diff options
| author | Xin LI <delphij@FreeBSD.org> | 2016-09-28 03:45:43 +0000 |
|---|---|---|
| committer | Xin LI <delphij@FreeBSD.org> | 2016-09-28 03:45:43 +0000 |
| commit | c2a8859aa5c96190c179c911d3841c4de17b9c34 (patch) | |
| tree | d692d2581f8989d075abe40c9f3f55f2fa650949 /bin/named | |
| parent | 5ef882476736cbe802bb4e6437c520162c4f44ce (diff) | |
| download | src-test2-c2a8859aa5c96190c179c911d3841c4de17b9c34.tar.gz src-test2-c2a8859aa5c96190c179c911d3841c4de17b9c34.zip | |
Notes
Diffstat (limited to 'bin/named')
| -rw-r--r-- | bin/named/Makefile.in | 4 | ||||
| -rw-r--r-- | bin/named/client.c | 12 | ||||
| -rw-r--r-- | bin/named/config.c | 6 | ||||
| -rw-r--r-- | bin/named/control.c | 107 | ||||
| -rw-r--r-- | bin/named/controlconf.c | 6 | ||||
| -rw-r--r-- | bin/named/include/named/log.h | 4 | ||||
| -rw-r--r-- | bin/named/include/named/query.h | 3 | ||||
| -rw-r--r-- | bin/named/include/named/server.h | 43 | ||||
| -rw-r--r-- | bin/named/lwdgrbn.c | 20 | ||||
| -rw-r--r-- | bin/named/lwresd.8 | 150 | ||||
| -rw-r--r-- | bin/named/lwresd.docbook | 89 | ||||
| -rw-r--r-- | bin/named/lwresd.html | 52 | ||||
| -rw-r--r-- | bin/named/main.c | 30 | ||||
| -rw-r--r-- | bin/named/named.8 | 227 | ||||
| -rw-r--r-- | bin/named/named.conf.5 | 245 | ||||
| -rw-r--r-- | bin/named/named.conf.docbook | 143 | ||||
| -rw-r--r-- | bin/named/named.conf.html | 89 | ||||
| -rw-r--r-- | bin/named/named.docbook | 107 | ||||
| -rw-r--r-- | bin/named/named.html | 75 | ||||
| -rw-r--r-- | bin/named/query.c | 166 | ||||
| -rw-r--r-- | bin/named/server.c | 346 | ||||
| -rw-r--r-- | bin/named/statschannel.c | 8 | ||||
| -rw-r--r-- | bin/named/unix/include/named/os.h | 7 | ||||
| -rw-r--r-- | bin/named/unix/os.c | 37 | ||||
| -rw-r--r-- | bin/named/xfrout.c | 14 |
25 files changed, 1203 insertions, 787 deletions
diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in index 1d4a365d552f..3af6d83b83c9 100644 --- a/bin/named/Makefile.in +++ b/bin/named/Makefile.in @@ -1,4 +1,4 @@ -# Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 1998-2002 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -19,7 +19,7 @@ srcdir = @srcdir@ VPATH = @srcdir@ top_srcdir = @top_srcdir@ -@BIND9_VERSION@ +VERSION=@BIND9_VERSION@ @BIND9_PRODUCT@ diff --git a/bin/named/client.c b/bin/named/client.c index de2d596c8832..9ad78be84f66 100644 --- a/bin/named/client.c +++ b/bin/named/client.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -953,6 +953,12 @@ ns_client_send(ns_client_t *client) { else if (client->view->preferred_glue == dns_rdatatype_aaaa) preferred_glue = DNS_MESSAGERENDER_PREFER_AAAA; } + if (preferred_glue == 0) { + if (isc_sockaddr_pf(&client->peeraddr) == AF_INET) + preferred_glue = DNS_MESSAGERENDER_PREFER_A; + else + preferred_glue = DNS_MESSAGERENDER_PREFER_AAAA; + } #ifdef ALLOW_FILTER_AAAA_ON_V4 /* @@ -1194,7 +1200,7 @@ ns_client_error(ns_client_t *client, isc_result_t result) { */ if (wouldlog) { ns_client_log(client, - NS_LOGCATEGORY_QUERY_EERRORS, + NS_LOGCATEGORY_QUERY_ERRORS, NS_LOGMODULE_CLIENT, loglevel, "%s", log_buf); @@ -1666,7 +1672,7 @@ client_request(isc_task_t *task, isc_event_t *event) { (void)client_addopt(client); ns_client_log(client, NS_LOGCATEGORY_CLIENT, - NS_LOGMODULE_CLIENT, ISC_LOG_WARNING, + NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(1), "message parsing failed: %s", isc_result_totext(result)); ns_client_error(client, result); diff --git a/bin/named/config.c b/bin/named/config.c index cab6f1fd0db8..4798272ac353 100644 --- a/bin/named/config.c +++ b/bin/named/config.c @@ -103,9 +103,9 @@ options {\n\ transfers-per-ns 2;\n\ transfers-in 10;\n\ transfers-out 10;\n\ - treat-cr-as-space true;\n\ - use-id-pool true;\n\ - use-ixfr true;\n\ +# treat-cr-as-space <obsolete>;\n\ +# use-id-pool <obsolete>;\n\ +# use-ixfr <obsolete>;\n\ edns-udp-size 4096;\n\ max-udp-size 4096;\n\ request-nsid false;\n\ diff --git a/bin/named/control.c b/bin/named/control.c index 37e3a38437b3..b1b744f2ceab 100644 --- a/bin/named/control.c +++ b/bin/named/control.c @@ -24,6 +24,7 @@ #include <isc/app.h> #include <isc/event.h> +#include <isc/lex.h> #include <isc/mem.h> #include <isc/string.h> #include <isc/timer.h> @@ -36,6 +37,7 @@ #include <isccc/result.h> #include <named/control.h> +#include <named/globals.h> #include <named/log.h> #include <named/os.h> #include <named/server.h> @@ -43,15 +45,30 @@ #include <named/ns_smf_globals.h> #endif -static isc_boolean_t -command_compare(const char *text, const char *command) { - unsigned int commandlen = strlen(command); - if (strncasecmp(text, command, commandlen) == 0 && - (text[commandlen] == '\0' || - text[commandlen] == ' ' || - text[commandlen] == '\t')) - return (ISC_TRUE); - return (ISC_FALSE); +static isc_result_t +getcommand(isc_lex_t *lex, char **cmdp) { + isc_result_t result; + isc_token_t token; + + REQUIRE(cmdp != NULL && *cmdp == NULL); + + result = isc_lex_gettoken(lex, ISC_LEXOPT_EOF, &token); + if (result != ISC_R_SUCCESS) + return (result); + + isc_lex_ungettoken(lex, &token); + + if (token.type != isc_tokentype_string) + return (ISC_R_FAILURE); + + *cmdp = token.value.as_textregion.base; + + return (ISC_R_SUCCESS); +} + +static inline isc_boolean_t +command_compare(const char *str, const char *command) { + return ISC_TF(strcasecmp(str, command) == 0); } /*% @@ -61,9 +78,12 @@ command_compare(const char *text, const char *command) { isc_result_t ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) { isccc_sexpr_t *data; + char *cmdline = NULL; char *command = NULL; isc_result_t result; int log_level; + isc_buffer_t src; + isc_lex_t *lex = NULL; #ifdef HAVE_LIBSCF ns_smf_want_disable = 0; #endif @@ -76,7 +96,7 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) { return (ISC_R_FAILURE); } - result = isccc_cc_lookupstring(data, "type", &command); + result = isccc_cc_lookupstring(data, "type", &cmdline); if (result != ISC_R_SUCCESS) { /* * We have no idea what this is. @@ -84,6 +104,20 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) { return (result); } + result = isc_lex_create(ns_g_mctx, strlen(cmdline), &lex); + if (result != ISC_R_SUCCESS) + return (result); + + isc_buffer_init(&src, cmdline, strlen(cmdline)); + isc_buffer_add(&src, strlen(cmdline)); + result = isc_lex_openbuffer(lex, &src); + if (result != ISC_R_SUCCESS) + goto cleanup; + + result = getcommand(lex, &command); + if (result != ISC_R_SUCCESS) + goto cleanup; + /* * Compare the 'command' parameter against all known control commands. */ @@ -93,20 +127,21 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) { } else { log_level = ISC_LOG_INFO; } + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_CONTROL, log_level, "received control channel command '%s'", command); if (command_compare(command, NS_COMMAND_RELOAD)) { - result = ns_server_reloadcommand(ns_g_server, command, text); + result = ns_server_reloadcommand(ns_g_server, lex, text); } else if (command_compare(command, NS_COMMAND_RECONFIG)) { result = ns_server_reconfigcommand(ns_g_server); } else if (command_compare(command, NS_COMMAND_REFRESH)) { - result = ns_server_refreshcommand(ns_g_server, command, text); + result = ns_server_refreshcommand(ns_g_server, lex, text); } else if (command_compare(command, NS_COMMAND_RETRANSFER)) { result = ns_server_retransfercommand(ns_g_server, - command, text); + lex, text); } else if (command_compare(command, NS_COMMAND_HALT)) { #ifdef HAVE_LIBSCF /* @@ -116,7 +151,7 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) { */ if (ns_smf_got_instance == 1 && ns_smf_chroot == 1) { result = ns_smf_add_message(text); - return (result); + goto cleanup; } /* * If we are managed by smf(5) but not in chroot, @@ -132,7 +167,7 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) { #endif /* Do not flush master files */ ns_server_flushonshutdown(ns_g_server, ISC_FALSE); - ns_os_shutdownmsg(command, text); + ns_os_shutdownmsg(cmdline, text); isc_app_shutdown(); result = ISC_R_SUCCESS; } else if (command_compare(command, NS_COMMAND_STOP)) { @@ -143,51 +178,51 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) { #ifdef HAVE_LIBSCF if (ns_smf_got_instance == 1 && ns_smf_chroot == 1) { result = ns_smf_add_message(text); - return (result); + goto cleanup; } if (ns_smf_got_instance == 1 && ns_smf_chroot == 0) ns_smf_want_disable = 1; #endif ns_server_flushonshutdown(ns_g_server, ISC_TRUE); - ns_os_shutdownmsg(command, text); + ns_os_shutdownmsg(cmdline, text); isc_app_shutdown(); result = ISC_R_SUCCESS; } else if (command_compare(command, NS_COMMAND_DUMPSTATS)) { result = ns_server_dumpstats(ns_g_server); } else if (command_compare(command, NS_COMMAND_QUERYLOG)) { - result = ns_server_togglequerylog(ns_g_server, command); + result = ns_server_togglequerylog(ns_g_server, lex); } else if (command_compare(command, NS_COMMAND_DUMPDB)) { - ns_server_dumpdb(ns_g_server, command); + ns_server_dumpdb(ns_g_server, lex); result = ISC_R_SUCCESS; } else if (command_compare(command, NS_COMMAND_SECROOTS)) { - result = ns_server_dumpsecroots(ns_g_server, command); + result = ns_server_dumpsecroots(ns_g_server, lex); } else if (command_compare(command, NS_COMMAND_TRACE)) { - result = ns_server_setdebuglevel(ns_g_server, command); + result = ns_server_setdebuglevel(ns_g_server, lex); } else if (command_compare(command, NS_COMMAND_NOTRACE)) { ns_g_debuglevel = 0; isc_log_setdebuglevel(ns_g_lctx, ns_g_debuglevel); result = ISC_R_SUCCESS; } else if (command_compare(command, NS_COMMAND_FLUSH)) { - result = ns_server_flushcache(ns_g_server, command); + result = ns_server_flushcache(ns_g_server, lex); } else if (command_compare(command, NS_COMMAND_FLUSHNAME)) { - result = ns_server_flushnode(ns_g_server, command, ISC_FALSE); + result = ns_server_flushnode(ns_g_server, lex, ISC_FALSE); } else if (command_compare(command, NS_COMMAND_FLUSHTREE)) { - result = ns_server_flushnode(ns_g_server, command, ISC_TRUE); + result = ns_server_flushnode(ns_g_server, lex, ISC_TRUE); } else if (command_compare(command, NS_COMMAND_STATUS)) { result = ns_server_status(ns_g_server, text); } else if (command_compare(command, NS_COMMAND_TSIGLIST)) { result = ns_server_tsiglist(ns_g_server, text); } else if (command_compare(command, NS_COMMAND_TSIGDELETE)) { - result = ns_server_tsigdelete(ns_g_server, command, text); + result = ns_server_tsigdelete(ns_g_server, lex, text); } else if (command_compare(command, NS_COMMAND_FREEZE)) { - result = ns_server_freeze(ns_g_server, ISC_TRUE, command, + result = ns_server_freeze(ns_g_server, ISC_TRUE, lex, text); } else if (command_compare(command, NS_COMMAND_UNFREEZE) || command_compare(command, NS_COMMAND_THAW)) { - result = ns_server_freeze(ns_g_server, ISC_FALSE, command, + result = ns_server_freeze(ns_g_server, ISC_FALSE, lex, text); } else if (command_compare(command, NS_COMMAND_SYNC)) { - result = ns_server_sync(ns_g_server, command, text); + result = ns_server_sync(ns_g_server, lex, text); } else if (command_compare(command, NS_COMMAND_RECURSING)) { result = ns_server_dumprecursing(ns_g_server); } else if (command_compare(command, NS_COMMAND_TIMERPOKE)) { @@ -196,18 +231,18 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) { } else if (command_compare(command, NS_COMMAND_NULL)) { result = ISC_R_SUCCESS; } else if (command_compare(command, NS_COMMAND_NOTIFY)) { - result = ns_server_notifycommand(ns_g_server, command, text); + result = ns_server_notifycommand(ns_g_server, lex, text); } else if (command_compare(command, NS_COMMAND_VALIDATION)) { - result = ns_server_validation(ns_g_server, command); + result = ns_server_validation(ns_g_server, lex); } else if (command_compare(command, NS_COMMAND_SIGN) || command_compare(command, NS_COMMAND_LOADKEYS)) { - result = ns_server_rekey(ns_g_server, command, text); + result = ns_server_rekey(ns_g_server, lex, text); } else if (command_compare(command, NS_COMMAND_ADDZONE)) { - result = ns_server_add_zone(ns_g_server, command, text); + result = ns_server_add_zone(ns_g_server, cmdline, text); } else if (command_compare(command, NS_COMMAND_DELZONE)) { - result = ns_server_del_zone(ns_g_server, command, text); + result = ns_server_del_zone(ns_g_server, lex, text); } else if (command_compare(command, NS_COMMAND_SIGNING)) { - result = ns_server_signing(ns_g_server, command, text); + result = ns_server_signing(ns_g_server, lex, text); } else { isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_CONTROL, ISC_LOG_WARNING, @@ -216,5 +251,9 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) { result = DNS_R_UNKNOWNCOMMAND; } + cleanup: + if (lex != NULL) + isc_lex_destroy(&lex); + return (result); } diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c index ddb7000ca7aa..afe4a801f999 100644 --- a/bin/named/controlconf.c +++ b/bin/named/controlconf.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2008, 2011-2014, 2016 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008, 2011-2016 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -539,6 +539,10 @@ newconnection(controllistener_t *listener, isc_socket_t *sock) { conn->sock = sock; isccc_ccmsg_init(listener->mctx, sock, &conn->ccmsg); + + /* Set a 32 KiB upper limit on incoming message. */ + isccc_ccmsg_setmaxsize(&conn->ccmsg, 32768); + conn->ccmsg_valid = ISC_TRUE; conn->sending = ISC_FALSE; conn->timer = NULL; diff --git a/bin/named/include/named/log.h b/bin/named/include/named/log.h index 032743acbfb2..adc9ae2897dc 100644 --- a/bin/named/include/named/log.h +++ b/bin/named/include/named/log.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009, 2015 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -36,7 +36,7 @@ #define NS_LOGCATEGORY_QUERIES (&ns_g_categories[4]) #define NS_LOGCATEGORY_UNMATCHED (&ns_g_categories[5]) #define NS_LOGCATEGORY_UPDATE_SECURITY (&ns_g_categories[6]) -#define NS_LOGCATEGORY_QUERY_EERRORS (&ns_g_categories[7]) +#define NS_LOGCATEGORY_QUERY_ERRORS (&ns_g_categories[7]) /* * Backwards compatibility. diff --git a/bin/named/include/named/query.h b/bin/named/include/named/query.h index 444729a98f77..312602dc805f 100644 --- a/bin/named/include/named/query.h +++ b/bin/named/include/named/query.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007, 2010, 2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2010, 2011, 2013, 2014, 2016 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -46,6 +46,7 @@ struct ns_query { isc_boolean_t timerset; dns_name_t * qname; dns_name_t * origqname; + dns_rdatatype_t qtype; unsigned int dboptions; unsigned int fetchoptions; dns_db_t * gluedb; diff --git a/bin/named/include/named/server.h b/bin/named/include/named/server.h index a3696f1614c1..3cb4674a9f29 100644 --- a/bin/named/include/named/server.h +++ b/bin/named/include/named/server.h @@ -15,8 +15,6 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id$ */ - #ifndef NAMED_SERVER_H #define NAMED_SERVER_H 1 @@ -223,7 +221,8 @@ ns_server_flushonshutdown(ns_server_t *server, isc_boolean_t flush); */ isc_result_t -ns_server_reloadcommand(ns_server_t *server, char *args, isc_buffer_t *text); +ns_server_reloadcommand(ns_server_t *server, isc_lex_t *lex, + isc_buffer_t *text); /*%< * Act on a "reload" command from the command channel. */ @@ -235,26 +234,28 @@ ns_server_reconfigcommand(ns_server_t *server); */ isc_result_t -ns_server_notifycommand(ns_server_t *server, char *args, isc_buffer_t *text); +ns_server_notifycommand(ns_server_t *server, isc_lex_t *lex, + isc_buffer_t *text); /*%< * Act on a "notify" command from the command channel. */ isc_result_t -ns_server_refreshcommand(ns_server_t *server, char *args, isc_buffer_t *text); +ns_server_refreshcommand(ns_server_t *server, isc_lex_t *lex, + isc_buffer_t *text); /*%< * Act on a "refresh" command from the command channel. */ isc_result_t -ns_server_retransfercommand(ns_server_t *server, char *args, +ns_server_retransfercommand(ns_server_t *server, isc_lex_t *lex, isc_buffer_t *text); /*%< * Act on a "retransfer" command from the command channel. */ isc_result_t -ns_server_togglequerylog(ns_server_t *server, char *args); +ns_server_togglequerylog(ns_server_t *server, isc_lex_t *lex); /*%< * Enable/disable logging of queries. (Takes "yes" or "no" argument, * but can also be used as a toggle for backward comptibility.) @@ -270,25 +271,25 @@ ns_server_dumpstats(ns_server_t *server); * Dump the current cache to the dump file. */ isc_result_t -ns_server_dumpdb(ns_server_t *server, char *args); +ns_server_dumpdb(ns_server_t *server, isc_lex_t *lex); /*% * Dump the current security roots to the secroots file. */ isc_result_t -ns_server_dumpsecroots(ns_server_t *server, char *args); +ns_server_dumpsecroots(ns_server_t *server, isc_lex_t *lex); /*% * Change or increment the server debug level. */ isc_result_t -ns_server_setdebuglevel(ns_server_t *server, char *args); +ns_server_setdebuglevel(ns_server_t *server, isc_lex_t *lex); /*% * Flush the server's cache(s) */ isc_result_t -ns_server_flushcache(ns_server_t *server, char *args); +ns_server_flushcache(ns_server_t *server, isc_lex_t *lex); /*% * Flush a particular name from the server's cache. If 'tree' is false, @@ -296,7 +297,8 @@ ns_server_flushcache(ns_server_t *server, char *args); * flush all the names under the specified name. */ isc_result_t -ns_server_flushnode(ns_server_t *server, char *args, isc_boolean_t tree); +ns_server_flushnode(ns_server_t *server, isc_lex_t *lex, + isc_boolean_t tree); /*% * Report the server's status. @@ -314,20 +316,21 @@ ns_server_tsiglist(ns_server_t *server, isc_buffer_t *text); * Delete a specific key (with optional view). */ isc_result_t -ns_server_tsigdelete(ns_server_t *server, char *command, isc_buffer_t *text); +ns_server_tsigdelete(ns_server_t *server, isc_lex_t *lex, + isc_buffer_t *text); /*% * Enable or disable updates for a zone. */ isc_result_t -ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args, - isc_buffer_t *text); +ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, + isc_lex_t *lex, isc_buffer_t *text); /*% * Dump zone updates to disk, optionally removing the journal file */ isc_result_t -ns_server_sync(ns_server_t *server, char *args, isc_buffer_t *text); +ns_server_sync(ns_server_t *server, isc_lex_t *lex, isc_buffer_t *text); /*% * Update a zone's DNSKEY set from the key repository. If @@ -337,7 +340,7 @@ ns_server_sync(ns_server_t *server, char *args, isc_buffer_t *text); * take place incrementally. */ isc_result_t -ns_server_rekey(ns_server_t *server, char *args, isc_buffer_t *text); +ns_server_rekey(ns_server_t *server, isc_lex_t *lex, isc_buffer_t *text); /*% * Dump the current recursive queries. @@ -355,7 +358,7 @@ ns_add_reserved_dispatch(ns_server_t *server, const isc_sockaddr_t *addr); * Enable or disable dnssec validation. */ isc_result_t -ns_server_validation(ns_server_t *server, char *args); +ns_server_validation(ns_server_t *server, isc_lex_t *lex); /*% * Add a zone to a running process @@ -367,11 +370,11 @@ ns_server_add_zone(ns_server_t *server, char *args, isc_buffer_t *text); * Deletes a zone from a running process */ isc_result_t -ns_server_del_zone(ns_server_t *server, char *args, isc_buffer_t *text); +ns_server_del_zone(ns_server_t *server, isc_lex_t *lex, isc_buffer_t *text); /*% * Lists the status of the signing records for a given zone. */ isc_result_t -ns_server_signing(ns_server_t *server, char *args, isc_buffer_t *text); +ns_server_signing(ns_server_t *server, isc_lex_t *lex, isc_buffer_t *text); #endif /* NAMED_SERVER_H */ diff --git a/bin/named/lwdgrbn.c b/bin/named/lwdgrbn.c index 3e7b15bbdbbf..85dbafdc21d6 100644 --- a/bin/named/lwdgrbn.c +++ b/bin/named/lwdgrbn.