->stats = NULL;
manager->common.methods = &socketmgrmethods;
@@ -4329,7 +4381,9 @@ isc__socketmgr_create2(isc_mem_t *mctx, isc_socketmgr_t **managerp,
result = setup_watcher(mctx, manager);
if (result != ISC_R_SUCCESS)
goto cleanup;
+
memset(manager->fdstate, 0, manager->maxsocks * sizeof(int));
+
#ifdef USE_WATCHER_THREAD
/*
* Start up the select/poll thread.
@@ -4378,6 +4432,12 @@ free_manager:
isc_mem_put(mctx, manager->fdlock,
FDLOCK_COUNT * sizeof(isc_mutex_t));
}
+#if defined(USE_EPOLL)
+ if (manager->epoll_events != NULL) {
+ isc_mem_put(mctx, manager->epoll_events,
+ manager->maxsocks * sizeof(uint32_t));
+ }
+#endif
if (manager->fdstate != NULL) {
isc_mem_put(mctx, manager->fdstate,
manager->maxsocks * sizeof(int));
@@ -4493,6 +4553,10 @@ isc__socketmgr_destroy(isc_socketmgr_t **managerp) {
if (manager->fdstate[i] == CLOSE_PENDING) /* no need to lock */
(void)close(i);
+#if defined(USE_EPOLL)
+ isc_mem_put(manager->mctx, manager->epoll_events,
+ manager->maxsocks * sizeof(uint32_t));
+#endif
isc_mem_put(manager->mctx, manager->fds,
manager->maxsocks * sizeof(isc__socket_t *));
isc_mem_put(manager->mctx, manager->fdstate,
diff --git a/lib/isc/x86_32/include/isc/Makefile.in b/lib/isc/x86_32/include/isc/Makefile.in
index 4927e210f38e..df7561585b0a 100644
--- a/lib/isc/x86_32/include/isc/Makefile.in
+++ b/lib/isc/x86_32/include/isc/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2007, 2012, 2015 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@@ -18,7 +18,7 @@ srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
HEADERS = atomic.h
diff --git a/lib/isc/x86_32/include/isc/atomic.h b/lib/isc/x86_32/include/isc/atomic.h
index bf2148cb33f5..36088e4d53ae 100644
--- a/lib/isc/x86_32/include/isc/atomic.h
+++ b/lib/isc/x86_32/include/isc/atomic.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2005, 2007, 2008, 2015 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -62,7 +62,7 @@ isc_atomic_xaddq(isc_int64_t *p, isc_int64_t val) {
#endif /* ISC_PLATFORM_HAVEXADDQ */
/*
- * This routine atomically stores the value 'val' in 'p'.
+ * This routine atomically stores the value 'val' in 'p' (32-bit version).
*/
static __inline__ void
isc_atomic_store(isc_int32_t *p, isc_int32_t val) {
@@ -81,6 +81,28 @@ isc_atomic_store(isc_int32_t *p, isc_int32_t val) {
: "memory");
}
+#ifdef ISC_PLATFORM_HAVEATOMICSTOREQ
+/*
+ * This routine atomically stores the value 'val' in 'p' (64-bit version).
+ */
+static __inline__ void
+isc_atomic_storeq(isc_int64_t *p, isc_int64_t val) {
+ __asm__ volatile(
+#ifdef ISC_PLATFORM_USETHREADS
+ /*
+ * xchg should automatically lock memory, but we add it
+ * explicitly just in case (it at least doesn't harm)
+ */
+ "lock;"
+#endif
+
+ "xchgq %1, %0"
+ :
+ : "r"(val), "m"(*p)
+ : "memory");
+}
+#endif /* ISC_PLATFORM_HAVEATOMICSTOREQ */
+
/*
* This routine atomically replaces the value in 'p' with 'val', if the
* original value is equal to 'cmpval'. The original value is returned in any
diff --git a/lib/isc/x86_64/include/isc/Makefile.in b/lib/isc/x86_64/include/isc/Makefile.in
index 9a988bb76159..74b7f95cf3ec 100644
--- a/lib/isc/x86_64/include/isc/Makefile.in
+++ b/lib/isc/x86_64/include/isc/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2007, 2012, 2015 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@@ -18,7 +18,7 @@ srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
HEADERS = atomic.h
diff --git a/lib/isc/x86_64/include/isc/atomic.h b/lib/isc/x86_64/include/isc/atomic.h
index f57bd2a78672..431600b73c33 100644
--- a/lib/isc/x86_64/include/isc/atomic.h
+++ b/lib/isc/x86_64/include/isc/atomic.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2005, 2007, 2008, 2015, 2016 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -87,12 +87,26 @@ isc_atomic_store(isc_int32_t *p, isc_int32_t val) {
"lock;"
#endif
"xchgl (%rax), %edx\n"
- /*
- * XXX: assume %rax will be used as the return value.
- */
);
}
+#ifdef ISC_PLATFORM_HAVEATOMICSTOREQ
+static void
+isc_atomic_storeq(isc_int64_t *p, isc_int64_t val) {
+ UNUSED(p);
+ UNUSED(val);
+
+ __asm (
+ "movq %rdi, %rax\n"
+ "movq %rsi, %rdx\n"
+#ifdef ISC_PLATFORM_USETHREADS
+ "lock;"
+#endif
+ "xchgq (%rax), %rdx\n"
+ );
+}
+#endif
+
static isc_int32_t
isc_atomic_cmpxchg(isc_int32_t *p, isc_int32_t cmpval, isc_int32_t val) {
UNUSED(p);
@@ -100,6 +114,9 @@ isc_atomic_cmpxchg(isc_int32_t *p, isc_int32_t cmpval, isc_int32_t val) {
UNUSED(val);
__asm (
+ /*
+ * p is %rdi, cmpval is %esi, val is %edx.
+ */
"movl %edx, %ecx\n"
"movl %esi, %eax\n"
"movq %rdi, %rdx\n"
@@ -108,8 +125,12 @@ isc_atomic_cmpxchg(isc_int32_t *p, isc_int32_t cmpval, isc_int32_t val) {
"lock;"
#endif
/*
- * If (%rdi) == %eax then (%rdi) := %edx.
- * %eax is set to old (%ecx), which will be the return value.
+ * If [%rdi] == %eax then [%rdi] := %ecx (equal to %edx
+ * from above), and %eax is untouched (equal to %esi)
+ * from above.
+ *
+ * Else if [%rdi] != %eax then [%rdi] := [%rdi]
+ * (rewritten in write cycle) and %eax := [%rdi].
*/
"cmpxchgl %ecx, (%rdx)"
);
diff --git a/lib/isccc/Makefile.in b/lib/isccc/Makefile.in
index 843e510a6f06..b9561fbf7efa 100644
--- a/lib/isccc/Makefile.in
+++ b/lib/isccc/Makefile.in
@@ -19,7 +19,7 @@ srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
@LIBISCCC_API@
diff --git a/lib/isccc/cc.c b/lib/isccc/cc.c
index f98b72ae6798..88a7231280c0 100644
--- a/lib/isccc/cc.c
+++ b/lib/isccc/cc.c
@@ -29,8 +29,6 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: cc.c,v 1.18 2007/08/28 07:20:43 tbox Exp $ */
-
/*! \file */
#include <config.h>
@@ -85,8 +83,7 @@ static isc_result_t
list_towire(isccc_sexpr_t *alist, isccc_region_t *target);
static isc_result_t
-value_towire(isccc_sexpr_t *elt, isccc_region_t *target)
-{
+value_towire(isccc_sexpr_t *elt, isccc_region_t *target) {
unsigned int len;
unsigned char *lenp;
isccc_region_t *vr;
@@ -328,8 +325,7 @@ static isc_result_t
list_fromwire(isccc_region_t *source, isccc_sexpr_t **listp);
static isc_result_t
-value_fromwire(isccc_region_t *source, isccc_sexpr_t **valuep)
-{
+value_fromwire(isccc_region_t *source, isccc_sexpr_t **valuep) {
unsigned int msgtype;
isc_uint32_t len;
isccc_sexpr_t *value;
@@ -423,8 +419,7 @@ table_fromwire(isccc_region_t *source, isccc_region_t *secret,
}
static isc_result_t
-list_fromwire(isccc_region_t *source, isccc_sexpr_t **listp)
-{
+list_fromwire(isccc_region_t *source, isccc_sexpr_t **listp) {
isccc_sexpr_t *list, *value;
isc_result_t result;
@@ -439,7 +434,7 @@ list_fromwire(isccc_region_t *source, isccc_sexpr_t **listp)
if (isccc_sexpr_addtolist(&list, value) == NULL) {
isccc_sexpr_free(&value);
isccc_sexpr_free(&list);
- return (result);
+ return (ISC_R_NOMEMORY);
}
}
@@ -585,8 +580,7 @@ isccc_cc_createack(isccc_sexpr_t *message, isc_boolean_t ok,
}
isc_boolean_t
-isccc_cc_isack(isccc_sexpr_t *message)
-{
+isccc_cc_isack(isccc_sexpr_t *message) {
isccc_sexpr_t *_ctrl;
_ctrl = isccc_alist_lookup(message, "_ctrl");
@@ -598,8 +592,7 @@ isccc_cc_isack(isccc_sexpr_t *message)
}
isc_boolean_t
-isccc_cc_isreply(isccc_sexpr_t *message)
-{
+isccc_cc_isreply(isccc_sexpr_t *message) {
isccc_sexpr_t *_ctrl;
_ctrl = isccc_alist_lookup(message, "_ctrl");
@@ -672,8 +665,7 @@ isccc_cc_createresponse(isccc_sexpr_t *message, isccc_time_t now,
}
isccc_sexpr_t *
-isccc_cc_definestring(isccc_sexpr_t *alist, const char *key, const char *str)
-{
+isccc_cc_definestring(isccc_sexpr_t *alist, const char *key, const char *str) {
size_t len;
isccc_region_t r;
@@ -685,8 +677,7 @@ isccc_cc_definestring(isccc_sexpr_t *alist, const char *key, const char *str)
}
isccc_sexpr_t *
-isccc_cc_defineuint32(isccc_sexpr_t *alist, const char *key, isc_uint32_t i)
-{
+isccc_cc_defineuint32(isccc_sexpr_t *alist, const char *key, isc_uint32_t i) {
char b[100];
size_t len;
isccc_region_t r;
@@ -700,8 +691,7 @@ isccc_cc_defineuint32(isccc_sexpr_t *alist, const char *key, isc_uint32_t i)
}
isc_result_t
-isccc_cc_lookupstring(isccc_sexpr_t *alist, const char *key, char **strp)
-{
+isccc_cc_lookupstring(isccc_sexpr_t *alist, const char *key, char **strp) {
isccc_sexpr_t *kv, *v;
REQUIRE(strp == NULL || *strp == NULL);
@@ -754,9 +744,7 @@ symtab_undefine(char *key, unsigned int type, isccc_symvalue_t value,
}
static isc_boolean_t
-symtab_clean(char *key, unsigned int type, isccc_symvalue_t value,
- void *arg)
-{
+symtab_clean(char *key, unsigned int type, isccc_symvalue_t value, void *arg) {
isccc_time_t *now;
UNUSED(key);
@@ -772,21 +760,18 @@ symtab_clean(char *key, unsigned int type, isccc_symvalue_t value,
}
isc_result_t
-isccc_cc_createsymtab(isccc_symtab_t **symtabp)
-{
+isccc_cc_createsymtab(isccc_symtab_t **symtabp) {
return (isccc_symtab_create(11897, symtab_undefine, NULL, ISC_FALSE,
symtabp));
}
void
-isccc_cc_cleansymtab(isccc_symtab_t *symtab, isccc_time_t now)
-{
+isccc_cc_cleansymtab(isccc_symtab_t *symtab, isccc_time_t now) {
isccc_symtab_foreach(symtab, symtab_clean, &now);
}
static isc_boolean_t
-has_whitespace(const char *str)
-{
+has_whitespace(const char *str) {
char c;
if (str == NULL)
diff --git a/lib/isccc/include/isccc/Makefile.in b/lib/isccc/include/isccc/Makefile.in
index c4af19a74968..98a99616ec14 100644
--- a/lib/isccc/include/isccc/Makefile.in
+++ b/lib/isccc/include/isccc/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2007, 2012, 2015 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2001 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -19,7 +19,7 @@ srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
#
# Only list headers that are to be installed and are not
diff --git a/lib/isccc/sexpr.c b/lib/isccc/sexpr.c
index 9b7d5d7f3749..adf27bde79d6 100644
--- a/lib/isccc/sexpr.c
+++ b/lib/isccc/sexpr.c
@@ -29,8 +29,6 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: sexpr.c,v 1.9 2007/08/28 07:20:43 tbox Exp $ */
-
/*! \file */
#include <config.h>
@@ -50,8 +48,7 @@ static isccc_sexpr_t sexpr_t = { ISCCC_SEXPRTYPE_T, { NULL } };
#define CDR(s) (s)->value.as_dottedpair.cdr
isccc_sexpr_t *
-isccc_sexpr_cons(isccc_sexpr_t *car, isccc_sexpr_t *cdr)
-{
+isccc_sexpr_cons(isccc_sexpr_t *car, isccc_sexpr_t *cdr) {
isccc_sexpr_t *sexpr;
sexpr = malloc(sizeof(*sexpr));
@@ -65,14 +62,12 @@ isccc_sexpr_cons(isccc_sexpr_t *car, isccc_sexpr_t *cdr)
}
isccc_sexpr_t *
-isccc_sexpr_tconst(void)
-{
+isccc_sexpr_tconst(void) {
return (&sexpr_t);
}
isccc_sexpr_t *
-isccc_sexpr_fromstring(const char *str)
-{
+isccc_sexpr_fromstring(const char *str) {
isccc_sexpr_t *sexpr;
sexpr = malloc(sizeof(*sexpr));
@@ -89,8 +84,7 @@ isccc_sexpr_fromstring(const char *str)
}
isccc_sexpr_t *
-isccc_sexpr_frombinary(const isccc_region_t *region)
-{
+isccc_sexpr_frombinary(const isccc_region_t *region) {
isccc_sexpr_t *sexpr;
unsigned int region_size;
@@ -123,8 +117,7 @@ isccc_sexpr_frombinary(const isccc_region_t *region)
}
void
-isccc_sexpr_free(isccc_sexpr_t **sexprp)
-{
+isccc_sexpr_free(isccc_sexpr_t **sexprp) {
isccc_sexpr_t *sexpr;
isccc_sexpr_t *item;
@@ -153,8 +146,7 @@ isccc_sexpr_free(isccc_sexpr_t **sexprp)
}
static isc_boolean_t
-printable(isccc_region_t *r)
-{
+printable(isccc_region_t *r) {
unsigned char *curr;
curr = r->rstart;
@@ -168,8 +160,7 @@ printable(isccc_region_t *r)
}
void
-isccc_sexpr_print(isccc_sexpr_t *sexpr, FILE *stream)
-{
+isccc_sexpr_print(isccc_sexpr_t *sexpr, FILE *stream) {
isccc_sexpr_t *cdr;
unsigned int size, i;
unsigned char *curr;
@@ -220,40 +211,35 @@ isccc_sexpr_print(isccc_sexpr_t *sexpr, FILE *stream)
}
isccc_sexpr_t *
-isccc_sexpr_car(isccc_sexpr_t *list)
-{
+isccc_sexpr_car(isccc_sexpr_t *list) {
REQUIRE(list->type == ISCCC_SEXPRTYPE_DOTTEDPAIR);
return (CAR(list));
}
isccc_sexpr_t *
-isccc_sexpr_cdr(isccc_sexpr_t *list)
-{
+isccc_sexpr_cdr(isccc_sexpr_t *list) {
REQUIRE(list->type == ISCCC_SEXPRTYPE_DOTTEDPAIR);
return (CDR(list));
}
void
-isccc_sexpr_setcar(isccc_sexpr_t *pair, isccc_sexpr_t *car)
-{
+isccc_sexpr_setcar(isccc_sexpr_t *pair, isccc_sexpr_t *car) {
REQUIRE(pair->type == ISCCC_SEXPRTYPE_DOTTEDPAIR);
CAR(pair) = car;
}
void
-isccc_sexpr_setcdr(isccc_sexpr_t *pair, isccc_sexpr_t *cdr)
-{
+isccc_sexpr_setcdr(isccc_sexpr_t *pair, isccc_sexpr_t *cdr) {
REQUIRE(pair->type == ISCCC_SEXPRTYPE_DOTTEDPAIR);
CDR(pair) = cdr;
}
isccc_sexpr_t *
-isccc_sexpr_addtolist(isccc_sexpr_t **l1p, isccc_sexpr_t *l2)
-{
+isccc_sexpr_addtolist(isccc_sexpr_t **l1p, isccc_sexpr_t *l2) {
isccc_sexpr_t *last, *elt, *l1;
REQUIRE(l1p != NULL);
@@ -275,40 +261,35 @@ isccc_sexpr_addtolist(isccc_sexpr_t **l1p, isccc_sexpr_t *l2)
}
isc_boolean_t
-isccc_sexpr_listp(isccc_sexpr_t *sexpr)
-{
+isccc_sexpr_listp(isccc_sexpr_t *sexpr) {
if (sexpr == NULL || sexpr->type == ISCCC_SEXPRTYPE_DOTTEDPAIR)
return (ISC_TRUE);
return (ISC_FALSE);
}
isc_boolean_t
-isccc_sexpr_emptyp(isccc_sexpr_t *sexpr)
-{
+isccc_sexpr_emptyp(isccc_sexpr_t *sexpr) {
if (sexpr == NULL)
return (ISC_TRUE);
return (ISC_FALSE);
}
isc_boolean_t
-isccc_sexpr_stringp(isccc_sexpr_t *sexpr)
-{
+isccc_sexpr_stringp(isccc_sexpr_t *sexpr) {
if (sexpr != NULL && sexpr->type == ISCCC_SEXPRTYPE_STRING)
return (ISC_TRUE);
return (ISC_FALSE);
}
isc_boolean_t
-isccc_sexpr_binaryp(isccc_sexpr_t *sexpr)
-{
+isccc_sexpr_binaryp(isccc_sexpr_t *sexpr) {
if (sexpr != NULL && sexpr->type == ISCCC_SEXPRTYPE_BINARY)
return (ISC_TRUE);
return (ISC_FALSE);
}
char *
-isccc_sexpr_tostring(isccc_sexpr_t *sexpr)
-{
+isccc_sexpr_tostring(isccc_sexpr_t *sexpr) {
REQUIRE(sexpr != NULL &&
(sexpr->type == ISCCC_SEXPRTYPE_STRING ||
sexpr->type == ISCCC_SEXPRTYPE_BINARY));
@@ -319,8 +300,7 @@ isccc_sexpr_tostring(isccc_sexpr_t *sexpr)
}
isccc_region_t *
-isccc_sexpr_tobinary(isccc_sexpr_t *sexpr)
-{
+isccc_sexpr_tobinary(isccc_sexpr_t *sexpr) {
REQUIRE(sexpr != NULL && sexpr->type == ISCCC_SEXPRTYPE_BINARY);
return (&sexpr->value.as_region);
}
diff --git a/lib/isccfg/Makefile.in b/lib/isccfg/Makefile.in
index 6e07da3dcedd..db4577bfb153 100644
--- a/lib/isccfg/Makefile.in
+++ b/lib/isccfg/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004, 2005, 2007, 2009, 2011, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2005, 2007, 2009, 2011, 2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2001-2003 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -19,7 +19,7 @@ srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
@LIBISCCFG_API@
diff --git a/lib/isccfg/aclconf.c b/lib/isccfg/aclconf.c
index e1b68971738a..38fef0f57755 100644
--- a/lib/isccfg/aclconf.c
+++ b/lib/isccfg/aclconf.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2012, 2014 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2012, 2014, 2016 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -254,10 +254,11 @@ count_acl_elements(const cfg_obj_t *caml, const cfg_obj_t *cctx,
} else if (cfg_obj_isstring(ce)) {
const char *name = cfg_obj_asstring(ce);
if (strcasecmp(name, "localhost") == 0 ||
- strcasecmp(name, "localnets") == 0) {
+ strcasecmp(name, "localnets") == 0 ||
+ strcasecmp(name, "none") == 0)
+ {
n++;
- } else if (strcasecmp(name, "any") != 0 &&
- strcasecmp(name, "none") != 0) {
+ } else if (strcasecmp(name, "any") != 0) {
dns_acl_t *inneracl = NULL;
/*
* Convert any named acls we reference now if
diff --git a/lib/isccfg/api b/lib/isccfg/api
index bb8c0f039480..6bcfb1bc37d0 100644
--- a/lib/isccfg/api
+++ b/lib/isccfg/api
@@ -5,5 +5,5 @@
# 9.9: 90-109
# 9.9-sub: 130-139
LIBINTERFACE = 93
-LIBREVISION = 0
+LIBREVISION = 1
LIBAGE = 3
diff --git a/lib/isccfg/include/isccfg/Makefile.in b/lib/isccfg/include/isccfg/Makefile.in
index d6f395ca72b0..84911c6f14c3 100644
--- a/lib/isccfg/include/isccfg/Makefile.in
+++ b/lib/isccfg/include/isccfg/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2005, 2007, 2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2001, 2002 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -19,7 +19,7 @@ srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
#
# Only list headers that are to be installed and are not
diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c
index 0787ec5e0ddc..d95a03a61433 100644
--- a/lib/isccfg/namedconf.c
+++ b/lib/isccfg/namedconf.c
@@ -53,7 +53,8 @@ parse_enum_or_other(cfg_parser_t *pctx, const cfg_type_t *enumtype,
const cfg_type_t *othertype, cfg_obj_t **ret);
static void
-doc_enum_or_other(cfg_printer_t *pctx, const cfg_type_t *type);
+doc_enum_or_other(cfg_printer_t *pctx, const cfg_type_t *enumtype,
+ const cfg_type_t *othertype);
static isc_result_t
parse_keyvalue(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret);
@@ -553,8 +554,12 @@ static isc_result_t
parse_zonestat(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) {
return (parse_enum_or_other(pctx, type, &cfg_type_boolean, ret));
}
+static void
+doc_zonestat(cfg_printer_t *pctx, const cfg_type_t *type) {
+ doc_enum_or_other(pctx, type, &cfg_type_boolean);
+}
static cfg_type_t cfg_type_zonestat = {
- "zonestat", parse_zonestat, cfg_print_ustring, doc_enum_or_other,
+ "zonestat", parse_zonestat, cfg_print_ustring, doc_zonestat,
&cfg_rep_string, zonestat_enums
};
@@ -769,13 +774,18 @@ static cfg_type_t cfg_type_serverid = {
/*%
* Port list.
*/
+static void
+print_porttuple(cfg_printer_t *pctx, const cfg_obj_t *obj) {
+ cfg_print_cstr(pctx, "range ");
+ cfg_print_tuple(pctx, obj);
+}
static cfg_tuplefielddef_t porttuple_fields[] = {
{ "loport", &cfg_type_uint32, 0 },
{ "hiport", &cfg_type_uint32, 0 },
{ NULL, NULL, 0 }
};
static cfg_type_t cfg_type_porttuple = {
- "porttuple", cfg_parse_tuple, cfg_print_tuple, cfg_doc_tuple,
+ "porttuple", cfg_parse_tuple, print_porttuple, cfg_doc_tuple,
&cfg_rep_tuple, porttuple_fields
};
@@ -845,7 +855,6 @@ static cfg_type_t cfg_type_bracketed_portlist = {
&cfg_rep_list, &cfg_type_portrange
};
-#ifdef ENABLE_FETCHLIMIT
/*%
* fetch-quota-params
*/
@@ -876,8 +885,7 @@ parse_optional_response(cfg_parser_t *pctx, const cfg_type_t *type,
static void
doc_optional_response(cfg_printer_t *pctx, const cfg_type_t *type) {
- UNUSED(type);
- cfg_print_cstr(pctx, "[ ( drop | fail ) ]");
+ doc_enum_or_other(pctx, type, &cfg_type_void);
}
static cfg_type_t cfg_type_responsetype = {
@@ -895,7 +903,6 @@ static cfg_type_t cfg_type_fetchesper = {
"fetchesper", cfg_parse_tuple, cfg_print_tuple, cfg_doc_tuple,
&cfg_rep_tuple, fetchesper_fields
};
-#endif /* ENABLE_FETCHLIMIT */
/*%
* Clauses that can be found within the top level of the named.conf
@@ -1001,7 +1008,7 @@ options_clauses[] = {
{ "transfers-out", &cfg_type_uint32, 0 },
{ "treat-cr-as-space", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
{ "use-id-pool", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
- { "use-ixfr", &cfg_type_boolean, 0 },
+ { "use-ixfr", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
{ "use-v4-udp-ports", &cfg_type_bracketed_portlist, 0 },
{ "use-v6-udp-ports", &cfg_type_bracketed_portlist, 0 },
{ "version", &cfg_type_qstringornone, 0 },
@@ -1443,6 +1450,10 @@ view_clauses[] = {
{ "fetch-quota-params", &cfg_type_fetchquota, 0 },
{ "fetches-per-server", &cfg_type_fetchesper, 0 },
{ "fetches-per-zone", &cfg_type_fetchesper, 0 },
+#else
+ { "fetch-quota-params", &cfg_type_fetchquota, CFG_CLAUSEFLAG_NOTCONFIGURED },
+ { "fetches-per-server", &cfg_type_fetchesper, CFG_CLAUSEFLAG_NOTCONFIGURED },
+ { "fetches-per-zone", &cfg_type_fetchesper, CFG_CLAUSEFLAG_NOTCONFIGURED },
#endif /* ENABLE_FETCHLIMIT */
{ "ixfr-from-differences", &cfg_type_ixfrdifftype, 0 },
{ "lame-ttl", &cfg_type_uint32, 0 },
@@ -1964,9 +1975,14 @@ parse_size(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) {
return (parse_enum_or_other(pctx, type, &cfg_type_sizeval, ret));
}
+static void
+doc_size(cfg_printer_t *pctx, const cfg_type_t *type) {
+ doc_enum_or_other(pctx, type, &cfg_type_sizeval);
+}
+
static const char *size_enums[] = { "unlimited", "default", NULL };
static cfg_type_t cfg_type_size = {
- "size", parse_size, cfg_print_ustring, cfg_doc_terminal,
+ "size", parse_size, cfg_print_ustring, doc_size,
&cfg_rep_string, size_enums
};
@@ -2028,12 +2044,34 @@ parse_enum_or_other(cfg_parser_t *pctx, const cfg_type_t *enumtype,
}
static void
-doc_enum_or_other(cfg_printer_t *pctx, const cfg_type_t *type) {
- cfg_doc_terminal(pctx, type);
-#if 0 /* XXX */
- cfg_print_chars(pctx, "( ", 2);...
-#endif
+doc_enum_or_other(cfg_printer_t *pctx, const cfg_type_t *enumtype,
+ const cfg_type_t *othertype)
+{
+ const char * const *p;
+ isc_boolean_t first = ISC_TRUE;
+ /*
+ * If othertype is cfg_type_void, it means that enumtype is
+ * optional.
+ */
+
+ if (othertype == &cfg_type_void)
+ cfg_print_cstr(pctx, "[ ");
+ cfg_print_cstr(pctx, "( ");
+ for (p = enumtype->of; *p != NULL; p++) {
+ if (!first)
+ cfg_print_cstr(pctx, " | ");
+ first = ISC_FALSE;
+ cfg_print_cstr(pctx, *p);
+ }
+ if (othertype != &cfg_type_void) {
+ if (!first)
+ cfg_print_cstr(pctx, " | ");
+ cfg_doc_terminal(pctx, othertype);
+ }
+ cfg_print_cstr(pctx, " )");
+ if (othertype == &cfg_type_void)
+ cfg_print_cstr(pctx, " ]");
}
static isc_result_t
@@ -2078,8 +2116,12 @@ static isc_result_t
parse_dialup_type(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) {
return (parse_enum_or_other(pctx, type, &cfg_type_boolean, ret));
}
+static void
+doc_dialup_type(cfg_printer_t *pctx, const cfg_type_t *type) {
+ doc_enum_or_other(pctx, type, &cfg_type_boolean);
+}
static cfg_type_t cfg_type_dialuptype = {
- "dialuptype", parse_dialup_type, cfg_print_ustring, doc_enum_or_other,
+ "dialuptype", parse_dialup_type, cfg_print_ustring, doc_dialup_type,
&cfg_rep_string, dialup_enums
};
@@ -2088,18 +2130,28 @@ static isc_result_t
parse_notify_type(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) {
return (parse_enum_or_other(pctx, type, &cfg_type_boolean, ret));
}
+static void
+doc_notify_type(cfg_printer_t *pctx, const cfg_type_t *type) {
+ doc_enum_or_other(pctx, type, &cfg_type_boolean);
+}
static cfg_type_t cfg_type_notifytype = {
- "notifytype", parse_notify_type, cfg_print_ustring, doc_enum_or_other,
+ "notifytype", parse_notify_type, cfg_print_ustring, doc_notify_type,
&cfg_rep_string, notify_enums,
};
static const char *ixfrdiff_enums[] = { "master", "slave", NULL };
static isc_result_t
-parse_ixfrdiff_type(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) {
+parse_ixfrdiff_type(cfg_parser_t *pctx, const cfg_type_t *type,
+ cfg_obj_t **ret)
+{
return (parse_enum_or_other(pctx, type, &cfg_type_boolean, ret));
}
+static void
+doc_ixfrdiff_type(cfg_printer_t *pctx, const cfg_type_t *type) {
+ doc_enum_or_other(pctx, type, &cfg_type_boolean);
+}
static cfg_type_t cfg_type_ixfrdifftype = {
- "ixfrdiff", parse_ixfrdiff_type, cfg_print_ustring, doc_enum_or_other,
+ "ixfrdiff", parse_ixfrdiff_type, cfg_print_ustring, doc_ixfrdiff_type,
&cfg_rep_string, ixfrdiff_enums,
};
@@ -2109,9 +2161,13 @@ parse_v4_aaaa(cfg_parser_t *pctx, const cfg_type_t *type,
cfg_obj_t **ret) {
return (parse_enum_or_other(pctx, type, &cfg_type_boolean, ret));
}
+static void
+doc_v4_aaaa(cfg_printer_t *pctx, const cfg_type_t *type) {
+ doc_enum_or_other(pctx, type, &cfg_type_boolean);
+}
static cfg_type_t cfg_type_v4_aaaa = {
"v4_aaaa", parse_v4_aaaa, cfg_print_ustring,
- doc_enum_or_other, &cfg_rep_string, v4_aaaa_enums,
+ doc_v4_aaaa, &cfg_rep_string, v4_aaaa_enums,
};
static keyword_type_t key_kw = { "key", &cfg_type_astring };
@@ -2281,8 +2337,14 @@ parse_optional_class(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret
return (result);
}
+static void
+doc_optional_class(cfg_printer_t *pctx, const cfg_type_t *type) {
+ UNUSED(type);
+ cfg_print_cstr(pctx, "[ <class> ]");
+}
+
static cfg_type_t cfg_type_optional_class = {
- "optional_class", parse_optional_class, NULL, cfg_doc_terminal,
+ "optional_class", parse_optional_class, NULL, doc_optional_class,
NULL, NULL
};
@@ -2531,9 +2593,15 @@ parse_optional_facility(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **
return (result);
}
+static void
+doc_optional_facility(cfg_printer_t *pctx, const cfg_type_t *type) {
+ UNUSED(type);
+ cfg_print_cstr(pctx, "[ <syslog_facility> ]");
+}
+
static cfg_type_t cfg_type_optional_facility = {
- "optional_facility", parse_optional_facility, NULL, cfg_doc_terminal,
- NULL, NULL };
+ "optional_facility", parse_optional_facility, NULL,
+ doc_optional_facility, NULL, NULL };
/*%
@@ -2592,8 +2660,13 @@ parse_logversions(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) {
return (parse_enum_or_other(pctx, type, &cfg_type_uint32, ret));
}
+static void
+doc_logversions(cfg_printer_t *pctx, const cfg_type_t *type) {
+ doc_enum_or_other(pctx, type, &cfg_type_uint32);
+}
+
static cfg_type_t cfg_type_logversions = {
- "logversions", parse_logversions, cfg_print_ustring, cfg_doc_terminal,
+ "logversions", parse_logversions, cfg_print_ustring, doc_logversions,
&cfg_rep_string, logversions_enums
};
diff --git a/lib/isccfg/parser.c b/lib/isccfg/parser.c
index 7c969961f4ca..c3eb5b105b3e 100644
--- a/lib/isccfg/parser.c
+++ b/lib/isccfg/parser.c
@@ -262,10 +262,11 @@ cfg_print_tuple(cfg_printer_t *pctx, const cfg_obj_t *obj) {
for (f = fields, i = 0; f->name != NULL; f++, i++) {
const cfg_obj_t *fieldobj = obj->value.tuple[i];
- if (need_space)
- cfg_print_chars(pctx, " ", 1);
+ if (need_space && fieldobj->type->rep != &cfg_rep_void)
+ cfg_print_cstr(pctx, " ");
cfg_print_obj(pctx, fieldobj);
- need_space = ISC_TF(fieldobj->type->print != cfg_print_void);
+ need_space = ISC_TF(need_space ||
+ fieldobj->type->print != cfg_print_void);
}
}
@@ -277,7 +278,7 @@ cfg_doc_tuple(cfg_printer_t *pctx, const cfg_type_t *type) {
for (f = fields; f->name != NULL; f++) {
if (need_space)
- cfg_print_chars(pctx, " ", 1);
+ cfg_print_cstr(pctx, " ");
cfg_doc_obj(pctx, f->type);
need_space = ISC_TF(f->type->print != cfg_print_void);
}
diff --git a/lib/lwres/Makefile.in b/lib/lwres/Makefile.in
index dd8eb65eed5f..e0d1ec6ba04e 100644
--- a/lib/lwres/Makefile.in
+++ b/lib/lwres/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004, 2005, 2007, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2005, 2007, 2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2000, 2001 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -19,7 +19,7 @@ srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
@LIBLWRES_API@
diff --git a/lib/lwres/man/Makefile.in b/lib/lwres/man/Makefile.in
index 80db9f2ff5dd..f8446fed69d1 100644
--- a/lib/lwres/man/Makefile.in
+++ b/lib/lwres/man/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2007, 2012, 2015 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2001 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -19,7 +19,7 @@ srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
-@BIND9_VERSION@
+VERSION=@BIND9_VERSION@
@BIND9_MAKE_RULES@
diff --git a/lib/lwres/man/lwres.3 b/lib/lwres/man/lwres.3
index 2c03e3ae9ff1..4d1eec7e67b0 100644
--- a/lib/lwres/man/lwres.3
+++ b/lib/lwres/man/lwres.3
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,36 +13,54 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id$
-.\"
.hy 0
.ad l
+'\" t
.\" Title: lwres
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: June 18, 2007
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 2007-06-18
.\" Manual: BIND9
-.\" Source: BIND9
+.\" Source: ISC
+.\" Language: English
.\"
-.TH "LWRES" "3" "June 18, 2007" "BIND9" "BIND9"
+.TH "LWRES" "3" "2007\-06\-18" "ISC" "BIND9"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
.SH "NAME"
lwres \- introduction to the lightweight resolver library
.SH "SYNOPSIS"
+.sp
+.ft B
.nf
-#include <lwres/lwres.h>
+#include <lwres/lwres\&.h>
.fi
+.ft
.SH "DESCRIPTION"
.PP
-The BIND 9 lightweight resolver library is a simple, name service independent stub resolver library. It provides hostname\-to\-address and address\-to\-hostname lookup services to applications by transmitting lookup requests to a resolver daemon
+The BIND 9 lightweight resolver library is a simple, name service independent stub resolver library\&. It provides hostname\-to\-address and address\-to\-hostname lookup services to applications by transmitting lookup requests to a resolver daemon
\fBlwresd\fR
-running on the local host. The resolver daemon performs the lookup using the DNS or possibly other name service protocols, and returns the results to the application through the library. The library and resolver daemon communicate using a simple UDP\-based protocol.