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007, 2009, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009, 2013-2016 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -184,7 +184,7 @@ iterate_node(lwres_grbnresponse_t *grbn, dns_db_t *db, dns_dbnode_t *node, if (oldlens != NULL) isc_mem_put(mctx, oldlens, oldsize * sizeof(*oldlens)); if (newrdatas != NULL) - isc_mem_put(mctx, newrdatas, used * sizeof(*oldrdatas)); + isc_mem_put(mctx, newrdatas, used * sizeof(*newrdatas)); return (result); } @@ -403,14 +403,18 @@ start_lookup(ns_lwdclient_t *client) { INSIST(client->lookup == NULL); dns_fixedname_init(&absname); - result = ns_lwsearchctx_current(&client->searchctx, - dns_fixedname_name(&absname)); + /* - * This will return failure if relative name + suffix is too long. - * In this case, just go on to the next entry in the search path. + * Perform search across all search domains until success + * is returned. Return in case of failure. */ - if (result != ISC_R_SUCCESS) - start_lookup(client); + while (ns_lwsearchctx_current(&client->searchctx, + dns_fixedname_name(&absname)) != ISC_R_SUCCESS) { + if (ns_lwsearchctx_next(&client->searchctx) != ISC_R_SUCCESS) { + ns_lwdclient_errorpktsend(client, LWRES_R_FAILURE); + return; + } + } result = dns_lookup_create(cm->mctx, dns_fixedname_name(&absname), diff --git a/bin/named/lwresd.8 b/bin/named/lwresd.8 index 400e8a7e531b..5c209ea057d0 100644 --- a/bin/named/lwresd.8 +++ b/bin/named/lwresd.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005, 2007-2009, 2014 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007-2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and/or distribute this software for any @@ -13,70 +13,85 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id$ -.\" .hy 0 .ad l +'\" t .\" Title: lwresd .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> -.\" Date: January 20, 2009 +.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> +.\" Date: 2009-01-20 .\" Manual: BIND9 -.\" Source: BIND9 +.\" Source: ISC +.\" Language: English .\" -.TH "LWRESD" "8" "January 20, 2009" "BIND9" "BIND9" +.TH "LWRESD" "8" "2009\-01\-20" "ISC" "BIND9" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- .SH "NAME" lwresd \- lightweight resolver daemon .SH "SYNOPSIS" -.HP 7 +.HP \w'\fBlwresd\fR\ 'u \fBlwresd\fR [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-C\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-i\ \fR\fB\fIpid\-file\fR\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-P\ \fR\fB\fIport\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] [\fB\-4\fR] [\fB\-6\fR] .SH "DESCRIPTION" .PP \fBlwresd\fR -is the daemon providing name lookup services to clients that use the BIND 9 lightweight resolver library. It is essentially a stripped\-down, caching\-only name server that answers queries using the BIND 9 lightweight resolver protocol rather than the DNS protocol. +is the daemon providing name lookup services to clients that use the BIND 9 lightweight resolver library\&. It is essentially a stripped\-down, caching\-only name server that answers queries using the BIND 9 lightweight resolver protocol rather than the DNS protocol\&. .PP \fBlwresd\fR -listens for resolver queries on a UDP port on the IPv4 loopback interface, 127.0.0.1. This means that +listens for resolver queries on a UDP port on the IPv4 loopback interface, 127\&.0\&.0\&.1\&. This means that \fBlwresd\fR -can only be used by processes running on the local machine. By default, UDP port number 921 is used for lightweight resolver requests and responses. +can only be used by processes running on the local machine\&. By default, UDP port number 921 is used for lightweight resolver requests and responses\&. .PP -Incoming lightweight resolver requests are decoded by the server which then resolves them using the DNS protocol. When the DNS lookup completes, +Incoming lightweight resolver requests are decoded by the server which then resolves them using the DNS protocol\&. When the DNS lookup completes, \fBlwresd\fR -encodes the answers in the lightweight resolver format and returns them to the client that made the request. +encodes the answers in the lightweight resolver format and returns them to the client that made the request\&. .PP If -\fI/etc/resolv.conf\fR +/etc/resolv\&.conf contains any \fBnameserver\fR entries, \fBlwresd\fR -sends recursive DNS queries to those servers. This is similar to the use of forwarders in a caching name server. If no +sends recursive DNS queries to those servers\&. This is similar to the use of forwarders in a caching name server\&. If no \fBnameserver\fR entries are present, or if forwarding fails, \fBlwresd\fR -resolves the queries autonomously starting at the root name servers, using a built\-in list of root server hints. +resolves the queries autonomously starting at the root name servers, using a built\-in list of root server hints\&. .SH "OPTIONS" .PP \-4 .RS 4 -Use IPv4 only even if the host machine is capable of IPv6. +Use IPv4 only even if the host machine is capable of IPv6\&. \fB\-4\fR and \fB\-6\fR -are mutually exclusive. +are mutually exclusive\&. .RE .PP \-6 .RS 4 -Use IPv6 only even if the host machine is capable of IPv4. +Use IPv6 only even if the host machine is capable of IPv4\&. \fB\-4\fR and \fB\-6\fR -are mutually exclusive. +are mutually exclusive\&. .RE .PP \-c \fIconfig\-file\fR @@ -84,10 +99,10 @@ are mutually exclusive. Use \fIconfig\-file\fR as the configuration file instead of the default, -\fI/etc/lwresd.conf\fR. +/etc/lwresd\&.conf\&. \fB\-c\fR can not be used with -\fB\-C\fR. +\fB\-C\fR\&. .RE .PP \-C \fIconfig\-file\fR @@ -95,29 +110,29 @@ can not be used with Use \fIconfig\-file\fR as the configuration file instead of the default, -\fI/etc/resolv.conf\fR. +/etc/resolv\&.conf\&. \fB\-C\fR can not be used with -\fB\-c\fR. +\fB\-c\fR\&. .RE .PP \-d \fIdebug\-level\fR .RS 4 -Set the daemon's debug level to -\fIdebug\-level\fR. Debugging traces from +Set the daemon\*(Aqs debug level to +\fIdebug\-level\fR\&. Debugging traces from \fBlwresd\fR -become more verbose as the debug level increases. +become more verbose as the debug level increases\&. .RE .PP \-f .RS 4 -Run the server in the foreground (i.e. do not daemonize). +Run the server in the foreground (i\&.e\&. do not daemonize)\&. .RE .PP \-g .RS 4 Run the server in the foreground and force all logging to -\fIstderr\fR. +stderr\&. .RE .PP \-i \fIpid\-file\fR @@ -125,49 +140,60 @@ Run the server in the foreground and force all logging to Use \fIpid\-file\fR as the PID file instead of the default, -\fI/var/run/lwresd/lwresd.pid\fR. +/var/run/lwresd/lwresd\&.pid\&. .RE .PP \-m \fIflag\fR .RS 4 -Turn on memory usage debugging flags. Possible flags are +Turn on memory usage debugging flags\&. Possible flags are \fIusage\fR, \fItrace\fR, \fIrecord\fR, \fIsize\fR, and -\fImctx\fR. These correspond to the ISC_MEM_DEBUGXXXX flags described in -\fI<isc/mem.h>\fR. +\fImctx\fR\&. These correspond to the ISC_MEM_DEBUGXXXX flags described in +<isc/mem\&.h>\&. .RE .PP \-n \fI#cpus\fR .RS 4 Create \fI#cpus\fR -worker threads to take advantage of multiple CPUs. If not specified, +worker threads to take advantage of multiple CPUs\&. If not specified, \fBlwresd\fR -will try to determine the number of CPUs present and create one thread per CPU. If it is unable to determine the number of CPUs, a single worker thread will be created. +will try to determine the number of CPUs present and create one thread per CPU\&. If it is unable to determine the number of CPUs, a single worker thread will be created\&. .RE .PP \-P \fIport\fR .RS 4 Listen for lightweight resolver queries on port -\fIport\fR. If not specified, the default is port 921. +\fIport\fR\&. If not specified, the default is port 921\&. .RE .PP \-p \fIport\fR .RS 4 Send DNS lookups to port -\fIport\fR. If not specified, the default is port 53. This provides a way of testing the lightweight resolver daemon with a name server that listens for queries on a non\-standard port number. +\fIport\fR\&. If not specified, the default is port 53\&. This provides a way of testing the lightweight resolver daemon with a name server that listens for queries on a non\-standard port number\&. .RE .PP \-s .RS 4 Write memory usage statistics to -\fIstdout\fR -on exit. -.RS -.B "Note:" -This option is mainly of interest to BIND 9 developers and may be removed or changed in a future release. +stdout +on exit\&. +.if n \{\ +.sp +.\} +.RS 4 +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBNote\fR +.ps -1 +.br +This option is mainly of interest to BIND 9 developers and may be removed or changed in a future release\&. +.sp .5v .RE .RE .PP @@ -175,14 +201,25 @@ This option is mainly of interest to BIND 9 developers and may be removed or cha .RS 4 Chroot to \fIdirectory\fR -after processing the command line arguments, but before reading the configuration file. -.RS -.B "Warning:" +after processing the command line arguments, but before reading the configuration file\&. +.if n \{\ +.sp +.\} +.RS 4 +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBWarning\fR +.ps -1 +.br This option should be used in conjunction with the \fB\-u\fR -option, as chrooting a process running as root doesn't enhance security on most systems; the way +option, as chrooting a process running as root doesn\*(Aqt enhance security on most systems; the way \fBchroot(2)\fR -is defined allows a process with root privileges to escape a chroot jail. +is defined allows a process with root privileges to escape a chroot jail\&. +.sp .5v .RE .RE .PP @@ -190,34 +227,35 @@ is defined allows a process with root privileges to escape a chroot jail. .RS 4 Setuid to \fIuser\fR -after completing privileged operations, such as creating sockets that listen on privileged ports. +after completing privileged operations, such as creating sockets that listen on privileged ports\&. .RE .PP \-v .RS 4 -Report the version number and exit. +Report the version number and exit\&. .RE .SH "FILES" .PP -\fI/etc/resolv.conf\fR +/etc/resolv\&.conf .RS 4 -The default configuration file. +The default configuration file\&. .RE .PP -\fI/var/run/lwresd.pid\fR +/var/run/lwresd\&.pid .RS 4 -The default process\-id file. +The default process\-id file\&. .RE .SH "SEE ALSO" .PP \fBnamed\fR(8), \fBlwres\fR(3), -\fBresolver\fR(5). +\fBresolver\fR(5)\&. .SH "AUTHOR" .PP -Internet Systems Consortium +\fBInternet Systems Consortium, Inc\&.\fR .SH "COPYRIGHT" -Copyright \(co 2004, 2005, 2007\-2009, 2014 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2004, 2005, 2007-2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC") .br Copyright \(co 2000, 2001 Internet Software Consortium. .br diff --git a/bin/named/lwresd.docbook b/bin/named/lwresd.docbook index 307131ad8475..6e3399ecb186 100644 --- a/bin/named/lwresd.docbook +++ b/bin/named/lwresd.docbook @@ -1,8 +1,5 @@ -<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" - "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" - [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004, 2005, 2007-2009, 2014 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007-2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -18,9 +15,14 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<refentry> +<!-- Converted by db4-upgrade version 1.0 --> +<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.lwresd"> + <info> + <date>2009-01-20</date> + </info> <refentryinfo> - <date>January 20, 2009</date> + <corpname>ISC</corpname> + <corpauthor>Internet Systems Consortium, Inc.</corpauthor> </refentryinfo> <refmeta> @@ -42,6 +44,7 @@ <year>2008</year> <year>2009</year> <year>2014</year> + <year>2015</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -52,29 +55,29 @@ </docinfo> <refsynopsisdiv> - <cmdsynopsis> + <cmdsynopsis sepchar=" "> <command>lwresd</command> - <arg><option>-c <replaceable class="parameter">config-file</replaceable></option></arg> - <arg><option>-C <replaceable class="parameter">config-file</replaceable></option></arg> - <arg><option>-d <replaceable class="parameter">debug-level</replaceable></option></arg> - <arg><option>-f</option></arg> - <arg><option>-g</option></arg> - <arg><option>-i <replaceable class="parameter">pid-file</replaceable></option></arg> - <arg><option>-m <replaceable class="parameter">flag</replaceable></option></arg> - <arg><option>-n <replaceable class="parameter">#cpus</replaceable></option></arg> - <arg><option>-P <replaceable class="parameter">port</replaceable></option></arg> - <arg><option>-p <replaceable class="parameter">port</replaceable></option></arg> - <arg><option>-s</option></arg> - <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg> - <arg><option>-u <replaceable class="parameter">user</replaceable></option></arg> - <arg><option>-v</option></arg> - <arg><option>-4</option></arg> - <arg><option>-6</option></arg> + <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">config-file</replaceable></option></arg> + <arg choice="opt" rep="norepeat"><option>-C <replaceable class="parameter">config-file</replaceable></option></arg> + <arg choice="opt" rep="norepeat"><option>-d <replaceable class="parameter">debug-level</replaceable></option></arg> + <arg choice="opt" rep="norepeat"><option>-f</option></arg> + <arg choice="opt" rep="norepeat"><option>-g</option></arg> + <arg choice="opt" rep="norepeat"><option>-i <replaceable class="parameter">pid-file</replaceable></option></arg> + <arg choice="opt" rep="norepeat"><option>-m <replaceable class="parameter">flag</replaceable></option></arg> + <arg choice="opt" rep="norepeat"><option>-n <replaceable class="parameter">#cpus</replaceable></option></arg> + <arg choice="opt" rep="norepeat"><option>-P <replaceable class="parameter">port</replaceable></option></arg> + <arg choice="opt" rep="norepeat"><option>-p <replaceable class="parameter">port</replaceable></option></arg> + <arg choice="opt" rep="norepeat"><option>-s</option></arg> + <arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">directory</replaceable></option></arg> + <arg choice="opt" rep="norepeat"><option>-u <replaceable class="parameter">user</replaceable></option></arg> + <arg choice="opt" rep="norepeat"><option>-v</option></arg> + <arg choice="opt" rep="norepeat"><option>-4</option></arg> + <arg choice="opt" rep="norepeat"><option>-6</option></arg> </cmdsynopsis> </refsynopsisdiv> - <refsect1> - <title>DESCRIPTION</title> + <refsection><info><title>DESCRIPTION</title></info> + <para><command>lwresd</command> is the daemon providing name lookup @@ -84,7 +87,7 @@ resolver protocol rather than the DNS protocol. </para> - <para><command>lwresd</command> + <para><command>lwresd</command> listens for resolver queries on a UDP port on the IPv4 loopback interface, 127.0.0.1. This means that <command>lwresd</command> can only be used by @@ -109,10 +112,10 @@ queries autonomously starting at the root name servers, using a built-in list of root server hints. </para> - </refsect1> + </refsection> + + <refsection><info><title>OPTIONS</title></info> - <refsect1> - <title>OPTIONS</title> <variablelist> @@ -214,7 +217,7 @@ <replaceable class="parameter">trace</replaceable>, <replaceable class="parameter">record</replaceable>, <replaceable class="parameter">size</replaceable>, and - <replaceable class="parameter">mctx</replaceable>. + <replaceable class="parameter">mctx</replaceable>. These correspond to the ISC_MEM_DEBUGXXXX flags described in <filename><isc/mem.h></filename>. </para> @@ -318,10 +321,10 @@ </variablelist> - </refsect1> + </refsection> + + <refsection><info><title>FILES</title></info> - <refsect1> - <title>FILES</title> <variablelist> @@ -345,10 +348,10 @@ </variablelist> - </refsect1> + </refsection> + + <refsection><info><title>SEE ALSO</title></info> - <refsect1> - <title>SEE ALSO</title> <para><citerefentry> <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum> </citerefentry>, @@ -359,16 +362,6 @@ <refentrytitle>resolver</refentrytitle><manvolnum>5</manvolnum> </citerefentry>. </para> - </refsect1> - - <refsect1> - <title>AUTHOR</title> - <para><corpauthor>Internet Systems Consortium</corpauthor> - </para> - </refsect1> + </refsection> -</refentry><!-- - - Local variables: - - mode: sgml - - End: ---> +</refentry> diff --git a/bin/named/lwresd.html b/bin/named/lwresd.html index 4bef3e262593..c6afd57f6211 100644 --- a/bin/named/lwresd.html +++ b/bin/named/lwresd.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004, 2005, 2007-2009, 2014 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007-2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -14,15 +14,14 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id$ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>lwresd</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.78.1"> </head> -<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2476282"></a><div class="titlepage"></div> +<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry"> +<a name="man.lwresd"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p><span class="application">lwresd</span> — lightweight resolver daemon</p> @@ -31,19 +30,19 @@ <h2>Synopsis</h2> <div class="cmdsynopsis"><p><code class="command">lwresd</code> [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-C <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-i <em class="replaceable"><code>pid-file</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-P <em class="replaceable"><code>port</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-4</code>] [<code class="option">-6</code>]</p></div> </div> -<div class="refsect1" lang="en"> -<a name="id2543479"></a><h2>DESCRIPTION</h2> -<p><span><strong class="command">lwresd</strong></span> +<div class="refsection"> +<a name="id-1.7"></a><h2>DESCRIPTION</h2> +<p><span class="command"><strong>lwresd</strong></span> is the daemon providing name lookup services to clients that use the BIND 9 lightweight resolver library. It is essentially a stripped-down, caching-only name server that answers queries using the BIND 9 lightweight resolver protocol rather than the DNS protocol. </p> -<p><span><strong class="command">lwresd</strong></span> +<p><span class="command"><strong>lwresd</strong></span> listens for resolver queries on a UDP port on the IPv4 loopback interface, 127.0.0.1. This - means that <span><strong class="command">lwresd</strong></span> can only be used by + means that <span class="command"><strong>lwresd</strong></span> can only be used by processes running on the local machine. By default, UDP port number 921 is used for lightweight resolver requests and responses. @@ -51,24 +50,24 @@ <p> Incoming lightweight resolver requests are decoded by the server which then resolves them using the DNS protocol. When - the DNS lookup completes, <span><strong class="command">lwresd</strong></span> encodes + the DNS lookup completes, <span class="command"><strong>lwresd</strong></span> encodes the answers in the lightweight resolver format and returns them to the client that made the request. </p> <p> If <code class="filename">/etc/resolv.conf</code> contains any - <code class="option">nameserver</code> entries, <span><strong class="command">lwresd</strong></span> + <code class="option">nameserver</code> entries, <span class="command"><strong>lwresd</strong></span> sends recursive DNS queries to those servers. This is similar to the use of forwarders in a caching name server. If no <code class="option">nameserver</code> entries are present, or if - forwarding fails, <span><strong class="command">lwresd</strong></span> resolves the + forwarding fails, <span class="command"><strong>lwresd</strong></span> resolves the queries autonomously starting at the root name servers, using a built-in list of root server hints. </p> </div> -<div class="refsect1" lang="en"> -<a name="id2543526"></a><h2>OPTIONS</h2> -<div class="variablelist"><dl> +<div class="refsection"> +<a name="id-1.8"></a><h2>OPTIONS</h2> +<div class="variablelist"><dl class="variablelist"> <dt><span class="term">-4</span></dt> <dd><p> Use IPv4 only even if the host machine is capable of IPv6. @@ -99,7 +98,7 @@ <dt><span class="term">-d <em class="replaceable"><code>debug-level</code></em></span></dt> <dd><p> Set the daemon's debug level to <em class="replaceable"><code>debug-level</code></em>. - Debugging traces from <span><strong class="command">lwresd</strong></span> become + Debugging traces from <span class="command"><strong>lwresd</strong></span> become more verbose as the debug level increases. </p></dd> <dt><span class="term">-f</span></dt> @@ -124,7 +123,7 @@ <em class="replaceable"><code>trace</code></em>, <em class="replaceable"><code>record</code></em>, <em class="replaceable"><code>size</code></em>, and - <em class="replaceable"><code>mctx</code></em>. + <em class="replaceable"><code>mctx</code></em>. These correspond to the ISC_MEM_DEBUGXXXX flags described in <code class="filename"><isc/mem.h></code>. </p></dd> @@ -132,7 +131,7 @@ <dd><p> Create <em class="replaceable"><code>#cpus</code></em> worker threads to take advantage of multiple CPUs. If not specified, - <span><strong class="command">lwresd</strong></span> will try to determine the + <span class="command"><strong>lwresd</strong></span> will try to determine the number of CPUs present and create one thread per CPU. If it is unable to determine the number of CPUs, a single worker thread will be created. @@ -196,9 +195,9 @@ </p></dd> </dl></div> </div> -<div class="refsect1" lang="en"> -<a name="id2543943"></a><h2>FILES</h2> -<div class="variablelist"><dl> +<div class="refsection"> +<a name="id-1.9"></a><h2>FILES</h2> +<div class="variablelist"><dl class="variablelist"> <dt><span class="term"><code class="filename">/etc/resolv.conf</code></span></dt> <dd><p> The default configuration file. @@ -209,17 +208,12 @@ </p></dd> </dl></div> </div> -<div class="refsect1" lang="en"> -<a name="id2543982"></a><h2>SEE ALSO</h2> +<div class="refsection"> +<a name="id-1.10"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">lwres</span>(3)</span>, <span class="citerefentry"><span class="refentrytitle">resolver</span>(5)</span>. </p> </div> -<div class="refsect1" lang="en"> -<a name="id2544017"></a><h2>AUTHOR</h2> -<p><span class="corpauthor">Internet Systems Consortium</span> - </p> -</div> </div></body> </html> diff --git a/bin/named/main.c b/bin/named/main.c index 5664e6545e4c..539366d8b660 100644 --- a/bin/named/main.c +++ b/bin/named/main.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -298,11 +298,13 @@ static void lwresd_usage(void) { fprintf(stderr, "usage: lwresd [-4|-6] [-c conffile | -C resolvconffile] " - "[-d debuglevel]\n" - " [-f|-g] [-n number_of_cpus] [-p port] " - "[-P listen-port] [-s]\n" - " [-t chrootdir] [-u username] [-i pidfile]\n" - " [-m {usage|trace|record|size|mctx}]\n"); + "[-d debuglevel] [-f|-g]\n" + " [-i pidfile] [-n number_of_cpus] " + "[-p port] [-P listen-port]\n" + " [-s] [-S sockets] [-t chrootdir] [-u username] " + "[-U listeners]\n" + " [-m {usage|trace|record|size|mctx}]\n" + "usage: lwresd [-v|-V]\n"); } static void @@ -315,8 +317,10 @@ usage(void) { "usage: named [-4|-6] [-c conffile] [-d debuglevel] " "[-E engine] [-f|-g]\n" " [-n number_of_cpus] [-p port] [-s] " - "[-t chrootdir] [-u username]\n" - " [-m {usage|trace|record|size|mctx}]\n"); + "[-S sockets] [-t chrootdir]\n" + " [-u username] [-U listeners] " + "[-m {usage|trace|record|size|mctx}]\n" + "usage: named [-v|-V]\n"); } static void @@ -609,6 +613,7 @@ parse_command_line(int argc, char *argv[]) { printf("%s %s%s%s <id:%s>\n", ns_g_product, ns_g_version, (*ns_g_description != '\0') ? " " : "", ns_g_description, ns_g_srcid); + printf("running on %s\n", ns_os_uname()); printf("built by %s with %s\n", ns_g_builder, ns_g_configargs); #ifdef __clang__ @@ -677,6 +682,8 @@ create_managers(void) { isc_result_t result; unsigned int socks; + INSIST(ns_g_cpus_detected > 0); + #ifdef ISC_PLATFORM_USETHREADS if (ns_g_cpus == 0) ns_g_cpus = ns_g_cpus_detected; @@ -693,10 +700,8 @@ create_managers(void) { if (ns_g_udpdisp == 0) { if (ns_g_cpus_detected == 1) ns_g_udpdisp = 1; - else if (ns_g_cpus_detected < 4) - ns_g_udpdisp = 2; else - ns_g_udpdisp = ns_g_cpus_detected / 2; + ns_g_udpdisp = ns_g_cpus_detected - 1; } if (ns_g_udpdisp > ns_g_cpus) ns_g_udpdisp = ns_g_cpus; @@ -909,6 +914,9 @@ setup(void) { ns_g_srcid, saved_command_line); isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, + ISC_LOG_NOTICE, "running on %s", ns_os_uname()); + + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, ISC_LOG_NOTICE, "built with %s", ns_g_configargs); isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, diff --git a/bin/named/named.8 b/bin/named/named.8 index 09bd4c117d28..23e35e580e21 100644 --- a/bin/named/named.8 +++ b/bin/named/named.8 @@ -13,54 +13,69 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id$ -.\" .hy 0 .ad l +'\" t .\" Title: named .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> -.\" Date: February 20, 2014 +.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> +.\" Date: 2014-02-20 .\" Manual: BIND9 -.\" Source: BIND9 +.\" Source: ISC +.\" Language: English .\" -.TH "NAMED" "8" "February 20, 2014" "BIND9" "BIND9" +.TH "NAMED" "8" "2014\-02\-20" "ISC" "BIND9" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- .SH "NAME" named \- Internet domain name server .SH "SYNOPSIS" -.HP 6 +.HP \w'\fBnamed\fR\ 'u \fBnamed\fR [\fB\-4\fR] [\fB\-6\fR] [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-E\ \fR\fB\fIengine\-name\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-M\ \fR\fB\fIoption\fR\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-S\ \fR\fB\fI#max\-socks\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-U\ \fR\fB\fI#listeners\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] [\fB\-V\fR] [\fB\-x\ \fR\fB\fIcache\-file\fR\fR] .SH "DESCRIPTION" .PP \fBnamed\fR -is a Domain Name System (DNS) server, part of the BIND 9 distribution from ISC. For more information on the DNS, see RFCs 1033, 1034, and 1035. +is a Domain Name System (DNS) server, part of the BIND 9 distribution from ISC\&. For more information on the DNS, see RFCs 1033, 1034, and 1035\&. .PP When invoked without arguments, \fBnamed\fR will read the default configuration file -\fI/etc/named.conf\fR, read any initial data, and listen for queries. +/etc/named\&.conf, read any initial data, and listen for queries\&. .SH "OPTIONS" .PP \-4 .RS 4 -Use IPv4 only even if the host machine is capable of IPv6. +Use IPv4 only even if the host machine is capable of IPv6\&. \fB\-4\fR and \fB\-6\fR -are mutually exclusive. +are mutually exclusive\&. .RE .PP \-6 .RS 4 -Use IPv6 only even if the host machine is capable of IPv4. +Use IPv6 only even if the host machine is capable of IPv4\&. \fB\-4\fR and \fB\-6\fR -are mutually exclusive. +are mutually exclusive\&. .RE .PP \-c \fIconfig\-file\fR @@ -68,79 +83,90 @@ are mutually exclusive. Use \fIconfig\-file\fR as the configuration file instead of the default, -\fI/etc/named.conf\fR. To ensure that reloading the configuration file continues to work after the server has changed its working directory due to to a possible +/etc/named\&.conf\&. To ensure that reloading the configuration file continues to work after the server has changed its working directory due to to a possible \fBdirectory\fR option in the configuration file, \fIconfig\-file\fR -should be an absolute pathname. +should be an absolute pathname\&. .RE .PP \-d \fIdebug\-level\fR .RS 4 -Set the daemon's debug level to -\fIdebug\-level\fR. Debugging traces from +Set the daemon\*(Aqs debug level to +\fIdebug\-level\fR\&. Debugging traces from \fBnamed\fR -become more verbose as the debug level increases. +become more verbose as the debug level increases\&. .RE .PP \-E \fIengine\-name\fR .RS 4 -Use a crypto hardware (OpenSSL engine) for the crypto operations it supports, for instance re\-signing with private keys from a secure key store. When compiled with PKCS#11 support +Use a crypto hardware (OpenSSL engine) for the crypto operations it supports, for instance re\-signing with private keys from a secure key store\&. When compiled with PKCS#11 support \fIengine\-name\fR -defaults to pkcs11, the empty name resets it to no engine. +defaults to pkcs11, the empty name resets it to no engine\&. .RE .PP \-f .RS 4 -Run the server in the foreground (i.e. do not daemonize). +Run the server in the foreground (i\&.e\&. do not daemonize)\&. .RE .PP \-g .RS 4 Run the server in the foreground and force all logging to -\fIstderr\fR. +stderr\&. .RE .PP \-M \fIoption\fR .RS 4 -Sets the default memory context options. Currently the only supported option is -\fIexternal\fR, which causes the internal memory manager to be bypassed in favor of system\-provided memory allocation functions. +Sets the default memory context options\&. Currently the only supported option is +\fIexternal\fR, which causes the internal memory manager to be bypassed in favor of system\-provided memory allocation functions\&. .RE .PP \-m \fIflag\fR .RS 4 -Turn on memory usage debugging flags. Possible flags are +Turn on memory usage debugging flags\&. Possible flags are \fIusage\fR, \fItrace\fR, \fIrecord\fR, \fIsize\fR, and -\fImctx\fR. These correspond to the ISC_MEM_DEBUGXXXX flags described in -\fI<isc/mem.h>\fR. +\fImctx\fR\&. These correspond to the ISC_MEM_DEBUGXXXX flags described in +<isc/mem\&.h>\&. .RE .PP \-n \fI#cpus\fR .RS 4 Create \fI#cpus\fR -worker threads to take advantage of multiple CPUs. If not specified, +worker threads to take advantage of multiple CPUs\&. If not specified, \fBnamed\fR -will try to determine the number of CPUs present and create one thread per CPU. If it is unable to determine the number of CPUs, a single worker thread will be created. +will try to determine the number of CPUs present and create one thread per CPU\&. If it is unable to determine the number of CPUs, a single worker thread will be created\&. .RE .PP \-p \fIport\fR .RS 4 Listen for queries on port -\fIport\fR. If not specified, the default is port 53. +\fIport\fR\&. If not specified, the default is port 53\&. .RE .PP \-s .RS 4 Write memory usage statistics to -\fIstdout\fR -on exit. -.RS -.B "Note:" -This option is mainly of interest to BIND 9 developers and may be removed or changed in a future release. +stdout +on exit\&. +.if n \{\ +.sp +.\} +.RS 4 +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBNote\fR +.ps -1 +.br +This option is mainly of interest to BIND 9 developers and may be removed or changed in a future release\&. +.sp .5v .RE .RE .PP @@ -150,12 +176,23 @@ Allow \fBnamed\fR to use up to \fI#max\-socks\fR -sockets. -.RS -.B "Warning:" -This option should be unnecessary for the vast majority of users. The use of this option could even be harmful because the specified value may exceed the limitation of the underlying system API. It is therefore set only when the default configuration causes exhaustion of file descriptors and the operational environment is known to support the specified number of sockets. Note also that the actual maximum number is normally a little fewer than the specified value because +sockets\&. +.if n \{\ +.sp +.\} +.RS 4 +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBWarning\fR +.ps -1 +.br +This option should be unnecessary for the vast majority of users\&. The use of this option could even be harmful because the specified value may exceed the limitation of the underlying system API\&. It is therefore set only when the default configuration causes exhaustion of file descriptors and the operational environment is known to support the specified number of sockets\&. Note also that the actual maximum number is normally a little fewer than the specified value because \fBnamed\fR -reserves some file descriptors for its internal use. +reserves some file descriptors for its internal use\&. +.sp .5v .RE .RE .PP @@ -163,14 +200,25 @@ reserves some file descriptors for its internal use. .RS 4 Chroot to \fIdirectory\fR -after processing the command line arguments, but before reading the configuration file. -.RS -.B "Warning:" +after processing the command line arguments, but before reading the configuration file\&. +.if n \{\ +.sp +.\} +.RS 4 +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBWarning\fR +.ps -1 +.br This option should be used in conjunction with the \fB\-u\fR -option, as chrooting a process running as root doesn't enhance security on most systems; the way +option, as chrooting a process running as root doesn\*(Aqt enhance security on most systems; the way \fBchroot(2)\fR -is defined allows a process with root privileges to escape a chroot jail. +is defined allows a process with root privileges to escape a chroot jail\&. +.sp .5v .RE .RE .PP @@ -178,115 +226,138 @@ is defined allows a process with root privileges to escape a chroot jail. .RS 4 Use \fI#listeners\fR -worker threads to listen for incoming UDP packets on each address. If not specified, +worker threads to listen for incoming UDP packets on each address\&. If not specified, \fBnamed\fR -will calculate a default value based on the number of detected CPUs: 1 for 1 CPU, 2 for 2\-4 CPUs, and the number of detected CPUs divided by 2 for values higher than 4. If +will calculate a default value based on the number of detected CPUs: 1 for 1 CPU, and the number of detected CPUs minus one for machines with more than 1 CPU\&. This cannot be increased to a value higher than the number of CPUs\&. If \fB\-n\fR has been set to a higher value than the number of detected CPUs, then \fB\-U\fR -may be increased as high as that value, but no higher. +may be increased as high as that value, but no higher\&. On Windows, the number of UDP listeners is hardwired to 1 and this option has no effect\&. .RE .PP \-u \fIuser\fR .RS 4 Setuid to \fIuser\fR -after completing privileged operations, such as creating sockets that listen on privileged ports. -.RS -.B "Note:" +after completing privileged operations, such as creating sockets that listen on privileged ports\&. +.if n \{\ +.sp +.\} +.RS 4 +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBNote\fR +.ps -1 +.br On Linux, \fBnamed\fR -uses the kernel's capability mechanism to drop all root privileges except the ability to +uses the kernel\*(Aqs capability mechanism to drop all root privileges except the ability to \fBbind(2)\fR -to a privileged port and set process resource limits. Unfortunately, this means that the +to a privileged port and set process resource limits\&. Unfortunately, this means that the \fB\-u\fR option only works when \fBnamed\fR -is run on kernel 2.2.18 or later, or kernel 2.3.99\-pre3 or later, since previous kernels did not allow privileges to be retained after -\fBsetuid(2)\fR. +is run on kernel 2\&.2\&.18 or later, or kernel 2\&.3\&.99\-pre3 or later, since previous kernels did not allow privileges to be retained after +\fBsetuid(2)\fR\&. +.sp .5v .RE .RE .PP \-v .RS 4 -Report the version number and exit. +Report the version number and exit\&. .RE .PP \-V .RS 4 -Report the version number and build options, and exit. +Report the version number and build options, and exit\&. .RE .PP \-x \fIcache\-file\fR .RS 4 Load data from \fIcache\-file\fR -into the cache of the default view. -.RS -.B "Warning:" -This option must not be used. It is only of interest to BIND 9 developers and may be removed or changed in a future release. +into the cache of the default view\&. +.if n \{\ +.sp +.