+running on the local host\&. The resolver daemon performs the lookup using the DNS or possibly other name service protocols, and returns the results to the application through the library\&. The library and resolver daemon communicate using a simple UDP\-based protocol\&.
.SH "OVERVIEW"
.PP
-The lwresd library implements multiple name service APIs. The standard
+The lwresd library implements multiple name service APIs\&. The standard
\fBgethostbyname()\fR,
\fBgethostbyaddr()\fR,
\fBgethostbyname_r()\fR,
@@ -50,66 +68,66 @@ The lwresd library implements multiple name service APIs. The standard
\fBgetaddrinfo()\fR,
\fBgetipnodebyname()\fR, and
\fBgetipnodebyaddr()\fR
-functions are all supported. To allow the lwres library to coexist with system libraries that define functions of the same name, the library defines these functions with names prefixed by
-lwres_. To define the standard names, applications must include the header file
-\fI<lwres/netdb.h>\fR
+functions are all supported\&. To allow the lwres library to coexist with system libraries that define functions of the same name, the library defines these functions with names prefixed by
+lwres_\&. To define the standard names, applications must include the header file
+<lwres/netdb\&.h>
which contains macro definitions mapping the standard function names into
lwres_
-prefixed ones. Operating system vendors who integrate the lwres library into their base distributions should rename the functions in the library proper so that the renaming macros are not needed.
+prefixed ones\&. Operating system vendors who integrate the lwres library into their base distributions should rename the functions in the library proper so that the renaming macros are not needed\&.
.PP
The library also provides a native API consisting of the functions
\fBlwres_getaddrsbyname()\fR
and
-\fBlwres_getnamebyaddr()\fR. These may be called by applications that require more detailed control over the lookup process than the standard functions provide.
+\fBlwres_getnamebyaddr()\fR\&. These may be called by applications that require more detailed control over the lookup process than the standard functions provide\&.
.PP
In addition to these name service independent address lookup functions, the library implements a new, experimental API for looking up arbitrary DNS resource records, using the
\fBlwres_getaddrsbyname()\fR
-function.
+function\&.
.PP
-Finally, there is a low\-level API for converting lookup requests and responses to and from raw lwres protocol packets. This API can be used by clients requiring nonblocking operation, and is also used when implementing the server side of the lwres protocol, for example in the
+Finally, there is a low\-level API for converting lookup requests and responses to and from raw lwres protocol packets\&. This API can be used by clients requiring nonblocking operation, and is also used when implementing the server side of the lwres protocol, for example in the
\fBlwresd\fR
-resolver daemon. The use of this low\-level API in clients and servers is outlined in the following sections.
-.SH "CLIENT\-SIDE LOW\-LEVEL API CALL FLOW"
+resolver daemon\&. The use of this low\-level API in clients and servers is outlined in the following sections\&.
+.SH "CLIENT-SIDE LOW-LEVEL API CALL FLOW"
.PP
-When a client program wishes to make an lwres request using the native low\-level API, it typically performs the following sequence of actions.
+When a client program wishes to make an lwres request using the native low\-level API, it typically performs the following sequence of actions\&.
.PP
(1) Allocate or use an existing
\fBlwres_packet_t\fR, called
\fIpkt\fR
-below.
+below\&.
.PP
(2) Set
-pkt.recvlength
-to the maximum length we will accept. This is done so the receiver of our packets knows how large our receive buffer is. The "default" is a constant in
-\fIlwres.h\fR:
-\fBLWRES_RECVLENGTH = 4096\fR.
+\fIpkt\&.recvlength\fR
+to the maximum length we will accept\&. This is done so the receiver of our packets knows how large our receive buffer is\&. The "default" is a constant in
+lwres\&.h:
+\fBLWRES_RECVLENGTH = 4096\fR\&.
.PP
(3) Set
-pkt.serial
-to a unique serial number. This value is echoed back to the application by the remote server.
+\fIpkt\&.serial\fR
+to a unique serial number\&. This value is echoed back to the application by the remote server\&.
.PP
(4) Set
-pkt.pktflags. Usually this is set to 0.
+\fIpkt\&.pktflags\fR\&. Usually this is set to 0\&.
.PP
(5) Set
-pkt.result
-to 0.
+\fIpkt\&.result\fR
+to 0\&.
.PP
(6) Call
\fBlwres_*request_render()\fR, or marshall in the data using the primitives such as
\fBlwres_packet_render()\fR
-and storing the packet data.
+and storing the packet data\&.
.PP
-(7) Transmit the resulting buffer.
+(7) Transmit the resulting buffer\&.
.PP
(8) Call
\fBlwres_*response_parse()\fR
-to parse any packets received.
+to parse any packets received\&.
.PP
-(9) Verify that the opcode and serial match a request, and process the packet specific information contained in the body.
-.SH "SERVER\-SIDE LOW\-LEVEL API CALL FLOW"
+(9) Verify that the opcode and serial match a request, and process the packet specific information contained in the body\&.
+.SH "SERVER-SIDE LOW-LEVEL API CALL FLOW"
.PP
-When implementing the server side of the lightweight resolver protocol using the lwres library, a sequence of actions like the following is typically involved in processing each request packet.
+When implementing the server side of the lightweight resolver protocol using the lwres library, a sequence of actions like the following is typically involved in processing each request packet\&.
.PP
Note that the same
\fBlwres_packet_t\fR
@@ -117,34 +135,34 @@ is used in both the
\fB_parse()\fR
and
\fB_render()\fR
-calls, with only a few modifications made to the packet header's contents between uses. This method is recommended as it keeps the serial, opcode, and other fields correct.
+calls, with only a few modifications made to the packet header\*(Aqs contents between uses\&. This method is recommended as it keeps the serial, opcode, and other fields correct\&.
.PP
(1) When a packet is received, call
\fBlwres_*request_parse()\fR
-to unmarshall it. This returns a
+to unmarshall it\&. This returns a
\fBlwres_packet_t\fR
(also called
\fIpkt\fR, below) as well as a data specific type, such as
-\fBlwres_gabnrequest_t\fR.
+\fBlwres_gabnrequest_t\fR\&.
.PP
-(2) Process the request in the data specific type.
+(2) Process the request in the data specific type\&.
.PP
(3) Set the
-pkt.result,
-pkt.recvlength
-as above. All other fields can be left untouched since they were filled in by the
+\fIpkt\&.result\fR,
+\fIpkt\&.recvlength\fR
+as above\&. All other fields can be left untouched since they were filled in by the
\fB*_parse()\fR
-call above. If using
+call above\&. If using
\fBlwres_*response_render()\fR,
-pkt.pktflags
-will be set up properly. Otherwise, the
+\fIpkt\&.pktflags\fR
+will be set up properly\&. Otherwise, the
\fBLWRES_LWPACKETFLAG_RESPONSE\fR
-bit should be set.
+bit should be set\&.
.PP
(4) Call the data specific rendering function, such as
-\fBlwres_gabnresponse_render()\fR.
+\fBlwres_gabnresponse_render()\fR\&.
.PP
-(5) Send the resulting packet to the client.
+(5) Send the resulting packet to the client\&.
.PP
.SH "SEE ALSO"
.PP
@@ -157,9 +175,13 @@ bit should be set.
\fBlwres_context\fR(3),
\fBlwres_config\fR(3),
\fBresolver\fR(5),
-\fBlwresd\fR(8).
+\fBlwresd\fR(8)\&.
+.SH "AUTHOR"
+.PP
+\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001 Internet Software Consortium.
.br
diff --git a/lib/lwres/man/lwres.docbook b/lib/lwres/man/lwres.docbook
index 26723e5f0cab..5e84ee970d23 100644
--- a/lib/lwres/man/lwres.docbook
+++ b/lib/lwres/man/lwres.docbook
@@ -1,8 +1,5 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,10 +15,14 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<refentry>
-
+<!-- Converted by db4-upgrade version 1.0 -->
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0">
+ <info>
+ <date>2007-06-18</date>
+ </info>
<refentryinfo>
- <date>June 18, 2007</date>
+ <corpname>ISC</corpname>
+ <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
</refentryinfo>
<refmeta>
@@ -40,6 +41,7 @@
<year>2005</year>
<year>2007</year>
<year>2014</year>
+ <year>2015</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -55,8 +57,8 @@
</funcsynopsis>
</refsynopsisdiv>
- <refsect1>
- <title>DESCRIPTION</title>
+ <refsection><info><title>DESCRIPTION</title></info>
+
<para>
The BIND 9 lightweight resolver library is a simple, name service
independent stub resolver library. It provides hostname-to-address
@@ -69,10 +71,10 @@
The library and resolver daemon communicate using a simple
UDP-based protocol.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>OVERVIEW</title></info>
- <refsect1>
- <title>OVERVIEW</title>
<para>
The lwresd library implements multiple name service APIs.
The standard
@@ -124,9 +126,9 @@
resolver daemon. The use of this low-level API in clients
and servers is outlined in the following sections.
</para>
- </refsect1>
- <refsect1>
- <title>CLIENT-SIDE LOW-LEVEL API CALL FLOW</title>
+ </refsection>
+ <refsection><info><title>CLIENT-SIDE LOW-LEVEL API CALL FLOW</title></info>
+
<para>
When a client program wishes to make an lwres request using the
native low-level API, it typically performs the following
@@ -137,23 +139,23 @@
called <varname>pkt</varname> below.
</para>
<para>
- (2) Set <structfield>pkt.recvlength</structfield> to the maximum length
+ (2) Set <varname remap="structfield">pkt.recvlength</varname> to the maximum length
we will accept.
This is done so the receiver of our packets knows how large our receive
buffer is. The "default" is a constant in
<filename>lwres.h</filename>: <constant>LWRES_RECVLENGTH = 4096</constant>.
</para>
<para>
- (3) Set <structfield>pkt.serial</structfield>
+ (3) Set <varname remap="structfield">pkt.serial</varname>
to a unique serial number. This value is echoed
back to the application by the remote server.
</para>
<para>
- (4) Set <structfield>pkt.pktflags</structfield>. Usually this is set to
+ (4) Set <varname remap="structfield">pkt.pktflags</varname>. Usually this is set to
0.
</para>
<para>
- (5) Set <structfield>pkt.result</structfield> to 0.
+ (5) Set <varname remap="structfield">pkt.result</varname> to 0.
</para>
<para>
(6) Call <function>lwres_*request_render()</function>,
@@ -172,9 +174,9 @@
(9) Verify that the opcode and serial match a request, and process the
packet specific information contained in the body.
</para>
- </refsect1>
- <refsect1>
- <title>SERVER-SIDE LOW-LEVEL API CALL FLOW</title>
+ </refsection>
+ <refsection><info><title>SERVER-SIDE LOW-LEVEL API CALL FLOW</title></info>
+
<para>
When implementing the server side of the lightweight resolver
protocol using the lwres library, a sequence of actions like the
@@ -197,12 +199,12 @@
(2) Process the request in the data specific type.
</para>
<para>
- (3) Set the <structfield>pkt.result</structfield>,
- <structfield>pkt.recvlength</structfield> as above. All other fields
+ (3) Set the <varname remap="structfield">pkt.result</varname>,
+ <varname remap="structfield">pkt.recvlength</varname> as above. All other fields
can
be left untouched since they were filled in by the <function>*_parse()</function> call
above. If using <function>lwres_*response_render()</function>,
- <structfield>pkt.pktflags</structfield> will be set up
+ <varname remap="structfield">pkt.pktflags</varname> will be set up
properly. Otherwise, the <constant>LWRES_LWPACKETFLAG_RESPONSE</constant> bit should be
set.
</para>
@@ -213,10 +215,10 @@
<para>
(5) Send the resulting packet to the client.
</para>
- <para></para>
- </refsect1>
- <refsect1>
- <title>SEE ALSO</title>
+ <para/>
+ </refsection>
+ <refsection><info><title>SEE ALSO</title></info>
+
<para><citerefentry>
<refentrytitle>lwres_gethostent</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
@@ -258,9 +260,5 @@
</citerefentry>.
</para>
- </refsect1>
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->
+ </refsection>
+</refentry>
diff --git a/lib/lwres/man/lwres.html b/lib/lwres/man/lwres.html
index cb8a0776af48..aa405a4f5e0b 100644
--- a/lib/lwres/man/lwres.html
+++ b/lib/lwres/man/lwres.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,15 +14,14 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>lwres</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476275"></a><div class="titlepage"></div>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
+<a name="id-1"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres &#8212; introduction to the lightweight resolver library</p>
@@ -31,14 +30,14 @@
<h2>Synopsis</h2>
<div class="funcsynopsis"><pre class="funcsynopsisinfo">#include &lt;lwres/lwres.h&gt;</pre></div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543357"></a><h2>DESCRIPTION</h2>
+<div class="refsection">
+<a name="id-1.7"></a><h2>DESCRIPTION</h2>
<p>
The BIND 9 lightweight resolver library is a simple, name service
independent stub resolver library. It provides hostname-to-address
and address-to-hostname lookup services to applications by
transmitting lookup requests to a resolver daemon
- <span><strong class="command">lwresd</strong></span>
+ <span class="command"><strong>lwresd</strong></span>
running on the local host. The resolver daemon performs the
lookup using the DNS or possibly other name service protocols,
and returns the results to the application through the library.
@@ -46,8 +45,8 @@
UDP-based protocol.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543370"></a><h2>OVERVIEW</h2>
+<div class="refsection">
+<a name="id-1.8"></a><h2>OVERVIEW</h2>
<p>
The lwresd library implements multiple name service APIs.
The standard
@@ -95,13 +94,13 @@
This API can be used by clients requiring nonblocking operation,
and is also used when implementing the server side of the lwres
protocol, for example in the
- <span><strong class="command">lwresd</strong></span>
+ <span class="command"><strong>lwresd</strong></span>
resolver daemon. The use of this low-level API in clients
and servers is outlined in the following sections.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543434"></a><h2>CLIENT-SIDE LOW-LEVEL API CALL FLOW</h2>
+<div class="refsection">
+<a name="id-1.9"></a><h2>CLIENT-SIDE LOW-LEVEL API CALL FLOW</h2>
<p>
When a client program wishes to make an lwres request using the
native low-level API, it typically performs the following
@@ -112,23 +111,23 @@
called <code class="varname">pkt</code> below.
</p>
<p>
- (2) Set <em class="structfield"><code>pkt.recvlength</code></em> to the maximum length
+ (2) Set <code class="varname">pkt.recvlength</code> to the maximum length
we will accept.
This is done so the receiver of our packets knows how large our receive
buffer is. The "default" is a constant in
<code class="filename">lwres.h</code>: <code class="constant">LWRES_RECVLENGTH = 4096</code>.
</p>
<p>
- (3) Set <em class="structfield"><code>pkt.serial</code></em>
+ (3) Set <code class="varname">pkt.serial</code>
to a unique serial number. This value is echoed
back to the application by the remote server.
</p>
<p>
- (4) Set <em class="structfield"><code>pkt.pktflags</code></em>. Usually this is set to
+ (4) Set <code class="varname">pkt.pktflags</code>. Usually this is set to
0.
</p>
<p>
- (5) Set <em class="structfield"><code>pkt.result</code></em> to 0.
+ (5) Set <code class="varname">pkt.result</code> to 0.
</p>
<p>
(6) Call <code class="function">lwres_*request_render()</code>,
@@ -148,8 +147,8 @@
packet specific information contained in the body.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543582"></a><h2>SERVER-SIDE LOW-LEVEL API CALL FLOW</h2>
+<div class="refsection">
+<a name="id-1.10"></a><h2>SERVER-SIDE LOW-LEVEL API CALL FLOW</h2>
<p>
When implementing the server side of the lightweight resolver
protocol using the lwres library, a sequence of actions like the
@@ -172,12 +171,12 @@
(2) Process the request in the data specific type.
</p>
<p>
- (3) Set the <em class="structfield"><code>pkt.result</code></em>,
- <em class="structfield"><code>pkt.recvlength</code></em> as above. All other fields
+ (3) Set the <code class="varname">pkt.result</code>,
+ <code class="varname">pkt.recvlength</code> as above. All other fields
can
be left untouched since they were filled in by the <code class="function">*_parse()</code> call
above. If using <code class="function">lwres_*response_render()</code>,
- <em class="structfield"><code>pkt.pktflags</code></em> will be set up
+ <code class="varname">pkt.pktflags</code> will be set up
properly. Otherwise, the <code class="constant">LWRES_LWPACKETFLAG_RESPONSE</code> bit should be
set.
</p>
@@ -190,8 +189,8 @@
</p>
<p></p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543666"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.11"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">lwres_gethostent</span>(3)</span>,
<span class="citerefentry"><span class="refentrytitle">lwres_getipnode</span>(3)</span>,
diff --git a/lib/lwres/man/lwres_buffer.3 b/lib/lwres/man/lwres_buffer.3
index 22b14ab2e68c..363c0da6d073 100644
--- a/lib/lwres/man/lwres_buffer.3
+++ b/lib/lwres/man/lwres_buffer.3
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,132 +13,158 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id$
-.\"
.hy 0
.ad l
+'\" t
.\" Title: lwres_buffer
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: June 18, 2007
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 2007-06-18
.\" Manual: BIND9
-.\" Source: BIND9
+.\" Source: ISC
+.\" Language: English
.\"
-.TH "LWRES_BUFFER" "3" "June 18, 2007" "BIND9" "BIND9"
+.TH "LWRES_BUFFER" "3" "2007\-06\-18" "ISC" "BIND9"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
.SH "NAME"
lwres_buffer_init, lwres_buffer_invalidate, lwres_buffer_add, lwres_buffer_subtract, lwres_buffer_clear, lwres_buffer_first, lwres_buffer_forward, lwres_buffer_back, lwres_buffer_getuint8, lwres_buffer_putuint8, lwres_buffer_getuint16, lwres_buffer_putuint16, lwres_buffer_getuint32, lwres_buffer_putuint32, lwres_buffer_putmem, lwres_buffer_getmem \- lightweight resolver buffer management
.SH "SYNOPSIS"
+.sp
+.ft B
.nf
-#include <lwres/lwbuffer.h>
+#include <lwres/lwbuffer\&.h>
.fi
-.HP 23
+.ft
+.HP \w'void\ lwres_buffer_init('u
.BI "void lwres_buffer_init(lwres_buffer_t\ *" "b" ", void\ *" "base" ", unsigned\ int\ " "length" ");"
-.HP 29
+.HP \w'void\ lwres_buffer_invalidate('u
.BI "void lwres_buffer_invalidate(lwres_buffer_t\ *" "b" ");"
-.HP 22
+.HP \w'void\ lwres_buffer_add('u
.BI "void lwres_buffer_add(lwres_buffer_t\ *" "b" ", unsigned\ int\ " "n" ");"
-.HP 27
+.HP \w'void\ lwres_buffer_subtract('u
.BI "void lwres_buffer_subtract(lwres_buffer_t\ *" "b" ", unsigned\ int\ " "n" ");"
-.HP 24
+.HP \w'void\ lwres_buffer_clear('u
.BI "void lwres_buffer_clear(lwres_buffer_t\ *" "b" ");"
-.HP 24
+.HP \w'void\ lwres_buffer_first('u
.BI "void lwres_buffer_first(lwres_buffer_t\ *" "b" ");"
-.HP 26
+.HP \w'void\ lwres_buffer_forward('u
.BI "void lwres_buffer_forward(lwres_buffer_t\ *" "b" ", unsigned\ int\ " "n" ");"
-.HP 23
+.HP \w'void\ lwres_buffer_back('u
.BI "void lwres_buffer_back(lwres_buffer_t\ *" "b" ", unsigned\ int\ " "n" ");"
-.HP 36
+.HP \w'lwres_uint8_t\ lwres_buffer_getuint8('u
.BI "lwres_uint8_t lwres_buffer_getuint8(lwres_buffer_t\ *" "b" ");"
-.HP 27
+.HP \w'void\ lwres_buffer_putuint8('u
.BI "void lwres_buffer_putuint8(lwres_buffer_t\ *" "b" ", lwres_uint8_t\ " "val" ");"
-.HP 38
+.HP \w'lwres_uint16_t\ lwres_buffer_getuint16('u
.BI "lwres_uint16_t lwres_buffer_getuint16(lwres_buffer_t\ *" "b" ");"
-.HP 28
+.HP \w'void\ lwres_buffer_putuint16('u
.BI "void lwres_buffer_putuint16(lwres_buffer_t\ *" "b" ", lwres_uint16_t\ " "val" ");"
-.HP 38
+.HP \w'lwres_uint32_t\ lwres_buffer_getuint32('u
.BI "lwres_uint32_t lwres_buffer_getuint32(lwres_buffer_t\ *" "b" ");"
-.HP 28
+.HP \w'void\ lwres_buffer_putuint32('u
.BI "void lwres_buffer_putuint32(lwres_buffer_t\ *" "b" ", lwres_uint32_t\ " "val" ");"
-.HP 25
+.HP \w'void\ lwres_buffer_putmem('u
.BI "void lwres_buffer_putmem(lwres_buffer_t\ *" "b" ", const\ unsigned\ char\ *" "base" ", unsigned\ int\ " "length" ");"
-.HP 25
+.HP \w'void\ lwres_buffer_getmem('u
.BI "void lwres_buffer_getmem(lwres_buffer_t\ *" "b" ", unsigned\ char\ *" "base" ", unsigned\ int\ " "length" ");"
.SH "DESCRIPTION"
.PP
-These functions provide bounds checked access to a region of memory where data is being read or written. They are based on, and similar to, the
+These functions provide bounds checked access to a region of memory where data is being read or written\&. They are based on, and similar to, the
isc_buffer_
-functions in the ISC library.
+functions in the ISC library\&.
.PP
-A buffer is a region of memory, together with a set of related subregions. The
+A buffer is a region of memory, together with a set of related subregions\&. The
\fIused region\fR
and the
\fIavailable\fR
-region are disjoint, and their union is the buffer's region. The used region extends from the beginning of the buffer region to the last used byte. The available region extends from one byte greater than the last used byte to the end of the buffer's region. The size of the used region can be changed using various buffer commands. Initially, the used region is empty.
+region are disjoint, and their union is the buffer\*(Aqs region\&. The used region extends from the beginning of the buffer region to the last used byte\&. The available region extends from one byte greater than the last used byte to the end of the buffer\*(Aqs region\&. The size of the used region can be changed using various buffer commands\&. Initially, the used region is empty\&.
.PP
The used region is further subdivided into two disjoint regions: the
\fIconsumed region\fR
and the
-\fIremaining region\fR. The union of these two regions is the used region. The consumed region extends from the beginning of the used region to the byte before the
+\fIremaining region\fR\&. The union of these two regions is the used region\&. The consumed region extends from the beginning of the used region to the byte before the
\fIcurrent\fR
-offset (if any). The
+offset (if any)\&. The
\fIremaining\fR
-region the current pointer to the end of the used region. The size of the consumed region can be changed using various buffer commands. Initially, the consumed region is empty.
+region the current pointer to the end of the used region\&. The size of the consumed region can be changed using various buffer commands\&. Initially, the consumed region is empty\&.
.PP
The
\fIactive region\fR
-is an (optional) subregion of the remaining region. It extends from the current offset to an offset in the remaining region. Initially, the active region is empty. If the current offset advances beyond the chosen offset, the active region will also be empty.
+is an (optional) subregion of the remaining region\&. It extends from the current offset to an offset in the remaining region\&. Initially, the active region is empty\&. If the current offset advances beyond the chosen offset, the active region will also be empty\&.
.PP
+.if n \{\
.RS 4
+.\}
.nf
- /\-\-\-\-\-\-\-\-\-\-\-\-entire length\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\\\\
- /\-\-\-\-\- used region \-\-\-\-\-\\\\/\-\- available \-\-\\\\
+ /\-\-\-\-\-\-\-\-\-\-\-\-entire length\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\e\e
+ /\-\-\-\-\- used region \-\-\-\-\-\e\e/\-\- available \-\-\e\e
+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+
| consumed | remaining | |
+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+
a b c d e
.fi
+.if n \{\
.RE
-.sp
+.\}
.PP
+.if n \{\
.RS 4
+.\}
.nf
- a == base of buffer.
- b == current pointer. Can be anywhere between a and d.
- c == active pointer. Meaningful between b and d.
- d == used pointer.
- e == length of buffer.
+ a == base of buffer\&.
+ b == current pointer\&. Can be anywhere between a and d\&.
+ c == active pointer\&. Meaningful between b and d\&.
+ d == used pointer\&.
+ e == length of buffer\&.
.fi
+.if n \{\
.RE
-.sp
+.\}
.PP
+.if n \{\
.RS 4
+.\}
.nf
- a\-e == entire length of buffer.
- a\-d == used region.
- a\-b == consumed region.
- b\-d == remaining region.
- b\-c == optional active region.
+ a\-e == entire length of buffer\&.
+ a\-d == used region\&.
+ a\-b == consumed region\&.
+ b\-d == remaining region\&.
+ b\-c == optional active region\&.
.fi
+.if n \{\
.RE
-.sp
+.\}
.PP
\fBlwres_buffer_init()\fR
initializes the
-\fBlwres_buffer_t\fR
-\fI*b\fR
+\fBlwres_buffer_t\fR\fI*b\fR
and assocates it with the memory region of size
\fIlength\fR
bytes starting at location
-\fIbase.\fR
+\fIbase\&.\fR
.PP
\fBlwres_buffer_invalidate()\fR
marks the buffer
\fI*b\fR
-as invalid. Invalidating a buffer after use is not required, but makes it possible to catch its possible accidental use.
+as invalid\&. Invalidating a buffer after use is not required, but makes it possible to catch its possible accidental use\&.
.PP
The functions
\fBlwres_buffer_add()\fR
@@ -148,49 +174,49 @@ respectively increase and decrease the used space in buffer
\fI*b\fR
by
\fIn\fR
-bytes.
+bytes\&.
\fBlwres_buffer_add()\fR
checks for buffer overflow and
\fBlwres_buffer_subtract()\fR
-checks for underflow. These functions do not allocate or deallocate memory. They just change the value of
-used.
+checks for underflow\&. These functions do not allocate or deallocate memory\&. They just change the value of
+\fIused\fR\&.
.PP
A buffer is re\-initialised by
-\fBlwres_buffer_clear()\fR. The function sets
-used,
-current
+\fBlwres_buffer_clear()\fR\&. The function sets
+\fIused\fR,
+\fIcurrent\fR
and
-active
-to zero.
+\fIactive\fR
+to zero\&.
.PP
\fBlwres_buffer_first\fR
makes the consumed region of buffer
\fI*p\fR
empty by setting
-current
-to zero (the start of the buffer).
+\fIcurrent\fR
+to zero (the start of the buffer)\&.
.PP
\fBlwres_buffer_forward()\fR
increases the consumed region of buffer
\fI*b\fR
by
\fIn\fR
-bytes, checking for overflow. Similarly,
+bytes, checking for overflow\&. Similarly,
\fBlwres_buffer_back()\fR
decreases buffer
-\fIb\fR's consumed region by
+\fIb\fR\*(Aqs consumed region by
\fIn\fR
-bytes and checks for underflow.
+bytes and checks for underflow\&.
.PP
\fBlwres_buffer_getuint8()\fR
reads an unsigned 8\-bit integer from
\fI*b\fR
-and returns it.
+and returns it\&.
\fBlwres_buffer_putuint8()\fR
writes the unsigned 8\-bit integer
\fIval\fR
to buffer
-\fI*b\fR.
+\fI*b\fR\&.
.PP
\fBlwres_buffer_getuint16()\fR
and
@@ -198,36 +224,40 @@ and
are identical to
\fBlwres_buffer_putuint8()\fR
except that they respectively read an unsigned 16\-bit or 32\-bit integer in network byte order from
-\fIb\fR. Similarly,
+\fIb\fR\&. Similarly,
\fBlwres_buffer_putuint16()\fR
and
\fBlwres_buffer_putuint32()\fR
writes the unsigned 16\-bit or 32\-bit integer
\fIval\fR
to buffer
-\fIb\fR, in network byte order.
+\fIb\fR, in network byte order\&.
.PP
Arbitrary amounts of data are read or written from a lightweight resolver buffer with
\fBlwres_buffer_getmem()\fR
and
\fBlwres_buffer_putmem()\fR
-respectively.
+respectively\&.
\fBlwres_buffer_putmem()\fR
copies
\fIlength\fR
bytes of memory at
\fIbase\fR
to
-\fIb\fR. Conversely,
+\fIb\fR\&. Conversely,
\fBlwres_buffer_getmem()\fR
copies
\fIlength\fR
bytes of memory from
\fIb\fR
to
-\fIbase\fR.
+\fIbase\fR\&.
+.SH "AUTHOR"
+.PP
+\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001 Internet Software Consortium.
.br
diff --git a/lib/lwres/man/lwres_buffer.docbook b/lib/lwres/man/lwres_buffer.docbook
index 17ccbf549f4a..532a09c2390a 100644
--- a/lib/lwres/man/lwres_buffer.docbook
+++ b/lib/lwres/man/lwres_buffer.docbook
@@ -1,8 +1,5 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,9 +15,14 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<refentry>
+<!-- Converted by db4-upgrade version 1.0 -->
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0">
+ <info>
+ <date>2007-06-18</date>
+ </info>
<refentryinfo>
- <date>June 18, 2007</date>
+ <corpname>ISC</corpname>
+ <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
</refentryinfo>
<refmeta>
@@ -35,6 +37,7 @@
<year>2005</year>
<year>2007</year>
<year>2014</year>
+ <year>2015</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -199,9 +202,9 @@ void
</funcsynopsis>
</refsynopsisdiv>
- <refsect1>
+ <refsection><info><title>DESCRIPTION</title></info>
+
- <title>DESCRIPTION</title>
<para>
These functions provide bounds checked access to a region of memory
where data is being read or written.
@@ -302,23 +305,23 @@ void
checks for underflow.
These functions do not allocate or deallocate memory.
They just change the value of
- <structfield>used</structfield>.
+ <varname remap="structfield">used</varname>.
</para>
<para>
A buffer is re-initialised by
<function>lwres_buffer_clear()</function>.
The function sets
- <structfield>used</structfield>,
- <structfield>current</structfield>
+ <varname remap="structfield">used</varname>,
+ <varname remap="structfield">current</varname>
and
- <structfield>active</structfield>
+ <varname remap="structfield">active</varname>
to zero.
</para>
<para><function>lwres_buffer_first</function>
makes the consumed region of buffer
<parameter>*p</parameter>
empty by setting
- <structfield>current</structfield>
+ <varname remap="structfield">current</varname>
to zero (the start of the buffer).
</para>
<para><function>lwres_buffer_forward()</function>
@@ -386,9 +389,5 @@ void
to
<parameter>base</parameter>.