\} +.RS 4 +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBWarning\fR +.ps -1 +.br +This option must not be used\&. It is only of interest to BIND 9 developers and may be removed or changed in a future release\&. +.sp .5v .RE .RE .SH "SIGNALS" .PP In routine operation, signals should not be used to control the nameserver; \fBrndc\fR -should be used instead. +should be used instead\&. .PP SIGHUP .RS 4 -Force a reload of the server. +Force a reload of the server\&. .RE .PP SIGINT, SIGTERM .RS 4 -Shut down the server. +Shut down the server\&. .RE .PP -The result of sending any other signals to the server is undefined. +The result of sending any other signals to the server is undefined\&. .SH "CONFIGURATION" .PP The \fBnamed\fR -configuration file is too complex to describe in detail here. A complete description is provided in the -BIND 9 Administrator Reference Manual. +configuration file is too complex to describe in detail here\&. A complete description is provided in the +BIND 9 Administrator Reference Manual\&. .PP \fBnamed\fR inherits the \fBumask\fR -(file creation mode mask) from the parent process. If files created by +(file creation mode mask) from the parent process\&. If files created by \fBnamed\fR, such as journal files, need to have custom permissions, the \fBumask\fR should be set explicitly in the script used to start the \fBnamed\fR -process. +process\&. .SH "FILES" .PP -\fI/etc/named.conf\fR +/etc/named\&.conf .RS 4 -The default configuration file. +The default configuration file\&. .RE .PP -\fI/var/run/named/named.pid\fR +/var/run/named/named\&.pid .RS 4 -The default process\-id file. +The default process\-id file\&. .RE .SH "SEE ALSO" .PP RFC 1033, RFC 1034, RFC 1035, -\fBnamed\-checkconf\fR(8), -\fBnamed\-checkzone\fR(8), +\fBnamed-checkconf\fR(8), +\fBnamed-checkzone\fR(8), \fBrndc\fR(8), \fBlwresd\fR(8), \fBnamed.conf\fR(5), -BIND 9 Administrator Reference Manual. +BIND 9 Administrator Reference Manual\&. .SH "AUTHOR" .PP -Internet Systems Consortium +\fBInternet Systems Consortium, Inc\&.\fR .SH "COPYRIGHT" -Copyright \(co 2004\-2009, 2011, 2013\-2015 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2004-2009, 2011, 2013-2015 Internet Systems Consortium, Inc. ("ISC") .br Copyright \(co 2000, 2001, 2003 Internet Software Consortium. .br diff --git a/bin/named/named.conf.5 b/bin/named/named.conf.5 index c4d75437da2e..532e83def831 100644 --- a/bin/named/named.conf.5 +++ b/bin/named/named.conf.5 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004-2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2011, 2013-2015 Internet Systems Consortium, Inc. ("ISC") .\" .\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -12,32 +12,47 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id$ -.\" .hy 0 .ad l -.\" Title: \fInamed.conf\fR +'\" t +.\" Title: named.conf .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> -.\" Date: January 08, 2014 +.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> +.\" Date: 2014-01-08 .\" Manual: BIND9 -.\" Source: BIND9 +.\" Source: ISC +.\" Language: English .\" -.TH "\fINAMED.CONF\fR" "5" "January 08, 2014" "BIND9" "BIND9" +.TH "NAMED\&.CONF" "5" "2014\-01\-08" "ISC" "BIND9" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- .SH "NAME" named.conf \- configuration file for named .SH "SYNOPSIS" -.HP 11 -\fBnamed.conf\fR +.HP \w'\fBnamed\&.conf\fR\ 'u +\fBnamed\&.conf\fR .SH "DESCRIPTION" .PP -\fInamed.conf\fR +named\&.conf is the configuration file for -\fBnamed\fR. Statements are enclosed in braces and terminated with a semi\-colon. Clauses in the statements are also semi\-colon terminated. The usual comment styles are supported: +\fBnamed\fR\&. Statements are enclosed in braces and terminated with a semi\-colon\&. Clauses in the statements are also semi\-colon terminated\&. The usual comment styles are supported: .PP C style: /* */ .PP @@ -46,34 +61,48 @@ C++ style: // to end of line Unix style: # to end of line .SH "ACL" .sp +.if n \{\ .RS 4 +.\} .nf -acl \fIstring\fR { \fIaddress_match_element\fR; ... }; +acl \fIstring\fR { \fIaddress_match_element\fR; \&.\&.\&. }; .fi +.if n \{\ .RE +.\} .SH "KEY" .sp +.if n \{\ .RS 4 +.\} .nf key \fIdomain_name\fR { algorithm \fIstring\fR; secret \fIstring\fR; }; .fi +.if n \{\ .RE +.\} .SH "MASTERS" .sp +.if n \{\ .RS 4 +.\} .nf masters \fIstring\fR [ port \fIinteger\fR ] { ( \fImasters\fR | \fIipv4_address\fR [port \fIinteger\fR] | - \fIipv6_address\fR [port \fIinteger\fR] ) [ key \fIstring\fR ]; ... + \fIipv6_address\fR [port \fIinteger\fR] ) [ key \fIstring\fR ]; \&.\&.\&. }; .fi +.if n \{\ .RE +.\} .SH "SERVER" .sp +.if n \{\ .RS 4 +.\} .nf server ( \fIipv4_address\fR\fI[/prefixlen]\fR | \fIipv6_address\fR\fI[/prefixlen]\fR ) { bogus \fIboolean\fR; @@ -92,41 +121,57 @@ server ( \fIipv4_address\fR\fI[/prefixlen]\fR | \fIipv6_address\fR\fI[/prefixlen support\-ixfr \fIboolean\fR; // obsolete }; .fi +.if n \{\ .RE -.SH "TRUSTED\-KEYS" +.\} +.SH "TRUSTED-KEYS" .sp +.if n \{\ .RS 4 +.\} .nf trusted\-keys { - \fIdomain_name\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; ... + \fIdomain_name\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; \&.\&.\&. }; .fi +.if n \{\ .RE -.SH "MANAGED\-KEYS" +.\} +.SH "MANAGED-KEYS" .sp +.if n \{\ .RS 4 +.\} .nf managed\-keys { - \fIdomain_name\fR \fBinitial\-key\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; ... + \fIdomain_name\fR \fBinitial\-key\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; \&.\&.\&. }; .fi +.if n \{\ .RE +.\} .SH "CONTROLS" .sp +.if n \{\ .RS 4 +.\} .nf controls { inet ( \fIipv4_address\fR | \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ] - allow { \fIaddress_match_element\fR; ... } - [ keys { \fIstring\fR; ... } ]; + allow { \fIaddress_match_element\fR; \&.\&.\&. } + [ keys { \fIstring\fR; \&.\&.\&. } ]; unix \fIunsupported\fR; // not implemented }; .fi +.if n \{\ .RE +.\} .SH "LOGGING" .sp +.if n \{\ .RS 4 +.\} .nf logging { channel \fIstring\fR { @@ -139,32 +184,40 @@ logging { print\-severity \fIboolean\fR; print\-category \fIboolean\fR; }; - category \fIstring\fR { \fIstring\fR; ... }; + category \fIstring\fR { \fIstring\fR; \&.\&.\&. }; }; .fi +.if n \{\ .RE +.\} .SH "LWRES" .sp +.if n \{\ .RS 4 +.\} .nf lwres { listen\-on [ port \fIinteger\fR ] { - ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ... + ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; \&.\&.\&. }; view \fIstring\fR \fIoptional_class\fR; - search { \fIstring\fR; ... }; + search { \fIstring\fR; \&.\&.\&. }; ndots \fIinteger\fR; }; .fi +.if n \{\ .RE +.\} .SH "OPTIONS" .sp +.if n \{\ .RS 4 +.\} .nf options { - avoid\-v4\-udp\-ports { \fIport\fR; ... }; - avoid\-v6\-udp\-ports { \fIport\fR; ... }; - blackhole { \fIaddress_match_element\fR; ... }; + avoid\-v4\-udp\-ports { \fIport\fR; \&.\&.\&. }; + avoid\-v6\-udp\-ports { \fIport\fR; \&.\&.\&. }; + blackhole { \fIaddress_match_element\fR; \&.\&.\&. }; coresize \fIsize\fR; datasize \fIsize\fR; directory \fIquoted_string\fR; @@ -175,8 +228,8 @@ options { host\-statistics\-max \fInumber\fR; // not implemented hostname ( \fIquoted_string\fR | none ); interface\-interval \fIinteger\fR; - listen\-on [ port \fIinteger\fR ] { \fIaddress_match_element\fR; ... }; - listen\-on\-v6 [ port \fIinteger\fR ] { \fIaddress_match_element\fR; ... }; + listen\-on [ port \fIinteger\fR ] { \fIaddress_match_element\fR; \&.\&.\&. }; + listen\-on\-v6 [ port \fIinteger\fR ] { \fIaddress_match_element\fR; \&.\&.\&. }; match\-mapped\-addresses \fIboolean\fR; memstatistics\-file \fIquoted_string\fR; pid\-file ( \fIquoted_string\fR | none ); @@ -200,18 +253,17 @@ options { transfers\-per\-ns \fIinteger\fR; transfers\-in \fIinteger\fR; transfers\-out \fIinteger\fR; - use\-ixfr \fIboolean\fR; version ( \fIquoted_string\fR | none ); - allow\-recursion { \fIaddress_match_element\fR; ... }; - allow\-recursion\-on { \fIaddress_match_element\fR; ... }; - sortlist { \fIaddress_match_element\fR; ... }; - topology { \fIaddress_match_element\fR; ... }; // not implemented + allow\-recursion { \fIaddress_match_element\fR; \&.\&.\&. }; + allow\-recursion\-on { \fIaddress_match_element\fR; \&.\&.\&. }; + sortlist { \fIaddress_match_element\fR; \&.\&.\&. }; + topology { \fIaddress_match_element\fR; \&.\&.\&. }; // not implemented auth\-nxdomain \fIboolean\fR; // default changed minimal\-responses \fIboolean\fR; recursion \fIboolean\fR; rrset\-order { [ class \fIstring\fR ] [ type \fIstring\fR ] - [ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; ... + [ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; \&.\&.\&. }; provide\-ixfr \fIboolean\fR; request\-ixfr \fIboolean\fR; @@ -246,12 +298,12 @@ options { dual\-stack\-servers [ port \fIinteger\fR ] { ( \fIquoted_string\fR [port \fIinteger\fR] | \fIipv4_address\fR [port \fIinteger\fR] | - \fIipv6_address\fR [port \fIinteger\fR] ); ... + \fIipv6_address\fR [port \fIinteger\fR] ); \&.\&.\&. }; edns\-udp\-size \fIinteger\fR; max\-udp\-size \fIinteger\fR; - root\-delegation\-only [ exclude { \fIquoted_string\fR; ... } ]; - disable\-algorithms \fIstring\fR { \fIstring\fR; ... }; + root\-delegation\-only [ exclude { \fIquoted_string\fR; \&.\&.\&. } ]; + disable\-algorithms \fIstring\fR { \fIstring\fR; \&.\&.\&. }; dnssec\-enable \fIboolean\fR; dnssec\-validation \fIboolean\fR; dnssec\-lookaside ( \fIauto\fR | \fIno\fR | \fIdomain\fR trust\-anchor \fIdomain\fR ); @@ -273,13 +325,13 @@ options { disable\-empty\-zone \fIstring\fR; dialup \fIdialuptype\fR; ixfr\-from\-differences \fIixfrdiff\fR; - allow\-query { \fIaddress_match_element\fR; ... }; - allow\-query\-on { \fIaddress_match_element\fR; ... }; - allow\-query\-cache { \fIaddress_match_element\fR; ... }; - allow\-query\-cache\-on { \fIaddress_match_element\fR; ... }; - allow\-transfer { \fIaddress_match_element\fR; ... }; - allow\-update { \fIaddress_match_element\fR; ... }; - allow\-update\-forwarding { \fIaddress_match_element\fR; ... }; + allow\-query { \fIaddress_match_element\fR; \&.\&.\&. }; + allow\-query\-on { \fIaddress_match_element\fR; \&.\&.\&. }; + allow\-query\-cache { \fIaddress_match_element\fR; \&.\&.\&. }; + allow\-query\-cache\-on { \fIaddress_match_element\fR; \&.\&.\&. }; + allow\-transfer { \fIaddress_match_element\fR; \&.\&.\&. }; + allow\-update { \fIaddress_match_element\fR; \&.\&.\&. }; + allow\-update\-forwarding { \fIaddress_match_element\fR; \&.\&.\&. }; update\-check\-ksk \fIboolean\fR; dnssec\-dnskey\-kskonly \fIboolean\fR; masterfile\-format ( text | raw ); @@ -289,12 +341,12 @@ options { notify\-delay \fIseconds\fR; notify\-to\-soa \fIboolean\fR; also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR ) - [ port \fIinteger\fR ]; ... - [ key \fIkeyname\fR ] ... }; - allow\-notify { \fIaddress_match_element\fR; ... }; + [ port \fIinteger\fR ]; \&.\&.\&. + [ key \fIkeyname\fR ] \&.\&.\&. }; + allow\-notify { \fIaddress_match_element\fR; \&.\&.\&. }; forward ( first | only ); forwarders [ port \fIinteger\fR ] { - ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ... + ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; \&.\&.\&. }; max\-journal\-size \fIsize_no_default\fR; max\-transfer\-time\-in \fIinteger\fR; @@ -335,7 +387,7 @@ options { \fInamelist\fR } [ except\-from { \fInamelist\fR } ]; nsec3\-test\-zone \fIboolean\fR; // testing only - allow\-v6\-synthesis { \fIaddress_match_element\fR; ... }; // obsolete + allow\-v6\-synthesis { \fIaddress_match_element\fR; \&.\&.\&. }; // obsolete deallocate\-on\-exit \fIboolean\fR; // obsolete fake\-iquery \fIboolean\fR; // obsolete fetch\-glue \fIboolean\fR; // obsolete @@ -347,41 +399,46 @@ options { serial\-queries \fIinteger\fR; // obsolete treat\-cr\-as\-space \fIboolean\fR; // obsolete use\-id\-pool \fIboolean\fR; // obsolete + use\-ixfr \fIboolean\fR; // obsolete }; .fi +.if n \{\ .RE +.\} .SH "VIEW" .sp +.if n \{\ .RS 4 +.\} .nf view \fIstring\fR \fIoptional_class\fR { - match\-clients { \fIaddress_match_element\fR; ... }; - match\-destinations { \fIaddress_match_element\fR; ... }; + match\-clients { \fIaddress_match_element\fR; \&.\&.\&. }; + match\-destinations { \fIaddress_match_element\fR; \&.\&.\&. }; match\-recursive\-only \fIboolean\fR; key \fIstring\fR { algorithm \fIstring\fR; secret \fIstring\fR; }; zone \fIstring\fR \fIoptional_class\fR { - ... + \&.\&.\&. }; server ( \fIipv4_address\fR\fI[/prefixlen]\fR | \fIipv6_address\fR\fI[/prefixlen]\fR ) { - ... + \&.\&.\&. }; trusted\-keys { \fIstring\fR \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; - [...] + [\&.\&.\&.] }; - allow\-recursion { \fIaddress_match_element\fR; ... }; - allow\-recursion\-on { \fIaddress_match_element\fR; ... }; - sortlist { \fIaddress_match_element\fR; ... }; - topology { \fIaddress_match_element\fR; ... }; // not implemented + allow\-recursion { \fIaddress_match_element\fR; \&.\&.\&. }; + allow\-recursion\-on { \fIaddress_match_element\fR; \&.\&.\&. }; + sortlist { \fIaddress_match_element\fR; \&.\&.\&. }; + topology { \fIaddress_match_element\fR; \&.\&.\&. }; // not implemented auth\-nxdomain \fIboolean\fR; // default changed minimal\-responses \fIboolean\fR; recursion \fIboolean\fR; rrset\-order { [ class \fIstring\fR ] [ type \fIstring\fR ] - [ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; ... + [ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; \&.\&.\&. }; provide\-ixfr \fIboolean\fR; request\-ixfr \fIboolean\fR; @@ -416,12 +473,12 @@ view \fIstring\fR \fIoptional_class\fR { dual\-stack\-servers [ port \fIinteger\fR ] { ( \fIquoted_string\fR [port \fIinteger\fR] | \fIipv4_address\fR [port \fIinteger\fR] | - \fIipv6_address\fR [port \fIinteger\fR] ); ... + \fIipv6_address\fR [port \fIinteger\fR] ); \&.\&.\&. }; edns\-udp\-size \fIinteger\fR; max\-udp\-size \fIinteger\fR; - root\-delegation\-only [ exclude { \fIquoted_string\fR; ... } ]; - disable\-algorithms \fIstring\fR { \fIstring\fR; ... }; + root\-delegation\-only [ exclude { \fIquoted_string\fR; \&.\&.\&. } ]; + disable\-algorithms \fIstring\fR { \fIstring\fR; \&.\&.\&. }; dnssec\-enable \fIboolean\fR; dnssec\-validation \fIboolean\fR; dnssec\-lookaside ( \fIauto\fR | \fIno\fR | \fIdomain\fR trust\-anchor \fIdomain\fR ); @@ -443,13 +500,13 @@ view \fIstring\fR \fIoptional_class\fR { disable\-empty\-zone \fIstring\fR; dialup \fIdialuptype\fR; ixfr\-from\-differences \fIixfrdiff\fR; - allow\-query { \fIaddress_match_element\fR; ... }; - allow\-query\-on { \fIaddress_match_element\fR; ... }; - allow\-query\-cache { \fIaddress_match_element\fR; ... }; - allow\-query\-cache\-on { \fIaddress_match_element\fR; ... }; - allow\-transfer { \fIaddress_match_element\fR; ... }; - allow\-update { \fIaddress_match_element\fR; ... }; - allow\-update\-forwarding { \fIaddress_match_element\fR; ... }; + allow\-query { \fIaddress_match_element\fR; \&.\&.\&. }; + allow\-query\-on { \fIaddress_match_element\fR; \&.\&.\&. }; + allow\-query\-cache { \fIaddress_match_element\fR; \&.\&.\&. }; + allow\-query\-cache\-on { \fIaddress_match_element\fR; \&.\&.\&. }; + allow\-transfer { \fIaddress_match_element\fR; \&.\&.\&. }; + allow\-update { \fIaddress_match_element\fR; \&.\&.\&. }; + allow\-update\-forwarding { \fIaddress_match_element\fR; \&.\&.\&. }; update\-check\-ksk \fIboolean\fR; dnssec\-dnskey\-kskonly \fIboolean\fR; masterfile\-format ( text | raw ); @@ -459,12 +516,12 @@ view \fIstring\fR \fIoptional_class\fR { notify\-delay \fIseconds\fR; notify\-to\-soa \fIboolean\fR; also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR ) - [ port \fIinteger\fR ]; ... - [ key \fIkeyname\fR ] ... }; - allow\-notify { \fIaddress_match_element\fR; ... }; + [ port \fIinteger\fR ]; \&.\&.\&. + [ key \fIkeyname\fR ] \&.\&.\&. }; + allow\-notify { \fIaddress_match_element\fR; \&.\&.\&. }; forward ( first | only ); forwarders [ port \fIinteger\fR ] { - ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ... + ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; \&.\&.\&. }; max\-journal\-size \fIsize_no_default\fR; max\-transfer\-time\-in \fIinteger\fR; @@ -492,16 +549,20 @@ view \fIstring\fR \fIoptional_class\fR { zero\-no\-soa\-ttl \fIboolean\fR; zero\-no\-soa\-ttl\-cache \fIboolean\fR; dnssec\-secure\-to\-insecure \fIboolean\fR; - allow\-v6\-synthesis { \fIaddress_match_element\fR; ... }; // obsolete + allow\-v6\-synthesis { \fIaddress_match_element\fR; \&.\&.\&. }; // obsolete fetch\-glue \fIboolean\fR; // obsolete maintain\-ixfr\-base \fIboolean\fR; // obsolete max\-ixfr\-log\-size \fIsize\fR; // obsolete }; .fi +.if n \{\ .RE +.\} .SH "ZONE" .sp +.if n \{\ .RS 4 +.\} .nf zone \fIstring\fR \fIoptional_class\fR { type ( master | slave | stub | hint | redirect | @@ -510,7 +571,7 @@ zone \fIstring\fR \fIoptional_class\fR { masters [ port \fIinteger\fR ] { ( \fImasters\fR | \fIipv4_address\fR [port \fIinteger\fR] | - \fIipv6_address\fR [ port \fIinteger\fR ] ) [ key \fIstring\fR ]; ... + \fIipv6_address\fR [ port \fIinteger\fR ] ) [ key \fIstring\fR ]; \&.\&.\&. }; database \fIstring\fR; delegation\-only \fIboolean\fR; @@ -524,18 +585,18 @@ zone \fIstring\fR \fIoptional_class\fR { journal \fIquoted_string\fR; zero\-no\-soa\-ttl \fIboolean\fR; dnssec\-secure\-to\-insecure \fIboolean\fR; - allow\-query { \fIaddress_match_element\fR; ... }; - allow\-query\-on { \fIaddress_match_element\fR; ... }; - allow\-transfer { \fIaddress_match_element\fR; ... }; - allow\-update { \fIaddress_match_element\fR; ... }; - allow\-update\-forwarding { \fIaddress_match_element\fR; ... }; + allow\-query { \fIaddress_match_element\fR; \&.\&.\&. }; + allow\-query\-on { \fIaddress_match_element\fR; \&.\&.\&. }; + allow\-transfer { \fIaddress_match_element\fR; \&.\&.\&. }; + allow\-update { \fIaddress_match_element\fR; \&.\&.\&. }; + allow\-update\-forwarding { \fIaddress_match_element\fR; \&.\&.\&. }; update\-policy \fIlocal\fR | \fI { ( grant | deny ) \fR\fI\fIstring\fR\fR\fI ( name | subdomain | wildcard | self | selfsub | selfwild | krb5\-self | ms\-self | krb5\-subdomain | ms\-subdomain | tcp\-self | zonesub | 6to4\-self ) \fR\fI\fIstring\fR\fR\fI \fR\fI\fIrrtypelist\fR\fR\fI; - \fR\fI[...]\fR\fI + \fR\fI[\&.\&.\&.]\fR\fI }\fR; update\-check\-ksk \fIboolean\fR; dnssec\-dnskey\-kskonly \fIboolean\fR; @@ -546,12 +607,12 @@ zone \fIstring\fR \fIoptional_class\fR { notify\-delay \fIseconds\fR; notify\-to\-soa \fIboolean\fR; also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR ) - [ port \fIinteger\fR ]; ... - [ key \fIkeyname\fR ] ... }; - allow\-notify { \fIaddress_match_element\fR; ... }; + [ port \fIinteger\fR ]; \&.\&.\&. + [ key \fIkeyname\fR ] \&.\&.\&. }; + allow\-notify { \fIaddress_match_element\fR; \&.\&.\&. }; forward ( first | only ); forwarders [ port \fIinteger\fR ] { - ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ... + ( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; \&.\&.\&. }; max\-journal\-size \fIsize_no_default\fR; max\-transfer\-time\-in \fIinteger\fR; @@ -585,16 +646,22 @@ zone \fIstring\fR \fIoptional_class\fR { pubkey \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; // obsolete }; .fi +.if n \{\ .RE +.\} .SH "FILES" .PP -\fI/etc/named.conf\fR +/etc/named\&.conf .SH "SEE ALSO" .PP \fBnamed\fR(8), -\fBnamed\-checkconf\fR(8), +\fBnamed-checkconf\fR(8), \fBrndc\fR(8), -BIND 9 Administrator Reference Manual. +BIND 9 Administrator Reference Manual\&. +.SH "AUTHOR" +.PP +\fBInternet Systems Consortium, Inc\&.\fR .SH "COPYRIGHT" -Copyright \(co 2004\-2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2004-2011, 2013-2015 Internet Systems Consortium, Inc. ("ISC") .br diff --git a/bin/named/named.conf.docbook b/bin/named/named.conf.docbook index 85d13db95d39..01cb62aaa009 100644 --- a/bin/named/named.conf.docbook +++ b/bin/named/named.conf.docbook @@ -1,8 +1,5 @@ -<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" - "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" - [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004-2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2011, 2013-2015 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -17,9 +14,14 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<refentry> +<!-- Converted by db4-upgrade version 1.0 --> +<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.named.conf"> + <info> + <date>2014-01-08</date> + </info> <refentryinfo> - <date>January 08, 2014</date> + <corpname>ISC</corpname> + <corpauthor>Internet Systems Consortium, Inc.</corpauthor> </refentryinfo> <refmeta> @@ -45,18 +47,19 @@ <year>2011</year> <year>2013</year> <year>2014</year> + <year>2015</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> </docinfo> <refsynopsisdiv> - <cmdsynopsis> + <cmdsynopsis sepchar=" "> <command>named.conf</command> </cmdsynopsis> </refsynopsisdiv> - <refsect1> - <title>DESCRIPTION</title> + <refsection><info><title>DESCRIPTION</title></info> + <para><filename>named.conf</filename> is the configuration file for <command>named</command>. Statements are enclosed @@ -73,39 +76,39 @@ <para> Unix style: # to end of line </para> - </refsect1> + </refsection> + + <refsection><info><title>ACL</title></info> - <refsect1> - <title>ACL</title> - <literallayout> + <literallayout class="normal"> acl <replaceable>string</replaceable> { <replaceable>address_match_element</replaceable>; ... }; </literallayout> - </refsect1> + </refsection> - <refsect1> - <title>KEY</title> - <literallayout> + <refsection><info><title>KEY</title></info> + + <literallayout class="normal"> key <replaceable>domain_name</replaceable> { algorithm <replaceable>string</replaceable>; secret <replaceable>string</replaceable>; }; </literallayout> - </refsect1> + </refsection> + + <refsection><info><title>MASTERS</title></info> - <refsect1> - <title>MASTERS</title> - <literallayout> + <literallayout class="normal"> masters <replaceable>string</replaceable> <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> | <replaceable>ipv6_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> ) <optional> key <replaceable>string</replaceable> </optional>; ... }; </literallayout> - </refsect1> + </refsection> - <refsect1> - <title>SERVER</title> - <literallayout> + <refsection><info><title>SERVER</title></info> + + <literallayout class="normal"> server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> | <replaceable>ipv6_address<optional>/prefixlen</optional></replaceable> ) { bogus <replaceable>boolean</replaceable>; edns <replaceable>boolean</replaceable>; @@ -124,29 +127,29 @@ server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> support-ixfr <replaceable>boolean</replaceable>; // obsolete }; </literallayout> - </refsect1> + </refsection> + + <refsection><info><title>TRUSTED-KEYS</title></info> - <refsect1> - <title>TRUSTED-KEYS</title> - <literallayout> + <literallayout class="normal"> trusted-keys { - <replaceable>domain_name</replaceable> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ... + <replaceable>domain_name</replaceable> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ... }; </literallayout> - </refsect1> + </refsection> - <refsect1> - <title>MANAGED-KEYS</title> - <literallayout> + <refsection><info><title>MANAGED-KEYS</title></info> + + <literallayout class="normal"> managed-keys { - <replaceable>domain_name</replaceable> <constant>initial-key</constant> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ... + <replaceable>domain_name</replaceable> <constant>initial-key</constant> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ... }; </literallayout> - </refsect1> + </refsection> + + <refsection><info><title>CONTROLS</title></info> - <refsect1> - <title>CONTROLS</title> - <literallayout> + <literallayout class="normal"> controls { inet ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional> @@ -155,11 +158,11 @@ controls { unix <replaceable>unsupported</replaceable>; // not implemented }; </literallayout> - </refsect1> + </refsection> - <refsect1> - <title>LOGGING</title> - <literallayout> + <refsection><info><title>LOGGING</title></info> + + <literallayout class="normal"> logging { channel <replaceable>string</replaceable> { file <replaceable>log_file</replaceable>; @@ -174,11 +177,11 @@ logging { category <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... }; }; </literallayout> - </refsect1> + </refsection> + + <refsection><info><title>LWRES</title></info> - <refsect1> - <title>LWRES</title> - <literallayout> + <literallayout class="normal"> lwres { listen-on <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ... @@ -188,11 +191,11 @@ lwres { ndots <replaceable>integer</replaceable>; }; </literallayout> - </refsect1> + </refsection> - <refsect1> - <title>OPTIONS</title> - <literallayout> + <refsection><info><title>OPTIONS</title></info> + + <literallayout class="normal"> options { avoid-v4-udp-ports { <replaceable>port</replaceable>; ... }; avoid-v6-udp-ports { <replaceable>port</replaceable>; ... }; @@ -232,7 +235,6 @@ options { transfers-per-ns <replaceable>integer</replaceable>; transfers-in <replaceable>integer</replaceable>; transfers-out <replaceable>integer</replaceable>; - use-ixfr <replaceable>boolean</replaceable>; version ( <replaceable>quoted_string</replaceable> | none ); allow-recursion { <replaceable>address_match_element</replaceable>; ... }; allow-recursion-on { <replaceable>address_match_element</replaceable>; ... }; @@ -392,13 +394,14 @@ options { serial-queries <replaceable>integer</replaceable>; // obsolete treat-cr-as-space <replaceable>boolean</replaceable>; // obsolete use-id-pool <replaceable>boolean</replaceable>; // obsolete + use-ixfr <replaceable>boolean</replaceable>; // obsolete }; </literallayout> - </refsect1> + </refsection> + + <refsection><info><title>VIEW</title></info> - <refsect1> - <title>VIEW</title> - <literallayout> + <literallayout class="normal"> view <replaceable>string</replaceable> <replaceable>optional_class</replaceable> { match-clients { <replaceable>address_match_element</replaceable>; ... }; match-destinations { <replaceable>address_match_element</replaceable>; ... }; @@ -559,11 +562,11 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable> max-ixfr-log-size <replaceable>size</replaceable>; // obsolete }; </literallayout> - </refsect1> + </refsection> - <refsect1> - <title>ZONE</title> - <literallayout> + <refsection><info><title>ZONE</title></info> + + <literallayout class="normal"> zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> { type ( master | slave | stub | hint | redirect | forward | delegation-only ); @@ -657,16 +660,16 @@ zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> pubkey <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>; // obsolete }; </literallayout> - </refsect1> + </refsection> + + <refsection><info><title>FILES</title></info> - <refsect1> - <title>FILES</title> <para><filename>/etc/named.conf</filename> </para> - </refsect1> + </refsection> + + <refsection><info><title>SEE ALSO</title></info> - <refsect1> - <title>SEE ALSO</title> <para><citerefentry> <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum> </citerefentry>, @@ -678,10 +681,6 @@ zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> </citerefentry>, <citetitle>BIND 9 Administrator Reference Manual</citetitle>. </para> - </refsect1> + </refsection> -</refentry><!-- - - Local variables: - - mode: sgml - - End: ---> +</refentry> diff --git a/bin/named/named.conf.html b/bin/named/named.conf.html index 0e1d2eb60da3..e21dd36c886f 100644 --- a/bin/named/named.conf.html +++ b/bin/named/named.conf.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004-2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2011, 2013-2015 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -13,15 +13,14 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id$ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>named.conf</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.78.1"> </head> -<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2476282"></a><div class="titlepage"></div> +<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry"> +<a name="man.named.conf"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p><code class="filename">named.conf</code> — configuration file for named</p> @@ -30,11 +29,11 @@ <h2>Synopsis</h2> <div class="cmdsynopsis"><p><code class="command">named.conf</code> </p></div> </div> -<div class="refsect1" lang="en"> -<a name="id2543367"></a><h2>DESCRIPTION</h2> +<div class="refsection"> +<a name="id-1.7"></a><h2>DESCRIPTION</h2> <p><code class="filename">named.conf</code> is the configuration file for - <span><strong class="command">named</strong></span>. Statements are enclosed + <span class="command"><strong>named</strong></span>. Statements are enclosed in braces and terminated with a semi-colon. Clauses in the statements are also semi-colon terminated. The usual comment styles are supported: @@ -49,15 +48,15 @@ Unix style: # to end of line </p> </div> -<div class="refsect1" lang="en"> -<a name="id2543395"></a><h2>ACL</h2> +<div class="refsection"> +<a name="id-1.8"></a><h2>ACL</h2> <div class="literallayout"><p><br> acl <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> <br> </p></div> </div> -<div class="refsect1" lang="en"> -<a name="id2543411"></a><h2>KEY</h2> +<div class="refsection"> +<a name="id-1.9"></a><h2>KEY</h2> <div class="literallayout"><p><br> key <em class="replaceable"><code>domain_name</code></em> {<br> algorithm <em class="replaceable"><code>string</code></em>;<br> @@ -65,8 +64,8 @@ key <em class="replaceable"><code>domain_name</code></em> {<br> };<br> </p></div> </div> -<div class="refsect1" lang="en"> -<a name="id2543430"></a><h2>MASTERS</h2> +<div class="refsection"> +<a name="id-1.10"></a><h2>MASTERS</h2> <div class="literallayout"><p><br> masters <em class="replaceable"><code>string</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br> ( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br> @@ -74,8 +73,8 @@ masters <em class="replaceable"><code>string</code></em> [<span class="optional" };<br> </p></div> </div> -<div class="refsect1" lang="en"> -<a name="id2543476"></a><h2>SERVER</h2> +<div class="refsection"> +<a name="id-1.11"></a><h2>SERVER</h2> <div class="literallayout"><p><br> server ( <em class="replaceable"><code>ipv4_address[<span class="optional">/prefixlen</span>]</code></em> | <em class="replaceable"><code>ipv6_address[<span class="optional">/prefixlen</span>]</code></em> ) {<br> bogus <em class="replaceable"><code>boolean</code></em>;<br> @@ -96,24 +95,24 @@ server ( <em class="replaceable"><code>ipv4_address[<span class="optional">/pref };<br> </p></div> </div> -<div class="refsect1" lang="en"> -<a name="id2543544"></a><h2>TRUSTED-KEYS</h2> +<div class="refsection"> +<a name="id-1.12"></a><h2>TRUSTED-KEYS</h2> <div class="literallayout"><p><br> trusted-keys {<br> - <em class="replaceable"><code>domain_name</code></em> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ... <br> + <em class="replaceable"><code>domain_name</code></em> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ...<br> };<br> </p></div> </div> -<div class="refsect1" lang="en"> -<a name="id2543570"></a><h2>MANAGED-KEYS</h2> +<div class="refsection"> +<a name="id-1.13"></a><h2>MANAGED-KEYS</h2> <div class="literallayout"><p><br> managed-keys {<br> - <em class="replaceable"><code>domain_name</code></em> <code class="constant">initial-key</code> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ... <br> + <em class="replaceable"><code>domain_name</code></em> <code class="constant">initial-key</code> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ...<br> };<br> </p></div> </div> -<div class="refsect1" lang="en"> -<a name="id2543598"></a><h2>CONTROLS</h2> +<div class="refsection"> +<a name="id-1.14"></a><h2>CONTROLS</h2> <div class="literallayout"><p><br> controls {<br> inet ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> | * )<br> @@ -124,8 +123,8 @@ controls {<br> };<br> </p></div> </div> -<div class="refsect1" lang="en"> -<a name="id2543634"></a><h2>LOGGING</h2> +<div class="refsection"> +<a name="id-1.15"></a><h2>LOGGING</h2> <div class="literallayout"><p><br> logging {<br> channel <em class="replaceable"><code>string</code></em> {<br> @@ -142,8 +141,8 @@ logging {<br> };<br> </p></div> </div> -<div class="refsect1" lang="en"> -<a name="id2543672"></a><h2>LWRES</h2> +<div class="refsection"> +<a name="id-1.16"></a><h2>LWRES</h2> <div class="literallayout"><p><br> lwres {<br> listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br> @@ -155,8 +154,8 @@ lwres {<br> };<br> </p></div> </div> -<div class="refsect1" lang="en"> -<a name="id2543714"></a><h2>OPTIONS</h2> +<div class="refsection"> +<a name="id-1.17"></a><h2>OPTIONS</h2> <div class="literallayout"><p><br> options {<br> avoid-v4-udp-ports { <em class="replaceable"><code>port</code></em>; ... };<br> @@ -197,7 +196,6 @@ options {<br> transfers-per-ns <em class="replaceable"><code>integer</code></em>;<br> transfers-in <em class="replaceable"><code>integer</code></em>;<br> transfers-out <em class="replaceable"><code>integer</code></em>;<br> - use-ixfr <em class="replaceable"><code>boolean</code></em>;<br> version ( <em class="replaceable"><code>quoted_string</code></em> | none );<br> allow-recursion { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> allow-recursion-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> @@ -258,9 +256,9 @@ options {<br> dns64-server <em class="replaceable"><code>string</code></em>;<br> dns64-contact <em class="replaceable"><code>string</code></em>;<br> dns64 <em class="replaceable"><code>prefix</code></em> {<br> - clients { <font color="red"><replacable>acl</replacable></font>; };<br> - exclude { <font color="red"><replacable>acl</replacable></font>; };<br> - mapped { <font color="red"><replacable>acl</replacable></font>; };<br> + clients { <span style="color: red"><replacable>acl</replacable></span>; };<br> + exclude { <span style="color: red"><replacable>acl</replacable></span>; };<br> + mapped { <span style="color: red"><replacable>acl</replacable></span>; };<br> break-dnssec <em class="replaceable"><code>boolean</code></em>;<br> recursive-only <em class="replaceable"><code>boolean</code></em>;<br> suffix <em class="replaceable"><code>ipv6_address</code></em>;<br> @@ -357,11 +355,12 @@ options {<br> serial-queries <em class="replaceable"><code>integer</code></em>; // obsolete<br> treat-cr-as-space <em class="replaceable"><code>boolean</code></em>; // obsolete<br> use-id-pool <em class="replaceable"><code>boolean</code></em>; // obsolete<br> + use-ixfr <em class="replaceable"><code>boolean</code></em>; // obsolete<br> };<br> </p></div> </div> -<div class="refsect1" lang="en"> -<a name="id2544593"></a><h2>VIEW</h2> +<div class="refsection"> +<a name="id-1.18"></a><h2>VIEW</h2> <div class="literallayout"><p><br> view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br> match-clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> @@ -445,9 +444,9 @@ view <em class="replaceable"><code>string</code></em> <em class="replaceable"><c dns64-server <em class="replaceable"><code>string</code></em>;<br> dns64-contact <em class="replaceable"><code>string</code></em>;<br> dns64 <em class="replaceable"><code>prefix</code></em> {<br> - clients { <font color="red"><replacable>acl</replacable></font>; };<br> - exclude { <font color="red"><replacable>acl</replacable></font>; };<br> - mapped { <font color="red"><replacable>acl</replacable></font>; };<br> + clients { <span style="color: red"><replacable>acl</replacable></span>; };<br> + exclude { <span style="color: red"><replacable>acl</replacable></span>; };<br> + mapped { <span style="color: red"><replacable>acl</replacable></span>; };<br> break-dnssec <em class="replaceable"><code>boolean</code></em>;<br> recursive-only <em class="replaceable"><code>boolean</code></em>;<br> suffix <em class="replaceable"><code>ipv6_address</code></em>;<br> @@ -524,8 +523,8 @@ view <em class="replaceable"><code>string</code></em> <em class="replaceable"><c };<br> </p></div> </div> -<div class="refsect1" lang="en"> -<a name="id2545308"></a><h2>ZONE</h2> +<div class="refsection"> +<a name="id-1.19"></a><h2>ZONE</h2> <div class="literallayout"><p><br> zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br> type ( master | slave | stub | hint | redirect |<br> @@ -621,13 +620,13 @@ zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><c };<br> </p></div> </div> -<div class="refsect1" lang="en"> -<a name="id2545698"></a><h2>FILES</h2> +<div class="refsection"> +<a name="id-1.20"></a><h2>FILES</h2> <p><code class="filename">/etc/named.conf</code> </p> </div> -<div class="refsect1" lang="en"> -<a name="id2545709"></a><h2>SEE ALSO</h2> +<div class="refsection"> +<a name="id-1.21"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>, diff --git a/bin/named/named.docbook b/bin/named/named.docbook index 0ea469d35766..ff6c00f87e46 100644 --- a/bin/named/named.docbook +++ b/bin/named/named.docbook @@ -1,6 +1,3 @@ -<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" - "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" - [<!ENTITY mdash "—">]> <!