</para>
- </refsect1>
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->
+ </refsection>
+</refentry>
diff --git a/lib/lwres/man/lwres_buffer.html b/lib/lwres/man/lwres_buffer.html
index 4e7735ef8169..05c3eead7320 100644
--- a/lib/lwres/man/lwres_buffer.html
+++ b/lib/lwres/man/lwres_buffer.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,15 +14,14 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>lwres_buffer</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476275"></a><div class="titlepage"></div>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
+<a name="id-1"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_buffer_init, lwres_buffer_invalidate, lwres_buffer_add, lwres_buffer_subtract, lwres_buffer_clear, lwres_buffer_first, lwres_buffer_forward, lwres_buffer_back, lwres_buffer_getuint8, lwres_buffer_putuint8, lwres_buffer_getuint16, lwres_buffer_putuint16, lwres_buffer_getuint32, lwres_buffer_putuint32, lwres_buffer_putmem, lwres_buffer_getmem &#8212; lightweight resolver buffer management</p>
@@ -33,236 +32,194 @@
<pre class="funcsynopsisinfo">
#include &lt;lwres/lwbuffer.h&gt;
</pre>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
void
<b class="fsfunc">lwres_buffer_init</b>(</code></td>
-<td>lwres_buffer_t * </td>
-<td>
-<var class="pdparam">b</var>, </td>
+<td>lwres_buffer_t *<var class="pdparam">b</var>, </td>
</tr>
<tr>
<td> </td>
-<td>void * </td>
-<td>
-<var class="pdparam">base</var>, </td>
+<td>void *<var class="pdparam">base</var>, </td>
</tr>
<tr>
<td> </td>
-<td>unsigned int  </td>
-<td>
-<var class="pdparam">length</var><code>)</code>;</td>
+<td>unsigned int <var class="pdparam">length</var><code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em"><tr>
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;"><tr>
<td><code class="funcdef">
void
<b class="fsfunc">lwres_buffer_invalidate</b>(</code></td>
-<td>lwres_buffer_t * </td>
-<td>
-<var class="pdparam">b</var><code>)</code>;</td>
+<td>lwres_buffer_t *<var class="pdparam">b</var><code>)</code>;</td>
</tr></table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
void
<b class="fsfunc">lwres_buffer_add</b>(</code></td>
-<td>lwres_buffer_t * </td>
-<td>
-<var class="pdparam">b</var>, </td>
+<td>lwres_buffer_t *<var class="pdparam">b</var>, </td>
</tr>
<tr>
<td> </td>
-<td>unsigned int  </td>
-<td>
-<var class="pdparam">n</var><code>)</code>;</td>
+<td>unsigned int <var class="pdparam">n</var><code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
void
<b class="fsfunc">lwres_buffer_subtract</b>(</code></td>
-<td>lwres_buffer_t * </td>
-<td>
-<var class="pdparam">b</var>, </td>
+<td>lwres_buffer_t *<var class="pdparam">b</var>, </td>
</tr>
<tr>
<td> </td>
-<td>unsigned int  </td>
-<td>
-<var class="pdparam">n</var><code>)</code>;</td>
+<td>unsigned int <var class="pdparam">n</var><code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em"><tr>
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;"><tr>
<td><code class="funcdef">
void
<b class="fsfunc">lwres_buffer_clear</b>(</code></td>
-<td>lwres_buffer_t * </td>
-<td>
-<var class="pdparam">b</var><code>)</code>;</td>
+<td>lwres_buffer_t *<var class="pdparam">b</var><code>)</code>;</td>
</tr></table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em"><tr>
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;"><tr>
<td><code class="funcdef">
void
<b class="fsfunc">lwres_buffer_first</b>(</code></td>
-<td>lwres_buffer_t * </td>
-<td>
-<var class="pdparam">b</var><code>)</code>;</td>
+<td>lwres_buffer_t *<var class="pdparam">b</var><code>)</code>;</td>
</tr></table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
void
<b class="fsfunc">lwres_buffer_forward</b>(</code></td>
-<td>lwres_buffer_t * </td>
-<td>
-<var class="pdparam">b</var>, </td>
+<td>lwres_buffer_t *<var class="pdparam">b</var>, </td>
</tr>
<tr>
<td> </td>
-<td>unsigned int  </td>
-<td>
-<var class="pdparam">n</var><code>)</code>;</td>
+<td>unsigned int <var class="pdparam">n</var><code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
void
<b class="fsfunc">lwres_buffer_back</b>(</code></td>
-<td>lwres_buffer_t * </td>
-<td>
-<var class="pdparam">b</var>, </td>
+<td>lwres_buffer_t *<var class="pdparam">b</var>, </td>
</tr>
<tr>
<td> </td>
-<td>unsigned int  </td>
-<td>
-<var class="pdparam">n</var><code>)</code>;</td>
+<td>unsigned int <var class="pdparam">n</var><code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em"><tr>
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;"><tr>
<td><code class="funcdef">
lwres_uint8_t
<b class="fsfunc">lwres_buffer_getuint8</b>(</code></td>
-<td>lwres_buffer_t * </td>
-<td>
-<var class="pdparam">b</var><code>)</code>;</td>
+<td>lwres_buffer_t *<var class="pdparam">b</var><code>)</code>;</td>
</tr></table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
void
<b class="fsfunc">lwres_buffer_putuint8</b>(</code></td>
-<td>lwres_buffer_t * </td>
-<td>
-<var class="pdparam">b</var>, </td>
+<td>lwres_buffer_t *<var class="pdparam">b</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_uint8_t  </td>
-<td>
-<var class="pdparam">val</var><code>)</code>;</td>
+<td>lwres_uint8_t <var class="pdparam">val</var><code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em"><tr>
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;"><tr>
<td><code class="funcdef">
lwres_uint16_t
<b class="fsfunc">lwres_buffer_getuint16</b>(</code></td>
-<td>lwres_buffer_t * </td>
-<td>
-<var class="pdparam">b</var><code>)</code>;</td>
+<td>lwres_buffer_t *<var class="pdparam">b</var><code>)</code>;</td>
</tr></table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
void
<b class="fsfunc">lwres_buffer_putuint16</b>(</code></td>
-<td>lwres_buffer_t * </td>
-<td>
-<var class="pdparam">b</var>, </td>
+<td>lwres_buffer_t *<var class="pdparam">b</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_uint16_t  </td>
-<td>
-<var class="pdparam">val</var><code>)</code>;</td>
+<td>lwres_uint16_t <var class="pdparam">val</var><code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em"><tr>
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;"><tr>
<td><code class="funcdef">
lwres_uint32_t
<b class="fsfunc">lwres_buffer_getuint32</b>(</code></td>
-<td>lwres_buffer_t * </td>
-<td>
-<var class="pdparam">b</var><code>)</code>;</td>
+<td>lwres_buffer_t *<var class="pdparam">b</var><code>)</code>;</td>
</tr></table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
void
<b class="fsfunc">lwres_buffer_putuint32</b>(</code></td>
-<td>lwres_buffer_t * </td>
-<td>
-<var class="pdparam">b</var>, </td>
+<td>lwres_buffer_t *<var class="pdparam">b</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_uint32_t  </td>
-<td>
-<var class="pdparam">val</var><code>)</code>;</td>
+<td>lwres_uint32_t <var class="pdparam">val</var><code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
void
<b class="fsfunc">lwres_buffer_putmem</b>(</code></td>
-<td>lwres_buffer_t * </td>
-<td>
-<var class="pdparam">b</var>, </td>
+<td>lwres_buffer_t *<var class="pdparam">b</var>, </td>
</tr>
<tr>
<td> </td>
-<td>const unsigned char * </td>
-<td>
-<var class="pdparam">base</var>, </td>
+<td>const unsigned char *<var class="pdparam">base</var>, </td>
</tr>
<tr>
<td> </td>
-<td>unsigned int  </td>
-<td>
-<var class="pdparam">length</var><code>)</code>;</td>
+<td>unsigned int <var class="pdparam">length</var><code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0">
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
void
<b class="fsfunc">lwres_buffer_getmem</b>(</code></td>
-<td>lwres_buffer_t * </td>
-<td>
-<var class="pdparam">b</var>, </td>
+<td>lwres_buffer_t *<var class="pdparam">b</var>, </td>
</tr>
<tr>
<td> </td>
-<td>unsigned char * </td>
-<td>
-<var class="pdparam">base</var>, </td>
+<td>unsigned char *<var class="pdparam">base</var>, </td>
</tr>
<tr>
<td> </td>
-<td>unsigned int  </td>
-<td>
-<var class="pdparam">length</var><code>)</code>;</td>
+<td>unsigned int <var class="pdparam">length</var><code>)</code>;</td>
</tr>
</table>
+<div class="funcprototype-spacer"> </div>
</div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543901"></a><h2>DESCRIPTION</h2>
+<div class="refsection">
+<a name="id-1.7"></a><h2>DESCRIPTION</h2>
<p>
These functions provide bounds checked access to a region of memory
where data is being read or written.
@@ -366,23 +323,23 @@ void
checks for underflow.
These functions do not allocate or deallocate memory.
They just change the value of
- <em class="structfield"><code>used</code></em>.
+ <code class="varname">used</code>.
</p>
<p>
A buffer is re-initialised by
<code class="function">lwres_buffer_clear()</code>.
The function sets
- <em class="structfield"><code>used</code></em>,
- <em class="structfield"><code>current</code></em>
+ <code class="varname">used</code>,
+ <code class="varname">current</code>
and
- <em class="structfield"><code>active</code></em>
+ <code class="varname">active</code>
to zero.
</p>
<p><code class="function">lwres_buffer_first</code>
makes the consumed region of buffer
<em class="parameter"><code>*p</code></em>
empty by setting
- <em class="structfield"><code>current</code></em>
+ <code class="varname">current</code>
to zero (the start of the buffer).
</p>
<p><code class="function">lwres_buffer_forward()</code>
diff --git a/lib/lwres/man/lwres_config.3 b/lib/lwres/man/lwres_config.3
index 25b11810051f..aff3233b8e9f 100644
--- a/lib/lwres/man/lwres_config.3
+++ b/lib/lwres/man/lwres_config.3
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,37 +13,55 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id$
-.\"
.hy 0
.ad l
+'\" t
.\" Title: lwres_config
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: June 18, 2007
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 2007-06-18
.\" Manual: BIND9
-.\" Source: BIND9
+.\" Source: ISC
+.\" Language: English
.\"
-.TH "LWRES_CONFIG" "3" "June 18, 2007" "BIND9" "BIND9"
+.TH "LWRES_CONFIG" "3" "2007\-06\-18" "ISC" "BIND9"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
.SH "NAME"
lwres_conf_init, lwres_conf_clear, lwres_conf_parse, lwres_conf_print, lwres_conf_get \- lightweight resolver configuration
.SH "SYNOPSIS"
+.sp
+.ft B
.nf
-#include <lwres/lwres.h>
+#include <lwres/lwres\&.h>
.fi
-.HP 21
+.ft
+.HP \w'void\ lwres_conf_init('u
.BI "void lwres_conf_init(lwres_context_t\ *" "ctx" ");"
-.HP 22
+.HP \w'void\ lwres_conf_clear('u
.BI "void lwres_conf_clear(lwres_context_t\ *" "ctx" ");"
-.HP 32
+.HP \w'lwres_result_t\ lwres_conf_parse('u
.BI "lwres_result_t lwres_conf_parse(lwres_context_t\ *" "ctx" ", const\ char\ *" "filename" ");"
-.HP 32
+.HP \w'lwres_result_t\ lwres_conf_print('u
.BI "lwres_result_t lwres_conf_print(lwres_context_t\ *" "ctx" ", FILE\ *" "fp" ");"
-.HP 30
+.HP \w'lwres_conf_t\ *\ lwres_conf_get('u
.BI "lwres_conf_t * lwres_conf_get(lwres_context_t\ *" "ctx" ");"
.SH "DESCRIPTION"
.PP
@@ -51,21 +69,21 @@ lwres_conf_init, lwres_conf_clear, lwres_conf_parse, lwres_conf_print, lwres_con
creates an empty
\fBlwres_conf_t\fR
structure for lightweight resolver context
-\fIctx\fR.
+\fIctx\fR\&.
.PP
\fBlwres_conf_clear()\fR
frees up all the internal memory used by that
\fBlwres_conf_t\fR
structure in resolver context
-\fIctx\fR.
+\fIctx\fR\&.
.PP
\fBlwres_conf_parse()\fR
opens the file
\fIfilename\fR
and parses it to initialise the resolver context
-\fIctx\fR's
+\fIctx\fR\*(Aqs
\fBlwres_conf_t\fR
-structure.
+structure\&.
.PP
\fBlwres_conf_print()\fR
prints the
@@ -73,34 +91,37 @@ prints the
structure for resolver context
\fIctx\fR
to the
-\fBFILE\fR
-\fIfp\fR.
+\fBFILE\fR\fIfp\fR\&.
.SH "RETURN VALUES"
.PP
\fBlwres_conf_parse()\fR
returns
\fBLWRES_R_SUCCESS\fR
if it successfully read and parsed
-\fIfilename\fR. It returns
+\fIfilename\fR\&. It returns
\fBLWRES_R_FAILURE\fR
if
\fIfilename\fR
-could not be opened or contained incorrect resolver statements.
+could not be opened or contained incorrect resolver statements\&.
.PP
\fBlwres_conf_print()\fR
returns
\fBLWRES_R_SUCCESS\fR
-unless an error occurred when converting the network addresses to a numeric host address string. If this happens, the function returns
-\fBLWRES_R_FAILURE\fR.
+unless an error occurred when converting the network addresses to a numeric host address string\&. If this happens, the function returns
+\fBLWRES_R_FAILURE\fR\&.
.SH "SEE ALSO"
.PP
\fBstdio\fR(3),
-\fBresolver\fR(5).
+\fBresolver\fR(5)\&.
.SH "FILES"
.PP
-\fI/etc/resolv.conf\fR
+/etc/resolv\&.conf
+.SH "AUTHOR"
+.PP
+\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001 Internet Software Consortium.
.br
diff --git a/lib/lwres/man/lwres_config.docbook b/lib/lwres/man/lwres_config.docbook
index 5af37eaf7cea..0a40ee5f44f0 100644
--- a/lib/lwres/man/lwres_config.docbook
+++ b/lib/lwres/man/lwres_config.docbook
@@ -1,8 +1,5 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,10 +15,14 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<refentry>
+<!-- Converted by db4-upgrade version 1.0 -->
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0">
+ <info>
+ <date>2007-06-18</date>
+ </info>
<refentryinfo>
-
- <date>June 18, 2007</date>
+ <corpname>ISC</corpname>
+ <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
</refentryinfo>
<refmeta>
@@ -36,6 +37,7 @@
<year>2005</year>
<year>2007</year>
<year>2014</year>
+ <year>2015</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -92,8 +94,8 @@ lwres_conf_t *
</funcsynopsis>
</refsynopsisdiv>
- <refsect1>
- <title>DESCRIPTION</title>
+ <refsection><info><title>DESCRIPTION</title></info>
+
<para><function>lwres_conf_init()</function>
creates an empty
@@ -128,10 +130,10 @@ lwres_conf_t *
<type>FILE</type>
<parameter>fp</parameter>.
</para>
- </refsect1>
- <refsect1>
+ </refsection>
+ <refsection><info><title>RETURN VALUES</title></info>
+
- <title>RETURN VALUES</title>
<para><function>lwres_conf_parse()</function>
returns <errorcode>LWRES_R_SUCCESS</errorcode>
@@ -150,9 +152,9 @@ lwres_conf_t *
If this happens, the function returns
<errorcode>LWRES_R_FAILURE</errorcode>.
</para>
- </refsect1>
- <refsect1>
- <title>SEE ALSO</title>
+ </refsection>
+ <refsection><info><title>SEE ALSO</title></info>
+
<para><citerefentry>
<refentrytitle>stdio</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
@@ -160,14 +162,10 @@ lwres_conf_t *
<refentrytitle>resolver</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>.
</para>
- </refsect1>
- <refsect1>
- <title>FILES</title>
+ </refsection>
+ <refsection><info><title>FILES</title></info>
+
<para><filename>/etc/resolv.conf</filename>
</para>
- </refsect1>
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->
+ </refsection>
+</refentry>
diff --git a/lib/lwres/man/lwres_config.html b/lib/lwres/man/lwres_config.html
index b3b81f7a8288..f6337bb9e6cd 100644
--- a/lib/lwres/man/lwres_config.html
+++ b/lib/lwres/man/lwres_config.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,15 +14,14 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>lwres_config</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476275"></a><div class="titlepage"></div>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
+<a name="id-1"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_conf_init, lwres_conf_clear, lwres_conf_parse, lwres_conf_print, lwres_conf_get &#8212; lightweight resolver configuration</p>
@@ -31,66 +30,57 @@
<h2>Synopsis</h2>
<div class="funcsynopsis">
<pre class="funcsynopsisinfo">#include &lt;lwres/lwres.h&gt;</pre>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em"><tr>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;"><tr>
<td><code class="funcdef">
void
<b class="fsfunc">lwres_conf_init</b>(</code></td>
-<td>lwres_context_t * </td>
-<td>
-<var class="pdparam">ctx</var><code>)</code>;</td>
+<td>lwres_context_t *<var class="pdparam">ctx</var><code>)</code>;</td>
</tr></table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em"><tr>
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;"><tr>
<td><code class="funcdef">
void
<b class="fsfunc">lwres_conf_clear</b>(</code></td>
-<td>lwres_context_t * </td>
-<td>
-<var class="pdparam">ctx</var><code>)</code>;</td>
+<td>lwres_context_t *<var class="pdparam">ctx</var><code>)</code>;</td>
</tr></table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
lwres_result_t
<b class="fsfunc">lwres_conf_parse</b>(</code></td>
-<td>lwres_context_t * </td>
-<td>
-<var class="pdparam">ctx</var>, </td>
+<td>lwres_context_t *<var class="pdparam">ctx</var>, </td>
</tr>
<tr>
<td> </td>
-<td>const char * </td>
-<td>
-<var class="pdparam">filename</var><code>)</code>;</td>
+<td>const char *<var class="pdparam">filename</var><code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
lwres_result_t
<b class="fsfunc">lwres_conf_print</b>(</code></td>
-<td>lwres_context_t * </td>
-<td>
-<var class="pdparam">ctx</var>, </td>
+<td>lwres_context_t *<var class="pdparam">ctx</var>, </td>
</tr>
<tr>
<td> </td>
-<td>FILE * </td>
-<td>
-<var class="pdparam">fp</var><code>)</code>;</td>
+<td>FILE *<var class="pdparam">fp</var><code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0"><tr>
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;"><tr>
<td><code class="funcdef">
lwres_conf_t *
<b class="fsfunc">lwres_conf_get</b>(</code></td>
-<td>lwres_context_t * </td>
-<td>
-<var class="pdparam">ctx</var><code>)</code>;</td>
+<td>lwres_context_t *<var class="pdparam">ctx</var><code>)</code>;</td>
</tr></table>
+<div class="funcprototype-spacer"> </div>
</div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543450"></a><h2>DESCRIPTION</h2>
+<div class="refsection">
+<a name="id-1.7"></a><h2>DESCRIPTION</h2>
<p><code class="function">lwres_conf_init()</code>
creates an empty
<span class="type">lwres_conf_t</span>
@@ -122,8 +112,8 @@ lwres_conf_t *
<em class="parameter"><code>fp</code></em>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543517"></a><h2>RETURN VALUES</h2>
+<div class="refsection">
+<a name="id-1.8"></a><h2>RETURN VALUES</h2>
<p><code class="function">lwres_conf_parse()</code>
returns <span class="errorcode">LWRES_R_SUCCESS</span>
if it successfully read and parsed
@@ -141,14 +131,14 @@ lwres_conf_t *
<span class="errorcode">LWRES_R_FAILURE</span>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543555"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.9"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">stdio</span>(3)</span>,
<span class="citerefentry"><span class="refentrytitle">resolver</span>(5)</span>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543580"></a><h2>FILES</h2>
+<div class="refsection">
+<a name="id-1.10"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
</div>
diff --git a/lib/lwres/man/lwres_context.3 b/lib/lwres/man/lwres_context.3
index d544a3c39819..77c1342b8cf7 100644
--- a/lib/lwres/man/lwres_context.3
+++ b/lib/lwres/man/lwres_context.3
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,126 +13,144 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id$
-.\"
.hy 0
.ad l
+'\" t
.\" Title: lwres_context
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: June 18, 2007
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 2007-06-18
.\" Manual: BIND9
-.\" Source: BIND9
+.\" Source: ISC
+.\" Language: English
.\"
-.TH "LWRES_CONTEXT" "3" "June 18, 2007" "BIND9" "BIND9"
+.TH "LWRES_CONTEXT" "3" "2007\-06\-18" "ISC" "BIND9"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
.SH "NAME"
lwres_context_create, lwres_context_destroy, lwres_context_nextserial, lwres_context_initserial, lwres_context_freemem, lwres_context_allocmem, lwres_context_sendrecv \- lightweight resolver context management
.SH "SYNOPSIS"
+.sp
+.ft B
.nf
-#include <lwres/lwres.h>
+#include <lwres/lwres\&.h>
.fi
-.HP 36
+.ft
+.HP \w'lwres_result_t\ lwres_context_create('u
.BI "lwres_result_t lwres_context_create(lwres_context_t\ **" "contextp" ", void\ *" "arg" ", lwres_malloc_t\ " "malloc_function" ", lwres_free_t\ " "free_function" ");"
-.HP 37
+.HP \w'lwres_result_t\ lwres_context_destroy('u
.BI "lwres_result_t lwres_context_destroy(lwres_context_t\ **" "contextp" ");"
-.HP 30
+.HP \w'void\ lwres_context_initserial('u
.BI "void lwres_context_initserial(lwres_context_t\ *" "ctx" ", lwres_uint32_t\ " "serial" ");"
-.HP 40
+.HP \w'lwres_uint32_t\ lwres_context_nextserial('u
.BI "lwres_uint32_t lwres_context_nextserial(lwres_context_t\ *" "ctx" ");"
-.HP 27
+.HP \w'void\ lwres_context_freemem('u
.BI "void lwres_context_freemem(lwres_context_t\ *" "ctx" ", void\ *" "mem" ", size_t\ " "len" ");"
-.HP 28
+.HP \w'void\ lwres_context_allocmem('u
.BI "void lwres_context_allocmem(lwres_context_t\ *" "ctx" ", size_t\ " "len" ");"
-.HP 30
+.HP \w'void\ *\ lwres_context_sendrecv('u
.BI "void * lwres_context_sendrecv(lwres_context_t\ *" "ctx" ", void\ *" "sendbase" ", int\ " "sendlen" ", void\ *" "recvbase" ", int\ " "recvlen" ", int\ *" "recvd_len" ");"
.SH "DESCRIPTION"
.PP
\fBlwres_context_create()\fR
creates a
\fBlwres_context_t\fR
-structure for use in lightweight resolver operations. It holds a socket and other data needed for communicating with a resolver daemon. The new
+structure for use in lightweight resolver operations\&. It holds a socket and other data needed for communicating with a resolver daemon\&. The new
\fBlwres_context_t\fR
is returned through
\fIcontextp\fR, a pointer to a
\fBlwres_context_t\fR
-pointer. This
+pointer\&. This
\fBlwres_context_t\fR
pointer must initially be NULL, and is modified to point to the newly created
-\fBlwres_context_t\fR.
+\fBlwres_context_t\fR\&.
.PP
When the lightweight resolver needs to perform dynamic memory allocation, it will call
\fImalloc_function\fR
to allocate memory and
\fIfree_function\fR
-to free it. If
+to free it\&. If
\fImalloc_function\fR
and
\fIfree_function\fR
are NULL, memory is allocated using
-\fBmalloc\fR(3). and
-\fBfree\fR(3). It is not permitted to have a NULL
+\fBmalloc\fR(3)\&. and
+\fBfree\fR(3)\&. It is not permitted to have a NULL
\fImalloc_function\fR
and a non\-NULL
\fIfree_function\fR
-or vice versa.
+or vice versa\&.
\fIarg\fR
-is passed as the first parameter to the memory allocation functions. If
+is passed as the first parameter to the memory allocation functions\&. If
\fImalloc_function\fR
and
\fIfree_function\fR
are NULL,
\fIarg\fR
-is unused and should be passed as NULL.
+is unused and should be passed as NULL\&.
.PP
Once memory for the structure has been allocated, it is initialized using
\fBlwres_conf_init\fR(3)
and returned via
-\fI*contextp\fR.
+\fI*contextp\fR\&.
.PP
\fBlwres_context_destroy()\fR
destroys a
-\fBlwres_context_t\fR, closing its socket.
+\fBlwres_context_t\fR, closing its socket\&.
\fIcontextp\fR
-is a pointer to a pointer to the context that is to be destroyed. The pointer will be set to NULL when the context has been destroyed.
+is a pointer to a pointer to the context that is to be destroyed\&. The pointer will be set to NULL when the context has been destroyed\&.
.PP
-The context holds a serial number that is used to identify resolver request packets and associate responses with the corresponding requests. This serial number is controlled using
+The context holds a serial number that is used to identify resolver request packets and associate responses with the corresponding requests\&. This serial number is controlled using
\fBlwres_context_initserial()\fR
and
-\fBlwres_context_nextserial()\fR.
+\fBlwres_context_nextserial()\fR\&.
\fBlwres_context_initserial()\fR
sets the serial number for context
\fI*ctx\fR
to
-\fIserial\fR.
+\fIserial\fR\&.
\fBlwres_context_nextserial()\fR
-increments the serial number and returns the previous value.
+increments the serial number and returns the previous value\&.
.PP
Memory for a lightweight resolver context is allocated and freed using
\fBlwres_context_allocmem()\fR
and
-\fBlwres_context_freemem()\fR. These use whatever allocations were defined when the context was created with
-\fBlwres_context_create()\fR.
+\fBlwres_context_freemem()\fR\&. These use whatever allocations were defined when the context was created with
+\fBlwres_context_create()\fR\&.
\fBlwres_context_allocmem()\fR
allocates
\fIlen\fR
-bytes of memory and if successful returns a pointer to the allocated storage.
+bytes of memory and if successful returns a pointer to the allocated storage\&.
\fBlwres_context_freemem()\fR
frees
\fIlen\fR
bytes of space starting at location
-\fImem\fR.
+\fImem\fR\&.
.PP
\fBlwres_context_sendrecv()\fR
performs I/O for the context
-\fIctx\fR. Data are read and written from the context's socket. It writes data from
+\fIctx\fR\&. Data are read and written from the context\*(Aqs socket\&. It writes data from
\fIsendbase\fR
\(em typically a lightweight resolver query packet \(em and waits for a reply which is copied to the receive buffer at
-\fIrecvbase\fR. The number of bytes that were written to this receive buffer is returned in
-\fI*recvd_len\fR.
+\fIrecvbase\fR\&. The number of bytes that were written to this receive buffer is returned in
+\fI*recvd_len\fR\&.
.SH "RETURN VALUES"
.PP
\fBlwres_context_create()\fR
@@ -142,29 +160,33 @@ if memory for the
\fBstruct lwres_context\fR
could not be allocated,
\fBLWRES_R_SUCCESS\fR
-otherwise.
+otherwise\&.
.PP
Successful calls to the memory allocator
\fBlwres_context_allocmem()\fR
-return a pointer to the start of the allocated space. It returns NULL if memory could not be allocated.
+return a pointer to the start of the allocated space\&. It returns NULL if memory could not be allocated\&.
.PP
\fBLWRES_R_SUCCESS\fR
is returned when
\fBlwres_context_sendrecv()\fR
-completes successfully.
+completes successfully\&.
\fBLWRES_R_IOERROR\fR
is returned if an I/O error occurs and
\fBLWRES_R_TIMEOUT\fR
is returned if
\fBlwres_context_sendrecv()\fR
-times out waiting for a response.
+times out waiting for a response\&.
.SH "SEE ALSO"
.PP
\fBlwres_conf_init\fR(3),
\fBmalloc\fR(3),
-\fBfree\fR(3).
+\fBfree\fR(3)\&.
+.SH "AUTHOR"
+.PP
+\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001, 2003 Internet Software Consortium.
.br
diff --git a/lib/lwres/man/lwres_context.docbook b/lib/lwres/man/lwres_context.docbook
index e0a45eecf31d..edfdde68e6b2 100644
--- a/lib/lwres/man/lwres_context.docbook
+++ b/lib/lwres/man/lwres_context.docbook
@@ -1,8 +1,7 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
+<!DOCTYPE book [
+<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,10 +17,14 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<refentry>
-
+<!-- Converted by db4-upgrade version 1.0 -->
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0">
+ <info>
+ <date>2007-06-18</date>
+ </info>
<refentryinfo>
- <date>June 18, 2007</date>
+ <corpname>ISC</corpname>
+ <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
</refentryinfo>
<refmeta>
@@ -36,6 +39,7 @@
<year>2005</year>
<year>2007</year>
<year>2014</year>
+ <year>2015</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -115,8 +119,8 @@ void *
</funcprototype>
</funcsynopsis>
</refsynopsisdiv>
- <refsect1>
- <title>DESCRIPTION</title>
+ <refsection><info><title>DESCRIPTION</title></info>
+
<para><function>lwres_context_create()</function>
creates a <type>lwres_context_t</type> structure for use in
@@ -212,10 +216,10 @@ void *
written to this receive buffer is returned in
<parameter>*recvd_len</parameter>.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>RETURN VALUES</title></info>
- <refsect1>
- <title>RETURN VALUES</title>
<para><function>lwres_context_create()</function>
returns <errorcode>LWRES_R_NOMEMORY</errorcode> if memory for
@@ -239,9 +243,9 @@ void *
<function>lwres_context_sendrecv()</function>
times out waiting for a response.
</para>
- </refsect1>
- <refsect1>
- <title>SEE ALSO</title>
+ </refsection>
+ <refsection><info><title>SEE ALSO</title></info>
+
<para><citerefentry>
<refentrytitle>lwres_conf_init</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
@@ -254,9 +258,5 @@ void *
<refentrytitle>free</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>.
</para>
- </refsect1>
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->
+ </refsection>
+</refentry>
diff --git a/lib/lwres/man/lwres_context.html b/lib/lwres/man/lwres_context.html
index ba6b858a4d32..919dff77f25a 100644
--- a/lib/lwres/man/lwres_context.html
+++ b/lib/lwres/man/lwres_context.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,15 +14,14 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>lwres_context</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476275"></a><div class="titlepage"></div>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
+<a name="id-1"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_context_create, lwres_context_destroy, lwres_context_nextserial, lwres_context_initserial, lwres_context_freemem, lwres_context_allocmem, lwres_context_sendrecv &#8212; lightweight resolver context management</p>
@@ -31,148 +30,117 @@
<h2>Synopsis</h2>
<div class="funcsynopsis">
<pre class="funcsynopsisinfo">#include &lt;lwres/lwres.h&gt;</pre>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
lwres_result_t
<b class="fsfunc">lwres_context_create</b>(</code></td>
-<td>lwres_context_t ** </td>
-<td>
-<var class="pdparam">contextp</var>, </td>
+<td>lwres_context_t **<var class="pdparam">contextp</var>, </td>
</tr>
<tr>
<td> </td>
-<td>void * </td>
-<td>
-<var class="pdparam">arg</var>, </td>
+<td>void *<var class="pdparam">arg</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_malloc_t  </td>
-<td>
-<var class="pdparam">malloc_function</var>, </td>
+<td>lwres_malloc_t <var class="pdparam">malloc_function</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_free_t  </td>
-<td>
-<var class="pdparam">free_function</var><code>)</code>;</td>
+<td>lwres_free_t <var class="pdparam">free_function</var><code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em"><tr>
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;"><tr>
<td><code class="funcdef">
lwres_result_t
<b class="fsfunc">lwres_context_destroy</b>(</code></td>
-<td>lwres_context_t ** </td>
-<td>
-<var class="pdparam">contextp</var><code>)</code>;</td>
+<td>lwres_context_t **<var class="pdparam">contextp</var><code>)</code>;</td>
</tr></table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
void
<b class="fsfunc">lwres_context_initserial</b>(</code></td>
-<td>lwres_context_t * </td>
-<td>
-<var class="pdparam">ctx</var>, </td>
+<td>lwres_context_t *<var class="pdparam">ctx</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_uint32_t  </td>
-<td>
-<var class="pdparam">serial</var><code>)</code>;</td>
+<td>lwres_uint32_t <var class="pdparam">serial</var><code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em"><tr>
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;"><tr>
<td><code class="funcdef">
lwres_uint32_t
<b class="fsfunc">lwres_context_nextserial</b>(</code></td>
-<td>lwres_context_t * </td>
-<td>
-<var class="pdparam">ctx</var><code>)</code>;</td>
+<td>lwres_context_t *<var class="pdparam">ctx</var><code>)</code>;</td>
</tr></table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
void
<b class="fsfunc">lwres_context_freemem</b>(</code></td>
-<td>lwres_context_t * </td>
-<td>
-<var class="pdparam">ctx</var>, </td>
+<td>lwres_context_t *<var class="pdparam">ctx</var>, </td>
</tr>
<tr>
<td> </td>
-<td>void * </td>
-<td>
-<var class="pdparam">mem</var>, </td>
+<td>void *<var class="pdparam">mem</var>, </td>
</tr>
<tr>
<td> </td>
-<td>size_t  </td>
-<td>
-<var class="pdparam">len</var><code>)</code>;</td>
+<td>size_t <var class="pdparam">len</var><code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
void
<b class="fsfunc">lwres_context_allocmem</b>(</code></td>
-<td>lwres_context_t * </td>
-<td>
-<var class="pdparam">ctx</var>, </td>
+<td>lwres_context_t *<var class="pdparam">ctx</var>, </td>
</tr>
<tr>
<td> </td>
-<td>size_t  </td>
-<td>
-<var class="pdparam">len</var><code>)</code>;</td>
+<td>size_t <var class="pdparam">len</var><code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0">
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
void *
<b class="fsfunc">lwres_context_sendrecv</b>(</code></td>
-<td>lwres_context_t * </td>
-<td>
-<var class="pdparam">ctx</var>, </td>
+<td>lwres_context_t *<var class="pdparam">ctx</var>, </td>
</tr>
<tr>
<td> </td>
-<td>void * </td>
-<td>
-<var class="pdparam">sendbase</var>, </td>
+<td>void *<var class="pdparam">sendbase</var>, </td>
</tr>
<tr>
<td> </td>
-<td>int  </td>
-<td>
-<var class="pdparam">sendlen</var>, </td>
+<td>int <var class="pdparam">sendlen</var>, </td>
</tr>
<tr>
<td> </td>
-<td>void * </td>
-<td>
-<var class="pdparam">recvbase</var>, </td>
+<td>void *<var class="pdparam">recvbase</var>, </td>
</tr>
<tr>
<td> </td>
-<td>int  </td>
-<td>
-<var class="pdparam">recvlen</var>, </td>
+<td>int <var class="pdparam">recvlen</var>, </td>
</tr>
<tr>
<td> </td>
-<td>int * </td>
-<td>
-<var class="pdparam">recvd_len</var><code>)</code>;</td>
+<td>int *<var class="pdparam">recvd_len</var><code>)</code>;</td>
</tr>
</table>
+<div class="funcprototype-spacer"> </div>
</div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543541"></a><h2>DESCRIPTION</h2>
+<div class="refsection">
+<a name="id-1.7"></a><h2>DESCRIPTION</h2>
<p><code class="function">lwres_context_create()</code>
creates a <span class="type">lwres_context_t</span> structure for use in
lightweight resolver operations. It holds a socket and other
@@ -257,8 +225,8 @@ void *
<em class="parameter"><code>*recvd_len</code></em>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543729"></a><h2>RETURN VALUES</h2>
+<div class="refsection">
+<a name="id-1.8"></a><h2>RETURN VALUES</h2>
<p><code class="function">lwres_context_create()</code>
returns <span class="errorcode">LWRES_R_NOMEMORY</span> if memory for
the <span class="type">struct lwres_context</span> could not be allocated,
@@ -282,8 +250,8 @@ void *
times out waiting for a response.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543779"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.9"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">lwres_conf_init</span>(3)</span>,
<span class="citerefentry"><span class="refentrytitle">malloc</span>(3)</span>,
diff --git a/lib/lwres/man/lwres_gabn.3 b/lib/lwres/man/lwres_gabn.3
index f67126eb5459..2e5b8f7b43c1 100644
--- a/lib/lwres/man/lwres_gabn.3
+++ b/lib/lwres/man/lwres_gabn.3
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,69 +13,95 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id$
-.\"
.hy 0
.ad l
+'\" t
.\" Title: lwres_gabn
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: June 18, 2007
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 2007-06-18
.\" Manual: BIND9
-.\" Source: BIND9
+.\" Source: ISC
+.\" Language: English
.\"
-.TH "LWRES_GABN" "3" "June 18, 2007" "BIND9" "BIND9"
+.TH "LWRES_GABN" "3" "2007\-06\-18" "ISC" "BIND9"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
.SH "NAME"
lwres_gabnrequest_render, lwres_gabnresponse_render, lwres_gabnrequest_parse, lwres_gabnresponse_parse, lwres_gabnresponse_free, lwres_gabnrequest_free \- lightweight resolver getaddrbyname message handling
.SH "SYNOPSIS"
+.sp
+.ft B
.nf
-#include <lwres/lwres.h>
+#include <lwres/lwres\&.h>
.fi
-.HP 40
+.ft
+.HP \w'lwres_result_t\ lwres_gabnrequest_render('u
.BI "lwres_result_t lwres_gabnrequest_render(lwres_context_t\ *" "ctx" ", lwres_gabnrequest_t\ *" "req" ", lwres_lwpacket_t\ *" "pkt" ", lwres_buffer_t\ *" "b" ");"
-.HP 41
+.HP \w'lwres_result_t\ lwres_gabnresponse_render('u
.BI "lwres_result_t lwres_gabnresponse_render(lwres_context_t\ *" "ctx" ", lwres_gabnresponse_t\ *" "req" ", lwres_lwpacket_t\ *" "pkt" ", lwres_buffer_t\ *" "b" ");"
-.HP 39
+.HP \w'lwres_result_t\ lwres_gabnrequest_parse('u
.BI "lwres_result_t lwres_gabnrequest_parse(lwres_context_t\ *" "ctx" ", lwres_buffer_t\ *" "b" ", lwres_lwpacket_t\ *" "pkt" ", lwres_gabnrequest_t\ **" "structp" ");"
-.HP 40
+.HP \w'lwres_result_t\ lwres_gabnresponse_parse('u
.BI "lwres_result_t lwres_gabnresponse_parse(lwres_context_t\ *" "ctx" ", lwres_buffer_t\ *" "b" ", lwres_lwpacket_t\ *" "pkt" ", lwres_gabnresponse_t\ **" "structp" ");"
-.HP 29
+.HP \w'void\ lwres_gabnresponse_free('u
.BI "void lwres_gabnresponse_free(lwres_context_t\ *" "ctx" ", lwres_gabnresponse_t\ **" "structp" ");"
-.HP 28
+.HP \w'void\ lwres_gabnrequest_free('u
.BI "void lwres_gabnrequest_free(lwres_context_t\ *" "ctx" ", lwres_gabnrequest_t\ **" "structp" ");"
.SH "DESCRIPTION"
.PP
-These are low\-level routines for creating and parsing lightweight resolver name\-to\-address lookup request and response messages.
+These are low\-level routines for creating and parsing lightweight resolver name\-to\-address lookup request and response messages\&.
.PP
-There are four main functions for the getaddrbyname opcode. One render function converts a getaddrbyname request structure \(em
+There are four main functions for the getaddrbyname opcode\&. One render function converts a getaddrbyname request structure \(em
\fBlwres_gabnrequest_t\fR
-\(em to the lightweight resolver's canonical format. It is complemented by a parse function that converts a packet in this canonical format to a getaddrbyname request structure. Another render function converts the getaddrbyname response structure \(em
+\(em to the lightweight resolver\*(Aqs canonical format\&. It is complemented by a parse function that converts a packet in this canonical format to a getaddrbyname request structure\&. Another render function converts the getaddrbyname response structure \(em
\fBlwres_gabnresponse_t\fR
-\(em to the canonical format. This is complemented by a parse function which converts a packet in canonical format to a getaddrbyname response structure.
+\(em to the canonical format\&. This is complemented by a parse function which converts a packet in canonical format to a getaddrbyname response structure\&.
.PP
These structures are defined in
-\fI<lwres/lwres.h>\fR. They are shown below.
+<lwres/lwres\&.h>\&. They are shown below\&.
.PP
+.if n \{\
.RS 4
+.\}
.nf
#define LWRES_OPCODE_GETADDRSBYNAME 0x00010001U
.fi
+.if n \{\
.RE
-.sp
+.\}
.PP
+.if n \{\
.RS 4
+.\}
.nf
typedef struct lwres_addr lwres_addr_t;
typedef LWRES_LIST(lwres_addr_t) lwres_addrlist_t;
.fi
+.if n \{\
.RE
-.sp
+.\}
.PP
+.if n \{\
.RS 4
+.\}
.nf
typedef struct {
lwres_uint32_t flags;
@@ -84,10 +110,13 @@ typedef struct {
char *name;
} lwres_gabnrequest_t;
.fi
+.if n \{\
.RE
-.sp
+.\}
.PP
+.if n \{\
.RS 4
+.\}
.nf
typedef struct {
lwres_uint32_t flags;
@@ -102,24 +131,25 @@ typedef struct {
size_t baselen;
} lwres_gabnresponse_t;
.fi
+.if n \{\
.RE
-.sp
+.\}
.PP
\fBlwres_gabnrequest_render()\fR
uses resolver context
\fIctx\fR
to convert getaddrbyname request structure
\fIreq\fR
-to canonical format. The packet header structure
+to canonical format\&. The packet header structure
\fIpkt\fR
is initialised and transferred to buffer
-\fIb\fR. The contents of
+\fIb\fR\&. The contents of
\fI*req\fR
-are then appended to the buffer in canonical format.
+are then appended to the buffer in canonical format\&.
\fBlwres_gabnresponse_render()\fR
performs the same task, except it converts a getaddrbyname response structure
\fBlwres_gabnresponse_t\fR
-to the lightweight resolver's canonical format.
+to the lightweight resolver\*(Aqs canonical format\&.
.PP
\fBlwres_gabnrequest_parse()\fR
uses context
@@ -128,18 +158,18 @@ to convert the contents of packet
\fIpkt\fR
to a
\fBlwres_gabnrequest_t\fR
-structure. Buffer
+structure\&. Buffer
\fIb\fR
-provides space to be used for storing this structure. When the function succeeds, the resulting
+provides space to be used for storing this structure\&. When the function succeeds, the resulting
\fBlwres_gabnrequest_t\fR
is made available through
-\fI*structp\fR.
+\fI*structp\fR\&.
\fBlwres_gabnresponse_parse()\fR
offers the same semantics as
\fBlwres_gabnrequest_parse()\fR
except it yields a
\fBlwres_gabnresponse_t\fR
-structure.
+structure\&.
.PP
\fBlwres_gabnresponse_free()\fR
and
@@ -151,20 +181,19 @@ that was allocated to the
or
\fBlwres_gabnrequest_t\fR
structures referenced via
-\fIstructp\fR. Any memory associated with ancillary buffers and strings for those structures is also discarded.
+\fIstructp\fR\&. Any memory associated with ancillary buffers and strings for those structures is also discarded\&.
.SH "RETURN VALUES"
.PP
The getaddrbyname opcode functions
\fBlwres_gabnrequest_render()\fR,
-\fBlwres_gabnresponse_render()\fR
-\fBlwres_gabnrequest_parse()\fR
+\fBlwres_gabnresponse_render()\fR\fBlwres_gabnrequest_parse()\fR
and
\fBlwres_gabnresponse_parse()\fR
all return
\fBLWRES_R_SUCCESS\fR
-on success. They return
+on success\&. They return
\fBLWRES_R_NOMEMORY\fR
-if memory allocation fails.
+if memory allocation fails\&.
\fBLWRES_R_UNEXPECTEDEND\fR
is returned if the available space in the buffer
\fIb\fR
@@ -172,24 +201,28 @@ is too small to accommodate the packet header or the
\fBlwres_gabnrequest_t\fR
and
\fBlwres_gabnresponse_t\fR
-structures.
+structures\&.
\fBlwres_gabnrequest_parse()\fR
and
\fBlwres_gabnresponse_parse()\fR
will return
\fBLWRES_R_UNEXPECTEDEND\fR
-if the buffer is not empty after decoding the received packet. These functions will return
+if the buffer is not empty after decoding the received packet\&. These functions will return
\fBLWRES_R_FAILURE\fR
if
-pktflags
+\fIpktflags\fR
in the packet header structure
\fBlwres_lwpacket_t\fR
-indicate that the packet is not a response to an earlier query.
+indicate that the packet is not a response to an earlier query\&.
.SH "SEE ALSO"
.PP
\fBlwres_packet\fR(3)
+.SH "AUTHOR"
+.PP
+\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001 Internet Software Consortium.
.br
diff --git a/lib/lwres/man/lwres_gabn.docbook b/lib/lwres/man/lwres_gabn.docbook
index 8743696c123e..8c6382375ff7 100644
--- a/lib/lwres/man/lwres_gabn.docbook
+++ b/lib/lwres/man/lwres_gabn.docbook
@@ -1,8 +1,7 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
+<!DOCTYPE book [
+<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,10 +17,14 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<refentry>
-
+<!-- Converted by db4-upgrade version 1.0 -->
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0">
+ <info>
+ <date>2007-06-18</date>
+ </info>
<refentryinfo>
- <date>June 18, 2007</date>
+ <corpname>ISC</corpname>
+ <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
</refentryinfo>
<refmeta>
@@ -36,6 +39,7 @@
<year>2005</year>
<year>2007</year>
<year>2014</year>
+ <year>2015</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -109,8 +113,8 @@ void
</funcprototype>
</funcsynopsis>
</refsynopsisdiv>
- <refsect1>
- <title>DESCRIPTION</title>
+ <refsection><info><title>DESCRIPTION</title></info>
+
<para>
These are low-level routines for creating and parsing
lightweight resolver name-to-address lookup request and
@@ -207,9 +211,9 @@ typedef struct {
Any memory associated with ancillary buffers and strings for
those structures is also discarded.
</para>
- </refsect1>
- <refsect1>
- <title>RETURN VALUES</title>
+ </refsection>
+ <refsection><info><title>RETURN VALUES</title></info>
+
<para>
The getaddrbyname opcode functions
<function>lwres_gabnrequest_render()</function>,
@@ -240,21 +244,17 @@ typedef struct {
These functions will return
<errorcode>LWRES_R_FAILURE</errorcode>
if
- <structfield>pktflags</structfield>
+ <varname remap="structfield">pktflags</varname>
in the packet header structure
<type>lwres_lwpacket_t</type>
indicate that the packet is not a response to an earlier query.
</para>
- </refsect1>
- <refsect1>
- <title>SEE ALSO</title>
+ </refsection>
+ <refsection><info><title>SEE ALSO</title></info>
+
<para><citerefentry>
<refentrytitle>lwres_packet</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>
</para>
- </refsect1>
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->
+ </refsection>
+</refentry>
diff --git a/lib/lwres/man/lwres_gabn.html b/lib/lwres/man/lwres_gabn.html
index a00f82d3acaa..949d6d28a7ff 100644
--- a/lib/lwres/man/lwres_gabn.html
+++ b/lib/lwres/man/lwres_gabn.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,15 +14,14 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>lwres_gabn</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476275"></a><div class="titlepage"></div>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
+<a name="id-1"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_gabnrequest_render, lwres_gabnresponse_render, lwres_gabnrequest_parse, lwres_gabnresponse_parse, lwres_gabnresponse_free, lwres_gabnrequest_free &#8212; lightweight resolver getaddrbyname message handling</p>
@@ -31,154 +30,120 @@
<h2>Synopsis</h2>
<div class="funcsynopsis">
<pre class="funcsynopsisinfo">#include &lt;lwres/lwres.h&gt;</pre>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
lwres_result_t
<b class="fsfunc">lwres_gabnrequest_render</b>(</code></td>
-<td>lwres_context_t * </td>
-<td>
-<var class="pdparam">ctx</var>, </td>
+<td>lwres_context_t *<var class="pdparam">ctx</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_gabnrequest_t * </td>
-<td>
-<var class="pdparam">req</var>, </td>
+<td>lwres_gabnrequest_t *<var class="pdparam">req</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_lwpacket_t * </td>
-<td>
-<var class="pdparam">pkt</var>, </td>
+<td>lwres_lwpacket_t *<var class="pdparam">pkt</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_buffer_t * </td>
-<td>
-<var class="pdparam">b</var><code>)</code>;</td>
+<td>lwres_buffer_t *<var class="pdparam">b</var><code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
lwres_result_t
<b class="fsfunc">lwres_gabnresponse_render</b>(</code></td>
-<td>lwres_context_t * </td>
-<td>
-<var class="pdparam">ctx</var>, </td>
+<td>lwres_context_t *<var class="pdparam">ctx</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_gabnresponse_t * </td>
-<td>
-<var class="pdparam">req</var>, </td>
+<td>lwres_gabnresponse_t *<var class="pdparam">req</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_lwpacket_t * </td>
-<td>
-<var class="pdparam">pkt</var>, </td>
+<td>lwres_lwpacket_t *<var class="pdparam">pkt</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_buffer_t * </td>
-<td>
-<var class="pdparam">b</var><code>)</code>;</td>
+<td>lwres_buffer_t *<var class="pdparam">b</var><code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
lwres_result_t
<b class="fsfunc">lwres_gabnrequest_parse</b>(</code></td>
-<td>lwres_context_t * </td>
-<td>
-<var class="pdparam">ctx</var>, </td>
+<td>lwres_context_t *<var class="pdparam">ctx</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_buffer_t * </td>
-<td>
-<var class="pdparam">b</var>, </td>
+<td>lwres_buffer_t *<var class="pdparam">b</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_lwpacket_t * </td>
-<td>
-<var class="pdparam">pkt</var>, </td>
+<td>lwres_lwpacket_t *<var class="pdparam">pkt</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_gabnrequest_t ** </td>
-<td>
-<var class="pdparam">structp</var><code>)</code>;</td>
+<td>lwres_gabnrequest_t **<var class="pdparam">structp</var><code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
lwres_result_t
<b class="fsfunc">lwres_gabnresponse_parse</b>(</code></td>
-<td>lwres_context_t * </td>
-<td>
-<var class="pdparam">ctx</var>, </td>
+<td>lwres_context_t *<var class="pdparam">ctx</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_buffer_t * </td>
-<td>
-<var class="pdparam">b</var>, </td>
+<td>lwres_buffer_t *<var class="pdparam">b</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_lwpacket_t * </td>
-<td>
-<var class="pdparam">pkt</var>, </td>
+<td>lwres_lwpacket_t *<var class="pdparam">pkt</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_gabnresponse_t ** </td>
-<td>
-<var class="pdparam">structp</var><code>)</code>;</td>
+<td>lwres_gabnresponse_t **<var class="pdparam">structp</var><code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
void
<b class="fsfunc">lwres_gabnresponse_free</b>(</code></td>
-<td>lwres_context_t * </td>
-<td>
-<var class="pdparam">ctx</var>, </td>
+<td>lwres_context_t *<var class="pdparam">ctx</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_gabnresponse_t ** </td>
-<td>
-<var class="pdparam">structp</var><code>)</code>;</td>
+<td>lwres_gabnresponse_t **<var class="pdparam">structp</var><code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0">
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
void
<b class="fsfunc">lwres_gabnrequest_free</b>(</code></td>
-<td>lwres_context_t * </td>
-<td>
-<var class="pdparam">ctx</var>, </td>
+<td>lwres_context_t *<var class="pdparam">ctx</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_gabnrequest_t ** </td>
-<td>
-<var class="pdparam">structp</var><code>)</code>;</td>
+<td>lwres_gabnrequest_t **<var class="pdparam">structp</var><code>)</code>;</td>
</tr>
</table>
+<div class="funcprototype-spacer"> </div>
</div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543531"></a><h2>DESCRIPTION</h2>
+<div class="refsection">
+<a name="id-1.7"></a><h2>DESCRIPTION</h2>
<p>
These are low-level routines for creating and parsing
lightweight resolver name-to-address lookup request and
@@ -277,8 +242,8 @@ typedef struct {
those structures is also discarded.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543676"></a><h2>RETURN VALUES</h2>
+<div class="refsection">
+<a name="id-1.8"></a><h2>RETURN VALUES</h2>
<p>
The getaddrbyname opcode functions
<code class="function">lwres_gabnrequest_render()</code>,
@@ -309,14 +274,14 @@ typedef struct {
These functions will return
<span class="errorcode">LWRES_R_FAILURE</span>
if
- <em class="structfield"><code>pktflags</code></em>
+ <code class="varname">pktflags</code>
in the packet header structure
<span class="type">lwres_lwpacket_t</span>
indicate that the packet is not a response to an earlier query.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543742"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.9"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">lwres_packet</span>(3)</span>
</p>
</div>
diff --git a/lib/lwres/man/lwres_gai_strerror.3 b/lib/lwres/man/lwres_gai_strerror.3
index 8da3828f9144..feb7c38a9069 100644
--- a/lib/lwres/man/lwres_gai_strerror.3
+++ b/lib/lwres/man/lwres_gai_strerror.3
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,36 +13,54 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id$
-.\"
.hy 0
.ad l
+'\" t
.\" Title: lwres_gai_strerror
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: June 18, 2007
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 2007-06-18
.\" Manual: BIND9
-.\" Source: BIND9
+.\" Source: ISC
+.\" Language: English
.\"
-.TH "LWRES_GAI_STRERROR" "3" "June 18, 2007" "BIND9" "BIND9"
+.TH "LWRES_GAI_STRERROR" "3" "2007\-06\-18" "ISC" "BIND9"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
.SH "NAME"
lwres_gai_strerror \- print suitable error string
.SH "SYNOPSIS"
+.sp
+.ft B
.nf
-#include <lwres/netdb.h>
+#include <lwres/netdb\&.h>
.fi
-.HP 20
+.ft
+.HP \w'char\ *\ gai_strerror('u
.BI "char * gai_strerror(int\ " "ecode" ");"
.SH "DESCRIPTION"
.PP
\fBlwres_gai_strerror()\fR
returns an error message corresponding to an error code returned by
-\fBgetaddrinfo()\fR. The following error codes and their meaning are defined in
-\fIinclude/lwres/netdb.h\fR.
+\fBgetaddrinfo()\fR\&. The following error codes and their meaning are defined in
+include/lwres/netdb\&.h\&.
.PP
\fBEAI_ADDRFAMILY\fR
.RS 4
@@ -106,7 +124,7 @@ The message
invalid error code
is returned if
\fIecode\fR
-is out of range.
+is out of range\&.
.PP
\fBai_flags\fR,
\fBai_family\fR
@@ -115,15 +133,19 @@ and
are elements of the
\fBstruct addrinfo\fR
used by
-\fBlwres_getaddrinfo()\fR.
+\fBlwres_getaddrinfo()\fR\&.
.SH "SEE ALSO"
.PP
\fBstrerror\fR(3),
\fBlwres_getaddrinfo\fR(3),
\fBgetaddrinfo\fR(3),
-\fBRFC2133\fR().
+\fBRFC2133\fR()\&.
+.SH "AUTHOR"
+.PP
+\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001 Internet Software Consortium.
.br
diff --git a/lib/lwres/man/lwres_gai_strerror.docbook b/lib/lwres/man/lwres_gai_strerror.docbook
index a9314d31998e..f6e04e7ecc3e 100644
--- a/lib/lwres/man/lwres_gai_strerror.docbook
+++ b/lib/lwres/man/lwres_gai_strerror.docbook
@@ -1,8 +1,5 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,10 +15,14 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<refentry>
-
+<!-- Converted by db4-upgrade version 1.0 -->
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0">
+ <info>
+ <date>2007-06-18</date>
+ </info>
<refentryinfo>
- <date>June 18, 2007</date>
+ <corpname>ISC</corpname>
+ <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
</refentryinfo>
<refmeta>
@@ -36,6 +37,7 @@
<year>2005</year>
<year>2007</year>
<year>2014</year>
+ <year>2015</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -62,8 +64,8 @@ char *
</funcsynopsis>
</refsynopsisdiv>
- <refsect1>
- <title>DESCRIPTION</title>
+ <refsection><info><title>DESCRIPTION</title></info>
+
<para><function>lwres_gai_strerror()</function>
returns an error message corresponding to an error code returned by
@@ -172,10 +174,10 @@ char *
used by
<function>lwres_getaddrinfo()</function>.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>SEE ALSO</title></info>
- <refsect1>
- <title>SEE ALSO</title>
<para><citerefentry>
<refentrytitle>strerror</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
@@ -192,9 +194,5 @@ char *
<refentrytitle>RFC2133</refentrytitle>
</citerefentry>.
</para>
- </refsect1>
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->
+ </refsection>
+</refentry>
diff --git a/lib/lwres/man/lwres_gai_strerror.html b/lib/lwres/man/lwres_gai_strerror.html
index 85d228ec1544..ce452128a7cf 100644
--- a/lib/lwres/man/lwres_gai_strerror.html
+++ b/lib/lwres/man/lwres_gai_strerror.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,15 +14,14 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>lwres_gai_strerror</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476275"></a><div class="titlepage"></div>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
+<a name="id-1"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_gai_strerror &#8212; print suitable error string</p>
@@ -31,25 +30,24 @@
<h2>Synopsis</h2>
<div class="funcsynopsis">
<pre class="funcsynopsisinfo">#include &lt;lwres/netdb.h&gt;</pre>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0"><tr>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;"><tr>
<td><code class="funcdef">
char *
<b class="fsfunc">gai_strerror</b>(</code></td>
-<td>int  </td>
-<td>
-<var class="pdparam">ecode</var><code>)</code>;</td>
+<td>int <var class="pdparam">ecode</var><code>)</code>;</td>
</tr></table>
+<div class="funcprototype-spacer"> </div>
</div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543370"></a><h2>DESCRIPTION</h2>
+<div class="refsection">
+<a name="id-1.7"></a><h2>DESCRIPTION</h2>
<p><code class="function">lwres_gai_strerror()</code>
returns an error message corresponding to an error code returned by
<code class="function">getaddrinfo()</code>.
The following error codes and their meaning are defined in
<code class="filename">include/lwres/netdb.h</code>.
</p>
-<div class="variablelist"><dl>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term"><span class="errorcode">EAI_ADDRFAMILY</span></span></dt>
<dd><p>
address family for hostname not supported
@@ -109,8 +107,8 @@ char *
<code class="function">lwres_getaddrinfo()</code>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543586"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.8"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">strerror</span>(3)</span>,
<span class="citerefentry"><span class="refentrytitle">lwres_getaddrinfo</span>(3)</span>,
diff --git a/lib/lwres/man/lwres_getaddrinfo.3 b/lib/lwres/man/lwres_getaddrinfo.3
index 88b4beabd2ce..af5454365214 100644
--- a/lib/lwres/man/lwres_getaddrinfo.3
+++ b/lib/lwres/man/lwres_getaddrinfo.3
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,37 +13,54 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id$
-.\"
.hy 0
.ad l
+'\" t
.\" Title: lwres_getaddrinfo
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: June 18, 2007
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 2007-06-18
.\" Manual: BIND9
-.\" Source: BIND9
+.\" Source: ISC
+.\" Language: English
.\"
-.TH "LWRES_GETADDRINFO" "3" "June 18, 2007" "BIND9" "BIND9"
+.TH "LWRES_GETADDRINFO" "3" "2007\-06\-18" "ISC" "BIND9"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
.SH "NAME"
lwres_getaddrinfo, lwres_freeaddrinfo \- socket address structure to host and service name
.SH "SYNOPSIS"
+.sp
+.ft B
.nf
-#include <lwres/netdb.h>
+#include <lwres/netdb\&.h>
.fi
-.HP 22
+.ft
+.HP \w'int\ lwres_getaddrinfo('u
.BI "int lwres_getaddrinfo(const\ char\ *" "hostname" ", const\ char\ *" "servname" ", const\ struct\ addrinfo\ *" "hints" ", struct\ addrinfo\ **" "res" ");"
-.HP 24
+.HP \w'void\ lwres_freeaddrinfo('u
.BI "void lwres_freeaddrinfo(struct\ addrinfo\ *" "ai" ");"
.PP
If the operating system does not provide a
\fBstruct addrinfo\fR, the following structure is used:
.PP
-.RS 4
.nf
struct addrinfo {
int ai_flags; /* AI_PASSIVE, AI_CANONNAME */
@@ -56,7 +73,6 @@ struct addrinfo {
struct addrinfo *ai_next; /* next structure in linked list */
};
.fi
-.RE
.sp
.SH "DESCRIPTION"
.PP
@@ -64,31 +80,31 @@ struct addrinfo {
is used to get a list of IP addresses and port numbers for host
\fIhostname\fR
and service
-\fIservname\fR. The function is the lightweight resolver's implementation of
+\fIservname\fR\&. The function is the lightweight resolver\*(Aqs implementation of
\fBgetaddrinfo()\fR
-as defined in RFC2133.
+as defined in RFC2133\&.
\fIhostname\fR
and
\fIservname\fR
are pointers to null\-terminated strings or
-\fBNULL\fR.
+\fBNULL\fR\&.
\fIhostname\fR
-is either a host name or a numeric host address string: a dotted decimal IPv4 address or an IPv6 address.
+is either a host name or a numeric host address string: a dotted decimal IPv4 address or an IPv6 address\&.
\fIservname\fR
is either a decimal port number or a service name as listed in
-\fI/etc/services\fR.
+/etc/services\&.
.PP
\fIhints\fR
is an optional pointer to a
-\fBstruct addrinfo\fR. This structure can be used to provide hints concerning the type of socket that the caller supports or wishes to use. The caller can supply the following structure elements in
+\fBstruct addrinfo\fR\&. This structure can be used to provide hints concerning the type of socket that the caller supports or wishes to use\&. The caller can supply the following structure elements in
\fI*hints\fR:
.PP
\fBai_family\fR
.RS 4
-The protocol family that should be used. When
+The protocol family that should be used\&. When
\fBai_family\fR
is set to
-\fBPF_UNSPEC\fR, it means the caller will accept any protocol family supported by the operating system.
+\fBPF_UNSPEC\fR, it means the caller will accept any protocol family supported by the operating system\&.
.RE
.PP
\fBai_socktype\fR
@@ -98,21 +114,21 @@ denotes the type of socket \(em
\fBSOCK_DGRAM\fR
or
\fBSOCK_RAW\fR
-\(em that is wanted. When
+\(em that is wanted\&. When
\fBai_socktype\fR
-is zero the caller will accept any socket type.
+is zero the caller will accept any socket type\&.
.RE
.PP
\fBai_protocol\fR
.RS 4
-indicates which transport protocol is wanted: IPPROTO_UDP or IPPROTO_TCP. If
+indicates which transport protocol is wanted: IPPROTO_UDP or IPPROTO_TCP\&. If
\fBai_protocol\fR
-is zero the caller will accept any protocol.
+is zero the caller will accept any protocol\&.
.RE
.PP
\fBai_flags\fR
.RS 4
-Flag bits. If the
+Flag bits\&. If the
\fBAI_CANONNAME\fR
bit is set, a successful call to
\fBlwres_getaddrinfo()\fR
@@ -120,16 +136,16 @@ will return a null\-terminated string containing the canonical name of the speci
\fBai_canonname\fR
of the first
\fBaddrinfo\fR
-structure returned. Setting the
+structure returned\&. Setting the
\fBAI_PASSIVE\fR
bit indicates that the returned socket address structure is intended for used in a call to
-\fBbind\fR(2). In this case, if the hostname argument is a
+\fBbind\fR(2)\&. In this case, if the hostname argument is a
\fBNULL\fR
pointer, then the IP address portion of the socket address structure will be set to
\fBINADDR_ANY\fR
for an IPv4 address or
\fBIN6ADDR_ANY_INIT\fR
-for an IPv6 address.
+for an IPv6 address\&.
.sp
When
\fBai_flags\fR
@@ -141,14 +157,14 @@ for a connection\-oriented protocol or
\fBconnect\fR(2),
\fBsendto\fR(2), or
\fBsendmsg\fR(2)
-if a connectionless protocol was chosen. The IP address portion of the socket address structure will be set to the loopback address if
+if a connectionless protocol was chosen\&. The IP address portion of the socket address structure will be set to the loopback address if
\fIhostname\fR
is a
\fBNULL\fR
pointer and
\fBAI_PASSIVE\fR
is not set in
-\fBai_flags\fR.
+\fBai_flags\fR\&.
.sp
If
\fBai_flags\fR
@@ -156,14 +172,14 @@ is set to
\fBAI_NUMERICHOST\fR
it indicates that
\fIhostname\fR
-should be treated as a numeric string defining an IPv4 or IPv6 address and no name resolution should be attempted.
+should be treated as a numeric string defining an IPv4 or IPv6 address and no name resolution should be attempted\&.
.RE
.PP
All other elements of the
\fBstruct addrinfo\fR
passed via
\fIhints\fR
-must be zero.
+must be zero\&.
.PP
A
\fIhints\fR
@@ -173,59 +189,58 @@ is treated as if the caller provided a
\fBstruct addrinfo\fR
initialized to zero with
\fBai_family\fRset to
-\fBPF_UNSPEC\fR.
+\fBPF_UNSPEC\fR\&.
.PP
After a successful call to
\fBlwres_getaddrinfo()\fR,
\fI*res\fR
is a pointer to a linked list of one or more
\fBaddrinfo\fR
-structures. Each
+structures\&. Each
\fBstruct addrinfo\fR
in this list cn be processed by following the
\fBai_next\fR
pointer, until a
\fBNULL\fR
-pointer is encountered. The three members
+pointer is encountered\&. The three members
\fBai_family\fR,
\fBai_socktype\fR, and
\fBai_protocol\fR
in each returned
\fBaddrinfo\fR
structure contain the corresponding arguments for a call to
-\fBsocket\fR(2). For each
+\fBsocket\fR(2)\&. For each
\fBaddrinfo\fR
structure in the list, the
\fBai_addr\fR
member points to a filled\-in socket address structure of length
-\fBai_addrlen\fR.
+\fBai_addrlen\fR\&.
.PP
All of the information returned by
\fBlwres_getaddrinfo()\fR
is dynamically allocated: the addrinfo structures, and the socket address structures and canonical host name strings pointed to by the
-\fBaddrinfo\fRstructures. Memory allocated for the dynamically allocated structures created by a successful call to
+\fBaddrinfo\fRstructures\&. Memory allocated for the dynamically allocated structures created by a successful call to
\fBlwres_getaddrinfo()\fR
is released by
-\fBlwres_freeaddrinfo()\fR.
+\fBlwres_freeaddrinfo()\fR\&.
\fIai\fR
is a pointer to a
\fBstruct addrinfo\fR
created by a call to
-\fBlwres_getaddrinfo()\fR.
+\fBlwres_getaddrinfo()\fR\&.
.SH "RETURN VALUES"
.PP
\fBlwres_getaddrinfo()\fR
returns zero on success or one of the error codes listed in
\fBgai_strerror\fR(3)
-if an error occurs. If both
+if an error occurs\&. If both
\fIhostname\fR
and
\fIservname\fR
are
-\fBNULL\fR
-\fBlwres_getaddrinfo()\fR
+\fBNULL\fR\fBlwres_getaddrinfo()\fR
returns
-\fBEAI_NONAME\fR.
+\fBEAI_NONAME\fR\&.
.SH "SEE ALSO"
.PP
\fBlwres\fR(3),
@@ -238,9 +253,13 @@ returns
\fBconnect\fR(2),
\fBsendto\fR(2),
\fBsendmsg\fR(2),
-\fBsocket\fR(2).
+\fBsocket\fR(2)\&.
+.SH "AUTHOR"
+.PP
+\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001, 2003 Internet Software Consortium.
.br
diff --git a/lib/lwres/man/lwres_getaddrinfo.docbook b/lib/lwres/man/lwres_getaddrinfo.docbook
index 76927fd82250..2517b15970b8 100644
--- a/lib/lwres/man/lwres_getaddrinfo.docbook
+++ b/lib/lwres/man/lwres_getaddrinfo.docbook
@@ -1,8 +1,7 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
+<!DOCTYPE book [
+<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,10 +17,14 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<refentry>
-
+<!-- Converted by db4-upgrade version 1.0 -->
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0">
+ <info>
+ <date>2007-06-18</date>
+ </info>
<refentryinfo>
- <date>June 18, 2007</date>
+ <corpname>ISC</corpname>
+ <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
</refentryinfo>
<refmeta>
@@ -36,6 +39,7 @@
<year>2005</year>
<year>2007</year>
<year>2014</year>
+ <year>2015</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -92,8 +96,8 @@ struct addrinfo {
</refsynopsisdiv>
- <refsect1>
- <title>DESCRIPTION</title>
+ <refsection><info><title>DESCRIPTION</title></info>
+
<para><function>lwres_getaddrinfo()</function>
is used to get a list of IP addresses and port numbers for host
@@ -316,10 +320,10 @@ struct addrinfo {
<function>lwres_getaddrinfo()</function>.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>RETURN VALUES</title></info>
- <refsect1>
- <title>RETURN VALUES</title>
<para><function>lwres_getaddrinfo()</function>
returns zero on success or one of the error codes listed in
@@ -331,9 +335,9 @@ struct addrinfo {
<function>lwres_getaddrinfo()</function> returns
<errorcode>EAI_NONAME</errorcode>.
</para>
- </refsect1>
- <refsect1>
- <title>SEE ALSO</title>
+ </refsection>
+ <refsection><info><title>SEE ALSO</title></info>
+
<para><citerefentry>
<refentrytitle>lwres</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
@@ -379,9 +383,5 @@ struct addrinfo {
</citerefentry>.