-- - Copyright (C) 2004-2009, 2011, 2013-2015 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001, 2003 Internet Software Consortium. @@ -18,9 +15,14 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<refentry id="man.named"> +<!-- Converted by db4-upgrade version 1.0 --> +<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.named"> + <info> + <date>2014-02-20</date> + </info> <refentryinfo> - <date>February 20, 2014</date> + <corpname>ISC</corpname> + <corpauthor>Internet Systems Consortium, Inc.</corpauthor> </refentryinfo> <refmeta> @@ -57,32 +59,32 @@ </docinfo> <refsynopsisdiv> - <cmdsynopsis> + <cmdsynopsis sepchar=" "> <command>named</command> - <arg><option>-4</option></arg> - <arg><option>-6</option></arg> - <arg><option>-c <replaceable class="parameter">config-file</replaceable></option></arg> - <arg><option>-d <replaceable class="parameter">debug-level</replaceable></option></arg> - <arg><option>-E <replaceable class="parameter">engine-name</replaceable></option></arg> - <arg><option>-f</option></arg> - <arg><option>-g</option></arg> - <arg><option>-M <replaceable class="parameter">option</replaceable></option></arg> - <arg><option>-m <replaceable class="parameter">flag</replaceable></option></arg> - <arg><option>-n <replaceable class="parameter">#cpus</replaceable></option></arg> - <arg><option>-p <replaceable class="parameter">port</replaceable></option></arg> - <arg><option>-s</option></arg> - <arg><option>-S <replaceable class="parameter">#max-socks</replaceable></option></arg> - <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg> - <arg><option>-U <replaceable class="parameter">#listeners</replaceable></option></arg> - <arg><option>-u <replaceable class="parameter">user</replaceable></option></arg> - <arg><option>-v</option></arg> - <arg><option>-V</option></arg> - <arg><option>-x <replaceable class="parameter">cache-file</replaceable></option></arg> + <arg choice="opt" rep="norepeat"><option>-4</option></arg> + <arg choice="opt" rep="norepeat"><option>-6</option></arg> + <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">config-file</replaceable></option></arg> + <arg choice="opt" rep="norepeat"><option>-d <replaceable class="parameter">debug-level</replaceable></option></arg> + <arg choice="opt" rep="norepeat"><option>-E <replaceable class="parameter">engine-name</replaceable></option></arg> + <arg choice="opt" rep="norepeat"><option>-f</option></arg> + <arg choice="opt" rep="norepeat"><option>-g</option></arg> + <arg choice="opt" rep="norepeat"><option>-M <replaceable class="parameter">option</replaceable></option></arg> + <arg choice="opt" rep="norepeat"><option>-m <replaceable class="parameter">flag</replaceable></option></arg> + <arg choice="opt" rep="norepeat"><option>-n <replaceable class="parameter">#cpus</replaceable></option></arg> + <arg choice="opt" rep="norepeat"><option>-p <replaceable class="parameter">port</replaceable></option></arg> + <arg choice="opt" rep="norepeat"><option>-s</option></arg> + <arg choice="opt" rep="norepeat"><option>-S <replaceable class="parameter">#max-socks</replaceable></option></arg> + <arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">directory</replaceable></option></arg> + <arg choice="opt" rep="norepeat"><option>-U <replaceable class="parameter">#listeners</replaceable></option></arg> + <arg choice="opt" rep="norepeat"><option>-u <replaceable class="parameter">user</replaceable></option></arg> + <arg choice="opt" rep="norepeat"><option>-v</option></arg> + <arg choice="opt" rep="norepeat"><option>-V</option></arg> + <arg choice="opt" rep="norepeat"><option>-x <replaceable class="parameter">cache-file</replaceable></option></arg> </cmdsynopsis> </refsynopsisdiv> - <refsect1> - <title>DESCRIPTION</title> + <refsection><info><title>DESCRIPTION</title></info> + <para><command>named</command> is a Domain Name System (DNS) server, part of the BIND 9 distribution from ISC. For more @@ -95,10 +97,10 @@ <filename>/etc/named.conf</filename>, read any initial data, and listen for queries. </para> - </refsect1> + </refsection> + + <refsection><info><title>OPTIONS</title></info> - <refsect1> - <title>OPTIONS</title> <variablelist> <varlistentry> @@ -307,11 +309,14 @@ worker threads to listen for incoming UDP packets on each address. If not specified, <command>named</command> will calculate a default value based on the number of detected - CPUs: 1 for 1 CPU, 2 for 2-4 CPUs, and the number of - detected CPUs divided by 2 for values higher than 4. + CPUs: 1 for 1 CPU, and the number of detected CPUs + minus one for machines with more than 1 CPU. This cannot + be increased to a value higher than the number of CPUs. If <option>-n</option> has been set to a higher value than the number of detected CPUs, then <option>-U</option> may be increased as high as that value, but no higher. + On Windows, the number of UDP listeners is hardwired to 1 + and this option has no effect. </para> </listitem> </varlistentry> @@ -379,10 +384,10 @@ </variablelist> - </refsect1> + </refsection> + + <refsection><info><title>SIGNALS</title></info> - <refsect1> - <title>SIGNALS</title> <para> In routine operation, signals should not be used to control the nameserver; <command>rndc</command> should be used @@ -415,10 +420,10 @@ The result of sending any other signals to the server is undefined. </para> - </refsect1> + </refsection> + + <refsection><info><title>CONFIGURATION</title></info> - <refsect1> - <title>CONFIGURATION</title> <para> The <command>named</command> configuration file is too complex to describe in detail here. A complete description is provided @@ -435,10 +440,10 @@ <command>named</command> process. </para> - </refsect1> + </refsection> + + <refsection><info><title>FILES</title></info> - <refsect1> - <title>FILES</title> <variablelist> @@ -462,10 +467,10 @@ </variablelist> - </refsect1> + </refsection> + + <refsection><info><title>SEE ALSO</title></info> - <refsect1> - <title>SEE ALSO</title> <para><citetitle>RFC 1033</citetitle>, <citetitle>RFC 1034</citetitle>, <citetitle>RFC 1035</citetitle>, @@ -491,16 +496,6 @@ </citerefentry>, <citetitle>BIND 9 Administrator Reference Manual</citetitle>. </para> - </refsect1> - - <refsect1> - <title>AUTHOR</title> - <para><corpauthor>Internet Systems Consortium</corpauthor> - </para> - </refsect1> + </refsection> -</refentry><!-- - - Local variables: - - mode: sgml - - End: ---> +</refentry> diff --git a/bin/named/named.html b/bin/named/named.html index 83494ee5d9c0..04a6b19530b0 100644 --- a/bin/named/named.html +++ b/bin/named/named.html @@ -14,14 +14,13 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id$ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>named</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.78.1"> </head> -<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> +<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry"> <a name="man.named"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> @@ -31,24 +30,24 @@ <h2>Synopsis</h2> <div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine-name</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-M <em class="replaceable"><code>option</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-S <em class="replaceable"><code>#max-socks</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-U <em class="replaceable"><code>#listeners</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-V</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div> </div> -<div class="refsect1" lang="en"> -<a name="id2543518"></a><h2>DESCRIPTION</h2> -<p><span><strong class="command">named</strong></span> +<div class="refsection"> +<a name="id-1.7"></a><h2>DESCRIPTION</h2> +<p><span class="command"><strong>named</strong></span> is a Domain Name System (DNS) server, part of the BIND 9 distribution from ISC. For more information on the DNS, see RFCs 1033, 1034, and 1035. </p> <p> - When invoked without arguments, <span><strong class="command">named</strong></span> + When invoked without arguments, <span class="command"><strong>named</strong></span> will read the default configuration file <code class="filename">/etc/named.conf</code>, read any initial data, and listen for queries. </p> </div> -<div class="refsect1" lang="en"> -<a name="id2543543"></a><h2>OPTIONS</h2> -<div class="variablelist"><dl> +<div class="refsection"> +<a name="id-1.8"></a><h2>OPTIONS</h2> +<div class="variablelist"><dl class="variablelist"> <dt><span class="term">-4</span></dt> <dd><p> Use IPv4 only even if the host machine is capable of IPv6. @@ -76,7 +75,7 @@ <dt><span class="term">-d <em class="replaceable"><code>debug-level</code></em></span></dt> <dd><p> Set the daemon's debug level to <em class="replaceable"><code>debug-level</code></em>. - Debugging traces from <span><strong class="command">named</strong></span> become + Debugging traces from <span class="command"><strong>named</strong></span> become more verbose as the debug level increases. </p></dd> <dt><span class="term">-E <em class="replaceable"><code>engine-name</code></em></span></dt> @@ -119,7 +118,7 @@ <dd><p> Create <em class="replaceable"><code>#cpus</code></em> worker threads to take advantage of multiple CPUs. If not specified, - <span><strong class="command">named</strong></span> will try to determine the + <span class="command"><strong>named</strong></span> will try to determine the number of CPUs present and create one thread per CPU. If it is unable to determine the number of CPUs, a single worker thread will be created. @@ -145,7 +144,7 @@ <dt><span class="term">-S <em class="replaceable"><code>#max-socks</code></em></span></dt> <dd> <p> - Allow <span><strong class="command">named</strong></span> to use up to + Allow <span class="command"><strong>named</strong></span> to use up to <em class="replaceable"><code>#max-socks</code></em> sockets. </p> <div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"> @@ -162,7 +161,7 @@ specified number of sockets. Note also that the actual maximum number is normally a little fewer than the specified value because - <span><strong class="command">named</strong></span> reserves some file descriptors + <span class="command"><strong>named</strong></span> reserves some file descriptors for its internal use. </p> </div> @@ -190,13 +189,16 @@ <dd><p> Use <em class="replaceable"><code>#listeners</code></em> worker threads to listen for incoming UDP packets on each - address. If not specified, <span><strong class="command">named</strong></span> will + address. If not specified, <span class="command"><strong>named</strong></span> will calculate a default value based on the number of detected - CPUs: 1 for 1 CPU, 2 for 2-4 CPUs, and the number of - detected CPUs divided by 2 for values higher than 4. + CPUs: 1 for 1 CPU, and the number of detected CPUs + minus one for machines with more than 1 CPU. This cannot + be increased to a value higher than the number of CPUs. If <code class="option">-n</code> has been set to a higher value than the number of detected CPUs, then <code class="option">-U</code> may be increased as high as that value, but no higher. + On Windows, the number of UDP listeners is hardwired to 1 + and this option has no effect. </p></dd> <dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt> <dd> @@ -208,13 +210,13 @@ <div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"> <h3 class="title">Note</h3> <p> - On Linux, <span><strong class="command">named</strong></span> uses the kernel's + On Linux, <span class="command"><strong>named</strong></span> uses the kernel's capability mechanism to drop all root privileges except the ability to <code class="function">bind(2)</code> to a privileged port and set process resource limits. Unfortunately, this means that the <code class="option">-u</code> - option only works when <span><strong class="command">named</strong></span> is + option only works when <span class="command"><strong>named</strong></span> is run on kernel 2.2.18 or later, or kernel 2.3.99-pre3 or later, since previous kernels did not allow privileges @@ -247,14 +249,14 @@ </dd> </dl></div> </div> -<div class="refsect1" lang="en"> -<a name="id2544192"></a><h2>SIGNALS</h2> +<div class="refsection"> +<a name="id-1.9"></a><h2>SIGNALS</h2> <p> In routine operation, signals should not be used to control - the nameserver; <span><strong class="command">rndc</strong></span> should be used + the nameserver; <span class="command"><strong>rndc</strong></span> should be used instead. </p> -<div class="variablelist"><dl> +<div class="variablelist"><dl class="variablelist"> <dt><span class="term">SIGHUP</span></dt> <dd><p> Force a reload of the server. @@ -268,26 +270,26 @@ The result of sending any other signals to the server is undefined. </p> </div> -<div class="refsect1" lang="en"> -<a name="id2544308"></a><h2>CONFIGURATION</h2> +<div class="refsection"> +<a name="id-1.10"></a><h2>CONFIGURATION</h2> <p> - The <span><strong class="command">named</strong></span> configuration file is too complex + The <span class="command"><strong>named</strong></span> configuration file is too complex to describe in detail here. A complete description is provided in the <em class="citetitle">BIND 9 Administrator Reference Manual</em>. </p> <p> - <span><strong class="command">named</strong></span> inherits the <code class="function">umask</code> + <span class="command"><strong>named</strong></span> inherits the <code class="function">umask</code> (file creation mode mask) from the parent process. If files - created by <span><strong class="command">named</strong></span>, such as journal files, + created by <span class="command"><strong>named</strong></span>, such as journal files, need to have custom permissions, the <code class="function">umask</code> should be set explicitly in the script used to start the - <span><strong class="command">named</strong></span> process. + <span class="command"><strong>named</strong></span> process. </p> </div> -<div class="refsect1" lang="en"> -<a name="id2544344"></a><h2>FILES</h2> -<div class="variablelist"><dl> +<div class="refsection"> +<a name="id-1.11"></a><h2>FILES</h2> +<div class="variablelist"><dl class="variablelist"> <dt><span class="term"><code class="filename">/etc/named.conf</code></span></dt> <dd><p> The default configuration file. @@ -298,8 +300,8 @@ </p></dd> </dl></div> </div> -<div class="refsect1" lang="en"> -<a name="id2544384"></a><h2>SEE ALSO</h2> +<div class="refsection"> +<a name="id-1.12"></a><h2>SEE ALSO</h2> <p><em class="citetitle">RFC 1033</em>, <em class="citetitle">RFC 1034</em>, <em class="citetitle">RFC 1035</em>, @@ -311,10 +313,5 @@ <em class="citetitle">BIND 9 Administrator Reference Manual</em>. </p> </div> -<div class="refsect1" lang="en"> -<a name="id2544454"></a><h2>AUTHOR</h2> -<p><span class="corpauthor">Internet Systems Consortium</span> - </p> -</div> </div></body> </html> diff --git a/bin/named/query.c b/bin/named/query.c index 8df3c714514a..d780671eb539 100644 --- a/bin/named/query.c +++ b/bin/named/query.c @@ -26,6 +26,7 @@ #include <isc/print.h> #include <isc/serial.h> #include <isc/stats.h> +#include <isc/thread.h> #include <isc/util.h> #include <dns/adb.h> @@ -90,6 +91,9 @@ /*% Want Recursion? */ #define WANTRECURSION(c) (((c)->query.attributes & \ NS_QUERYATTR_WANTRECURSION) != 0) +/*% Is TCP? */ +#define TCP(c) (((c)->attributes & NS_CLIENTATTR_TCP) != 0) + /*% Want DNSSEC? */ #define WANTDNSSEC(c) (((c)->attributes & \ NS_CLIENTATTR_WANTDNSSEC) != 0) @@ -118,26 +122,37 @@ DNS_RDATASETATTR_NOQNAME) != 0) #ifdef WANT_QUERYTRACE -#define CTRACE(l,m) do { \ - if (client != NULL && client->query.qname != NULL) { \ - if (isc_log_wouldlog(ns_g_lctx, l)) { \ - char qbuf[DNS_NAME_FORMATSIZE]; \ - dns_name_format(client->query.qname, \ - qbuf, sizeof(qbuf)); \ - isc_log_write(ns_g_lctx, \ - NS_LOGCATEGORY_CLIENT, \ - NS_LOGMODULE_QUERY, \ - l, "client %p (%s): %s", \ - client, qbuf, (m)); \ - } \ - } else { \ - isc_log_write(ns_g_lctx, \ - NS_LOGCATEGORY_CLIENT, \ - NS_LOGMODULE_QUERY, \ - l, "client %p (<unknown-name>): %s", \ - client, (m)); \ - } \ -} while(0) +static inline void +client_trace(ns_client_t *client, int level, const char *message) { + if (client != NULL && client->query.qname != NULL) { + if (isc_log_wouldlog(ns_g_lctx, level)) { + char qbuf[DNS_NAME_FORMATSIZE]; + char tbuf[DNS_RDATATYPE_FORMATSIZE]; + dns_name_format(client->query.qname, + qbuf, sizeof(qbuf)); + dns_rdatatype_format(client->query.qtype, + tbuf, sizeof(tbuf)); + isc_log_write(ns_g_lctx, + NS_LOGCATEGORY_CLIENT, + NS_LOGMODULE_QUERY, level, + "query client=%p thread=0x%lx " + "(%s/%s): %s", + client, + (unsigned long) isc_thread_self(), + qbuf, tbuf, message); + } + } else { + isc_log_write(ns_g_lctx, + NS_LOGCATEGORY_CLIENT, + NS_LOGMODULE_QUERY, level, + "query client=%p thread=0x%lx " + "(<unknown-query>): %s", + client, + (unsigned long) isc_thread_self(), + message); + } +} +#define CTRACE(l,m) client_trace(client, l, m) #else #define CTRACE(l,m) ((void)m) #endif /* WANT_QUERYTRACE */ @@ -330,6 +345,8 @@ query_reset(ns_client_t *client, isc_boolean_t everything) { isc_buffer_t *dbuf, *dbuf_next; ns_dbversion_t *dbversion, *dbversion_next; + CTRACE(ISC_LOG_DEBUG(3), "query_reset"); + /*% * Reset the query state of a client to its default state. */ @@ -471,7 +488,7 @@ query_getnamebuf(ns_client_t *client) { dbuf = ISC_LIST_TAIL(client->query.namebufs); INSIST(dbuf != NULL); isc_buffer_availableregion(dbuf, &r); - if (r.length < 255) { + if (r.length < DNS_NAME_MAXWIRE) { result = query_newnamebuf(client); if (result != ISC_R_SUCCESS) { CTRACE(ISC_LOG_DEBUG(3), @@ -951,7 +968,7 @@ rpz_log_fail(ns_client_t *client, int level, */ dns_name_format(client->query.qname, namebuf1, sizeof(namebuf1)); dns_name_format(name, namebuf2, sizeof(namebuf2)); - ns_client_log(client, NS_LOGCATEGORY_QUERY_EERRORS, + ns_client_log(client, NS_LOGCATEGORY_QUERY_ERRORS, NS_LOGMODULE_QUERY, level, "rpz %s rewrite %s via %s %sfailed: %s", dns_rpz_type2str(rpz_type), @@ -3732,7 +3749,7 @@ query_resume(isc_task_t *task, isc_event_t *event) { ns_client_t *client; isc_boolean_t fetch_canceled, client_shuttingdown; isc_result_t result; - isc_logcategory_t *logcategory = NS_LOGCATEGORY_QUERY_EERRORS; + isc_logcategory_t *logcategory = NS_LOGCATEGORY_QUERY_ERRORS; int errorloglevel; /* @@ -4419,8 +4436,6 @@ rpz_find(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qnamef, policy = DNS_RPZ_POLICY_MISS; break; default: - dns_db_detach(dbp); - dns_zone_detach(zonep); rpz_log_fail(client, DNS_RPZ_ERROR_LEVEL, rpz_type, qnamef, "", result); CTRACE(ISC_LOG_ERROR, @@ -5668,6 +5683,10 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) isc_boolean_t associated; dns_section_t section; dns_ttl_t ttl; +#ifdef WANT_QUERYTRACE + char mbuf[BUFSIZ]; + char qbuf[DNS_NAME_FORMATSIZE]; +#endif CTRACE(ISC_LOG_DEBUG(3), "query_find"); @@ -5702,6 +5721,25 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) dns_clientinfomethods_init(&cm, ns_client_sourceip); dns_clientinfo_init(&ci, client); +#ifdef WANT_QUERYTRACE + if (client->query.origqname != NULL) + dns_name_format(client->query.origqname, qbuf, + sizeof(qbuf)); + else + snprintf(qbuf, sizeof(qbuf), "<unset>"); + + snprintf(mbuf, sizeof(mbuf) - 1, + "client attr:0x%x, query attr:0x%X, restarts:%d, " + "origqname:%s, timer:%d, authdb:%d, referral:%d", + client->attributes, + client->query.attributes, + client->query.restarts, qbuf, + (int) client->query.timerset, + (int) client->query.authdbset, + (int) client->query.isreferral); + CTRACE(ISC_LOG_DEBUG(3), mbuf); +#endif + if (event != NULL) { /* * We're returning from recursion. Restore the query context @@ -5711,7 +5749,33 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) rpz_st = client->query.rpz_st; if (rpz_st != NULL && - (rpz_st->state & DNS_RPZ_RECURSING) != 0) { + (rpz_st->state & DNS_RPZ_RECURSING) != 0) + { + CTRACE(ISC_LOG_DEBUG(3), "resume from RPZ recursion"); +#ifdef WANT_QUERYTRACE + { + char rbuf[DNS_NAME_FORMATSIZE] = "<unset>"; + char fbuf[DNS_NAME_FORMATSIZE] = "<unset>"; + if (rpz_st->qname != NULL) + dns_name_format(rpz_st->qname, + qbuf, sizeof(qbuf)); + else + snprintf(qbuf, sizeof(qbuf), + "<unset>"); + if (rpz_st->r_name != NULL) + dns_name_format(rpz_st->r_name, + rbuf, sizeof(rbuf)); + if (rpz_st->fname != NULL) + dns_name_format(rpz_st->fname, + fbuf, sizeof(fbuf)); + + snprintf(mbuf, sizeof(mbuf) - 1, + "rpz qname %s, rname:%s, fname:%s", + qbuf, rbuf, fbuf); + CTRACE(ISC_LOG_DEBUG(3), mbuf); + } +#endif + is_zone = rpz_st->q.is_zone; authoritative = rpz_st->q.authoritative; zone = rpz_st->q.zone; @@ -5741,6 +5805,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) rdataset = event->rdataset; sigrdataset = event->sigrdataset; } + INSIST(rdataset != NULL); if (qtype == dns_rdatatype_rrsig || qtype == dns_rdatatype_sig) type = dns_rdatatype_any; @@ -5846,11 +5911,14 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) options |= DNS_GETDB_NOEXACT; result = query_getdb(client, client->query.qname, qtype, options, &zone, &db, &version, &is_zone); - if ((result != ISC_R_SUCCESS || !is_zone) && !RECURSIONOK(client) && - (options & DNS_GETDB_NOEXACT) != 0 && qtype == dns_rdatatype_ds) { + if (ISC_UNLIKELY((result != ISC_R_SUCCESS || !is_zone) && + qtype == dns_rdatatype_ds && + !RECURSIONOK(client) && + (options & DNS_GETDB_NOEXACT) != 0)) + { /* - * Look to see if we are authoritative for the - * child zone if the query type is DS. + * If the query type is DS, look to see if we are + * authoritative for the child zone. */ dns_db_t *tdb = NULL; dns_zone_t *tzone = NULL; @@ -5923,7 +5991,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) * We'll need some resources... */ dbuf = query_getnamebuf(client); - if (dbuf == NULL) { + if (ISC_UNLIKELY(dbuf == NULL)) { CTRACE(ISC_LOG_ERROR, "query_find: query_getnamebuf failed (2)"); QUERY_ERROR(DNS_R_SERVFAIL); @@ -5931,7 +5999,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) } fname = query_newname(client, dbuf, &b); rdataset = query_newrdataset(client); - if (fname == NULL || rdataset == NULL) { + if (ISC_UNLIKELY(fname == NULL || rdataset == NULL)) { CTRACE(ISC_LOG_ERROR, "query_find: query_newname failed (2)"); QUERY_ERROR(DNS_R_SERVFAIL); @@ -6072,7 +6140,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) inc_stats(client, dns_nsstatscounter_rateslipped); client->message->flags |= - DNS_MESSAGEFLAG_TC; + DNS_MESSAGEFLAG_TC; if (resp_result == DNS_R_NXDOMAIN) client->message->rcode = dns_rcode_nxdomain; @@ -7737,7 +7805,7 @@ log_queryerror(ns_client_t *client, isc_result_t result, int line, int level) { } } - ns_client_log(client, NS_LOGCATEGORY_QUERY_EERRORS, NS_LOGMODULE_QUERY, + ns_client_log(client, NS_LOGCATEGORY_QUERY_ERRORS, NS_LOGMODULE_QUERY, level, "query failed (%s)%s%s%s%s%s%s at %s:%d", isc_result_totext(result), sep1, namep, sep2, classp, sep2, typep, __FILE__, line); @@ -7758,8 +7826,16 @@ ns_query_start(ns_client_t *client) { /* * Test only. */ - if (ns_g_clienttest && (client->attributes & NS_CLIENTATTR_TCP) == 0) - RUNTIME_CHECK(ns_client_replace(client) == ISC_R_SUCCESS); + if (ns_g_clienttest && !TCP(client)) { + result = ns_client_replace(client); + if (result == ISC_R_SHUTTINGDOWN) { + ns_client_next(client, result); + return; + } else if (result != ISC_R_SUCCESS) { + query_error(client, result, __LINE__); + return; + } + } /* * Ensure that appropriate cleanups occur. @@ -7806,6 +7882,14 @@ ns_query_start(ns_client_t *client) { } /* + * Check for multiple question queries, since edns1 is dead. + */ + if (message->counts[DNS_SECTION_QUESTION] > 1) { + query_error(client, DNS_R_FORMERR, __LINE__); + return; + } + + /* * Get the question name. */ result = dns_message_firstname(message, DNS_SECTION_QUESTION); @@ -7833,19 +7917,11 @@ ns_query_start(ns_client_t *client) { log_query(client, saved_flags, saved_extflags); /* - * Check for multiple question queries, since edns1 is dead. - */ - if (message->counts[DNS_SECTION_QUESTION] > 1) { - query_error(client, DNS_R_FORMERR, __LINE__); - return; - } - - /* * Check for meta-queries like IXFR and AXFR. */ rdataset = ISC_LIST_HEAD(client->query.qname->list); INSIST(rdataset != NULL); - qtype = rdataset->type; + client->query.qtype = qtype = rdataset->type; dns_rdatatypestats_increment(ns_g_server->rcvquerystats, qtype); if (dns_rdatatype_ismeta(qtype)) { diff --git a/bin/named/server.c b/bin/named/server.c index d7d1a59fc16c..e6a1651f22d6 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2016 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -188,6 +188,7 @@ struct ns_cache { dns_view_t *primaryview; isc_boolean_t needflush; isc_boolean_t adbsizeadjusted; + dns_rdataclass_t rdclass; ISC_LINK(ns_cache_t) link; }; @@ -1388,13 +1389,16 @@ setquerystats(dns_zone_t *zone, isc_mem_t *mctx, dns_zonestat_level_t level) { } static ns_cache_t * -cachelist_find(ns_cachelist_t *cachelist, const char *cachename) { +cachelist_find(ns_cachelist_t *cachelist, const char *cachename, + dns_rdataclass_t rdclass) +{ ns_cache_t *nsc; for (nsc = ISC_LIST_HEAD(*cachelist); nsc != NULL; nsc = ISC_LIST_NEXT(nsc, link)) { - if (strcmp(dns_cache_getname(nsc->cache), cachename) == 0) + if (nsc->rdclass == rdclass && + strcmp(dns_cache_getname(nsc->cache), cachename) == 0) return (nsc); } @@ -1405,7 +1409,8 @@ static isc_boolean_t cache_reusable(dns_view_t *originview, dns_view_t *view, isc_boolean_t new_zero_no_soattl) { - if (originview->checknames != view->checknames || + if (originview->rdclass != view->rdclass || + originview->checknames != view->checknames || dns_resolver_getzeronosoattl(originview->resolver) != new_zero_no_soattl || originview->acceptexpired != view->acceptexpired || @@ -2595,7 +2600,7 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, else cachename = view->name; cache = NULL; - nsc = cachelist_find(cachelist, cachename); + nsc = cachelist_find(cachelist, cachename, view->rdclass); if (nsc != NULL) { if (!cache_sharable(nsc->primaryview, view, zero_no_soattl, cleaning_interval, max_cache_size)) { @@ -2677,6 +2682,7 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, nsc->primaryview = view; nsc->needflush = ISC_FALSE; nsc->adbsizeadjusted = ISC_FALSE; + nsc->rdclass = view->rdclass; ISC_LINK_INIT(nsc, link); ISC_LIST_APPEND(*cachelist, nsc, link); } @@ -3760,8 +3766,15 @@ get_viewinfo(const cfg_obj_t *vconfig, const char **namep, viewname = cfg_obj_asstring(cfg_tuple_get(vconfig, "name")); classobj = cfg_tuple_get(vconfig, "class"); - result = ns_config_getclass(classobj, dns_rdataclass_in, - &viewclass); + CHECK(ns_config_getclass(classobj, dns_rdataclass_in, + &viewclass)); + if (dns_rdataclass_ismeta(viewclass)) { + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_ERROR, + "view '%s': class must not be meta", + viewname); + CHECK(ISC_R_FAILURE); + } } else { viewname = "_default"; viewclass = dns_rdataclass_in; @@ -3770,6 +3783,7 @@ get_viewinfo(const cfg_obj_t *vconfig, const char **namep, *namep = viewname; *classp = viewclass; +cleanup: return (result); } @@ -6603,28 +6617,61 @@ ns_server_reloadwanted(ns_server_t *server) { } static char * -next_token(char **stringp, const char *delim) { - char *res; +next_token(isc_lex_t *lex, isc_buffer_t *text) { + isc_result_t result; + isc_token_t token; - do { - res = strsep(stringp, delim); - if (res == NULL) - break; - } while (*res == '\0'); - return (res); + token.type = isc_tokentype_unknown; + result = isc_lex_gettoken(lex, ISC_LEXOPT_EOF|ISC_LEXOPT_QSTRING, + &token); + + switch (result) { + case ISC_R_NOMORE: + (void) isc_lex_close(lex); + break; + case ISC_R_SUCCESS: + if (token.type == isc_tokentype_eof) + (void) isc_lex_close(lex); + break; + case ISC_R_NOSPACE: + if (text != NULL) { + (void) putstr(text, "token too large"); + (void) putnull(text); + } + return (NULL); + default: + if (text != NULL) { + (void) putstr(text, isc_result_totext(result)); + (void) putnull(text); + } + return (NULL); + } + + if (token.type == isc_tokentype_string || + token.type == isc_tokentype_qstring) + return (token.value.as_textregion.base); + + return (NULL); } /* - * Find the zone specified in the control channel command 'args', - * if any. If a zone is specified, point '*zonep' at it, otherwise - * set '*zonep' to NULL. + * Find the zone specified in the control channel command, if any. + * If a zone is specified, point '*zonep' at it, otherwise + * set '*zonep' to NULL, and f 'zonename' is not NULL, copy + * the zone name into it (N.B. 'zonename' must have space to hold + * a full DNS name). + * + * If 'zonetxt' is set, the caller has already pulled a token + * off the command line that is to be used as the zone name. (This + * is sometimes done when it's necessary to check for an optional + * argument before the zone name, as in "rndc sync [-clean] zone".) */ static isc_result_t -zone_from_args(ns_server_t *server, char *args, const char *zonetxt, - dns_zone_t **zonep, const char **zonename, +zone_from_args(ns_server_t *server, isc_lex_t *lex, const char *zonetxt, + dns_zone_t **zonep, char *zonename, isc_buffer_t *text, isc_boolean_t skip) { - char *input, *ptr; + char *ptr; char *classtxt; const char *viewtxt = NULL; dns_fixedname_t fname; @@ -6633,43 +6680,42 @@ zone_from_args(ns_server_t *server, char *args, const char *zonetxt, dns_view_t *view = NULL; dns_rdataclass_t rdclass; char problem[DNS_NAME_FORMATSIZE + 500] = ""; + char zonebuf[DNS_NAME_FORMATSIZE]; REQUIRE(zonep != NULL && *zonep == NULL); - REQUIRE(zonename == NULL || *zonename == NULL); - - input = args; if (skip) { /* Skip the command name. */ - ptr = next_token(&input, " \t"); + ptr = next_token(lex, text); if (ptr == NULL) return (ISC_R_UNEXPECTEDEND); } /* Look for the zone name. */ if (zonetxt == NULL) - zonetxt = next_token(&input, " \t"); + zonetxt = next_token(lex, text); if (zonetxt == NULL) return (ISC_R_SUCCESS); - if (zonename != NULL) - *zonename = zonetxt; - /* Look for the optional class name. */ - classtxt = next_token(&input, " \t"); - if (classtxt != NULL) { - /* Look for the optional view name. */ - viewtxt = next_token(&input, " \t"); - } + /* Copy zonetxt because it'll be overwritten by next_token() */ + strlcpy(zonebuf, zonetxt, DNS_NAME_FORMATSIZE); + if (zonename != NULL) + strlcpy(zonename, zonetxt, DNS_NAME_FORMATSIZE); dns_fixedname_init(&fname); name = dns_fixedname_name(&fname); - CHECK(dns_name_fromstring(name, zonetxt, 0, NULL)); + CHECK(dns_name_fromstring(name, zonebuf, 0, NULL)); + /* Look for the optional class name. */ + classtxt = next_token(lex, text); if (classtxt != NULL) { isc_textregion_t r; r.base = classtxt; r.length = strlen(classtxt); CHECK(dns_rdataclass_fromtext(&rdclass, &r)); + + /* Look for the optional view name. */ + viewtxt = next_token(lex, text); } else rdclass = dns_rdataclass_in; @@ -6680,11 +6726,11 @@ zone_from_args(ns_server_t *server, char *args, const char *zonetxt, if (result == ISC_R_NOTFOUND) snprintf(problem, sizeof(problem), "no matching zone '%s' in any view", - zonetxt); + zonebuf); else if (result == ISC_R_MULTIPLE) snprintf(problem, sizeof(problem), "zone '%s' was found in multiple views", - zonetxt); + zonebuf); } else { result = dns_viewlist_find(&server->viewlist, viewtxt, rdclass, &view); @@ -6698,7 +6744,7 @@ zone_from_args(ns_server_t *server, char *args, const char *zonetxt, if (result != ISC_R_SUCCESS) snprintf(problem, sizeof(problem), "no matching zone '%s' in view '%s'", - zonetxt, viewtxt); + zonebuf, viewtxt); } /* Partial match? */ @@ -6726,7 +6772,7 @@ zone_from_args(ns_server_t *server, char *args, const char *zonetxt, * Act on a "retransfer" command from the command channel. */ isc_result_t -ns_server_retransfercommand(ns_server_t *server, char *args, +ns_server_retransfercommand(ns_server_t *server, isc_lex_t *lex, isc_buffer_t *text) { isc_result_t result; @@ -6734,7 +6780,7 @@ ns_server_retransfercommand(ns_server_t *server, char *args, dns_zone_t *raw = NULL; dns_zonetype_t type; - result = zone_from_args(server, args, NULL, &zone, NULL, + result = zone_from_args(server, lex, NULL, &zone, NULL, text, ISC_TRUE); if (result != ISC_R_SUCCESS) return (result); @@ -6759,13 +6805,15 @@ ns_server_retransfercommand(ns_server_t *server, char *args, * Act on a "reload" command from the command channel. */ isc_result_t -ns_server_reloadcommand(ns_server_t *server, char *args, isc_buffer_t *text) { +ns_server_reloadcommand(ns_server_t *server, isc_lex_t *lex, + isc_buffer_t *text) +{ isc_result_t result; dns_zone_t *zone = NULL; dns_zonetype_t type; const char *msg = NULL; - result = zone_from_args(server, args, NULL, &zone, NULL, + result = zone_from_args(server, lex, NULL, &zone, NULL, text, ISC_TRUE); if (result != ISC_R_SUCCESS) return (result); @@ -6833,12 +6881,14 @@ cleanup: * Act on a "notify" command from the command channel. */ isc_result_t -ns_server_notifycommand(ns_server_t *server, char *args, isc_buffer_t *text) { +ns_server_notifycommand(ns_server_t *server, isc_lex_t *lex, + isc_buffer_t *text) +{ isc_result_t result; dns_zone_t *zone = NULL; const unsigned char msg[] = "zone notify queued"; - result = zone_from_args(server, args, NULL, &zone, NULL, + result = zone_from_args(server, lex, NULL, &zone, NULL, text, ISC_TRUE); if (result != ISC_R_SUCCESS) return (result); @@ -6857,14 +6907,16 @@ ns_server_notifycommand(ns_server_t *server, char *args, isc_buffer_t *text) { * Act on a "refresh" command from the command channel. */ isc_result_t -ns_server_refreshcommand(ns_server_t *server, char *args, isc_buffer_t *text) { +ns_server_refreshcommand(ns_server_t *server, isc_lex_t *lex, + isc_buffer_t *text) +{ isc_result_t result; dns_zone_t *zone = NULL, *raw = NULL; const unsigned char msg1[] = "zone refresh queued"; const unsigned char msg2[] = "not a slave or stub zone"; dns_zonetype_t type; - result = zone_from_args(server, args, NULL, &zone, NULL, + result = zone_from_args(server, lex, NULL, &zone, NULL, text, ISC_TRUE); if (result != ISC_R_SUCCESS) return (result); @@ -6894,16 +6946,16 @@ ns_server_refreshcommand(ns_server_t *server, char *args, isc_buffer_t *text) { } isc_result_t -ns_server_togglequerylog(ns_server_t *server, char *args) { +ns_server_togglequerylog(ns_server_t *server, isc_lex_t *lex) { isc_boolean_t value; char *ptr; /* Skip the command name. */ - ptr = next_token(&args, " \t"); + ptr = next_token(lex, NULL); if (ptr == NULL) return (ISC_R_UNEXPECTEDEND); - ptr = next_token(&args, " \t"); + ptr = next_token(lex, NULL); if (ptr == NULL) value = server->log_queries ? ISC_FALSE : ISC_TRUE; else if (strcasecmp(ptr, "yes") == 0 || strcasecmp(ptr, "on") == 0) @@ -7239,7 +7291,7 @@ dumpdone(void *arg, isc_result_t result) { } isc_result_t -ns_server_dumpdb(ns_server_t *server, char *args) { +ns_server_dumpdb(ns_server_t *server, isc_lex_t *lex) { struct dumpcontext *dctx = NULL; dns_view_t *view; isc_result_t result; @@ -7247,7 +7299,7 @@ ns_server_dumpdb(ns_server_t *server, char *args) { const char *sep; /* Skip the command name. */ - ptr = next_token(&args, " \t"); + ptr = next_token(lex, NULL); if (ptr == NULL) return (ISC_R_UNEXPECTEDEND); @@ -7275,37 +7327,37 @@ ns_server_dumpdb(ns_server_t *server, char *args) { CHECKMF(isc_stdio_open(server->dumpfile, "w", &dctx->fp), "could not open dump file", server->dumpfile); - sep = (args == NULL) ? "" : ": "; + ptr = next_token(lex, NULL); + sep = (ptr == NULL) ? "" : ": "; isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_INFO, - "dumpdb started%s%s", sep, (args != NULL) ? args : ""); + "dumpdb started%s%s", sep, (ptr != NULL) ? ptr : ""); - ptr = next_token(&args, " \t"); if (ptr != NULL && strcmp(ptr, "-all") == 0) { /* also dump zones */ dctx->dumpzones = ISC_TRUE; - ptr = next_token(&args, " \t"); + ptr = next_token(lex, NULL); } else if (ptr != NULL && strcmp(ptr, "-cache") == 0) { /* this is the default */ - ptr = next_token(&args, " \t"); + ptr = next_token(lex, NULL); } else if (ptr != NULL && strcmp(ptr, "-zones") == 0) { /* only dump zones, suppress caches */ dctx->dumpadb = ISC_FALSE; dctx->dumpbad = ISC_FALSE; dctx->dumpcache = ISC_FALSE; dctx->dumpzones = ISC_TRUE; - ptr = next_token(&args, " \t"); + ptr = next_token(lex, NULL); #ifdef ENABLE_FETCHLIMIT } else if (ptr != NULL && strcmp(ptr, "-adb") == 0) { /* only dump adb, suppress other caches */ dctx->dumpbad = ISC_FALSE; dctx->dumpcache = ISC_FALSE; - ptr = next_token(&args, " \t"); + ptr = next_token(lex, NULL); } else if (ptr != NULL && strcmp(ptr, "-bad") == 0) { /* only dump badcache, suppress other caches */ dctx->dumpadb = ISC_FALSE; dctx->dumpcache = ISC_FALSE; - ptr = next_token(&args, " \t"); + ptr = next_token(lex, NULL); #endif /* ENABLE_FETCHLIMIT */ } @@ -7319,7 +7371,7 @@ ns_server_dumpdb(ns_server_t *server, char *args) { CHECK(add_view_tolist(dctx, view)); } if (ptr != NULL) { - ptr = next_token(&args, " \t"); + ptr = next_token(lex, NULL); if (ptr != NULL) goto nextview; } @@ -7333,7 +7385,7 @@ ns_server_dumpdb(ns_server_t *server, char *args) { } isc_result_t -ns_server_dumpsecroots(ns_server_t *server, char *args) { +ns_server_dumpsecroots(ns_server_t *server, isc_lex_t *lex) { dns_view_t *view; dns_keytable_t *secroots = NULL; isc_result_t result; @@ -7343,11 +7395,11 @@ ns_server_dumpsecroots(ns_server_t *server, char *args) { char tbuf[64]; /* Skip the command name. */ - ptr = next_token(&args, " \t"); + ptr = next_token(lex, NULL); if (ptr == NULL) return (ISC_R_UNEXPECTEDEND); - ptr = next_token(&args, " \t"); + ptr = next_token(lex, NULL); CHECKMF(isc_stdio_open(server->secrootsfile, "w", &fp), "could not open secroots dump file", server->secrootsfile); @@ -7376,7 +7428,7 @@ ns_server_dumpsecroots(ns_server_t *server, char *args) { isc_result_totext(result)); } if (ptr != NULL) - ptr = next_token(&args, " \t"); + ptr = next_token(lex, NULL); } while (ptr != NULL); cleanup: @@ -7438,26 +7490,25 @@ ns_server_dumprecursing(ns_server_t *server) { } isc_result_t -ns_server_setdebuglevel(ns_server_t *server, char *args) { +ns_server_setdebuglevel(ns_server_t *server, isc_lex_t *lex) { char *ptr; - char *levelstr; char *endp; long newlevel; UNUSED(server); /* Skip the command name. */ - ptr = next_token(&args, " \t"); + ptr = next_token(lex, NULL); if (ptr == NULL) return (ISC_R_UNEXPECTEDEND); /* Look for the new level name. */ - levelstr = next_token(&args, " \t"); - if (levelstr == NULL) { + ptr = next_token(lex, NULL); + if (ptr == NULL) { if (ns_g_debuglevel < 99) ns_g_debuglevel++; } else { - newlevel = strtol(levelstr, &endp, 10); + newlevel = strtol(ptr, &endp, 10); if (*endp != '\0' || newlevel < 0 || newlevel > 99) return (ISC_R_RANGE); ns_g_debuglevel = (unsigned int)newlevel; @@ -7470,20 +7521,20 @@ ns_server_setdebuglevel(ns_server_t *server, char *args) { } isc_result_t -ns_server_validation(ns_server_t *server, char *args) { - char *ptr, *viewname; +ns_server_validation(ns_server_t *server, isc_lex_t *lex) { + char *ptr; dns_view_t *view; isc_boolean_t changed = ISC_FALSE; isc_result_t result; isc_boolean_t enable; /* Skip the command name. */ - ptr = next_token(&args, " \t"); + ptr = next_token(lex, NULL); if (ptr == NULL) return (ISC_R_UNEXPECTEDEND); /* Find out what we are to do. */ - ptr = next_token(&args, " \t"); + ptr = next_token(lex, NULL); if (ptr == NULL) return (ISC_R_UNEXPECTEDEND); @@ -7497,7 +7548,7 @@ ns_server_validation(ns_server_t *server, char *args) { return (DNS_R_SYNTAX); /* Look for the view name. */ - viewname = next_token(&args, " \t"); + ptr = next_token(lex, NULL); result = isc_task_beginexclusive(server->task); RUNTIME_CHECK(result == ISC_R_SUCCESS); @@ -7505,7 +7556,7 @@ ns_server_validation(ns_server_t *server, char *args) { view != NULL; view = ISC_LIST_NEXT(view, link)) { - if (viewname != NULL && strcasecmp(viewname, view->name) != 0) + if (ptr != NULL && strcasecmp(ptr, view->name) != 0) continue; result = dns_view_flushcache(view); if (result != ISC_R_SUCCESS) @@ -7523,8 +7574,8 @@ ns_server_validation(ns_server_t *server, char *args) { } isc_result_t -ns_server_flushcache(ns_server_t *server, char *args) { - char *ptr, *viewname; +ns_server_flushcache(ns_server_t *server, isc_lex_t *lex) { + char *ptr; dns_view_t *view; isc_boolean_t flushed; isc_boolean_t found; @@ -7532,12 +7583,12 @@ ns_server_flushcache(ns_server_t *server, char *args) { ns_cache_t *nsc; /* Skip the command name. */ - ptr = next_token(&args, " \t"); + ptr = next_token(lex, NULL); if (ptr == NULL) return (ISC_R_UNEXPECTEDEND); /* Look for the view name. */ - viewname = next_token(&args, " \t"); + ptr = next_token(lex, NULL); result = isc_task_beginexclusive(server->task); RUNTIME_CHECK(result == ISC_R_SUCCESS); @@ -7550,7 +7601,7 @@ ns_server_flushcache(ns_server_t *server, char *args) { * list, flush these caches, and then update other views that refer to * the flushed cache DB. */ - if (viewname != NULL) { + if (ptr != NULL) { /* * Mark caches that need to be flushed. This is an O(#view^2) * operation in the very worst case, but should be normally @@ -7561,7 +7612,7 @@ ns_server_flushcache(ns_server_t *server, char *args) { view != NULL; view = ISC_LIST_NEXT(view, link)) { - if (strcasecmp(viewname, view->name) != 0) + if (strcasecmp(ptr, view->name) != 0) continue; found = ISC_TRUE; for (nsc = ISC_LIST_HEAD(server->cachelist); @@ -7580,7 +7631,7 @@ ns_server_flushcache(ns_server_t *server, char *args) { for (nsc = ISC_LIST_HEAD(server->cachelist); nsc != NULL; nsc = ISC_LIST_NEXT(nsc, link)) { - if (viewname != NULL && !nsc->needflush) + if (ptr != NULL && !nsc->needflush) continue; nsc->needflush = ISC_TRUE; result = dns_view_flushcache2(nsc->primaryview, ISC_FALSE); @@ -7634,11 +7685,11 @@ ns_server_flushcache(ns_server_t *server, char *args) { } if (flushed && found) { - if (viewname != NULL) + if (ptr != NULL) isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_INFO, "flushing cache in view '%s' succeeded", - viewname); + ptr); else isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_INFO, @@ -7649,7 +7700,7 @@ ns_server_flushcache(ns_server_t *server, char *args) { isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_ERROR, "flushing cache in view '%s' failed: " - "view not found", viewname); + "view not found", ptr); result = ISC_R_NOTFOUND; } else result = ISC_R_FAILURE; @@ -7659,8 +7710,9 @@ ns_server_flushcache(ns_server_t *server, char *args) { } isc_result_t -ns_server_flushnode(ns_server_t *server, char *args, isc_boolean_t tree) { - char *ptr, *target, *viewname; +ns_server_flushnode(ns_server_t *server, isc_lex_t *lex, isc_boolean_t tree) { + char *ptr, *viewname; + char target[DNS_NAME_FORMATSIZE]; dns_view_t *view; isc_boolean_t flushed; isc_boolean_t found; @@ -7670,15 +7722,16 @@ ns_server_flushnode(ns_server_t *server, char *args, isc_boolean_t tree) { dns_name_t *name; /* Skip the command name. */ - ptr = next_token(&args, " \t"); + ptr = next_token(lex, NULL); if (ptr == NULL) return (ISC_R_UNEXPECTEDEND); /* Find the domain name to flush. */ - target = next_token(&args, " \t"); - if (target == NULL) + ptr = next_token(lex, NULL); + if (ptr == NULL) return (ISC_R_UNEXPECTEDEND); + strlcpy(target, ptr, DNS_NAME_FORMATSIZE); isc_buffer_constinit(&b, target, strlen(target)); isc_buffer_add(&b, strlen(target)); dns_fixedname_init(&fixed); @@ -7688,7 +7741,7 @@ ns_server_flushnode(ns_server_t *server, char *args, isc_boolean_t tree) { return (result); /* Look for the view name. */ - viewname = next_token(&args, " \t"); + viewname = next_token(lex, NULL); result = isc_task_beginexclusive(server->task); RUNTIME_CHECK(result == ISC_R_SUCCESS); @@ -7868,19 +7921,22 @@ delete_keynames(dns_tsig_keyring_t *ring, char *target, } isc_result_t -ns_server_tsigdelete(ns_server_t *server, char *command, isc_buffer_t *text) { +ns_server_tsigdelete(ns_server_t *server, isc_lex_t *lex, isc_buffer_t *text) { isc_result_t result; unsigned int n; dns_view_t *view; unsigned int foundkeys = 0; - char *target; - char *viewname; + char *ptr, *viewname; + char target[DNS_NAME_FORMATSIZE]; + + (void)next_token(lex, text); /* skip command name */ - (void)next_token(&command, " \t"); /* skip command name */ - target = next_token(&command, " \t"); - if (target == NULL) + ptr = next_token(lex, text); + if (ptr == NULL) return (ISC_R_UNEXPECTEDEND); - viewname = next_token(&command, " \t"); + strlcpy(target, ptr, DNS_NAME_FORMATSIZE); + + viewname = next_token(lex, text); result = isc_task_beginexclusive(server->task); RUNTIME_CHECK(result == ISC_R_SUCCESS); @@ -8039,18 +8095,23 @@ ns_server_tsiglist(ns_server_t *server, isc_buffer_t *text) { * Act on a "sign" or "loadkeys" command from the command channel. */ isc_result_t -ns_server_rekey(ns_server_t *server, char *args, isc_buffer_t *text) { +ns_server_rekey(ns_server_t *server, isc_lex_t *lex, isc_buffer_t *text) { isc_result_t result; dns_zone_t *zone = NULL; dns_zonetype_t type; isc_uint16_t keyopts; isc_boolean_t fullsign = ISC_FALSE; + char *ptr; - if (strncasecmp(args, NS_COMMAND_SIGN, strlen(NS_COMMAND_SIGN)) == 0) - fullsign = ISC_TRUE; + ptr = next_token(lex, text); + if (ptr == NULL) + return (ISC_R_UNEXPECTEDEND); - result = zone_from_args(server, args, NULL, &zone, NULL, - text, ISC_TRUE); + if (strcasecmp(ptr, NS_COMMAND_SIGN) == 0) + fullsign = ISC_TRUE; + + result = zone_from_args(server, lex, NULL, &zone, NULL, + text, ISC_FALSE); if (result != ISC_R_SUCCESS) return (result); if (zone == NULL) @@ -8105,7 +8166,7 @@ synczone(dns_zone_t *zone, void *uap) { } isc_result_t -ns_server_sync(ns_server_t *server, char *args, isc_buffer_t *text) { +ns_server_sync(ns_server_t *server, isc_lex_t *lex, isc_buffer_t *text) { isc_result_t result, tresult; dns_view_t *view; dns_zone_t *zone = NULL; @@ -8114,16 +8175,16 @@ ns_server_sync(ns_server_t *server, char *args, isc_buffer_t *text) { const char *vname, *sep, *msg = NULL, *arg; isc_boolean_t cleanup = ISC_FALSE; - (void) next_token(&args, " \t"); + (void) next_token(lex, text); - arg = next_token(&args, " \t"); + arg = next_token(lex, text); if (arg != NULL && (strcmp(arg, "-clean") == 0 || strcmp(arg, "-clear") == 0)) { cleanup = ISC_TRUE; - arg = next_token(&args, " \t"); + arg = next_token(lex, text); } - result = zone_from_args(server, args, arg, &zone, NULL, + result = zone_from_args(server, lex, arg, &zone, NULL, text, ISC_FALSE); if (result != ISC_R_SUCCESS) return (result); @@ -8187,8 +8248,8 @@ ns_server_sync(ns_server_t *server, char *args, isc_buffer_t *text) { * Act on a "freeze" or "thaw" command from the command channel. */ isc_result_t -ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args, - isc_buffer_t *text) +ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, + isc_lex_t *lex, isc_buffer_t *text) { isc_result_t result, tresult; dns_zone_t *zone = NULL, *raw = NULL; @@ -8200,7 +8261,7 @@ ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args, isc_boolean_t frozen; const char *msg = NULL; - result = zone_from_args(server, args, NULL, &zone, NULL, + result = zone_from_args(server, lex, NULL, &zone, NULL, text, ISC_TRUE); if (result != ISC_R_SUCCESS) return (result); @@ -8388,7 +8449,7 @@ ns_server_add_zone(ns_server_t *server, char *args, isc_buffer_t *text) { dns_fixedname_init(&fname); dnsname = dns_fixedname_name(&fname); - CHECK(dns_name_fromtext(dnsname, &buf, dns_rootname, ISC_FALSE, NULL)); + CHECK(dns_name_fromtext(dnsname, &buf, dns_rootname, 0, NULL)); /* Make sense of optional class argument */ obj = cfg_tuple_get(parms, "class"); @@ -8562,21 +8623,21 @@ ns_server_add_zone(ns_server_t *server, char *args, isc_buffer_t *text) { * Act on a "delzone" command from the command channel. */ isc_result_t -ns_server_del_zone(ns_server_t *server, char *args, isc_buffer_t *text) { - isc_result_t result; +ns_server_del_zone(ns_server_t *server, isc_lex_t *lex, isc_buffer_t *text) { + isc_result_t result, tresult; dns_zone_t *zone = NULL; dns_view_t *view = NULL; dns_db_t *dbp = NULL; const char *filename = NULL; char *tmpname = NULL; char buf[1024]; - const char *zonename = NULL; + char zonename[DNS_NAME_FORMATSIZE]; size_t znamelen = 0; FILE *ifp = NULL, *ofp = NULL; isc_boolean_t inheader = ISC_TRUE; /* Parse parameters */ - CHECK(zone_from_args(server, args, NULL, &zone, &zonename, + CHECK(zone_from_args(server, lex, NULL, &zone, zonename, text, ISC_TRUE)); if (zone == NULL) { @@ -8593,7 +8654,16 @@ ns_server_del_zone(ns_server_t *server, char *args, isc_buffer_t *text) { goto cleanup; } - INSIST(zonename != NULL); + /* Is this a policy zone? */ + if (dns_zone_get_rpz(zone)) { + TCHECK(putstr(text, "zone '")); + TCHECK(putstr(text, zonename)); + TCHECK(putstr(text, + "' cannot be deleted: response-policy zone.")); + result = ISC_R_FAILURE; + goto cleanup; + } + znamelen = strlen(zonename); /* Dig out configuration for this zone */ @@ -8774,7 +8844,7 @@ newzone_cfgctx_destroy(void **cfgp) { } isc_result_t -ns_server_signing(ns_server_t *server, char *args, isc_buffer_t *text) { +ns_server_signing(ns_server_t *server, isc_lex_t *lex, isc_buffer_t *text) { isc_result_t result = ISC_R_SUCCESS; dns_zone_t *zone = NULL; dns_name_t *origin; @@ -8795,43 +8865,51 @@ ns_server_signing(ns_server_t *server, char *args, isc_buffer_t *text) { dns_rdataset_init(&privset); /* Skip the command name. */ - ptr = next_token(&args, " \t"); + ptr = next_token(lex, text); if (ptr == NULL) return (ISC_R_UNEXPECTEDEND); /* Find out what we are to do. */ - ptr = next_token(&args, " \t"); + ptr = next_token(lex, text); if (ptr == NULL) return (ISC_R_UNEXPECTEDEND); if (strcasecmp(ptr, "-list") == 0) list = ISC_TRUE; else if ((strcasecmp(ptr, "-clear") == 0) || - (strcasecmp(ptr, "-clean") == 0)) { + (strcasecmp(ptr, "-clean") == 0)) + { clear = ISC_TRUE; - ptr = next_token(&args, " \t"); + ptr = next_token(lex, text); if (ptr == NULL) return (ISC_R_UNEXPECTEDEND); strlcpy(keystr, ptr, sizeof(keystr)); } else if (strcasecmp(ptr, "-nsec3param") == 0) { - const char *hashstr, *flagstr, *iterstr; - char nbuf[512]; + char hashbuf[64], flagbuf[64], iterbuf[64]; + char nbuf[256]; chain = ISC_TRUE; - hashstr = next_token(&args, " \t"); - if (hashstr == NULL) + ptr = next_token(lex, text); + if (ptr == NULL) return (ISC_R_UNEXPECTEDEND); - if (strcasecmp(hashstr, "none") == 0) + if (strcasecmp(ptr, "none") == 0) hash = 0; else { - flagstr = next_token(&args, " \t"); - iterstr = next_token(&args, " \t"); - if (flagstr == NULL || iterstr == NULL) + strlcpy(hashbuf, ptr, sizeof(hashbuf)); + + ptr = next_token(lex, text); + if (ptr == NULL) + return (ISC_R_UNEXPECTEDEND); + strlcpy(flagbuf, ptr, sizeof(flagbuf)); + + ptr = next_token(lex, text); + if (ptr == NULL) return (ISC_R_UNEXPECTEDEND); + strlcpy(iterbuf, ptr, sizeof(iterbuf)); n = snprintf(nbuf, sizeof(nbuf), "%s %s %s", - hashstr, flagstr, iterstr); + hashbuf, flagbuf, iterbuf); if (n == sizeof(nbuf)) return (ISC_R_NOSPACE); n = sscanf(nbuf, "%hu %hu %hu", &hash, &flags, &iter); @@ -8841,7 +8919,7 @@ ns_server_signing(ns_server_t *server, char *args, isc_buffer_t *text) { if (hash > 0xffU || flags > 0xffU) return (ISC_R_RANGE); - ptr = next_token(&args, " \t"); + ptr = next_token(lex, text); if (ptr == NULL) return (ISC_R_UNEXPECTEDEND); if (strcmp(ptr, "-") != 0) { @@ -8855,7 +8933,7 @@ ns_server_signing(ns_server_t *server, char *args, isc_buffer_t *text) { } else CHECK(DNS_R_SYNTAX); - CHECK(zone_from_args(server, args, NULL, &zone, NULL, + CHECK(zone_from_args(server, lex, NULL, &zone, NULL, text, ISC_FALSE)); if (zone == NULL) CHECK(ISC_R_UNEXPECTEDEND); diff --git a/bin/named/statschannel.c b/bin/named/statschannel.c index 4bfd52176a9a..06eb43224342 100644 --- a/bin/named/statschannel.c +++ b/bin/named/statschannel.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008-2015 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2008-2016 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -2028,10 +2028,12 @@ ns_stats_dump(ns_server_t *server, FILE *fp) { if (zonestats != NULL) { char zonename[DNS_NAME_FORMATSIZE]; - dns_name_format(dns_zone_getorigin(zone), - zonename, sizeof(zonename)); view = dns_zone_getview(zone); + if (view == NULL) + continue; + dns_name_format(dns_zone_getorigin(zone), + zonename, sizeof(zonename)); fprintf(fp, "[%s", zonename); if (strcmp(view->name, "_default") != 0) fprintf(fp, " (view: %s)", view->name); diff --git a/bin/named/unix/include/named/os.h b/bin/named/unix/include/named/os.h index c979e53871d7..b0ac1d568ce2 100644 --- a/bin/named/unix/include/named/os.h +++ b/bin/named/unix/include/named/os.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007-2009, 2016 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,8 +15,6 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: os.h,v 1.31 2009/08/05 23:47:43 tbox Exp $ */ - #ifndef NS_OS_H #define NS_OS_H 1 @@ -72,4 +70,7 @@ ns_os_tzset(void); void ns_os_started(void); +char * +ns_os_uname(void); + #endif /* NS_OS_H */ diff --git a/bin/named/unix/os.c b/bin/named/unix/os.c index 18e8c3910373..953bbdd163b4 100644 --- a/bin/named/unix/os.c +++ b/bin/named/unix/os.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2011, 2013, 2014, 2016 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,8 +15,6 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: os.c,v 1.107 2011/03/02 00:02:54 marka Exp $ */ - /*! \file */ #include <config.h> @@ -24,6 +22,9 @@ #include <sys/types.h> /* dev_t FreeBSD 2.1 */ #include <sys/stat.h> +#ifdef HAVE_UNAME +#include <sys/utsname.h> +#endif #include <ctype.h> #include <errno.h> @@ -966,3 +967,33 @@ ns_os_tzset(void) { tzset(); #endif } + +static char unamebuf[BUFSIZ]; +static char *unamep = NULL; + +static void +getuname(void) { +#ifdef HAVE_UNAME + struct utsname uts; + + memset(&uts, 0, sizeof(uts)); + if (uname(&uts) < 0) { + strcpy(unamebuf, "unknown architecture"); + return; + } + + snprintf(unamebuf, sizeof(unamebuf), + "%s %s %s %s", + uts.sysname, uts.machine, uts.release, uts.version); +#else + strcpy(unamebuf, "unknown architecture"); +#endif + unamep = unamebuf; +} + +char * +ns_os_uname(void) { + if (unamep == NULL) + getuname(); + return (unamep); +} diff --git a/bin/named/xfrout.c b/bin/named/xfrout.c index f8535b21ea7b..351b6166559e 100644 --- a/bin/named/xfrout.c +++ b/bin/named/xfrout.c @@ -1246,6 +1246,7 @@ sendstream(xfrout_ctx_t *xfr) { dns_rdataset_t *msgrds = NULL; dns_compress_t cctx; isc_boolean_t cleanup_cctx = ISC_FALSE; + isc_boolean_t is_tcp; int n_rrs; @@ -1253,7 +1254,8 @@ sendstream(xfrout_ctx_t *xfr) { isc_buffer_clear(&xfr->txlenbuf); isc_buffer_clear(&xfr->txbuf); - if ((xfr->client->attributes & NS_CLIENTATTR_TCP) == 0) { + is_tcp = ISC_TF((xfr->client->attributes & NS_CLIENTATTR_TCP) != 0); + if (!is_tcp) { /* * In the UDP case, we put the response data directly into * the client message. @@ -1442,9 +1444,17 @@ sendstream(xfrout_ctx_t *xfr) { if (! xfr->many_answers) break; + /* + * At this stage, at least 1 RR has been rendered into + * the message. Check if we want to clamp this message + * here (TCP only). 20480 was set as an upper limit to + * improve message compression. + */ + if ((isc_buffer_usedlength(&xfr->buf) >= 20480) && is_tcp) + break; } - if ((xfr->client->attributes & NS_CLIENTATTR_TCP) != 0) { + if (is_tcp) { CHECK(dns_compress_init(&cctx, -1, xfr->mctx)); dns_compress_setsensitive(&cctx, ISC_TRUE); cleanup_cctx = ISC_TRUE; |