</para>
- </refsect1>
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->
+ </refsection>
+</refentry>
diff --git a/lib/lwres/man/lwres_getaddrinfo.html b/lib/lwres/man/lwres_getaddrinfo.html
index b4845f56b440..b65488464d50 100644
--- a/lib/lwres/man/lwres_getaddrinfo.html
+++ b/lib/lwres/man/lwres_getaddrinfo.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,15 +14,14 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>lwres_getaddrinfo</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476275"></a><div class="titlepage"></div>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
+<a name="id-1"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_getaddrinfo, lwres_freeaddrinfo &#8212; socket address structure to host and service name</p>
@@ -31,42 +30,34 @@
<h2>Synopsis</h2>
<div class="funcsynopsis">
<pre class="funcsynopsisinfo">#include &lt;lwres/netdb.h&gt;</pre>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
int
<b class="fsfunc">lwres_getaddrinfo</b>(</code></td>
-<td>const char * </td>
-<td>
-<var class="pdparam">hostname</var>, </td>
+<td>const char *<var class="pdparam">hostname</var>, </td>
</tr>
<tr>
<td> </td>
-<td>const char * </td>
-<td>
-<var class="pdparam">servname</var>, </td>
+<td>const char *<var class="pdparam">servname</var>, </td>
</tr>
<tr>
<td> </td>
-<td>const struct addrinfo * </td>
-<td>
-<var class="pdparam">hints</var>, </td>
+<td>const struct addrinfo *<var class="pdparam">hints</var>, </td>
</tr>
<tr>
<td> </td>
-<td>struct addrinfo ** </td>
-<td>
-<var class="pdparam">res</var><code>)</code>;</td>
+<td>struct addrinfo **<var class="pdparam">res</var><code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0"><tr>
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;"><tr>
<td><code class="funcdef">
void
<b class="fsfunc">lwres_freeaddrinfo</b>(</code></td>
-<td>struct addrinfo * </td>
-<td>
-<var class="pdparam">ai</var><code>)</code>;</td>
+<td>struct addrinfo *<var class="pdparam">ai</var><code>)</code>;</td>
</tr></table>
+<div class="funcprototype-spacer"> </div>
</div>
<p>
If the operating system does not provide a
@@ -88,8 +79,8 @@ struct addrinfo {
<p>
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543421"></a><h2>DESCRIPTION</h2>
+<div class="refsection">
+<a name="id-1.7"></a><h2>DESCRIPTION</h2>
<p><code class="function">lwres_getaddrinfo()</code>
is used to get a list of IP addresses and port numbers for host
<em class="parameter"><code>hostname</code></em> and service
@@ -117,7 +108,7 @@ struct addrinfo {
<em class="parameter"><code>*hints</code></em>:
</p>
-<div class="variablelist"><dl>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term"><code class="constant">ai_family</code></span></dt>
<dd><p>
The protocol family that should be used.
@@ -282,8 +273,8 @@ struct addrinfo {
<code class="function">lwres_getaddrinfo()</code>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543799"></a><h2>RETURN VALUES</h2>
+<div class="refsection">
+<a name="id-1.8"></a><h2>RETURN VALUES</h2>
<p><code class="function">lwres_getaddrinfo()</code>
returns zero on success or one of the error codes listed in
<span class="citerefentry"><span class="refentrytitle">gai_strerror</span>(3)</span>
@@ -293,8 +284,8 @@ struct addrinfo {
<span class="errorcode">EAI_NONAME</span>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543836"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.9"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">lwres</span>(3)</span>,
<span class="citerefentry"><span class="refentrytitle">lwres_getaddrinfo</span>(3)</span>,
diff --git a/lib/lwres/man/lwres_gethostent.3 b/lib/lwres/man/lwres_gethostent.3
index e53aa33c1755..36e249431fae 100644
--- a/lib/lwres/man/lwres_gethostent.3
+++ b/lib/lwres/man/lwres_gethostent.3
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,60 +13,80 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id$
-.\"
.hy 0
.ad l
+'\" t
.\" Title: lwres_gethostent
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: June 18, 2007
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 2007-06-18
.\" Manual: BIND9
-.\" Source: BIND9
+.\" Source: ISC
+.\" Language: English
.\"
-.TH "LWRES_GETHOSTENT" "3" "June 18, 2007" "BIND9" "BIND9"
+.TH "LWRES_GETHOSTENT" "3" "2007\-06\-18" "ISC" "BIND9"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
.SH "NAME"
lwres_gethostbyname, lwres_gethostbyname2, lwres_gethostbyaddr, lwres_gethostent, lwres_sethostent, lwres_endhostent, lwres_gethostbyname_r, lwres_gethostbyaddr_r, lwres_gethostent_r, lwres_sethostent_r, lwres_endhostent_r \- lightweight resolver get network host entry
.SH "SYNOPSIS"
+.sp
+.ft B
.nf
-#include <lwres/netdb.h>
+#include <lwres/netdb\&.h>
.fi
-.HP 37
+.ft
+.HP \w'struct\ hostent\ *\ lwres_gethostbyname('u
.BI "struct hostent * lwres_gethostbyname(const\ char\ *" "name" ");"
-.HP 38
+.HP \w'struct\ hostent\ *\ lwres_gethostbyname2('u
.BI "struct hostent * lwres_gethostbyname2(const\ char\ *" "name" ", int\ " "af" ");"
-.HP 37
+.HP \w'struct\ hostent\ *\ lwres_gethostbyaddr('u
.BI "struct hostent * lwres_gethostbyaddr(const\ char\ *" "addr" ", int\ " "len" ", int\ " "type" ");"
-.HP 34
+.HP \w'struct\ hostent\ *\ lwres_gethostent('u
.BI "struct hostent * lwres_gethostent(void);"
-.HP 22
+.HP \w'void\ lwres_sethostent('u
.BI "void lwres_sethostent(int\ " "stayopen" ");"
-.HP 22
+.HP \w'void\ lwres_endhostent('u
.BI "void lwres_endhostent(void);"
-.HP 39
+.HP \w'struct\ hostent\ *\ lwres_gethostbyname_r('u
.BI "struct hostent * lwres_gethostbyname_r(const\ char\ *" "name" ", struct\ hostent\ *" "resbuf" ", char\ *" "buf" ", int\ " "buflen" ", int\ *" "error" ");"
-.HP 39
+.HP \w'struct\ hostent\ *\ lwres_gethostbyaddr_r('u
.BI "struct hostent * lwres_gethostbyaddr_r(const\ char\ *" "addr" ", int\ " "len" ", int\ " "type" ", struct\ hostent\ *" "resbuf" ", char\ *" "buf" ", int\ " "buflen" ", int\ *" "error" ");"
-.HP 36
+.HP \w'struct\ hostent\ *\ lwres_gethostent_r('u
.BI "struct hostent * lwres_gethostent_r(struct\ hostent\ *" "resbuf" ", char\ *" "buf" ", int\ " "buflen" ", int\ *" "error" ");"
-.HP 24
+.HP \w'void\ lwres_sethostent_r('u
.BI "void lwres_sethostent_r(int\ " "stayopen" ");"
-.HP 24
+.HP \w'void\ lwres_endhostent_r('u
.BI "void lwres_endhostent_r(void);"
.SH "DESCRIPTION"
.PP
-These functions provide hostname\-to\-address and address\-to\-hostname lookups by means of the lightweight resolver. They are similar to the standard
+These functions provide hostname\-to\-address and address\-to\-hostname lookups by means of the lightweight resolver\&. They are similar to the standard
\fBgethostent\fR(3)
-functions provided by most operating systems. They use a
+functions provided by most operating systems\&. They use a
\fBstruct hostent\fR
which is usually defined in
-\fI<namedb.h>\fR.
+<namedb\&.h>\&.
.PP
+.if n \{\
.RS 4
+.\}
.nf
struct hostent {
char *h_name; /* official name of host */
@@ -77,19 +97,20 @@ struct hostent {
};
#define h_addr h_addr_list[0] /* address, for backward compatibility */
.fi
+.if n \{\
.RE
-.sp
+.\}
.PP
The members of this structure are:
.PP
\fBh_name\fR
.RS 4
-The official (canonical) name of the host.
+The official (canonical) name of the host\&.
.RE
.PP
\fBh_aliases\fR
.RS 4
-A NULL\-terminated array of alternate names (nicknames) for the host.
+A NULL\-terminated array of alternate names (nicknames) for the host\&.
.RE
.PP
\fBh_addrtype\fR
@@ -97,25 +118,25 @@ A NULL\-terminated array of alternate names (nicknames) for the host.
The type of address being returned \(em
\fBPF_INET\fR
or
-\fBPF_INET6\fR.
+\fBPF_INET6\fR\&.
.RE
.PP
\fBh_length\fR
.RS 4
-The length of the address in bytes.
+The length of the address in bytes\&.
.RE
.PP
\fBh_addr_list\fR
.RS 4
A
\fBNULL\fR
-terminated array of network addresses for the host. Host addresses are returned in network byte order.
+terminated array of network addresses for the host\&. Host addresses are returned in network byte order\&.
.RE
.PP
For backward compatibility with very old software,
\fBh_addr\fR
is the first address in
-\fBh_addr_list.\fR
+\fBh_addr_list\&.\fR
.PP
\fBlwres_gethostent()\fR,
\fBlwres_sethostent()\fR,
@@ -125,14 +146,14 @@ is the first address in
and
\fBlwres_endhostent_r()\fR
provide iteration over the known host entries on systems that provide such functionality through facilities like
-\fI/etc/hosts\fR
-or NIS. The lightweight resolver does not currently implement these functions; it only provides them as stub functions that always return failure.
+/etc/hosts
+or NIS\&. The lightweight resolver does not currently implement these functions; it only provides them as stub functions that always return failure\&.
.PP
\fBlwres_gethostbyname()\fR
and
\fBlwres_gethostbyname2()\fR
look up the hostname
-\fIname\fR.
+\fIname\fR\&.
\fBlwres_gethostbyname()\fR
always looks for an IPv4 address while
\fBlwres_gethostbyname2()\fR
@@ -141,17 +162,17 @@ looks for an address of protocol family
\fBPF_INET\fR
or
\fBPF_INET6\fR
-\(em IPv4 or IPV6 addresses respectively. Successful calls of the functions return a
-\fBstruct hostent\fRfor the name that was looked up.
+\(em IPv4 or IPV6 addresses respectively\&. Successful calls of the functions return a
+\fBstruct hostent\fRfor the name that was looked up\&.
\fBNULL\fR
is returned if the lookups by
\fBlwres_gethostbyname()\fR
or
\fBlwres_gethostbyname2()\fR
-fail.
+fail\&.
.PP
Reverse lookups of addresses are performed by
-\fBlwres_gethostbyaddr()\fR.
+\fBlwres_gethostbyaddr()\fR\&.
\fIaddr\fR
is an address of length
\fIlen\fR
@@ -160,15 +181,15 @@ bytes and protocol family
\(em
\fBPF_INET\fR
or
-\fBPF_INET6\fR.
+\fBPF_INET6\fR\&.
\fBlwres_gethostbyname_r()\fR
-is a thread\-safe function for forward lookups. If an error occurs, an error code is returned in
-\fI*error\fR.
+is a thread\-safe function for forward lookups\&. If an error occurs, an error code is returned in
+\fI*error\fR\&.
\fIresbuf\fR
is a pointer to a
\fBstruct hostent\fR
which is initialised by a successful call to
-\fBlwres_gethostbyname_r()\fR.
+\fBlwres_gethostbyname_r()\fR\&.
\fIbuf\fR
is a buffer of length
\fIlen\fR
@@ -179,12 +200,12 @@ bytes which is used to store the
elements of the
\fBstruct hostent\fR
returned in
-\fIresbuf\fR. Successful calls to
+\fIresbuf\fR\&. Successful calls to
\fBlwres_gethostbyname_r()\fR
return
\fIresbuf\fR, which is a pointer to the
\fBstruct hostent\fR
-it created.
+it created\&.
.PP
\fBlwres_gethostbyaddr_r()\fR
is a thread\-safe function that performs a reverse lookup of address
@@ -196,14 +217,14 @@ bytes long and is of protocol family
\(em
\fBPF_INET\fR
or
-\fBPF_INET6\fR. If an error occurs, the error code is returned in
-\fI*error\fR. The other function parameters are identical to those in
-\fBlwres_gethostbyname_r()\fR.
+\fBPF_INET6\fR\&. If an error occurs, the error code is returned in
+\fI*error\fR\&. The other function parameters are identical to those in
+\fBlwres_gethostbyname_r()\fR\&.
\fIresbuf\fR
is a pointer to a
\fBstruct hostent\fR
which is initialised by a successful call to
-\fBlwres_gethostbyaddr_r()\fR.
+\fBlwres_gethostbyaddr_r()\fR\&.
\fIbuf\fR
is a buffer of length
\fIlen\fR
@@ -214,12 +235,12 @@ bytes which is used to store the
elements of the
\fBstruct hostent\fR
returned in
-\fIresbuf\fR. Successful calls to
+\fIresbuf\fR\&. Successful calls to
\fBlwres_gethostbyaddr_r()\fR
return
\fIresbuf\fR, which is a pointer to the
\fBstruct hostent()\fR
-it created.
+it created\&.
.SH "RETURN VALUES"
.PP
The functions
@@ -227,39 +248,39 @@ The functions
\fBlwres_gethostbyname2()\fR,
\fBlwres_gethostbyaddr()\fR, and
\fBlwres_gethostent()\fR
-return NULL to indicate an error. In this case the global variable
+return NULL to indicate an error\&. In this case the global variable
\fBlwres_h_errno\fR
will contain one of the following error codes defined in
-\fI<lwres/netdb.h>\fR:
+<lwres/netdb\&.h>:
.PP
\fBHOST_NOT_FOUND\fR
.RS 4
-The host or address was not found.
+The host or address was not found\&.
.RE
.PP
\fBTRY_AGAIN\fR
.RS 4
-A recoverable error occurred, e.g., a timeout. Retrying the lookup may succeed.
+A recoverable error occurred, e\&.g\&., a timeout\&. Retrying the lookup may succeed\&.
.RE
.PP
\fBNO_RECOVERY\fR
.RS 4
-A non\-recoverable error occurred.
+A non\-recoverable error occurred\&.
.RE
.PP
\fBNO_DATA\fR
.RS 4
-The name exists, but has no address information associated with it (or vice versa in the case of a reverse lookup). The code NO_ADDRESS is accepted as a synonym for NO_DATA for backwards compatibility.
+The name exists, but has no address information associated with it (or vice versa in the case of a reverse lookup)\&. The code NO_ADDRESS is accepted as a synonym for NO_DATA for backwards compatibility\&.
.RE
.PP
\fBlwres_hstrerror\fR(3)
-translates these error codes to suitable error messages.
+translates these error codes to suitable error messages\&.
.PP
\fBlwres_gethostent()\fR
and
\fBlwres_gethostent_r()\fR
always return
-\fBNULL\fR.
+\fBNULL\fR\&.
.PP
Successful calls to
\fBlwres_gethostbyname_r()\fR
@@ -268,7 +289,7 @@ and
return
\fIresbuf\fR, a pointer to the
\fBstruct hostent\fR
-that was initialised by these functions. They return
+that was initialised by these functions\&. They return
\fBNULL\fR
if the lookups fail or if
\fIbuf\fR
@@ -277,7 +298,7 @@ was too small to hold the list of addresses and names referenced by the
\fBh_aliases\fR, and
\fBh_addr_list\fR
elements of the
-\fBstruct hostent\fR. If
+\fBstruct hostent\fR\&. If
\fIbuf\fR
was too small, both
\fBlwres_gethostbyname_r()\fR
@@ -286,7 +307,7 @@ and
set the global variable
\fBerrno\fR
to
-\fBERANGE\fR.
+\fBERANGE\fR\&.
.SH "SEE ALSO"
.PP
\fBgethostent\fR(3),
@@ -299,17 +320,21 @@ to
\fBlwres_gethostbyaddr()\fR
and
\fBlwres_endhostent()\fR
-are not thread safe; they return pointers to static data and provide error codes through a global variable. Thread\-safe versions for name and address lookup are provided by
+are not thread safe; they return pointers to static data and provide error codes through a global variable\&. Thread\-safe versions for name and address lookup are provided by
\fBlwres_gethostbyname_r()\fR, and
\fBlwres_gethostbyaddr_r()\fR
-respectively.
+respectively\&.
.PP
The resolver daemon does not currently support any non\-DNS name services such as
-\fI/etc/hosts\fR
+/etc/hosts
or
-\fBNIS\fR, consequently the above functions don't, either.
+\fBNIS\fR, consequently the above functions don\*(Aqt, either\&.
+.SH "AUTHOR"
+.PP
+\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2001 Internet Software Consortium.
.br
diff --git a/lib/lwres/man/lwres_gethostent.docbook b/lib/lwres/man/lwres_gethostent.docbook
index 487fb7f9ea18..cf68feb21307 100644
--- a/lib/lwres/man/lwres_gethostent.docbook
+++ b/lib/lwres/man/lwres_gethostent.docbook
@@ -1,8 +1,7 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
+<!DOCTYPE book [
+<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,10 +17,14 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<refentry>
-
+<!-- Converted by db4-upgrade version 1.0 -->
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0">
+ <info>
+ <date>2007-06-18</date>
+ </info>
<refentryinfo>
- <date>June 18, 2007</date>
+ <corpname>ISC</corpname>
+ <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
</refentryinfo>
<refmeta>
@@ -36,6 +39,7 @@
<year>2005</year>
<year>2007</year>
<year>2014</year>
+ <year>2015</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -146,8 +150,8 @@ void
</funcsynopsis>
</refsynopsisdiv>
- <refsect1>
- <title>DESCRIPTION</title>
+ <refsection><info><title>DESCRIPTION</title></info>
+
<para>
These functions provide hostname-to-address and
address-to-hostname lookups by means of the lightweight resolver.
@@ -306,10 +310,10 @@ struct hostent {
<function>struct hostent()</function> it created.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>RETURN VALUES</title></info>
- <refsect1>
- <title>RETURN VALUES</title>
<para>
The functions
<function>lwres_gethostbyname()</function>,
@@ -391,9 +395,9 @@ struct hostent {
<type>errno</type> to <errorcode>ERANGE</errorcode>.
</para>
- </refsect1>
- <refsect1>
- <title>SEE ALSO</title>
+ </refsection>
+ <refsection><info><title>SEE ALSO</title></info>
+
<para><citerefentry>
<refentrytitle>gethostent</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
@@ -406,10 +410,10 @@ struct hostent {
<refentrytitle>lwres_hstrerror</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>BUGS</title></info>
- <refsect1>
- <title>BUGS</title>
<para><function>lwres_gethostbyname()</function>,
<function>lwres_gethostbyname2()</function>,
<function>lwres_gethostbyaddr()</function>
@@ -431,9 +435,5 @@ struct hostent {
<type>NIS</type>,
consequently the above functions don't, either.
</para>
- </refsect1>
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->
+ </refsection>
+</refentry>
diff --git a/lib/lwres/man/lwres_gethostent.html b/lib/lwres/man/lwres_gethostent.html
index 3435f1c18078..ef0a5f382070 100644
--- a/lib/lwres/man/lwres_gethostent.html
+++ b/lib/lwres/man/lwres_gethostent.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,15 +14,14 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>lwres_gethostent</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476275"></a><div class="titlepage"></div>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
+<a name="id-1"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_gethostbyname, lwres_gethostbyname2, lwres_gethostbyaddr, lwres_gethostent, lwres_sethostent, lwres_endhostent, lwres_gethostbyname_r, lwres_gethostbyaddr_r, lwres_gethostent_r, lwres_sethostent_r, lwres_endhostent_r &#8212; lightweight resolver get network host entry</p>
@@ -31,204 +30,161 @@
<h2>Synopsis</h2>
<div class="funcsynopsis">
<pre class="funcsynopsisinfo">#include &lt;lwres/netdb.h&gt;</pre>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em"><tr>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;"><tr>
<td><code class="funcdef">
struct hostent *
<b class="fsfunc">lwres_gethostbyname</b>(</code></td>
-<td>const char * </td>
-<td>
-<var class="pdparam">name</var><code>)</code>;</td>
+<td>const char *<var class="pdparam">name</var><code>)</code>;</td>
</tr></table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
struct hostent *
<b class="fsfunc">lwres_gethostbyname2</b>(</code></td>
-<td>const char * </td>
-<td>
-<var class="pdparam">name</var>, </td>
+<td>const char *<var class="pdparam">name</var>, </td>
</tr>
<tr>
<td> </td>
-<td>int  </td>
-<td>
-<var class="pdparam">af</var><code>)</code>;</td>
+<td>int <var class="pdparam">af</var><code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
struct hostent *
<b class="fsfunc">lwres_gethostbyaddr</b>(</code></td>
-<td>const char * </td>
-<td>
-<var class="pdparam">addr</var>, </td>
+<td>const char *<var class="pdparam">addr</var>, </td>
</tr>
<tr>
<td> </td>
-<td>int  </td>
-<td>
-<var class="pdparam">len</var>, </td>
+<td>int <var class="pdparam">len</var>, </td>
</tr>
<tr>
<td> </td>
-<td>int  </td>
-<td>
-<var class="pdparam">type</var><code>)</code>;</td>
+<td>int <var class="pdparam">type</var><code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em"><tr>
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;"><tr>
<td><code class="funcdef">
struct hostent *
<b class="fsfunc">lwres_gethostent</b>(</code></td>
-<td> </td>
-<td>
-<code>)</code>;</td>
+<td>void<code>)</code>;</td>
</tr></table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em"><tr>
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;"><tr>
<td><code class="funcdef">
void
<b class="fsfunc">lwres_sethostent</b>(</code></td>
-<td>int  </td>
-<td>
-<var class="pdparam">stayopen</var><code>)</code>;</td>
+<td>int <var class="pdparam">stayopen</var><code>)</code>;</td>
</tr></table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em"><tr>
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;"><tr>
<td><code class="funcdef">
void
<b class="fsfunc">lwres_endhostent</b>(</code></td>
-<td> </td>
-<td>
-<code>)</code>;</td>
+<td>void<code>)</code>;</td>
</tr></table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
struct hostent *
<b class="fsfunc">lwres_gethostbyname_r</b>(</code></td>
-<td>const char * </td>
-<td>
-<var class="pdparam">name</var>, </td>
+<td>const char *<var class="pdparam">name</var>, </td>
</tr>
<tr>
<td> </td>
-<td>struct hostent * </td>
-<td>
-<var class="pdparam">resbuf</var>, </td>
+<td>struct hostent *<var class="pdparam">resbuf</var>, </td>
</tr>
<tr>
<td> </td>
-<td>char * </td>
-<td>
-<var class="pdparam">buf</var>, </td>
+<td>char *<var class="pdparam">buf</var>, </td>
</tr>
<tr>
<td> </td>
-<td>int  </td>
-<td>
-<var class="pdparam">buflen</var>, </td>
+<td>int <var class="pdparam">buflen</var>, </td>
</tr>
<tr>
<td> </td>
-<td>int * </td>
-<td>
-<var class="pdparam">error</var><code>)</code>;</td>
+<td>int *<var class="pdparam">error</var><code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
struct hostent *
<b class="fsfunc">lwres_gethostbyaddr_r</b>(</code></td>
-<td>const char * </td>
-<td>
-<var class="pdparam">addr</var>, </td>
+<td>const char *<var class="pdparam">addr</var>, </td>
</tr>
<tr>
<td> </td>
-<td>int  </td>
-<td>
-<var class="pdparam">len</var>, </td>
+<td>int <var class="pdparam">len</var>, </td>
</tr>
<tr>
<td> </td>
-<td>int  </td>
-<td>
-<var class="pdparam">type</var>, </td>
+<td>int <var class="pdparam">type</var>, </td>
</tr>
<tr>
<td> </td>
-<td>struct hostent * </td>
-<td>
-<var class="pdparam">resbuf</var>, </td>
+<td>struct hostent *<var class="pdparam">resbuf</var>, </td>
</tr>
<tr>
<td> </td>
-<td>char * </td>
-<td>
-<var class="pdparam">buf</var>, </td>
+<td>char *<var class="pdparam">buf</var>, </td>
</tr>
<tr>
<td> </td>
-<td>int  </td>
-<td>
-<var class="pdparam">buflen</var>, </td>
+<td>int <var class="pdparam">buflen</var>, </td>
</tr>
<tr>
<td> </td>
-<td>int * </td>
-<td>
-<var class="pdparam">error</var><code>)</code>;</td>
+<td>int *<var class="pdparam">error</var><code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
struct hostent *
<b class="fsfunc">lwres_gethostent_r</b>(</code></td>
-<td>struct hostent * </td>
-<td>
-<var class="pdparam">resbuf</var>, </td>
+<td>struct hostent *<var class="pdparam">resbuf</var>, </td>
</tr>
<tr>
<td> </td>
-<td>char * </td>
-<td>
-<var class="pdparam">buf</var>, </td>
+<td>char *<var class="pdparam">buf</var>, </td>
</tr>
<tr>
<td> </td>
-<td>int  </td>
-<td>
-<var class="pdparam">buflen</var>, </td>
+<td>int <var class="pdparam">buflen</var>, </td>
</tr>
<tr>
<td> </td>
-<td>int * </td>
-<td>
-<var class="pdparam">error</var><code>)</code>;</td>
+<td>int *<var class="pdparam">error</var><code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em"><tr>
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;"><tr>
<td><code class="funcdef">
void
<b class="fsfunc">lwres_sethostent_r</b>(</code></td>
-<td>int  </td>
-<td>
-<var class="pdparam">stayopen</var><code>)</code>;</td>
+<td>int <var class="pdparam">stayopen</var><code>)</code>;</td>
</tr></table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0"><tr>
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;"><tr>
<td><code class="funcdef">
void
<b class="fsfunc">lwres_endhostent_r</b>(</code></td>
-<td> </td>
-<td>
-<code>)</code>;</td>
+<td>void<code>)</code>;</td>
</tr></table>
+<div class="funcprototype-spacer"> </div>
</div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543618"></a><h2>DESCRIPTION</h2>
+<div class="refsection">
+<a name="id-1.7"></a><h2>DESCRIPTION</h2>
<p>
These functions provide hostname-to-address and
address-to-hostname lookups by means of the lightweight resolver.
@@ -255,7 +211,7 @@ struct hostent {
<p>
The members of this structure are:
</p>
-<div class="variablelist"><dl>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term"><code class="constant">h_name</code></span></dt>
<dd><p>
The official (canonical) name of the host.
@@ -365,8 +321,8 @@ struct hostent {
<code class="function">struct hostent()</code> it created.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543969"></a><h2>RETURN VALUES</h2>
+<div class="refsection">
+<a name="id-1.8"></a><h2>RETURN VALUES</h2>
<p>
The functions
<code class="function">lwres_gethostbyname()</code>,
@@ -380,7 +336,7 @@ struct hostent {
<code class="filename">&lt;lwres/netdb.h&gt;</code>:
</p>
-<div class="variablelist"><dl>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term"><code class="constant">HOST_NOT_FOUND</code></span></dt>
<dd><p>
The host or address was not found.
@@ -429,8 +385,8 @@ struct hostent {
<span class="type">errno</span> to <span class="errorcode">ERANGE</span>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2544202"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.9"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">gethostent</span>(3)</span>,
<span class="citerefentry"><span class="refentrytitle">lwres_getipnode</span>(3)</span>,
@@ -438,8 +394,8 @@ struct hostent {
<span class="citerefentry"><span class="refentrytitle">lwres_hstrerror</span>(3)</span>
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2544236"></a><h2>BUGS</h2>
+<div class="refsection">
+<a name="id-1.10"></a><h2>BUGS</h2>
<p><code class="function">lwres_gethostbyname()</code>,
<code class="function">lwres_gethostbyname2()</code>,
<code class="function">lwres_gethostbyaddr()</code>
diff --git a/lib/lwres/man/lwres_getipnode.3 b/lib/lwres/man/lwres_getipnode.3
index 4eb58cc2b147..ab8f0b5a6e49 100644
--- a/lib/lwres/man/lwres_getipnode.3
+++ b/lib/lwres/man/lwres_getipnode.3
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,44 +13,64 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id$
-.\"
.hy 0
.ad l
+'\" t
.\" Title: lwres_getipnode
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: June 18, 2007
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 2007-06-18
.\" Manual: BIND9
-.\" Source: BIND9
+.\" Source: ISC
+.\" Language: English
.\"
-.TH "LWRES_GETIPNODE" "3" "June 18, 2007" "BIND9" "BIND9"
+.TH "LWRES_GETIPNODE" "3" "2007\-06\-18" "ISC" "BIND9"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
.SH "NAME"
lwres_getipnodebyname, lwres_getipnodebyaddr, lwres_freehostent \- lightweight resolver nodename / address translation API
.SH "SYNOPSIS"
+.sp
+.ft B
.nf
-#include <lwres/netdb.h>
+#include <lwres/netdb\&.h>
.fi
-.HP 39
+.ft
+.HP \w'struct\ hostent\ *\ lwres_getipnodebyname('u
.BI "struct hostent * lwres_getipnodebyname(const\ char\ *" "name" ", int\ " "af" ", int\ " "flags" ", int\ *" "error_num" ");"
-.HP 39
+.HP \w'struct\ hostent\ *\ lwres_getipnodebyaddr('u
.BI "struct hostent * lwres_getipnodebyaddr(const\ void\ *" "src" ", size_t\ " "len" ", int\ " "af" ", int\ *" "error_num" ");"
-.HP 23
+.HP \w'void\ lwres_freehostent('u
.BI "void lwres_freehostent(struct\ hostent\ *" "he" ");"
.SH "DESCRIPTION"
.PP
-These functions perform thread safe, protocol independent nodename\-to\-address and address\-to\-nodename translation as defined in RFC2553.
+These functions perform thread safe, protocol independent nodename\-to\-address and address\-to\-nodename translation as defined in RFC2553\&.
.PP
They use a
\fBstruct hostent\fR
which is defined in
-\fInamedb.h\fR:
+namedb\&.h:
.PP
+.if n \{\
.RS 4
+.\}
.nf
struct hostent {
char *h_name; /* official name of host */
@@ -61,19 +81,20 @@ struct hostent {
};
#define h_addr h_addr_list[0] /* address, for backward compatibility */
.fi
+.if n \{\
.RE
-.sp
+.\}
.PP
The members of this structure are:
.PP
\fBh_name\fR
.RS 4
-The official (canonical) name of the host.
+The official (canonical) name of the host\&.
.RE
.PP
\fBh_aliases\fR
.RS 4
-A NULL\-terminated array of alternate names (nicknames) for the host.
+A NULL\-terminated array of alternate names (nicknames) for the host\&.
.RE
.PP
\fBh_addrtype\fR
@@ -81,46 +102,46 @@ A NULL\-terminated array of alternate names (nicknames) for the host.
The type of address being returned \- usually
\fBPF_INET\fR
or
-\fBPF_INET6\fR.
+\fBPF_INET6\fR\&.
.RE
.PP
\fBh_length\fR
.RS 4
-The length of the address in bytes.
+The length of the address in bytes\&.
.RE
.PP
\fBh_addr_list\fR
.RS 4
A
\fBNULL\fR
-terminated array of network addresses for the host. Host addresses are returned in network byte order.
+terminated array of network addresses for the host\&. Host addresses are returned in network byte order\&.
.RE
.PP
\fBlwres_getipnodebyname()\fR
looks up addresses of protocol family
\fIaf\fR
for the hostname
-\fIname\fR. The
+\fIname\fR\&. The
\fIflags\fR
-parameter contains ORed flag bits to specify the types of addresses that are searched for, and the types of addresses that are returned. The flag bits are:
+parameter contains ORed flag bits to specify the types of addresses that are searched for, and the types of addresses that are returned\&. The flag bits are:
.PP
\fBAI_V4MAPPED\fR
.RS 4
This is used with an
\fIaf\fR
-of AF_INET6, and causes IPv4 addresses to be returned as IPv4\-mapped IPv6 addresses.
+of AF_INET6, and causes IPv4 addresses to be returned as IPv4\-mapped IPv6 addresses\&.
.RE
.PP
\fBAI_ALL\fR
.RS 4
This is used with an
\fIaf\fR
-of AF_INET6, and causes all known addresses (IPv6 and IPv4) to be returned. If AI_V4MAPPED is also set, the IPv4 addresses are return as mapped IPv6 addresses.
+of AF_INET6, and causes all known addresses (IPv6 and IPv4) to be returned\&. If AI_V4MAPPED is also set, the IPv4 addresses are return as mapped IPv6 addresses\&.
.RE
.PP
\fBAI_ADDRCONFIG\fR
.RS 4
-Only return an IPv6 or IPv4 address if here is an active network interface of that type. This is not currently implemented in the BIND 9 lightweight resolver, and the flag is ignored.
+Only return an IPv6 or IPv4 address if here is an active network interface of that type\&. This is not currently implemented in the BIND 9 lightweight resolver, and the flag is ignored\&.
.RE
.PP
\fBAI_DEFAULT\fR
@@ -129,7 +150,7 @@ This default sets the
\fBAI_V4MAPPED\fR
and
\fBAI_ADDRCONFIG\fR
-flag bits.
+flag bits\&.
.RE
.PP
\fBlwres_getipnodebyaddr()\fR
@@ -137,25 +158,25 @@ performs a reverse lookup of address
\fIsrc\fR
which is
\fIlen\fR
-bytes long.
+bytes long\&.
\fIaf\fR
denotes the protocol family, typically
\fBPF_INET\fR
or
-\fBPF_INET6\fR.
+\fBPF_INET6\fR\&.
.PP
\fBlwres_freehostent()\fR
releases all the memory associated with the
\fBstruct hostent\fR
pointer
-\fIhe\fR. Any memory allocated for the
+\fIhe\fR\&. Any memory allocated for the
\fBh_name\fR,
\fBh_addr_list\fR
and
\fBh_aliases\fR
is freed, as is the memory for the
\fBhostent\fR
-structure itself.
+structure itself\&.
.SH "RETURN VALUES"
.PP
If an error occurs,
@@ -166,31 +187,31 @@ set
\fI*error_num\fR
to an appropriate error code and the function returns a
\fBNULL\fR
-pointer. The error codes and their meanings are defined in
-\fI<lwres/netdb.h>\fR:
+pointer\&. The error codes and their meanings are defined in
+<lwres/netdb\&.h>:
.PP
\fBHOST_NOT_FOUND\fR
.RS 4
-No such host is known.
+No such host is known\&.
.RE
.PP
\fBNO_ADDRESS\fR
.RS 4
-The server recognised the request and the name but no address is available. Another type of request to the name server for the domain might return an answer.
+The server recognised the request and the name but no address is available\&. Another type of request to the name server for the domain might return an answer\&.
.RE
.PP
\fBTRY_AGAIN\fR
.RS 4
-A temporary and possibly transient error occurred, such as a failure of a server to respond. The request may succeed if retried.
+A temporary and possibly transient error occurred, such as a failure of a server to respond\&. The request may succeed if retried\&.
.RE
.PP
\fBNO_RECOVERY\fR
.RS 4
-An unexpected failure occurred, and retrying the request is pointless.
+An unexpected failure occurred, and retrying the request is pointless\&.
.RE
.PP
\fBlwres_hstrerror\fR(3)
-translates these error codes to suitable error messages.
+translates these error codes to suitable error messages\&.
.SH "SEE ALSO"
.PP
\fBRFC2553\fR(),
@@ -198,9 +219,13 @@ translates these error codes to suitable error messages.
\fBlwres_gethostent\fR(3),
\fBlwres_getaddrinfo\fR(3),
\fBlwres_getnameinfo\fR(3),
-\fBlwres_hstrerror\fR(3).
+\fBlwres_hstrerror\fR(3)\&.
+.SH "AUTHOR"
+.PP
+\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001, 2003 Internet Software Consortium.
.br
diff --git a/lib/lwres/man/lwres_getipnode.docbook b/lib/lwres/man/lwres_getipnode.docbook
index 44b628b5582f..14e14aaa3dff 100644
--- a/lib/lwres/man/lwres_getipnode.docbook
+++ b/lib/lwres/man/lwres_getipnode.docbook
@@ -1,8 +1,5 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,10 +15,14 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<refentry>
-
+<!-- Converted by db4-upgrade version 1.0 -->
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0">
+ <info>
+ <date>2007-06-18</date>
+ </info>
<refentryinfo>
- <date>June 18, 2007</date>
+ <corpname>ISC</corpname>
+ <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
</refentryinfo>
<refmeta>
@@ -36,6 +37,7 @@
<year>2005</year>
<year>2007</year>
<year>2014</year>
+ <year>2015</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -82,8 +84,8 @@ void
</funcsynopsis>
</refsynopsisdiv>
- <refsect1>
- <title>DESCRIPTION</title>
+ <refsection><info><title>DESCRIPTION</title></info>
+
<para>
These functions perform thread safe, protocol independent
@@ -236,9 +238,9 @@ struct hostent {
<constant>h_aliases</constant> is freed, as is the memory for
the <type>hostent</type> structure itself.
</para>
- </refsect1>
- <refsect1>
- <title>RETURN VALUES</title>
+ </refsection>
+ <refsection><info><title>RETURN VALUES</title></info>
+
<para>
If an error occurs,
<function>lwres_getipnodebyname()</function>
@@ -296,9 +298,9 @@ struct hostent {
</citerefentry>
translates these error codes to suitable error messages.
</para>
- </refsect1>
- <refsect1>
- <title>SEE ALSO</title>
+ </refsection>
+ <refsection><info><title>SEE ALSO</title></info>
+
<para><citerefentry>
<refentrytitle>RFC2553</refentrytitle>
</citerefentry>,
@@ -323,9 +325,5 @@ struct hostent {
<refentrytitle>lwres_hstrerror</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>.
</para>
- </refsect1>
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->
+ </refsection>
+</refentry>
diff --git a/lib/lwres/man/lwres_getipnode.html b/lib/lwres/man/lwres_getipnode.html
index 6fe0ec64750a..a27b3994cb46 100644
--- a/lib/lwres/man/lwres_getipnode.html
+++ b/lib/lwres/man/lwres_getipnode.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,15 +14,14 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>lwres_getipnode</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476275"></a><div class="titlepage"></div>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
+<a name="id-1"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_getipnodebyname, lwres_getipnodebyaddr, lwres_freehostent &#8212; lightweight resolver nodename / address translation API</p>
@@ -31,74 +30,59 @@
<h2>Synopsis</h2>
<div class="funcsynopsis">
<pre class="funcsynopsisinfo">#include &lt;lwres/netdb.h&gt;</pre>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
struct hostent *
<b class="fsfunc">lwres_getipnodebyname</b>(</code></td>
-<td>const char * </td>
-<td>
-<var class="pdparam">name</var>, </td>
+<td>const char *<var class="pdparam">name</var>, </td>
</tr>
<tr>
<td> </td>
-<td>int  </td>
-<td>
-<var class="pdparam">af</var>, </td>
+<td>int <var class="pdparam">af</var>, </td>
</tr>
<tr>
<td> </td>
-<td>int  </td>
-<td>
-<var class="pdparam">flags</var>, </td>
+<td>int <var class="pdparam">flags</var>, </td>
</tr>
<tr>
<td> </td>
-<td>int * </td>
-<td>
-<var class="pdparam">error_num</var><code>)</code>;</td>
+<td>int *<var class="pdparam">error_num</var><code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
struct hostent *
<b class="fsfunc">lwres_getipnodebyaddr</b>(</code></td>
-<td>const void * </td>
-<td>
-<var class="pdparam">src</var>, </td>
+<td>const void *<var class="pdparam">src</var>, </td>
</tr>
<tr>
<td> </td>
-<td>size_t  </td>
-<td>
-<var class="pdparam">len</var>, </td>
+<td>size_t <var class="pdparam">len</var>, </td>
</tr>
<tr>
<td> </td>
-<td>int  </td>
-<td>
-<var class="pdparam">af</var>, </td>
+<td>int <var class="pdparam">af</var>, </td>
</tr>
<tr>
<td> </td>
-<td>int * </td>
-<td>
-<var class="pdparam">error_num</var><code>)</code>;</td>
+<td>int *<var class="pdparam">error_num</var><code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0"><tr>
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;"><tr>
<td><code class="funcdef">
void
<b class="fsfunc">lwres_freehostent</b>(</code></td>
-<td>struct hostent * </td>
-<td>
-<var class="pdparam">he</var><code>)</code>;</td>
+<td>struct hostent *<var class="pdparam">he</var><code>)</code>;</td>
</tr></table>
+<div class="funcprototype-spacer"> </div>
</div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543441"></a><h2>DESCRIPTION</h2>
+<div class="refsection">
+<a name="id-1.7"></a><h2>DESCRIPTION</h2>
<p>
These functions perform thread safe, protocol independent
nodename-to-address and address-to-nodename
@@ -125,7 +109,7 @@ struct hostent {
<p>
The members of this structure are:
</p>
-<div class="variablelist"><dl>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term"><code class="constant">h_name</code></span></dt>
<dd><p>
The official (canonical) name of the host.
@@ -165,7 +149,7 @@ struct hostent {
types of addresses that are returned. The flag bits are:
</p>
-<div class="variablelist"><dl>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term"><code class="constant">AI_V4MAPPED</code></span></dt>
<dd><p>
This is used with an
@@ -216,8 +200,8 @@ struct hostent {
the <span class="type">hostent</span> structure itself.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543699"></a><h2>RETURN VALUES</h2>
+<div class="refsection">
+<a name="id-1.8"></a><h2>RETURN VALUES</h2>
<p>
If an error occurs,
<code class="function">lwres_getipnodebyname()</code>
@@ -231,7 +215,7 @@ struct hostent {
The error codes and their meanings are defined in
<code class="filename">&lt;lwres/netdb.h&gt;</code>:
</p>
-<div class="variablelist"><dl>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term"><code class="constant">HOST_NOT_FOUND</code></span></dt>
<dd><p>
No such host is known.
@@ -260,8 +244,8 @@ struct hostent {
translates these error codes to suitable error messages.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543796"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.9"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">RFC2553</span></span>,
<span class="citerefentry"><span class="refentrytitle">lwres</span>(3)</span>,
diff --git a/lib/lwres/man/lwres_getnameinfo.3 b/lib/lwres/man/lwres_getnameinfo.3
index 993b172144b7..c0c4ff4cf97d 100644
--- a/lib/lwres/man/lwres_getnameinfo.3
+++ b/lib/lwres/man/lwres_getnameinfo.3
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,57 +13,74 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id$
-.\"
.hy 0
.ad l
+'\" t
.\" Title: lwres_getnameinfo
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: June 18, 2007
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 2007-06-18
.\" Manual: BIND9
-.\" Source: BIND9
+.\" Source: ISC
+.\" Language: English
.\"
-.TH "LWRES_GETNAMEINFO" "3" "June 18, 2007" "BIND9" "BIND9"
+.TH "LWRES_GETNAMEINFO" "3" "2007\-06\-18" "ISC" "BIND9"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
.SH "NAME"
lwres_getnameinfo \- lightweight resolver socket address structure to hostname and service name
.SH "SYNOPSIS"
+.sp
+.ft B
.nf
-#include <lwres/netdb.h>
+#include <lwres/netdb\&.h>
.fi
-.HP 22
+.ft
+.HP \w'int\ lwres_getnameinfo('u
.BI "int lwres_getnameinfo(const\ struct\ sockaddr\ *" "sa" ", size_t\ " "salen" ", char\ *" "host" ", size_t\ " "hostlen" ", char\ *" "serv" ", size_t\ " "servlen" ", int\ " "flags" ");"
.SH "DESCRIPTION"
.PP
This function is equivalent to the
\fBgetnameinfo\fR(3)
-function defined in RFC2133.
+function defined in RFC2133\&.
\fBlwres_getnameinfo()\fR
returns the hostname for the
-\fBstruct sockaddr\fR
-\fIsa\fR
+\fBstruct sockaddr\fR\fIsa\fR
which is
\fIsalen\fR
-bytes long. The hostname is of length
+bytes long\&. The hostname is of length
\fIhostlen\fR
and is returned via
-\fI*host.\fR
+\fI*host\&.\fR
The maximum length of the hostname is 1025 bytes:
-\fBNI_MAXHOST\fR.
+\fBNI_MAXHOST\fR\&.
.PP
The name of the service associated with the port number in
\fIsa\fR
is returned in
-\fI*serv.\fR
+\fI*serv\&.\fR
It is
\fIservlen\fR
-bytes long. The maximum length of the service name is
+bytes long\&. The maximum length of the service name is
\fBNI_MAXSERV\fR
-\- 32 bytes.
+\- 32 bytes\&.
.PP
The
\fIflags\fR
@@ -71,47 +88,51 @@ argument sets the following bits:
.PP
\fBNI_NOFQDN\fR
.RS 4
-A fully qualified domain name is not required for local hosts. The local part of the fully qualified domain name is returned instead.
+A fully qualified domain name is not required for local hosts\&. The local part of the fully qualified domain name is returned instead\&.
.RE
.PP
\fBNI_NUMERICHOST\fR
.RS 4
-Return the address in numeric form, as if calling inet_ntop(), instead of a host name.
+Return the address in numeric form, as if calling inet_ntop(), instead of a host name\&.
.RE
.PP
\fBNI_NAMEREQD\fR
.RS 4
-A name is required. If the hostname cannot be found in the DNS and this flag is set, a non\-zero error code is returned. If the hostname is not found and the flag is not set, the address is returned in numeric form.
+A name is required\&. If the hostname cannot be found in the DNS and this flag is set, a non\-zero error code is returned\&. If the hostname is not found and the flag is not set, the address is returned in numeric form\&.
.RE
.PP
\fBNI_NUMERICSERV\fR
.RS 4
-The service name is returned as a digit string representing the port number.
+The service name is returned as a digit string representing the port number\&.
.RE
.PP
\fBNI_DGRAM\fR
.RS 4
-Specifies that the service being looked up is a datagram service, and causes getservbyport() to be called with a second argument of "udp" instead of its default of "tcp". This is required for the few ports (512\-514) that have different services for UDP and TCP.
+Specifies that the service being looked up is a datagram service, and causes getservbyport() to be called with a second argument of "udp" instead of its default of "tcp"\&. This is required for the few ports (512\-514) that have different services for UDP and TCP\&.
.RE
.SH "RETURN VALUES"
.PP
\fBlwres_getnameinfo()\fR
-returns 0 on success or a non\-zero error code if an error occurs.
+returns 0 on success or a non\-zero error code if an error occurs\&.
.SH "SEE ALSO"
.PP
\fBRFC2133\fR(),
\fBgetservbyport\fR(3),
\fBlwres\fR(3),
\fBlwres_getnameinfo\fR(3),
-\fBlwres_getnamebyaddr\fR(3).
-\fBlwres_net_ntop\fR(3).
+\fBlwres_getnamebyaddr\fR(3)\&.
+\fBlwres_net_ntop\fR(3)\&.
.SH "BUGS"
.PP
RFC2133 fails to define what the nonzero return values of
\fBgetnameinfo\fR(3)
-are.
+are\&.
+.SH "AUTHOR"
+.PP
+\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001 Internet Software Consortium.
.br
diff --git a/lib/lwres/man/lwres_getnameinfo.docbook b/lib/lwres/man/lwres_getnameinfo.docbook
index 34a72cb884ae..371b6f882d0b 100644
--- a/lib/lwres/man/lwres_getnameinfo.docbook
+++ b/lib/lwres/man/lwres_getnameinfo.docbook
@@ -1,8 +1,5 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,10 +15,14 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<refentry>
-
+<!-- Converted by db4-upgrade version 1.0 -->
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0">
+ <info>
+ <date>2007-06-18</date>
+ </info>
<refentryinfo>
- <date>June 18, 2007</date>
+ <corpname>ISC</corpname>
+ <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
</refentryinfo>
<refmeta>
@@ -36,6 +37,7 @@
<year>2005</year>
<year>2007</year>
<year>2014</year>
+ <year>2015</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -69,8 +71,8 @@ int
</funcsynopsis>
</refsynopsisdiv>
- <refsect1>
- <title>DESCRIPTION</title>
+ <refsection><info><title>DESCRIPTION</title></info>
+
<para>
This function is equivalent to the
@@ -158,16 +160,16 @@ int
</varlistentry>
</variablelist>
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>RETURN VALUES</title></info>
- <refsect1>
- <title>RETURN VALUES</title>
<para><function>lwres_getnameinfo()</function>
returns 0 on success or a non-zero error code if an error occurs.
</para>
- </refsect1>
- <refsect1>
- <title>SEE ALSO</title>
+ </refsection>
+ <refsection><info><title>SEE ALSO</title></info>
+
<para><citerefentry>
<refentrytitle>RFC2133</refentrytitle>
</citerefentry>,
@@ -187,9 +189,9 @@ int
<refentrytitle>lwres_net_ntop</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>.
</para>
- </refsect1>
- <refsect1>
- <title>BUGS</title>
+ </refsection>
+ <refsection><info><title>BUGS</title></info>
+
<para>
RFC2133 fails to define what the nonzero return values of
<citerefentry>
@@ -197,9 +199,5 @@ int
</citerefentry>
are.
</para>
- </refsect1>
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->
+ </refsection>
+</refentry>
diff --git a/lib/lwres/man/lwres_getnameinfo.html b/lib/lwres/man/lwres_getnameinfo.html
index 6153e3b372c1..3b3d10f3adc9 100644
--- a/lib/lwres/man/lwres_getnameinfo.html
+++ b/lib/lwres/man/lwres_getnameinfo.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,15 +14,14 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>lwres_getnameinfo</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476275"></a><div class="titlepage"></div>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
+<a name="id-1"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_getnameinfo &#8212; lightweight resolver socket address structure to hostname and
@@ -33,56 +32,43 @@
<h2>Synopsis</h2>
<div class="funcsynopsis">
<pre class="funcsynopsisinfo">#include &lt;lwres/netdb.h&gt;</pre>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0">
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
int
<b class="fsfunc">lwres_getnameinfo</b>(</code></td>
-<td>const struct sockaddr * </td>
-<td>
-<var class="pdparam">sa</var>, </td>
+<td>const struct sockaddr *<var class="pdparam">sa</var>, </td>
</tr>
<tr>
<td> </td>
-<td>size_t  </td>
-<td>
-<var class="pdparam">salen</var>, </td>
+<td>size_t <var class="pdparam">salen</var>, </td>
</tr>
<tr>
<td> </td>
-<td>char * </td>
-<td>
-<var class="pdparam">host</var>, </td>
+<td>char *<var class="pdparam">host</var>, </td>
</tr>
<tr>
<td> </td>
-<td>size_t  </td>
-<td>
-<var class="pdparam">hostlen</var>, </td>
+<td>size_t <var class="pdparam">hostlen</var>, </td>
</tr>
<tr>
<td> </td>
-<td>char * </td>
-<td>
-<var class="pdparam">serv</var>, </td>
+<td>char *<var class="pdparam">serv</var>, </td>
</tr>
<tr>
<td> </td>
-<td>size_t  </td>
-<td>
-<var class="pdparam">servlen</var>, </td>
+<td>size_t <var class="pdparam">servlen</var>, </td>
</tr>
<tr>
<td> </td>
-<td>int  </td>
-<td>
-<var class="pdparam">flags</var><code>)</code>;</td>
+<td>int <var class="pdparam">flags</var><code>)</code>;</td>
</tr>
</table>
+<div class="funcprototype-spacer"> </div>
</div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543402"></a><h2>DESCRIPTION</h2>
+<div class="refsection">
+<a name="id-1.7"></a><h2>DESCRIPTION</h2>
<p>
This function is equivalent to the
<span class="citerefentry"><span class="refentrytitle">getnameinfo</span>(3)</span> function defined in RFC2133.
@@ -109,7 +95,7 @@ int
following
bits:
</p>
-<div class="variablelist"><dl>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term"><code class="constant">NI_NOFQDN</code></span></dt>
<dd><p>
A fully qualified domain name is not required for local hosts.
@@ -148,14 +134,14 @@ int
<p>
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543544"></a><h2>RETURN VALUES</h2>
+<div class="refsection">
+<a name="id-1.8"></a><h2>RETURN VALUES</h2>
<p><code class="function">lwres_getnameinfo()</code>
returns 0 on success or a non-zero error code if an error occurs.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543556"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.9"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">RFC2133</span></span>,
<span class="citerefentry"><span class="refentrytitle">getservbyport</span>(3)</span>,
<span class="citerefentry"><span class="refentrytitle">lwres</span>(3)</span>,
@@ -164,8 +150,8 @@ int
<span class="citerefentry"><span class="refentrytitle">lwres_net_ntop</span>(3)</span>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543613"></a><h2>BUGS</h2>
+<div class="refsection">
+<a name="id-1.10"></a><h2>BUGS</h2>
<p>
RFC2133 fails to define what the nonzero return values of
<span class="citerefentry"><span class="refentrytitle">getnameinfo</span>(3)</span>
diff --git a/lib/lwres/man/lwres_getrrsetbyname.3 b/lib/lwres/man/lwres_getrrsetbyname.3
index 6397a6e0fe74..ac724c02495d 100644
--- a/lib/lwres/man/lwres_getrrsetbyname.3
+++ b/lib/lwres/man/lwres_getrrsetbyname.3
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,49 +13,63 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id$
-.\"
.hy 0
.ad l
+'\" t
.\" Title: lwres_getrrsetbyname
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: June 18, 2007
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 2007-06-18
.\" Manual: BIND9
-.\" Source: BIND9
+.\" Source: ISC
+.\" Language: English
.\"
-.TH "LWRES_GETRRSETBYNAME" "3" "June 18, 2007" "BIND9" "BIND9"
+.TH "LWRES_GETRRSETBYNAME" "3" "2007\-06\-18" "ISC" "BIND9"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
.SH "NAME"
lwres_getrrsetbyname, lwres_freerrset \- retrieve DNS records
.SH "SYNOPSIS"
+.sp
+.ft B
.nf
-#include <lwres/netdb.h>
+#include <lwres/netdb\&.h>
.fi
-.HP 25
+.ft
+.HP \w'int\ lwres_getrrsetbyname('u
.BI "int lwres_getrrsetbyname(const\ char\ *" "hostname" ", unsigned\ int\ " "rdclass" ", unsigned\ int\ " "rdtype" ", unsigned\ int\ " "flags" ", struct\ rrsetinfo\ **" "res" ");"
-.HP 21
+.HP \w'void\ lwres_freerrset('u
.BI "void lwres_freerrset(struct\ rrsetinfo\ *" "rrset" ");"
.PP
The following structures are used:
.PP
-.RS 4
.nf
struct rdatainfo {
unsigned int rdi_length; /* length of data */
unsigned char *rdi_data; /* record data */
};
.fi
-.RE
-.sp
.PP
-.RS 4
.nf
struct rrsetinfo {
- unsigned int rri_flags; /* RRSET_VALIDATED... */
+ unsigned int rri_flags; /* RRSET_VALIDATED\&.\&.\&. */
unsigned int rri_rdclass; /* class number */
unsigned int rri_rdtype; /* RR type number */
unsigned int rri_ttl; /* time to live */
@@ -66,7 +80,6 @@ struct rrsetinfo {
struct rdatainfo *rri_sigs; /* individual signatures */
};
.fi
-.RE
.sp
.SH "DESCRIPTION"
.PP
@@ -74,11 +87,11 @@ struct rrsetinfo {
gets a set of resource records associated with a
\fIhostname\fR,
\fIclass\fR, and
-\fItype\fR.
+\fItype\fR\&.
\fIhostname\fR
-is a pointer a to null\-terminated string. The
+is a pointer a to null\-terminated string\&. The
\fIflags\fR
-field is currently unused and must be zero.
+field is currently unused and must be zero\&.
.PP
After a successful call to
\fBlwres_getrrsetbyname()\fR,
@@ -89,21 +102,21 @@ structure, containing a list of one or more
\fBrdatainfo\fR
structures containing resource records and potentially another list of
\fBrdatainfo\fR
-structures containing SIG resource records associated with those records. The members
+structures containing SIG resource records associated with those records\&. The members
\fBrri_rdclass\fR
and
\fBrri_rdtype\fR
-are copied from the parameters.
+are copied from the parameters\&.
\fBrri_ttl\fR
and
\fBrri_name\fR
-are properties of the obtained rrset. The resource records contained in
+are properties of the obtained rrset\&. The resource records contained in
\fBrri_rdatas\fR
and
\fBrri_sigs\fR
-are in uncompressed DNS wire format. Properties of the rdataset are represented in the
+are in uncompressed DNS wire format\&. Properties of the rdataset are represented in the
\fBrri_flags\fR
-bitfield. If the RRSET_VALIDATED bit is set, the data has been DNSSEC validated and the signatures verified.
+bitfield\&. If the RRSET_VALIDATED bit is set, the data has been DNSSEC validated and the signatures verified\&.
.PP
All of the information returned by
\fBlwres_getrrsetbyname()\fR
@@ -112,15 +125,15 @@ is dynamically allocated: the
and
\fBrdatainfo\fR
structures, and the canonical host name strings pointed to by the
-\fBrrsetinfo\fRstructure. Memory allocated for the dynamically allocated structures created by a successful call to
+\fBrrsetinfo\fRstructure\&. Memory allocated for the dynamically allocated structures created by a successful call to
\fBlwres_getrrsetbyname()\fR
is released by
-\fBlwres_freerrset()\fR.
+\fBlwres_freerrset()\fR\&.
\fIrrset\fR
is a pointer to a
\fBstruct rrset\fR
created by a call to
-\fBlwres_getrrsetbyname()\fR.
+\fBlwres_getrrsetbyname()\fR\&.
.PP
.SH "RETURN VALUES"
.PP
@@ -156,9 +169,13 @@ other failure
.RE
.SH "SEE ALSO"
.PP
-\fBlwres\fR(3).
+\fBlwres\fR(3)\&.
+.SH "AUTHOR"
+.PP
+\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001 Internet Software Consortium.
.br
diff --git a/lib/lwres/man/lwres_getrrsetbyname.docbook b/lib/lwres/man/lwres_getrrsetbyname.docbook
index aceb5a1f9f34..c8de98e91103 100644
--- a/lib/lwres/man/lwres_getrrsetbyname.docbook
+++ b/lib/lwres/man/lwres_getrrsetbyname.docbook
@@ -1,8 +1,5 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,10 +15,14 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<refentry>
-
+<!-- Converted by db4-upgrade version 1.0 -->
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0">
+ <info>
+ <date>2007-06-18</date>
+ </info>
<refentryinfo>
- <date>June 18, 2007</date>
+ <corpname>ISC</corpname>
+ <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
</refentryinfo>
<refmeta>
@@ -36,6 +37,7 @@
<year>2005</year>
<year>2007</year>
<year>2014</year>
+ <year>2015</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -97,8 +99,8 @@ struct rrsetinfo {
</para>
</refsynopsisdiv>
- <refsect1>
- <title>DESCRIPTION</title>
+ <refsection><info><title>DESCRIPTION</title></info>
+
<para><function>lwres_getrrsetbyname()</function>
gets a set of resource records associated with a
<parameter>hostname</parameter>, <parameter>class</parameter>,
@@ -143,10 +145,10 @@ struct rrsetinfo {
rrset</type> created by a call to
<function>lwres_getrrsetbyname()</function>.
</para>
- <para></para>
- </refsect1>
- <refsect1>
- <title>RETURN VALUES</title>
+ <para/>
+ </refsection>
+ <refsection><info><title>RETURN VALUES</title></info>
+
<para><function>lwres_getrrsetbyname()</function>
returns zero on success, and one of the following error codes if
an error occurred:
@@ -200,24 +202,20 @@ struct rrsetinfo {
<varlistentry>
<term><constant/></term>
<listitem>
- <para></para>
+ <para/>
</listitem>
</varlistentry>
</variablelist>
</para>
- </refsect1>
- <refsect1>
- <title>SEE ALSO</title>
+ </refsection>
+ <refsection><info><title>SEE ALSO</title></info>
+
<para><citerefentry>
<refentrytitle>lwres</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>.
</para>
- </refsect1>
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->
+ </refsection>
+</refentry>
diff --git a/lib/lwres/man/lwres_getrrsetbyname.html b/lib/lwres/man/lwres_getrrsetbyname.html
index ad56c485b10d..33c718547a3b 100644
--- a/lib/lwres/man/lwres_getrrsetbyname.html
+++ b/lib/lwres/man/lwres_getrrsetbyname.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,15 +14,14 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>lwres_getrrsetbyname</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476275"></a><div class="titlepage"></div>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
+<a name="id-1"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_getrrsetbyname, lwres_freerrset &#8212; retrieve DNS records</p>
@@ -31,48 +30,38 @@
<h2>Synopsis</h2>
<div class="funcsynopsis">
<pre class="funcsynopsisinfo">#include &lt;lwres/netdb.h&gt;</pre>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
int
<b class="fsfunc">lwres_getrrsetbyname</b>(</code></td>
-<td>const char * </td>
-<td>
-<var class="pdparam">hostname</var>, </td>
+<td>const char *<var class="pdparam">hostname</var>, </td>
</tr>
<tr>
<td> </td>
-<td>unsigned int  </td>
-<td>
-<var class="pdparam">rdclass</var>, </td>
+<td>unsigned int <var class="pdparam">rdclass</var>, </td>
</tr>
<tr>
<td> </td>
-<td>unsigned int  </td>
-<td>
-<var class="pdparam">rdtype</var>, </td>
+<td>unsigned int <var class="pdparam">rdtype</var>, </td>
</tr>
<tr>
<td> </td>
-<td>unsigned int  </td>
-<td>
-<var class="pdparam">flags</var>, </td>
+<td>unsigned int <var class="pdparam">flags</var>, </td>
</tr>
<tr>
<td> </td>
-<td>struct rrsetinfo ** </td>
-<td>
-<var class="pdparam">res</var><code>)</code>;</td>
+<td>struct rrsetinfo **<var class="pdparam">res</var><code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0"><tr>
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;"><tr>
<td><code class="funcdef">
void
<b class="fsfunc">lwres_freerrset</b>(</code></td>
-<td>struct rrsetinfo * </td>
-<td>
-<var class="pdparam">rrset</var><code>)</code>;</td>
+<td>struct rrsetinfo *<var class="pdparam">rrset</var><code>)</code>;</td>
</tr></table>
+<div class="funcprototype-spacer"> </div>
</div>
<p>
The following structures are used:
@@ -101,8 +90,8 @@ struct rrsetinfo {
<p>
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543424"></a><h2>DESCRIPTION</h2>
+<div class="refsection">
+<a name="id-1.7"></a><h2>DESCRIPTION</h2>
<p><code class="function">lwres_getrrsetbyname()</code>
gets a set of resource records associated with a
<em class="parameter"><code>hostname</code></em>, <em class="parameter"><code>class</code></em>,
@@ -149,13 +138,13 @@ struct rrsetinfo {
</p>
<p></p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543536"></a><h2>RETURN VALUES</h2>
+<div class="refsection">
+<a name="id-1.8"></a><h2>RETURN VALUES</h2>
<p><code class="function">lwres_getrrsetbyname()</code>
returns zero on success, and one of the following error codes if
an error occurred:
</p>
-<div class="variablelist"><dl>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term"><code class="constant">ERRSET_NONAME</code></span></dt>
<dd><p>
the name does not exist
@@ -183,8 +172,8 @@ struct rrsetinfo {
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543636"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.9"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">lwres</span>(3)</span>.
</p>
</div>
diff --git a/lib/lwres/man/lwres_gnba.3 b/lib/lwres/man/lwres_gnba.3
index 5c64f0714291..4f652685555b 100644
--- a/lib/lwres/man/lwres_gnba.3
+++ b/lib/lwres/man/lwres_gnba.3
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,71 +13,97 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id$
-.\"
.hy 0
.ad l
+'\" t
.\" Title: lwres_gnba
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: June 18, 2007
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 2007-06-18
.\" Manual: BIND9
-.\" Source: BIND9
+.\" Source: ISC
+.\" Language: English
.\"
-.TH "LWRES_GNBA" "3" "June 18, 2007" "BIND9" "BIND9"
+.TH "LWRES_GNBA" "3" "2007\-06\-18" "ISC" "BIND9"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
.SH "NAME"
lwres_gnbarequest_render, lwres_gnbaresponse_render, lwres_gnbarequest_parse, lwres_gnbaresponse_parse, lwres_gnbaresponse_free, lwres_gnbarequest_free \- lightweight resolver getnamebyaddress message handling
.SH "SYNOPSIS"
+.sp
+.ft B
.nf
-#include <lwres/lwres.h>
+#include <lwres/lwres\&.h>
.fi
-.HP 40
+.ft
+.HP \w'lwres_result_t\ lwres_gnbarequest_render('u
.BI "lwres_result_t lwres_gnbarequest_render(lwres_context_t\ *" "ctx" ", lwres_gnbarequest_t\ *" "req" ", lwres_lwpacket_t\ *" "pkt" ", lwres_buffer_t\ *" "b" ");"
-.HP 41
+.HP \w'lwres_result_t\ lwres_gnbaresponse_render('u
.BI "lwres_result_t lwres_gnbaresponse_render(lwres_context_t\ *" "ctx" ", lwres_gnbaresponse_t\ *" "req" ", lwres_lwpacket_t\ *" "pkt" ", lwres_buffer_t\ *" "b" ");"
-.HP 39
+.HP \w'lwres_result_t\ lwres_gnbarequest_parse('u
.BI "lwres_result_t lwres_gnbarequest_parse(lwres_context_t\ *" "ctx" ", lwres_buffer_t\ *" "b" ", lwres_lwpacket_t\ *" "pkt" ", lwres_gnbarequest_t\ **" "structp" ");"
-.HP 40
+.HP \w'lwres_result_t\ lwres_gnbaresponse_parse('u
.BI "lwres_result_t lwres_gnbaresponse_parse(lwres_context_t\ *" "ctx" ", lwres_buffer_t\ *" "b" ", lwres_lwpacket_t\ *" "pkt" ", lwres_gnbaresponse_t\ **" "structp" ");"
-.HP 29
+.HP \w'void\ lwres_gnbaresponse_free('u
.BI "void lwres_gnbaresponse_free(lwres_context_t\ *" "ctx" ", lwres_gnbaresponse_t\ **" "structp" ");"
-.HP 28
+.HP \w'void\ lwres_gnbarequest_free('u
.BI "void lwres_gnbarequest_free(lwres_context_t\ *" "ctx" ", lwres_gnbarequest_t\ **" "structp" ");"
.SH "DESCRIPTION"
.PP
-These are low\-level routines for creating and parsing lightweight resolver address\-to\-name lookup request and response messages.
+These are low\-level routines for creating and parsing lightweight resolver address\-to\-name lookup request and response messages\&.
.PP
-There are four main functions for the getnamebyaddr opcode. One render function converts a getnamebyaddr request structure \(em
+There are four main functions for the getnamebyaddr opcode\&. One render function converts a getnamebyaddr request structure \(em
\fBlwres_gnbarequest_t\fR
-\(em to the lightweight resolver's canonical format. It is complemented by a parse function that converts a packet in this canonical format to a getnamebyaddr request structure. Another render function converts the getnamebyaddr response structure \(em
+\(em to the lightweight resolver\*(Aqs canonical format\&. It is complemented by a parse function that converts a packet in this canonical format to a getnamebyaddr request structure\&. Another render function converts the getnamebyaddr response structure \(em
\fBlwres_gnbaresponse_t\fR
-to the canonical format. This is complemented by a parse function which converts a packet in canonical format to a getnamebyaddr response structure.
+to the canonical format\&. This is complemented by a parse function which converts a packet in canonical format to a getnamebyaddr response structure\&.
.PP
These structures are defined in
-\fIlwres/lwres.h\fR. They are shown below.
+lwres/lwres\&.h\&. They are shown below\&.
.PP
+.if n \{\
.RS 4
+.\}
.nf
#define LWRES_OPCODE_GETNAMEBYADDR 0x00010002U
.fi
+.if n \{\
.RE
-.sp
+.\}
.PP
+.if n \{\
.RS 4
+.\}
.nf
typedef struct {
lwres_uint32_t flags;
lwres_addr_t addr;
} lwres_gnbarequest_t;
.fi
+.if n \{\
.RE
-.sp
+.\}
.PP
+.if n \{\
.RS 4
+.\}
.nf
typedef struct {
lwres_uint32_t flags;
@@ -90,24 +116,25 @@ typedef struct {
size_t baselen;
} lwres_gnbaresponse_t;
.fi
+.if n \{\
.RE
-.sp
+.\}
.PP
\fBlwres_gnbarequest_render()\fR
uses resolver context
\fIctx\fR
to convert getnamebyaddr request structure
\fIreq\fR
-to canonical format. The packet header structure
+to canonical format\&. The packet header structure
\fIpkt\fR
is initialised and transferred to buffer
-\fIb\fR. The contents of
+\fIb\fR\&. The contents of
\fI*req\fR
-are then appended to the buffer in canonical format.
+are then appended to the buffer in canonical format\&.
\fBlwres_gnbaresponse_render()\fR
performs the same task, except it converts a getnamebyaddr response structure
\fBlwres_gnbaresponse_t\fR
-to the lightweight resolver's canonical format.
+to the lightweight resolver\*(Aqs canonical format\&.
.PP
\fBlwres_gnbarequest_parse()\fR
uses context
@@ -116,18 +143,18 @@ to convert the contents of packet
\fIpkt\fR
to a
\fBlwres_gnbarequest_t\fR
-structure. Buffer
+structure\&. Buffer
\fIb\fR
-provides space to be used for storing this structure. When the function succeeds, the resulting
+provides space to be used for storing this structure\&. When the function succeeds, the resulting
\fBlwres_gnbarequest_t\fR
is made available through
-\fI*structp\fR.
+\fI*structp\fR\&.
\fBlwres_gnbaresponse_parse()\fR
offers the same semantics as
\fBlwres_gnbarequest_parse()\fR
except it yields a
\fBlwres_gnbaresponse_t\fR
-structure.
+structure\&.
.PP
\fBlwres_gnbaresponse_free()\fR
and
@@ -139,20 +166,19 @@ that was allocated to the
or
\fBlwres_gnbarequest_t\fR
structures referenced via
-\fIstructp\fR. Any memory associated with ancillary buffers and strings for those structures is also discarded.
+\fIstructp\fR\&. Any memory associated with ancillary buffers and strings for those structures is also discarded\&.
.SH "RETURN VALUES"
.PP
The getnamebyaddr opcode functions
\fBlwres_gnbarequest_render()\fR,
-\fBlwres_gnbaresponse_render()\fR
-\fBlwres_gnbarequest_parse()\fR
+\fBlwres_gnbaresponse_render()\fR\fBlwres_gnbarequest_parse()\fR
and
\fBlwres_gnbaresponse_parse()\fR
all return
\fBLWRES_R_SUCCESS\fR
-on success. They return
+on success\&. They return
\fBLWRES_R_NOMEMORY\fR
-if memory allocation fails.
+if memory allocation fails\&.
\fBLWRES_R_UNEXPECTEDEND\fR
is returned if the available space in the buffer
\fIb\fR
@@ -160,24 +186,28 @@ is too small to accommodate the packet header or the
\fBlwres_gnbarequest_t\fR
and
\fBlwres_gnbaresponse_t\fR
-structures.
+structures\&.
\fBlwres_gnbarequest_parse()\fR
and
\fBlwres_gnbaresponse_parse()\fR
will return
\fBLWRES_R_UNEXPECTEDEND\fR
-if the buffer is not empty after decoding the received packet. These functions will return
+if the buffer is not empty after decoding the received packet\&. These functions will return
\fBLWRES_R_FAILURE\fR
if
-pktflags
+\fIpktflags\fR
in the packet header structure
\fBlwres_lwpacket_t\fR
-indicate that the packet is not a response to an earlier query.
+indicate that the packet is not a response to an earlier query\&.
.SH "SEE ALSO"
.PP
-\fBlwres_packet\fR(3).
+\fBlwres_packet\fR(3)\&.
+.SH "AUTHOR"
+.PP
+\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001 Internet Software Consortium.
.br
diff --git a/lib/lwres/man/lwres_gnba.docbook b/lib/lwres/man/lwres_gnba.docbook
index ebb7487b031e..da6d3a8e546c 100644
--- a/lib/lwres/man/lwres_gnba.docbook
+++ b/lib/lwres/man/lwres_gnba.docbook
@@ -1,8 +1,7 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
+<!DOCTYPE book [
+<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,10 +17,14 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<refentry>
-
+<!-- Converted by db4-upgrade version 1.0 -->
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0">
+ <info>
+ <date>2007-06-18</date>
+ </info>
<refentryinfo>
- <date>June 18, 2007</date>
+ <corpname>ISC</corpname>
+ <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
</refentryinfo>
<refmeta>
@@ -36,6 +39,7 @@
<year>2005</year>
<year>2007</year>
<year>2014</year>
+ <year>2015</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -121,8 +125,8 @@ void
</refsynopsisdiv>
- <refsect1>
- <title>DESCRIPTION</title>
+ <refsection><info><title>DESCRIPTION</title></info>
+
<para>
These are low-level routines for creating and parsing
lightweight resolver address-to-name lookup request and
@@ -207,10 +211,10 @@ typedef struct {
ancillary buffers and strings for those structures is also
discarded.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>RETURN VALUES</title></info>
- <refsect1>
- <title>RETURN VALUES</title>
<para>
The getnamebyaddr opcode functions
<function>lwres_gnbarequest_render()</function>,
@@ -241,21 +245,17 @@ typedef struct {
These functions will return
<errorcode>LWRES_R_FAILURE</errorcode>
if
- <structfield>pktflags</structfield>
+ <varname remap="structfield">pktflags</varname>
in the packet header structure
<type>lwres_lwpacket_t</type>
indicate that the packet is not a response to an earlier query.
</para>
- </refsect1>
- <refsect1>
- <title>SEE ALSO</title>
+ </refsection>
+ <refsection><info><title>SEE ALSO</title></info>
+
<para><citerefentry>
<refentrytitle>lwres_packet</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>.
</para>
- </refsect1>
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->
+ </refsection>
+</refentry>
diff --git a/lib/lwres/man/lwres_gnba.html b/lib/lwres/man/lwres_gnba.html
index f05c05b36d85..4b8e7d910f60 100644
--- a/lib/lwres/man/lwres_gnba.html
+++ b/lib/lwres/man/lwres_gnba.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,15 +14,14 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>lwres_gnba</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476275"></a><div class="titlepage"></div>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
+<a name="id-1"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_gnbarequest_render, lwres_gnbaresponse_render, lwres_gnbarequest_parse, lwres_gnbaresponse_parse, lwres_gnbaresponse_free, lwres_gnbarequest_free &#8212; lightweight resolver getnamebyaddress message handling</p>
@@ -33,157 +32,123 @@
<pre class="funcsynopsisinfo">
#include &lt;lwres/lwres.h&gt;
</pre>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
lwres_result_t
<b class="fsfunc">lwres_gnbarequest_render</b>
(</code></td>
-<td>lwres_context_t * </td>
-<td>
-<var class="pdparam">ctx</var>, </td>
+<td>lwres_context_t *<var class="pdparam">ctx</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_gnbarequest_t * </td>
-<td>
-<var class="pdparam">req</var>, </td>
+<td>lwres_gnbarequest_t *<var class="pdparam">req</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_lwpacket_t * </td>
-<td>
-<var class="pdparam">pkt</var>, </td>
+<td>lwres_lwpacket_t *<var class="pdparam">pkt</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_buffer_t * </td>
-<td>
-<var class="pdparam">b</var><code>)</code>;</td>
+<td>lwres_buffer_t *<var class="pdparam">b</var><code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
lwres_result_t
<b class="fsfunc">lwres_gnbaresponse_render</b>
(</code></td>
-<td>lwres_context_t * </td>
-<td>
-<var class="pdparam">ctx</var>, </td>
+<td>lwres_context_t *<var class="pdparam">ctx</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_gnbaresponse_t * </td>
-<td>
-<var class="pdparam">req</var>, </td>
+<td>lwres_gnbaresponse_t *<var class="pdparam">req</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_lwpacket_t * </td>
-<td>
-<var class="pdparam">pkt</var>, </td>
+<td>lwres_lwpacket_t *<var class="pdparam">pkt</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_buffer_t * </td>
-<td>
-<var class="pdparam">b</var><code>)</code>;</td>
+<td>lwres_buffer_t *<var class="pdparam">b</var><code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
lwres_result_t
<b class="fsfunc">lwres_gnbarequest_parse</b>(</code></td>
-<td>lwres_context_t * </td>
-<td>
-<var class="pdparam">ctx</var>, </td>
+<td>lwres_context_t *<var class="pdparam">ctx</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_buffer_t * </td>
-<td>
-<var class="pdparam">b</var>, </td>
+<td>lwres_buffer_t *<var class="pdparam">b</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_lwpacket_t * </td>
-<td>
-<var class="pdparam">pkt</var>, </td>
+<td>lwres_lwpacket_t *<var class="pdparam">pkt</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_gnbarequest_t ** </td>
-<td>
-<var class="pdparam">structp</var><code>)</code>;</td>
+<td>lwres_gnbarequest_t **<var class="pdparam">structp</var><code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
lwres_result_t
<b class="fsfunc">lwres_gnbaresponse_parse</b>(</code></td>
-<td>lwres_context_t * </td>
-<td>
-<var class="pdparam">ctx</var>, </td>
+<td>lwres_context_t *<var class="pdparam">ctx</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_buffer_t * </td>
-<td>
-<var class="pdparam">b</var>, </td>
+<td>lwres_buffer_t *<var class="pdparam">b</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_lwpacket_t * </td>
-<td>
-<var class="pdparam">pkt</var>, </td>
+<td>lwres_lwpacket_t *<var class="pdparam">pkt</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_gnbaresponse_t ** </td>
-<td>
-<var class="pdparam">structp</var><code>)</code>;</td>
+<td>lwres_gnbaresponse_t **<var class="pdparam">structp</var><code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
void
<b class="fsfunc">lwres_gnbaresponse_free</b>
(</code></td>
-<td>lwres_context_t * </td>
-<td>
-<var class="pdparam">ctx</var>, </td>
+<td>lwres_context_t *<var class="pdparam">ctx</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_gnbaresponse_t ** </td>
-<td>
-<var class="pdparam">structp</var><code>)</code>;</td>
+<td>lwres_gnbaresponse_t **<var class="pdparam">structp</var><code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0">
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
void
<b class="fsfunc">lwres_gnbarequest_free</b>(</code></td>
-<td>lwres_context_t * </td>
-<td>
-<var class="pdparam">ctx</var>, </td>
+<td>lwres_context_t *<var class="pdparam">ctx</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_gnbarequest_t ** </td>
-<td>
-<var class="pdparam">structp</var><code>)</code>;</td>
+<td>lwres_gnbarequest_t **<var class="pdparam">structp</var><code>)</code>;</td>
</tr>
</table>
+<div class="funcprototype-spacer"> </div>
</div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543534"></a><h2>DESCRIPTION</h2>
+<div class="refsection">
+<a name="id-1.7"></a><h2>DESCRIPTION</h2>
<p>
These are low-level routines for creating and parsing
lightweight resolver address-to-name lookup request and
@@ -269,8 +234,8 @@ typedef struct {
discarded.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543674"></a><h2>RETURN VALUES</h2>
+<div class="refsection">
+<a name="id-1.8"></a><h2>RETURN VALUES</h2>
<p>
The getnamebyaddr opcode functions
<code class="function">lwres_gnbarequest_render()</code>,
@@ -301,14 +266,14 @@ typedef struct {
These functions will return
<span class="errorcode">LWRES_R_FAILURE</span>
if
- <em class="structfield"><code>pktflags</code></em>
+ <code class="varname">pktflags</code>
in the packet header structure
<span class="type">lwres_lwpacket_t</span>
indicate that the packet is not a response to an earlier query.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543740"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.9"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">lwres_packet</span>(3)</span>.
</p>
</div>
diff --git a/lib/lwres/man/lwres_hstrerror.3 b/lib/lwres/man/lwres_hstrerror.3
index a8fa9788b4c4..ec71b3e0c5ec 100644
--- a/lib/lwres/man/lwres_hstrerror.3
+++ b/lib/lwres/man/lwres_hstrerror.3
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,31 +13,49 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id$
-.\"
.hy 0
.ad l
+'\" t
.\" Title: lwres_hstrerror
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: June 18, 2007
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 2007-06-18
.\" Manual: BIND9
-.\" Source: BIND9
+.\" Source: ISC
+.\" Language: English
.\"
-.TH "LWRES_HSTRERROR" "3" "June 18, 2007" "BIND9" "BIND9"
+.TH "LWRES_HSTRERROR" "3" "2007\-06\-18" "ISC" "BIND9"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
.SH "NAME"
lwres_herror, lwres_hstrerror \- lightweight resolver error message generation
.SH "SYNOPSIS"
+.sp
+.ft B
.nf
-#include <lwres/netdb.h>
+#include <lwres/netdb\&.h>
.fi
-.HP 18
+.ft
+.HP \w'void\ lwres_herror('u
.BI "void lwres_herror(const\ char\ *" "s" ");"
-.HP 29
+.HP \w'const\ char\ *\ lwres_hstrerror('u
.BI "const char * lwres_hstrerror(int\ " "err" ");"
.SH "DESCRIPTION"
.PP
@@ -49,11 +67,11 @@ on
followed by the string generated by
\fBlwres_hstrerror()\fR
for the error code stored in the global variable
-\fBlwres_h_errno\fR.
+\fBlwres_h_errno\fR\&.
.PP
\fBlwres_hstrerror()\fR
returns an appropriate string for the error code gievn by
-\fIerr\fR. The values of the error codes and messages are as follows:
+\fIerr\fR\&. The values of the error codes and messages are as follows:
.PP
\fBNETDB_SUCCESS\fR
.RS 4
@@ -87,13 +105,17 @@ is returned by
\fBlwres_hstrerror()\fR
when the value of
\fBlwres_h_errno\fR
-is not a valid error code.
+is not a valid error code\&.
.SH "SEE ALSO"
.PP
\fBherror\fR(3),
-\fBlwres_hstrerror\fR(3).
+\fBlwres_hstrerror\fR(3)\&.
+.SH "AUTHOR"
+.PP
+\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001 Internet Software Consortium.
.br
diff --git a/lib/lwres/man/lwres_hstrerror.docbook b/lib/lwres/man/lwres_hstrerror.docbook
index d091b347dac5..59a2f268c1f9 100644
--- a/lib/lwres/man/lwres_hstrerror.docbook
+++ b/lib/lwres/man/lwres_hstrerror.docbook
@@ -1,8 +1,5 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,10 +15,14 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<refentry>
-
+<!-- Converted by db4-upgrade version 1.0 -->
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0">
+ <info>
+ <date>2007-06-18</date>
+ </info>
<refentryinfo>
- <date>June 18, 2007</date>
+ <corpname>ISC</corpname>
+ <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
</refentryinfo>
<refmeta>
@@ -36,6 +37,7 @@
<year>2005</year>
<year>2007</year>
<year>2014</year>
+ <year>2015</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -68,8 +70,8 @@ const char *
</funcsynopsis>
</refsynopsisdiv>
- <refsect1>
- <title>DESCRIPTION</title>
+ <refsection><info><title>DESCRIPTION</title></info>
+
<para><function>lwres_herror()</function>
prints the string <parameter>s</parameter> on
@@ -121,10 +123,10 @@ const char *
</varlistentry>
</variablelist>
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>RETURN VALUES</title></info>
- <refsect1>
- <title>RETURN VALUES</title>
<para>
The string <errorname>Unknown resolver error</errorname> is returned by
<function>lwres_hstrerror()</function>
@@ -132,9 +134,9 @@ const char *
<constant>lwres_h_errno</constant>
is not a valid error code.
</para>
- </refsect1>
- <refsect1>
- <title>SEE ALSO</title>
+ </refsection>
+ <refsection><info><title>SEE ALSO</title></info>
+
<para><citerefentry>
<refentrytitle>herror</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
@@ -144,9 +146,5 @@ const char *
</citerefentry>.
</para>
- </refsect1>
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->
+ </refsection>
+</refentry>
diff --git a/lib/lwres/man/lwres_hstrerror.html b/lib/lwres/man/lwres_hstrerror.html
index 654e73f12d8e..0f4dbe831cf9 100644
--- a/lib/lwres/man/lwres_hstrerror.html
+++ b/lib/lwres/man/lwres_hstrerror.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,15 +14,14 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>lwres_hstrerror</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476275"></a><div class="titlepage"></div>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
+<a name="id-1"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_herror, lwres_hstrerror &#8212; lightweight resolver error message generation</p>
@@ -31,26 +30,24 @@
<h2>Synopsis</h2>
<div class="funcsynopsis">
<pre class="funcsynopsisinfo">#include &lt;lwres/netdb.h&gt;</pre>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em"><tr>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;"><tr>
<td><code class="funcdef">
void
<b class="fsfunc">lwres_herror</b>(</code></td>
-<td>const char * </td>
-<td>
-<var class="pdparam">s</var><code>)</code>;</td>
+<td>const char *<var class="pdparam">s</var><code>)</code>;</td>
</tr></table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0"><tr>
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;"><tr>
<td><code class="funcdef">
const char *
<b class="fsfunc">lwres_hstrerror</b>(</code></td>
-<td>int  </td>
-<td>
-<var class="pdparam">err</var><code>)</code>;</td>
+<td>int <var class="pdparam">err</var><code>)</code>;</td>
</tr></table>
+<div class="funcprototype-spacer"> </div>
</div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543388"></a><h2>DESCRIPTION</h2>
+<div class="refsection">
+<a name="id-1.7"></a><h2>DESCRIPTION</h2>
<p><code class="function">lwres_herror()</code>
prints the string <em class="parameter"><code>s</code></em> on
<span class="type">stderr</span> followed by the string generated by
@@ -63,7 +60,7 @@ const char *
messages are as follows:
</p>
-<div class="variablelist"><dl>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term"><span class="errorcode">NETDB_SUCCESS</span></span></dt>
<dd><p><span class="errorname">Resolver Error 0 (no error)</span>
</p></dd>
@@ -83,8 +80,8 @@ const char *
<p>
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543507"></a><h2>RETURN VALUES</h2>
+<div class="refsection">
+<a name="id-1.8"></a><h2>RETURN VALUES</h2>
<p>
The string <span class="errorname">Unknown resolver error</span> is returned by
<code class="function">lwres_hstrerror()</code>
@@ -93,8 +90,8 @@ const char *
is not a valid error code.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543527"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.9"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">herror</span>(3)</span>,
<span class="citerefentry"><span class="refentrytitle">lwres_hstrerror</span>(3)</span>.
diff --git a/lib/lwres/man/lwres_inetntop.3 b/lib/lwres/man/lwres_inetntop.3
index c27b25e3d54c..077bbf609bea 100644
--- a/lib/lwres/man/lwres_inetntop.3
+++ b/lib/lwres/man/lwres_inetntop.3
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,29 +13,47 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id$
-.\"
.hy 0
.ad l
+'\" t
.\" Title: lwres_inetntop
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: June 18, 2007
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 2007-06-18
.\" Manual: BIND9
-.\" Source: BIND9
+.\" Source: ISC
+.\" Language: English
.\"
-.TH "LWRES_INETNTOP" "3" "June 18, 2007" "BIND9" "BIND9"
+.TH "LWRES_INETNTOP" "3" "2007\-06\-18" "ISC" "BIND9"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
.SH "NAME"
lwres_net_ntop \- lightweight resolver IP address presentation
.SH "SYNOPSIS"
+.sp
+.ft B
.nf
-#include <lwres/net.h>
+#include <lwres/net\&.h>
.fi
-.HP 28
+.ft
+.HP \w'const\ char\ *\ lwres_net_ntop('u
.BI "const char * lwres_net_ntop(int\ " "af" ", const\ void\ *" "src" ", char\ *" "dst" ", size_t\ " "size" ");"
.SH "DESCRIPTION"
.PP
@@ -44,17 +62,17 @@ converts an IP address of protocol family
\fIaf\fR
\(em IPv4 or IPv6 \(em at location
\fIsrc\fR
-from network format to its conventional representation as a string. For IPv4 addresses, that string would be a dotted\-decimal. An IPv6 address would be represented in colon notation as described in RFC1884.
+from network format to its conventional representation as a string\&. For IPv4 addresses, that string would be a dotted\-decimal\&. An IPv6 address would be represented in colon notation as described in RFC1884\&.
.PP
The generated string is copied to
\fIdst\fR
provided
\fIsize\fR
-indicates it is long enough to store the ASCII representation of the address.
+indicates it is long enough to store the ASCII representation of the address\&.
.SH "RETURN VALUES"
.PP
If successful, the function returns
-\fIdst\fR: a pointer to a string containing the presentation format of the address.
+\fIdst\fR: a pointer to a string containing the presentation format of the address\&.
\fBlwres_net_ntop()\fR
returns
\fBNULL\fR
@@ -64,14 +82,18 @@ to
\fBEAFNOSUPPORT\fR
if the protocol family given in
\fIaf\fR
-is not supported.
+is not supported\&.
.SH "SEE ALSO"
.PP
\fBRFC1884\fR(),
\fBinet_ntop\fR(3),
-\fBerrno\fR(3).
+\fBerrno\fR(3)\&.
+.SH "AUTHOR"
+.PP
+\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001 Internet Software Consortium.
.br
diff --git a/lib/lwres/man/lwres_inetntop.docbook b/lib/lwres/man/lwres_inetntop.docbook
index b2d170f29706..cf32a54b4a56 100644
--- a/lib/lwres/man/lwres_inetntop.docbook
+++ b/lib/lwres/man/lwres_inetntop.docbook
@@ -1,8 +1,7 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
+<!DOCTYPE book [
+<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,10 +17,14 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<refentry>
-
+<!-- Converted by db4-upgrade version 1.0 -->
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0">
+ <info>
+ <date>2007-06-18</date>
+ </info>
<refentryinfo>
- <date>June 18, 2007</date>
+ <corpname>ISC</corpname>
+ <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
</refentryinfo>
<refmeta>
@@ -36,6 +39,7 @@
<year>2005</year>
<year>2007</year>
<year>2014</year>
+ <year>2015</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -64,8 +68,8 @@ const char *
</funcsynopsis>
</refsynopsisdiv>
- <refsect1>
- <title>DESCRIPTION</title>
+ <refsection><info><title>DESCRIPTION</title></info>
+
<para><function>lwres_net_ntop()</function>
converts an IP address of protocol family
@@ -84,9 +88,9 @@ const char *
ASCII representation of the address.
</para>
- </refsect1>
- <refsect1>
- <title>RETURN VALUES</title>
+ </refsection>
+ <refsection><info><title>RETURN VALUES</title></info>
+
<para>
If successful, the function returns <parameter>dst</parameter>:
@@ -99,9 +103,9 @@ const char *
supported.
</para>
- </refsect1>
- <refsect1>
- <title>SEE ALSO</title>
+ </refsection>
+ <refsection><info><title>SEE ALSO</title></info>
+
<para><citerefentry>
<refentrytitle>RFC1884</refentrytitle>
</citerefentry>,
@@ -112,9 +116,5 @@ const char *
<refentrytitle>errno</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>.
</para>
- </refsect1>
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->
+ </refsection>
+</refentry>
diff --git a/lib/lwres/man/lwres_inetntop.html b/lib/lwres/man/lwres_inetntop.html
index 99cad662b090..1e08e7a7687b 100644
--- a/lib/lwres/man/lwres_inetntop.html
+++ b/lib/lwres/man/lwres_inetntop.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,15 +14,14 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>lwres_inetntop</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476275"></a><div class="titlepage"></div>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
+<a name="id-1"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_net_ntop &#8212; lightweight resolver IP address presentation</p>
@@ -31,38 +30,31 @@
<h2>Synopsis</h2>
<div class="funcsynopsis">
<pre class="funcsynopsisinfo">#include &lt;lwres/net.h&gt;</pre>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0">
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
const char *
<b class="fsfunc">lwres_net_ntop</b>(</code></td>
-<td>int  </td>
-<td>
-<var class="pdparam">af</var>, </td>
+<td>int <var class="pdparam">af</var>, </td>
</tr>
<tr>
<td> </td>
-<td>const void * </td>
-<td>
-<var class="pdparam">src</var>, </td>
+<td>const void *<var class="pdparam">src</var>, </td>
</tr>
<tr>
<td> </td>
-<td>char * </td>
-<td>
-<var class="pdparam">dst</var>, </td>
+<td>char *<var class="pdparam">dst</var>, </td>
</tr>
<tr>
<td> </td>
-<td>size_t  </td>
-<td>
-<var class="pdparam">size</var><code>)</code>;</td>
+<td>size_t <var class="pdparam">size</var><code>)</code>;</td>
</tr>
</table>
+<div class="funcprototype-spacer"> </div>
</div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543388"></a><h2>DESCRIPTION</h2>
+<div class="refsection">
+<a name="id-1.7"></a><h2>DESCRIPTION</h2>
<p><code class="function">lwres_net_ntop()</code>
converts an IP address of protocol family
<em class="parameter"><code>af</code></em> &#8212; IPv4 or IPv6 &#8212; at
@@ -79,8 +71,8 @@ const char *
ASCII representation of the address.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543420"></a><h2>RETURN VALUES</h2>
+<div class="refsection">
+<a name="id-1.8"></a><h2>RETURN VALUES</h2>
<p>
If successful, the function returns <em class="parameter"><code>dst</code></em>:
a pointer to a string containing the presentation format of the
@@ -92,8 +84,8 @@ const char *
supported.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543453"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.9"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">RFC1884</span></span>,
<span class="citerefentry"><span class="refentrytitle">inet_ntop</span>(3)</span>,
<span class="citerefentry"><span class="refentrytitle">errno</span>(3)</span>.
diff --git a/lib/lwres/man/lwres_noop.3 b/lib/lwres/man/lwres_noop.3
index cacbd4b6a4cd..423cdd301df5 100644
--- a/lib/lwres/man/lwres_noop.3
+++ b/lib/lwres/man/lwres_noop.3
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,101 +13,128 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id$
-.\"
.hy 0
.ad l
+'\" t
.\" Title: lwres_noop
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: June 18, 2007
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 2007-06-18
.\" Manual: BIND9
-.\" Source: BIND9
+.\" Source: ISC
+.\" Language: English
.\"
-.TH "LWRES_NOOP" "3" "June 18, 2007" "BIND9" "BIND9"
+.TH "LWRES_NOOP" "3" "2007\-06\-18" "ISC" "BIND9"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
.SH "NAME"
lwres_nooprequest_render, lwres_noopresponse_render, lwres_nooprequest_parse, lwres_noopresponse_parse, lwres_noopresponse_free, lwres_nooprequest_free \- lightweight resolver no\-op message handling
.SH "SYNOPSIS"
+.sp
+.ft B
.nf
-#include <lwres/lwres.h>
+#include <lwres/lwres\&.h>
.fi
-.HP 40
+.ft
+.HP \w'lwres_result_t\ lwres_nooprequest_render('u
.BI "lwres_result_t lwres_nooprequest_render(lwres_context_t\ *" "ctx" ", lwres_nooprequest_t\ *" "req" ", lwres_lwpacket_t\ *" "pkt" ", lwres_buffer_t\ *" "b" ");"
-.HP 41
+.HP \w'lwres_result_t\ lwres_noopresponse_render('u
.BI "lwres_result_t lwres_noopresponse_render(lwres_context_t\ *" "ctx" ", lwres_noopresponse_t\ *" "req" ", lwres_lwpacket_t\ *" "pkt" ", lwres_buffer_t\ *" "b" ");"
-.HP 39
+.HP \w'lwres_result_t\ lwres_nooprequest_parse('u
.BI "lwres_result_t lwres_nooprequest_parse(lwres_context_t\ *" "ctx" ", lwres_buffer_t\ *" "b" ", lwres_lwpacket_t\ *" "pkt" ", lwres_nooprequest_t\ **" "structp" ");"
-.HP 40
+.HP \w'lwres_result_t\ lwres_noopresponse_parse('u
.BI "lwres_result_t lwres_noopresponse_parse(lwres_context_t\ *" "ctx" ", lwres_buffer_t\ *" "b" ", lwres_lwpacket_t\ *" "pkt" ", lwres_noopresponse_t\ **" "structp" ");"
-.HP 29
+.HP \w'void\ lwres_noopresponse_free('u
.BI "void lwres_noopresponse_free(lwres_context_t\ *" "ctx" ", lwres_noopresponse_t\ **" "structp" ");"
-.HP 28
+.HP \w'void\ lwres_nooprequest_free('u
.BI "void lwres_nooprequest_free(lwres_context_t\ *" "ctx" ", lwres_nooprequest_t\ **" "structp" ");"
.SH "DESCRIPTION"
.PP
-These are low\-level routines for creating and parsing lightweight resolver no\-op request and response messages.
+These are low\-level routines for creating and parsing lightweight resolver no\-op request and response messages\&.
.PP
The no\-op message is analogous to a
\fBping\fR
-packet: a packet is sent to the resolver daemon and is simply echoed back. The opcode is intended to allow a client to determine if the server is operational or not.
+packet: a packet is sent to the resolver daemon and is simply echoed back\&. The opcode is intended to allow a client to determine if the server is operational or not\&.
.PP
-There are four main functions for the no\-op opcode. One render function converts a no\-op request structure \(em
+There are four main functions for the no\-op opcode\&. One render function converts a no\-op request structure \(em
\fBlwres_nooprequest_t\fR
-\(em to the lightweight resolver's canonical format. It is complemented by a parse function that converts a packet in this canonical format to a no\-op request structure. Another render function converts the no\-op response structure \(em
+\(em to the lightweight resolver\*(Aqs canonical format\&. It is complemented by a parse function that converts a packet in this canonical format to a no\-op request structure\&. Another render function converts the no\-op response structure \(em
\fBlwres_noopresponse_t\fR
-to the canonical format. This is complemented by a parse function which converts a packet in canonical format to a no\-op response structure.
+to the canonical format\&. This is complemented by a parse function which converts a packet in canonical format to a no\-op response structure\&.
.PP
These structures are defined in
-\fIlwres/lwres.h\fR. They are shown below.
+lwres/lwres\&.h\&. They are shown below\&.
.PP
+.if n \{\
.RS 4
+.\}
.nf
#define LWRES_OPCODE_NOOP 0x00000000U
.fi
+.if n \{\
.RE
-.sp
+.\}
.PP
+.if n \{\
.RS 4
+.\}
.nf
typedef struct {
lwres_uint16_t datalength;
unsigned char *data;
} lwres_nooprequest_t;
.fi
+.if n \{\
.RE
-.sp
+.\}
.PP
+.if n \{\
.RS 4
+.\}
.nf
typedef struct {
lwres_uint16_t datalength;
unsigned char *data;
} lwres_noopresponse_t;
.fi
+.if n \{\
.RE
-.sp
+.\}
.PP
-Although the structures have different types, they are identical. This is because the no\-op opcode simply echos whatever data was sent: the response is therefore identical to the request.
+Although the structures have different types, they are identical\&. This is because the no\-op opcode simply echos whatever data was sent: the response is therefore identical to the request\&.
.PP
\fBlwres_nooprequest_render()\fR
uses resolver context
\fIctx\fR
to convert no\-op request structure
\fIreq\fR
-to canonical format. The packet header structure
+to canonical format\&. The packet header structure
\fIpkt\fR
is initialised and transferred to buffer
-\fIb\fR. The contents of
+\fIb\fR\&. The contents of
\fI*req\fR
-are then appended to the buffer in canonical format.
+are then appended to the buffer in canonical format\&.
\fBlwres_noopresponse_render()\fR
performs the same task, except it converts a no\-op response structure
\fBlwres_noopresponse_t\fR
-to the lightweight resolver's canonical format.
+to the lightweight resolver\*(Aqs canonical format\&.
.PP
\fBlwres_nooprequest_parse()\fR
uses context
@@ -116,18 +143,18 @@ to convert the contents of packet
\fIpkt\fR
to a
\fBlwres_nooprequest_t\fR
-structure. Buffer
+structure\&. Buffer
\fIb\fR
-provides space to be used for storing this structure. When the function succeeds, the resulting
+provides space to be used for storing this structure\&. When the function succeeds, the resulting
\fBlwres_nooprequest_t\fR
is made available through
-\fI*structp\fR.
+\fI*structp\fR\&.
\fBlwres_noopresponse_parse()\fR
offers the same semantics as
\fBlwres_nooprequest_parse()\fR
except it yields a
\fBlwres_noopresponse_t\fR
-structure.
+structure\&.
.PP
\fBlwres_noopresponse_free()\fR
and
@@ -139,20 +166,19 @@ that was allocated to the
or
\fBlwres_nooprequest_t\fR
structures referenced via
-\fIstructp\fR.
+\fIstructp\fR\&.
.SH "RETURN VALUES"
.PP
The no\-op opcode functions
\fBlwres_nooprequest_render()\fR,
-\fBlwres_noopresponse_render()\fR
-\fBlwres_nooprequest_parse()\fR
+\fBlwres_noopresponse_render()\fR\fBlwres_nooprequest_parse()\fR
and
\fBlwres_noopresponse_parse()\fR
all return
\fBLWRES_R_SUCCESS\fR
-on success. They return
+on success\&. They return
\fBLWRES_R_NOMEMORY\fR
-if memory allocation fails.
+if memory allocation fails\&.
\fBLWRES_R_UNEXPECTEDEND\fR
is returned if the available space in the buffer
\fIb\fR
@@ -160,24 +186,28 @@ is too small to accommodate the packet header or the
\fBlwres_nooprequest_t\fR
and
\fBlwres_noopresponse_t\fR
-structures.
+structures\&.
\fBlwres_nooprequest_parse()\fR
and
\fBlwres_noopresponse_parse()\fR
will return
\fBLWRES_R_UNEXPECTEDEND\fR
-if the buffer is not empty after decoding the received packet. These functions will return
+if the buffer is not empty after decoding the received packet\&. These functions will return
\fBLWRES_R_FAILURE\fR
if
\fBpktflags\fR
in the packet header structure
\fBlwres_lwpacket_t\fR
-indicate that the packet is not a response to an earlier query.
+indicate that the packet is not a response to an earlier query\&.
.SH "SEE ALSO"
.PP
\fBlwres_packet\fR(3)
+.SH "AUTHOR"
+.PP
+\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001 Internet Software Consortium.
.br
diff --git a/lib/lwres/man/lwres_noop.docbook b/lib/lwres/man/lwres_noop.docbook
index 8f40990b478f..b482c1a3643d 100644
--- a/lib/lwres/man/lwres_noop.docbook
+++ b/lib/lwres/man/lwres_noop.docbook
@@ -1,8 +1,7 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
+<!DOCTYPE book [
+<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,10 +17,14 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<refentry>
-
+<!-- Converted by db4-upgrade version 1.0 -->
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0">
+ <info>
+ <date>2007-06-18</date>
+ </info>
<refentryinfo>
- <date>June 18, 2007</date>
+ <corpname>ISC</corpname>
+ <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
</refentryinfo>
<refmeta>
@@ -36,6 +39,7 @@
<year>2005</year>
<year>2007</year>
<year>2014</year>
+ <year>2015</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -110,8 +114,8 @@ void
</funcprototype>
</funcsynopsis>
</refsynopsisdiv>
- <refsect1>
- <title>DESCRIPTION</title>
+ <refsection><info><title>DESCRIPTION</title></info>
+
<para>
These are low-level routines for creating and parsing
lightweight resolver no-op request and response messages.
@@ -201,9 +205,9 @@ typedef struct {
<parameter>structp</parameter>.
</para>
- </refsect1>
- <refsect1>
- <title>RETURN VALUES</title>
+ </refsection>
+ <refsection><info><title>RETURN VALUES</title></info>
+
<para>
The no-op opcode functions
<function>lwres_nooprequest_render()</function>,
@@ -240,16 +244,12 @@ typedef struct {
<type>lwres_lwpacket_t</type>
indicate that the packet is not a response to an earlier query.
</para>
- </refsect1>
- <refsect1>
- <title>SEE ALSO</title>
+ </refsection>
+ <refsection><info><title>SEE ALSO</title></info>
+
<para><citerefentry>
<refentrytitle>lwres_packet</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>
</para>
- </refsect1>
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->
+ </refsection>
+</refentry>
diff --git a/lib/lwres/man/lwres_noop.html b/lib/lwres/man/lwres_noop.html
index e1d499cff704..6f67cab98497 100644
--- a/lib/lwres/man/lwres_noop.html
+++ b/lib/lwres/man/lwres_noop.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,15 +14,14 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>lwres_noop</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476275"></a><div class="titlepage"></div>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
+<a name="id-1"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_nooprequest_render, lwres_noopresponse_render, lwres_nooprequest_parse, lwres_noopresponse_parse, lwres_noopresponse_free, lwres_nooprequest_free &#8212; lightweight resolver no-op message handling</p>
@@ -32,160 +31,126 @@
<div class="funcsynopsis">
<pre class="funcsynopsisinfo">
#include &lt;lwres/lwres.h&gt;</pre>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
lwres_result_t
<b class="fsfunc">lwres_nooprequest_render</b>(</code></td>
-<td>lwres_context_t * </td>
-<td>
-<var class="pdparam">ctx</var>, </td>
+<td>lwres_context_t *<var class="pdparam">ctx</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_nooprequest_t * </td>
-<td>
-<var class="pdparam">req</var>, </td>
+<td>lwres_nooprequest_t *<var class="pdparam">req</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_lwpacket_t * </td>
-<td>
-<var class="pdparam">pkt</var>, </td>
+<td>lwres_lwpacket_t *<var class="pdparam">pkt</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_buffer_t * </td>
-<td>
-<var class="pdparam">b</var><code>)</code>;</td>
+<td>lwres_buffer_t *<var class="pdparam">b</var><code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
lwres_result_t
<b class="fsfunc">lwres_noopresponse_render</b>(</code></td>
-<td>lwres_context_t * </td>
-<td>
-<var class="pdparam">ctx</var>, </td>
+<td>lwres_context_t *<var class="pdparam">ctx</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_noopresponse_t * </td>
-<td>
-<var class="pdparam">req</var>, </td>
+<td>lwres_noopresponse_t *<var class="pdparam">req</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_lwpacket_t * </td>
-<td>
-<var class="pdparam">pkt</var>, </td>
+<td>lwres_lwpacket_t *<var class="pdparam">pkt</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_buffer_t * </td>
-<td>
-<var class="pdparam">b</var><code>)</code>;</td>
+<td>lwres_buffer_t *<var class="pdparam">b</var><code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
lwres_result_t
<b class="fsfunc">lwres_nooprequest_parse</b>(</code></td>
-<td>lwres_context_t * </td>
-<td>
-<var class="pdparam">ctx</var>, </td>
+<td>lwres_context_t *<var class="pdparam">ctx</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_buffer_t * </td>
-<td>
-<var class="pdparam">b</var>, </td>
+<td>lwres_buffer_t *<var class="pdparam">b</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_lwpacket_t * </td>
-<td>
-<var class="pdparam">pkt</var>, </td>
+<td>lwres_lwpacket_t *<var class="pdparam">pkt</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_nooprequest_t ** </td>
-<td>
-<var class="pdparam">structp</var><code>)</code>;</td>
+<td>lwres_nooprequest_t **<var class="pdparam">structp</var><code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
lwres_result_t
<b class="fsfunc">lwres_noopresponse_parse</b>(</code></td>
-<td>lwres_context_t * </td>
-<td>
-<var class="pdparam">ctx</var>, </td>
+<td>lwres_context_t *<var class="pdparam">ctx</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_buffer_t * </td>
-<td>
-<var class="pdparam">b</var>, </td>
+<td>lwres_buffer_t *<var class="pdparam">b</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_lwpacket_t * </td>
-<td>
-<var class="pdparam">pkt</var>, </td>
+<td>lwres_lwpacket_t *<var class="pdparam">pkt</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_noopresponse_t ** </td>
-<td>
-<var class="pdparam">structp</var><code>)</code>;</td>
+<td>lwres_noopresponse_t **<var class="pdparam">structp</var><code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
void
<b class="fsfunc">lwres_noopresponse_free</b>(</code></td>
-<td>lwres_context_t * </td>
-<td>
-<var class="pdparam">ctx</var>, </td>
+<td>lwres_context_t *<var class="pdparam">ctx</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_noopresponse_t ** </td>
-<td>
-<var class="pdparam">structp</var><code>)</code>;</td>
+<td>lwres_noopresponse_t **<var class="pdparam">structp</var><code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0">
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
void
<b class="fsfunc">lwres_nooprequest_free</b>(</code></td>
-<td>lwres_context_t * </td>
-<td>
-<var class="pdparam">ctx</var>, </td>
+<td>lwres_context_t *<var class="pdparam">ctx</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_nooprequest_t ** </td>
-<td>
-<var class="pdparam">structp</var><code>)</code>;</td>
+<td>lwres_nooprequest_t **<var class="pdparam">structp</var><code>)</code>;</td>
</tr>
</table>
+<div class="funcprototype-spacer"> </div>
</div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543531"></a><h2>DESCRIPTION</h2>
+<div class="refsection">
+<a name="id-1.7"></a><h2>DESCRIPTION</h2>
<p>
These are low-level routines for creating and parsing
lightweight resolver no-op request and response messages.
</p>
<p>
- The no-op message is analogous to a <span><strong class="command">ping</strong></span>
+ The no-op message is analogous to a <span class="command"><strong>ping</strong></span>
packet:
a packet is sent to the resolver daemon and is simply echoed back.
The opcode is intended to allow a client to determine if the server is
@@ -269,8 +234,8 @@ typedef struct {
<em class="parameter"><code>structp</code></em>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543682"></a><h2>RETURN VALUES</h2>
+<div class="refsection">
+<a name="id-1.8"></a><h2>RETURN VALUES</h2>
<p>
The no-op opcode functions
<code class="function">lwres_nooprequest_render()</code>,
@@ -308,8 +273,8 @@ typedef struct {
indicate that the packet is not a response to an earlier query.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543748"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.9"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">lwres_packet</span>(3)</span>
</p>
</div>
diff --git a/lib/lwres/man/lwres_packet.3 b/lib/lwres/man/lwres_packet.3
index a33990fc3de9..8f5c020534e4 100644
--- a/lib/lwres/man/lwres_packet.3
+++ b/lib/lwres/man/lwres_packet.3
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,47 +13,70 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id$
-.\"
.hy 0
.ad l
+'\" t
.\" Title: lwres_packet
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: June 18, 2007
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 2007-06-18
.\" Manual: BIND9
-.\" Source: BIND9
+.\" Source: ISC
+.\" Language: English
.\"
-.TH "LWRES_PACKET" "3" "June 18, 2007" "BIND9" "BIND9"
+.TH "LWRES_PACKET" "3" "2007\-06\-18" "ISC" "BIND9"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
.SH "NAME"
lwres_lwpacket_renderheader, lwres_lwpacket_parseheader \- lightweight resolver packet handling functions
.SH "SYNOPSIS"
+.sp
+.ft B
.nf
-#include <lwres/lwpacket.h>
+#include <lwres/lwpacket\&.h>
.fi
-.HP 43
+.ft
+.HP \w'lwres_result_t\ lwres_lwpacket_renderheader('u
.BI "lwres_result_t lwres_lwpacket_renderheader(lwres_buffer_t\ *" "b" ", lwres_lwpacket_t\ *" "pkt" ");"
-.HP 42
+.HP \w'lwres_result_t\ lwres_lwpacket_parseheader('u
.BI "lwres_result_t lwres_lwpacket_parseheader(lwres_buffer_t\ *" "b" ", lwres_lwpacket_t\ *" "pkt" ");"
.SH "DESCRIPTION"
.PP
These functions rely on a
\fBstruct lwres_lwpacket\fR
which is defined in
-\fIlwres/lwpacket.h\fR.
+lwres/lwpacket\&.h\&.
.PP
+.if n \{\
.RS 4
+.\}
.nf
typedef struct lwres_lwpacket lwres_lwpacket_t;
.fi
+.if n \{\
.RE
-.sp
+.\}
.PP
+.if n \{\
.RS 4
+.\}
.nf
struct lwres_lwpacket {
lwres_uint32_t length;
@@ -67,89 +90,89 @@ struct lwres_lwpacket {
lwres_uint16_t authlength;
};
.fi
+.if n \{\
.RE
-.sp
+.\}
.PP
The elements of this structure are:
.PP
\fBlength\fR
.RS 4
-the overall packet length, including the entire packet header. This field is filled in by the lwres_gabn_*() and lwres_gnba_*() calls.
+the overall packet length, including the entire packet header\&. This field is filled in by the lwres_gabn_*() and lwres_gnba_*() calls\&.
.RE
.PP
\fBversion\fR
.RS 4
-the header format. There is currently only one format,
-\fBLWRES_LWPACKETVERSION_0\fR. This field is filled in by the lwres_gabn_*() and lwres_gnba_*() calls.
+the header format\&. There is currently only one format,
+\fBLWRES_LWPACKETVERSION_0\fR\&. This field is filled in by the lwres_gabn_*() and lwres_gnba_*() calls\&.
.RE
.PP
\fBpktflags\fR
.RS 4
-library\-defined flags for this packet: for instance whether the packet is a request or a reply. Flag values can be set, but not defined by the caller. This field is filled in by the application wit the exception of the LWRES_LWPACKETFLAG_RESPONSE bit, which is set by the library in the lwres_gabn_*() and lwres_gnba_*() calls.
+library\-defined flags for this packet: for instance whether the packet is a request or a reply\&. Flag values can be set, but not defined by the caller\&. This field is filled in by the application wit the exception of the LWRES_LWPACKETFLAG_RESPONSE bit, which is set by the library in the lwres_gabn_*() and lwres_gnba_*() calls\&.
.RE
.PP
\fBserial\fR
.RS 4
-is set by the requestor and is returned in all replies. If two or more packets from the same source have the same serial number and are from the same source, they are assumed to be duplicates and the latter ones may be dropped. This field must be set by the application.
+is set by the requestor and is returned in all replies\&. If two or more packets from the same source have the same serial number and are from the same source, they are assumed to be duplicates and the latter ones may be dropped\&. This field must be set by the application\&.
.RE
.PP
\fBopcode\fR
.RS 4
-indicates the operation. Opcodes between 0x00000000 and 0x03ffffff are reserved for use by the lightweight resolver library. Opcodes between 0x04000000 and 0xffffffff are application defined. This field is filled in by the lwres_gabn_*() and lwres_gnba_*() calls.
+indicates the operation\&. Opcodes between 0x00000000 and 0x03ffffff are reserved for use by the lightweight resolver library\&. Opcodes between 0x04000000 and 0xffffffff are application defined\&. This field is filled in by the lwres_gabn_*() and lwres_gnba_*() calls\&.
.RE
.PP
\fBresult\fR
.RS 4
-is only valid for replies. Results between 0x04000000 and 0xffffffff are application defined. Results between 0x00000000 and 0x03ffffff are reserved for library use. This field is filled in by the lwres_gabn_*() and lwres_gnba_*() calls.
+is only valid for replies\&. Results between 0x04000000 and 0xffffffff are application defined\&. Results between 0x00000000 and 0x03ffffff are reserved for library use\&. This field is filled in by the lwres_gabn_*() and lwres_gnba_*() calls\&.
.RE
.PP
\fBrecvlength\fR
.RS 4
-is the maximum buffer size that the receiver can handle on requests and the size of the buffer needed to satisfy a request when the buffer is too large for replies. This field is supplied by the application.
+is the maximum buffer size that the receiver can handle on requests and the size of the buffer needed to satisfy a request when the buffer is too large for replies\&. This field is supplied by the application\&.
.RE
.PP
\fBauthtype\fR
.RS 4
-defines the packet level authentication that is used. Authorisation types between 0x1000 and 0xffff are application defined and types between 0x0000 and 0x0fff are reserved for library use. Currently these are not used and must be zero.
+defines the packet level authentication that is used\&. Authorisation types between 0x1000 and 0xffff are application defined and types between 0x0000 and 0x0fff are reserved for library use\&. Currently these are not used and must be zero\&.
.RE
.PP
\fBauthlen\fR
.RS 4
-gives the length of the authentication data. Since packet authentication is currently not used, this must be zero.
+gives the length of the authentication data\&. Since packet authentication is currently not used, this must be zero\&.
.RE
.PP
The following opcodes are currently defined:
.PP
\fBNOOP\fR
.RS 4
-Success is always returned and the packet contents are echoed. The lwres_noop_*() functions should be used for this type.
+Success is always returned and the packet contents are echoed\&. The lwres_noop_*() functions should be used for this type\&.
.RE
.PP
\fBGETADDRSBYNAME\fR
.RS 4
-returns all known addresses for a given name. The lwres_gabn_*() functions should be used for this type.
+returns all known addresses for a given name\&. The lwres_gabn_*() functions should be used for this type\&.
.RE
.PP
\fBGETNAMEBYADDR\fR
.RS 4
-return the hostname for the given address. The lwres_gnba_*() functions should be used for this type.
+return the hostname for the given address\&. The lwres_gnba_*() functions should be used for this type\&.
.RE
.PP
\fBlwres_lwpacket_renderheader()\fR
transfers the contents of lightweight resolver packet structure
-\fBlwres_lwpacket_t\fR
-\fI*pkt\fR
+\fBlwres_lwpacket_t\fR\fI*pkt\fR
in network byte order to the lightweight resolver buffer,
-\fI*b\fR.
+\fI*b\fR\&.
.PP
\fBlwres_lwpacket_parseheader()\fR
-performs the converse operation. It transfers data in network byte order from buffer
+performs the converse operation\&. It transfers data in network byte order from buffer
\fI*b\fR
to resolver packet
-\fI*pkt\fR. The contents of the buffer
+\fI*pkt\fR\&. The contents of the buffer
\fIb\fR
should correspond to a
-\fBlwres_lwpacket_t\fR.
+\fBlwres_lwpacket_t\fR\&.
.SH "RETURN VALUES"
.PP
Successful calls to
@@ -157,14 +180,18 @@ Successful calls to
and
\fBlwres_lwpacket_parseheader()\fR
return
-\fBLWRES_R_SUCCESS\fR. If there is insufficient space to copy data between the buffer
+\fBLWRES_R_SUCCESS\fR\&. If there is insufficient space to copy data between the buffer
\fI*b\fR
and lightweight resolver packet
\fI*pkt\fR
both functions return
-\fBLWRES_R_UNEXPECTEDEND\fR.
+\fBLWRES_R_UNEXPECTEDEND\fR\&.
+.SH "AUTHOR"
+.PP
+\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001 Internet Software Consortium.
.br
diff --git a/lib/lwres/man/lwres_packet.docbook b/lib/lwres/man/lwres_packet.docbook
index b9462635023b..321248b2ca4e 100644
--- a/lib/lwres/man/lwres_packet.docbook
+++ b/lib/lwres/man/lwres_packet.docbook
@@ -1,8 +1,5 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,10 +15,14 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<refentry>
-
+<!-- Converted by db4-upgrade version 1.0 -->
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0">
+ <info>
+ <date>2007-06-18</date>
+ </info>
<refentryinfo>
- <date>June 18, 2007</date>
+ <corpname>ISC</corpname>
+ <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
</refentryinfo>
<refmeta>
@@ -36,6 +37,7 @@
<year>2005</year>
<year>2007</year>
<year>2014</year>
+ <year>2015</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -69,8 +71,8 @@ lwres_result_t
</funcprototype>
</funcsynopsis>
</refsynopsisdiv>
- <refsect1>
- <title>DESCRIPTION</title>
+ <refsection><info><title>DESCRIPTION</title></info>
+
<para>
These functions rely on a
<type>struct lwres_lwpacket</type>
@@ -268,10 +270,10 @@ struct lwres_lwpacket {
<type>lwres_lwpacket_t</type>.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>RETURN VALUES</title></info>
- <refsect1>
- <title>RETURN VALUES</title>
<para>
Successful calls to
<function>lwres_lwpacket_renderheader()</function> and
@@ -283,9 +285,5 @@ struct lwres_lwpacket {
return <errorcode>LWRES_R_UNEXPECTEDEND</errorcode>.
</para>
- </refsect1>
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->
+ </refsection>
+</refentry>
diff --git a/lib/lwres/man/lwres_packet.html b/lib/lwres/man/lwres_packet.html
index d0542daa72db..411644310848 100644
--- a/lib/lwres/man/lwres_packet.html
+++ b/lib/lwres/man/lwres_packet.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,15 +14,14 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>lwres_packet</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476275"></a><div class="titlepage"></div>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
+<a name="id-1"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_lwpacket_renderheader, lwres_lwpacket_parseheader &#8212; lightweight resolver packet handling functions</p>
@@ -31,42 +30,36 @@
<h2>Synopsis</h2>
<div class="funcsynopsis">
<pre class="funcsynopsisinfo">#include &lt;lwres/lwpacket.h&gt;</pre>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
lwres_result_t
<b class="fsfunc">lwres_lwpacket_renderheader</b>(</code></td>
-<td>lwres_buffer_t * </td>
-<td>
-<var class="pdparam">b</var>, </td>
+<td>lwres_buffer_t *<var class="pdparam">b</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_lwpacket_t * </td>
-<td>
-<var class="pdparam">pkt</var><code>)</code>;</td>
+<td>lwres_lwpacket_t *<var class="pdparam">pkt</var><code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0">
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
lwres_result_t
<b class="fsfunc">lwres_lwpacket_parseheader</b>(</code></td>
-<td>lwres_buffer_t * </td>
-<td>
-<var class="pdparam">b</var>, </td>
+<td>lwres_buffer_t *<var class="pdparam">b</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_lwpacket_t * </td>
-<td>
-<var class="pdparam">pkt</var><code>)</code>;</td>
+<td>lwres_lwpacket_t *<var class="pdparam">pkt</var><code>)</code>;</td>
</tr>
</table>
+<div class="funcprototype-spacer"> </div>
</div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543399"></a><h2>DESCRIPTION</h2>
+<div class="refsection">
+<a name="id-1.7"></a><h2>DESCRIPTION</h2>
<p>
These functions rely on a
<span class="type">struct lwres_lwpacket</span>
@@ -96,7 +89,7 @@ struct lwres_lwpacket {
<p>
The elements of this structure are:
</p>
-<div class="variablelist"><dl>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term"><code class="constant">length</code></span></dt>
<dd><p>
the overall packet length, including the entire packet header.
@@ -185,7 +178,7 @@ struct lwres_lwpacket {
<p>
The following opcodes are currently defined:
</p>
-<div class="variablelist"><dl>
+<div class="variablelist"><dl class="variablelist">
<dt><span class="term"><code class="constant">NOOP</code></span></dt>
<dd><p>
Success is always returned and the packet contents are echoed.
@@ -218,8 +211,8 @@ struct lwres_lwpacket {
<span class="type">lwres_lwpacket_t</span>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543716"></a><h2>RETURN VALUES</h2>
+<div class="refsection">
+<a name="id-1.8"></a><h2>RETURN VALUES</h2>
<p>
Successful calls to
<code class="function">lwres_lwpacket_renderheader()</code> and
diff --git a/lib/lwres/man/lwres_resutil.3 b/lib/lwres/man/lwres_resutil.3
index 0125c788d13c..991fb05ca406 100644
--- a/lib/lwres/man/lwres_resutil.3
+++ b/lib/lwres/man/lwres_resutil.3
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,59 +13,77 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id$
-.\"
.hy 0
.ad l
+'\" t
.\" Title: lwres_resutil
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\" Date: June 18, 2007
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\" Date: 2007-06-18
.\" Manual: BIND9
-.\" Source: BIND9
+.\" Source: ISC
+.\" Language: English
.\"
-.TH "LWRES_RESUTIL" "3" "June 18, 2007" "BIND9" "BIND9"
+.TH "LWRES_RESUTIL" "3" "2007\-06\-18" "ISC" "BIND9"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
.SH "NAME"
lwres_string_parse, lwres_addr_parse, lwres_getaddrsbyname, lwres_getnamebyaddr \- lightweight resolver utility functions
.SH "SYNOPSIS"
+.sp
+.ft B
.nf
-#include <lwres/lwres.h>
+#include <lwres/lwres\&.h>
.fi
-.HP 34
+.ft
+.HP \w'lwres_result_t\ lwres_string_parse('u
.BI "lwres_result_t lwres_string_parse(lwres_buffer_t\ *" "b" ", char\ **" "c" ", lwres_uint16_t\ *" "len" ");"
-.HP 32
+.HP \w'lwres_result_t\ lwres_addr_parse('u
.BI "lwres_result_t lwres_addr_parse(lwres_buffer_t\ *" "b" ", lwres_addr_t\ *" "addr" ");"
-.HP 36
+.HP \w'lwres_result_t\ lwres_getaddrsbyname('u
.BI "lwres_result_t lwres_getaddrsbyname(lwres_context_t\ *" "ctx" ", const\ char\ *" "name" ", lwres_uint32_t\ " "addrtypes" ", lwres_gabnresponse_t\ **" "structp" ");"
-.HP 35
+.HP \w'lwres_result_t\ lwres_getnamebyaddr('u
.BI "lwres_result_t lwres_getnamebyaddr(lwres_context_t\ *" "ctx" ", lwres_uint32_t\ " "addrtype" ", lwres_uint16_t\ " "addrlen" ", const\ unsigned\ char\ *" "addr" ", lwres_gnbaresponse_t\ **" "structp" ");"
.SH "DESCRIPTION"
.PP
\fBlwres_string_parse()\fR
retrieves a DNS\-encoded string starting the current pointer of lightweight resolver buffer
-\fIb\fR: i.e.
-\fBb\->current\fR. When the function returns, the address of the first byte of the encoded string is returned via
+\fIb\fR: i\&.e\&.
+\fBb\->current\fR\&. When the function returns, the address of the first byte of the encoded string is returned via
\fI*c\fR
and the length of that string is given by
-\fI*len\fR. The buffer's current pointer is advanced to point at the character following the string length, the encoded string, and the trailing
+\fI*len\fR\&. The buffer\*(Aqs current pointer is advanced to point at the character following the string length, the encoded string, and the trailing
\fBNULL\fR
-character.
+character\&.
.PP
\fBlwres_addr_parse()\fR
extracts an address from the buffer
-\fIb\fR. The buffer's current pointer
+\fIb\fR\&. The buffer\*(Aqs current pointer
\fBb\->current\fR
-is presumed to point at an encoded address: the address preceded by a 32\-bit protocol family identifier and a 16\-bit length field. The encoded address is copied to
+is presumed to point at an encoded address: the address preceded by a 32\-bit protocol family identifier and a 16\-bit length field\&. The encoded address is copied to
\fBaddr\->address\fR
and
\fBaddr\->length\fR
-indicates the size in bytes of the address that was copied.
+indicates the size in bytes of the address that was copied\&.
\fBb\->current\fR
-is advanced to point at the next byte of available data in the buffer following the encoded address.
+is advanced to point at the next byte of available data in the buffer following the encoded address\&.
.PP
\fBlwres_getaddrsbyname()\fR
and
@@ -74,7 +92,9 @@ use the
\fBlwres_gnbaresponse_t\fR
structure defined below:
.PP
+.if n \{\
.RS 4
+.\}
.nf
typedef struct {
lwres_uint32_t flags;
@@ -89,40 +109,42 @@ typedef struct {
size_t baselen;
} lwres_gabnresponse_t;
.fi
+.if n \{\
.RE
+.\}
.PP
The contents of this structure are not manipulated directly but they are controlled through the
\fBlwres_gabn\fR(3)
-functions.
+functions\&.
.PP
The lightweight resolver uses
\fBlwres_getaddrsbyname()\fR
-to perform forward lookups. Hostname
+to perform forward lookups\&. Hostname
\fIname\fR
is looked up using the resolver context
\fIctx\fR
-for memory allocation.
+for memory allocation\&.
\fIaddrtypes\fR
-is a bitmask indicating which type of addresses are to be looked up. Current values for this bitmask are
+is a bitmask indicating which type of addresses are to be looked up\&. Current values for this bitmask are
\fBLWRES_ADDRTYPE_V4\fR
for IPv4 addresses and
\fBLWRES_ADDRTYPE_V6\fR
-for IPv6 addresses. Results of the lookup are returned in
-\fI*structp\fR.
+for IPv6 addresses\&. Results of the lookup are returned in
+\fI*structp\fR\&.
.PP
\fBlwres_getnamebyaddr()\fR
-performs reverse lookups. Resolver context
+performs reverse lookups\&. Resolver context
\fIctx\fR
-is used for memory allocation. The address type is indicated by
+is used for memory allocation\&. The address type is indicated by
\fIaddrtype\fR:
\fBLWRES_ADDRTYPE_V4\fR
or
-\fBLWRES_ADDRTYPE_V6\fR. The address to be looked up is given by
+\fBLWRES_ADDRTYPE_V6\fR\&. The address to be looked up is given by
\fIaddr\fR
and its length is
\fIaddrlen\fR
-bytes. The result of the function call is made available through
-\fI*structp\fR.
+bytes\&. The result of the function call is made available through
+\fI*structp\fR\&.
.SH "RETURN VALUES"
.PP
Successful calls to
@@ -130,12 +152,12 @@ Successful calls to
and
\fBlwres_addr_parse()\fR
return
-\fBLWRES_R_SUCCESS.\fR
+\fBLWRES_R_SUCCESS\&.\fR
Both functions return
\fBLWRES_R_FAILURE\fR
if the buffer is corrupt or
\fBLWRES_R_UNEXPECTEDEND\fR
-if the buffer has less space than expected for the components of the encoded string or address.
+if the buffer has less space than expected for the components of the encoded string or address\&.
.PP
\fBlwres_getaddrsbyname()\fR
returns
@@ -144,11 +166,11 @@ on success and it returns
\fBLWRES_R_NOTFOUND\fR
if the hostname
\fIname\fR
-could not be found.
+could not be found\&.
.PP
\fBLWRES_R_SUCCESS\fR
is returned by a successful call to
-\fBlwres_getnamebyaddr()\fR.
+\fBlwres_getnamebyaddr()\fR\&.
.PP
Both
\fBlwres_getaddrsbyname()\fR
@@ -158,13 +180,17 @@ return
\fBLWRES_R_NOMEMORY\fR
when memory allocation requests fail and
\fBLWRES_R_UNEXPECTEDEND\fR
-if the buffers used for sending queries and receiving replies are too small.
+if the buffers used for sending queries and receiving replies are too small\&.
.SH "SEE ALSO"
.PP
\fBlwres_buffer\fR(3),
-\fBlwres_gabn\fR(3).
+\fBlwres_gabn\fR(3)\&.
+.SH "AUTHOR"
+.PP
+\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001 Internet Software Consortium.
.br
diff --git a/lib/lwres/man/lwres_resutil.docbook b/lib/lwres/man/lwres_resutil.docbook
index 0a0c4704aa2d..802483d075b7 100644
--- a/lib/lwres/man/lwres_resutil.docbook
+++ b/lib/lwres/man/lwres_resutil.docbook
@@ -1,8 +1,5 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
- [<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,10 +15,14 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<refentry>
-
+<!-- Converted by db4-upgrade version 1.0 -->
+<refentry xmlns="http://docbook.org/ns/docbook" version="5.0">
+ <info>
+ <date>2007-06-18</date>
+ </info>
<refentryinfo>
- <date>June 18, 2007</date>
+ <corpname>ISC</corpname>
+ <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
</refentryinfo>
<refmeta>
@@ -36,6 +37,7 @@
<year>2005</year>
<year>2007</year>
<year>2014</year>
+ <year>2015</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -92,8 +94,8 @@ lwres_result_t
</funcsynopsis>
</refsynopsisdiv>
- <refsect1>
- <title>DESCRIPTION</title>
+ <refsection><info><title>DESCRIPTION</title></info>
+
<para><function>lwres_string_parse()</function>
retrieves a DNS-encoded string starting the current pointer of
@@ -176,10 +178,10 @@ typedef struct {
function call is made available through
<parameter>*structp</parameter>.
</para>
- </refsect1>
+ </refsection>
+
+ <refsection><info><title>RETURN VALUES</title></info>
- <refsect1>
- <title>RETURN VALUES</title>
<para>
Successful calls to
<function>lwres_string_parse()</function>
@@ -218,9 +220,9 @@ typedef struct {
small.
</para>
- </refsect1>
- <refsect1>
- <title>SEE ALSO</title>
+ </refsection>
+ <refsection><info><title>SEE ALSO</title></info>
+
<para><citerefentry>
<refentrytitle>lwres_buffer</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
@@ -230,9 +232,5 @@ typedef struct {
</citerefentry>.
</para>
- </refsect1>
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->
+ </refsection>
+</refentry>
diff --git a/lib/lwres/man/lwres_resutil.html b/lib/lwres/man/lwres_resutil.html
index 28e571b4aec0..5855978c2f9a 100644
--- a/lib/lwres/man/lwres_resutil.html
+++ b/lib/lwres/man/lwres_resutil.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -14,15 +14,14 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>lwres_resutil</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476275"></a><div class="titlepage"></div>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
+<a name="id-1"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>lwres_string_parse, lwres_addr_parse, lwres_getaddrsbyname, lwres_getnamebyaddr &#8212; lightweight resolver utility functions</p>
@@ -31,110 +30,86 @@
<h2>Synopsis</h2>
<div class="funcsynopsis">
<pre class="funcsynopsisinfo">#include &lt;lwres/lwres.h&gt;</pre>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
lwres_result_t
<b class="fsfunc">lwres_string_parse</b>(</code></td>
-<td>lwres_buffer_t * </td>
-<td>
-<var class="pdparam">b</var>, </td>
+<td>lwres_buffer_t *<var class="pdparam">b</var>, </td>
</tr>
<tr>
<td> </td>
-<td>char ** </td>
-<td>
-<var class="pdparam">c</var>, </td>
+<td>char **<var class="pdparam">c</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_uint16_t * </td>
-<td>
-<var class="pdparam">len</var><code>)</code>;</td>
+<td>lwres_uint16_t *<var class="pdparam">len</var><code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
lwres_result_t
<b class="fsfunc">lwres_addr_parse</b>(</code></td>
-<td>lwres_buffer_t * </td>
-<td>
-<var class="pdparam">b</var>, </td>
+<td>lwres_buffer_t *<var class="pdparam">b</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_addr_t * </td>
-<td>
-<var class="pdparam">addr</var><code>)</code>;</td>
+<td>lwres_addr_t *<var class="pdparam">addr</var><code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" style="padding-bottom: 1em">
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
lwres_result_t
<b class="fsfunc">lwres_getaddrsbyname</b>(</code></td>
-<td>lwres_context_t * </td>
-<td>
-<var class="pdparam">ctx</var>, </td>
+<td>lwres_context_t *<var class="pdparam">ctx</var>, </td>
</tr>
<tr>
<td> </td>
-<td>const char * </td>
-<td>
-<var class="pdparam">name</var>, </td>
+<td>const char *<var class="pdparam">name</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_uint32_t  </td>
-<td>
-<var class="pdparam">addrtypes</var>, </td>
+<td>lwres_uint32_t <var class="pdparam">addrtypes</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_gabnresponse_t ** </td>
-<td>
-<var class="pdparam">structp</var><code>)</code>;</td>
+<td>lwres_gabnresponse_t **<var class="pdparam">structp</var><code>)</code>;</td>
</tr>
</table>
-<table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0">
+<div class="funcprototype-spacer"> </div>
+<table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;">
<tr>
<td><code class="funcdef">
lwres_result_t
<b class="fsfunc">lwres_getnamebyaddr</b>(</code></td>
-<td>lwres_context_t * </td>
-<td>
-<var class="pdparam">ctx</var>, </td>
+<td>lwres_context_t *<var class="pdparam">ctx</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_uint32_t  </td>
-<td>
-<var class="pdparam">addrtype</var>, </td>
+<td>lwres_uint32_t <var class="pdparam">addrtype</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_uint16_t  </td>
-<td>
-<var class="pdparam">addrlen</var>, </td>
+<td>lwres_uint16_t <var class="pdparam">addrlen</var>, </td>
</tr>
<tr>
<td> </td>
-<td>const unsigned char * </td>
-<td>
-<var class="pdparam">addr</var>, </td>
+<td>const unsigned char *<var class="pdparam">addr</var>, </td>
</tr>
<tr>
<td> </td>
-<td>lwres_gnbaresponse_t ** </td>
-<td>
-<var class="pdparam">structp</var><code>)</code>;</td>
+<td>lwres_gnbaresponse_t **<var class="pdparam">structp</var><code>)</code>;</td>
</tr>
</table>
+<div class="funcprototype-spacer"> </div>
</div>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543476"></a><h2>DESCRIPTION</h2>
+<div class="refsection">
+<a name="id-1.7"></a><h2>DESCRIPTION</h2>
<p><code class="function">lwres_string_parse()</code>
retrieves a DNS-encoded string starting the current pointer of
lightweight resolver buffer <em class="parameter"><code>b</code></em>: i.e.
@@ -209,8 +184,8 @@ typedef struct {
<em class="parameter"><code>*structp</code></em>.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543614"></a><h2>RETURN VALUES</h2>
+<div class="refsection">
+<a name="id-1.8"></a><h2>RETURN VALUES</h2>
<p>
Successful calls to
<code class="function">lwres_string_parse()</code>
@@ -247,8 +222,8 @@ typedef struct {
small.
</p>
</div>
-<div class="refsect1" lang="en">
-<a name="id2543686"></a><h2>SEE ALSO</h2>
+<div class="refsection">
+<a name="id-1.9"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">lwres_buffer</span>(3)</span>,
<span class="citerefentry"><span class="refentrytitle">lwres_gabn</span>(3)</span>.
diff --git a/make/rules.in b/make/rules.in
index 2a412f6c0313..d5703e7a5720 100644
--- a/make/rules.in
+++ b/make/rules.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004-2009, 2011, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2009, 2011, 2012, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2003 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -311,9 +311,11 @@ INSTALL_LIBRARY = @INSTALL_LIBRARY@
###
XSLTPROC = @XSLTPROC@ --novalid --xinclude --nonet
+XMLLINT = @XMLLINT@
PERL = @PERL@
LATEX = @LATEX@
PDFLATEX = @PDFLATEX@
+DBLATEX = @DBLATEX@
W3M = @W3M@
###
diff --git a/version b/version
index ab704e33e90c..1aebb0ce7d62 100644
--- a/version
+++ b/version
@@ -5,7 +5,7 @@ PRODUCT=BIND
DESCRIPTION="(Extended Support Version)"
MAJORVER=9
MINORVER=9
-PATCHVER=8
+PATCHVER=9
RELEASETYPE=-P
-RELEASEVER=4
+RELEASEVER=3
EXTENSIONS=
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-22 16:44:53 +0000