diff options
Diffstat (limited to 'bin')
42 files changed, 605 insertions, 323 deletions
diff --git a/bin/dig/dig.1 b/bin/dig/dig.1 index a5f5ff3c04a3..346e45d80362 100644 --- a/bin/dig/dig.1 +++ b/bin/dig/dig.1 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2003 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,7 +13,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dig.1,v 1.14.2.4.2.18 2007/05/16 06:10:54 marka Exp $ +.\" $Id: dig.1,v 1.14.2.4.2.20 2008/10/14 01:20:30 tbox Exp $ .\" .hy 0 .ad l @@ -33,7 +33,7 @@ dig \- DNS lookup utility .SH "SYNOPSIS" .HP 4 -\fBdig\fR [@server] [\fB\-b\ \fR\fB\fIaddress\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIfilename\fR\fR] [\fB\-k\ \fR\fB\fIfilename\fR\fR] [\fB\-p\ \fR\fB\fIport#\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-x\ \fR\fB\fIaddr\fR\fR] [\fB\-y\ \fR\fB\fIname:key\fR\fR] [\fB\-4\fR] [\fB\-6\fR] [name] [type] [class] [queryopt...] +\fBdig\fR [@server] [\fB\-b\ \fR\fB\fIaddress\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIfilename\fR\fR] [\fB\-k\ \fR\fB\fIfilename\fR\fR] [\fB\-m\fR] [\fB\-p\ \fR\fB\fIport#\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-x\ \fR\fB\fIaddr\fR\fR] [\fB\-y\ \fR\fB\fIname:key\fR\fR] [\fB\-4\fR] [\fB\-6\fR] [name] [type] [class] [queryopt...] .HP 4 \fBdig\fR [\fB\-h\fR] .HP 4 @@ -59,7 +59,9 @@ Unless it is told to query a specific name server, will try each of the servers listed in \fI/etc/resolv.conf\fR. .PP -When no command line arguments or options are given, will perform an NS query for "." (the root). +When no command line arguments or options are given, +\fBdig\fR +will perform an NS query for "." (the root). .PP It is possible to set per\-user defaults for \fBdig\fR @@ -70,7 +72,7 @@ The IN and CH class names overlap with the IN and CH top level domains names. Ei \fB\-t\fR and \fB\-c\fR -options to specify the type and class or use "IN." and "CH." when looking up these top level domains. +options to specify the type and class, or use "IN." and "CH." when looking up these top level domains. .SH "SIMPLE USAGE" .PP A typical invocation of @@ -137,6 +139,10 @@ operate in batch mode by reading a list of lookup requests to process from the f \fBdig\fR using the command\-line interface. .PP +The +\fB\-m\fR +option enables memory usage debugging. +.PP If a non\-standard port number is to be queried, the \fB\-p\fR option is used. @@ -517,7 +523,7 @@ RFC1035. .PP There are probably too many query options. .SH "COPYRIGHT" -Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004\-2008 Internet Systems Consortium, Inc. ("ISC") .br Copyright \(co 2000\-2003 Internet Software Consortium. .br diff --git a/bin/dig/dig.c b/bin/dig/dig.c index 763613dfca79..34f0e90a3d81 100644 --- a/bin/dig/dig.c +++ b/bin/dig/dig.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dig.c,v 1.157.2.13.2.35 2007/08/28 07:19:07 tbox Exp $ */ +/* $Id: dig.c,v 1.157.2.13.2.39 2008/10/15 02:20:32 marka Exp $ */ #include <config.h> #include <stdlib.h> @@ -47,7 +47,7 @@ #define ADD_STRING(b, s) { \ if (strlen(s) >= isc_buffer_availablelength(b)) \ - return (ISC_R_NOSPACE); \ + return (ISC_R_NOSPACE); \ else \ isc_buffer_putstr(b, s); \ } @@ -67,7 +67,7 @@ static isc_boolean_t short_form = ISC_FALSE, printcmd = ISC_TRUE, ip6_int = ISC_FALSE, plusquest = ISC_FALSE, pluscomm = ISC_FALSE, multiline = ISC_FALSE, nottl = ISC_FALSE, noclass = ISC_FALSE; -static const char *opcodetext[] = { +static const char * const opcodetext[] = { "QUERY", "IQUERY", "STATUS", @@ -86,7 +86,7 @@ static const char *opcodetext[] = { "RESERVED15" }; -static const char *rcodetext[] = { +static const char * const rcodetext[] = { "NOERROR", "FORMERR", "SERVFAIL", @@ -136,8 +136,8 @@ help(void) { " q-type is one of (a,any,mx,ns,soa,hinfo,axfr,txt,...) [default:a]\n" " (Use ixfr=version for type ixfr)\n" " q-opt is one of:\n" -" -x dot-notation (shortcut for in-addr lookups)\n" -" -i (IP6.INT reverse IPv6 lookups)\n" +" -x dot-notation (shortcut for reverse lookups)\n" +" -i (use IP6.INT for IPv6 reverse lookups)\n" " -f filename (batch mode)\n" " -b address[#port] (bind to source address/port)\n" " -p port (specify port number)\n" @@ -147,6 +147,7 @@ help(void) { " -y name:key (specify named base64 tsig key)\n" " -4 (use IPv4 query transport only)\n" " -6 (use IPv6 query transport only)\n" +" -m (enable memory usage debugging)\n" " d-opt is of the form +keyword[=value], where keyword is:\n" " +[no]vc (TCP mode)\n" " +[no]tcp (TCP mode, alternate syntax)\n" @@ -367,7 +368,7 @@ printrdataset(dns_name_t *owner_name, dns_rdataset_t *rdataset, else if (nottl || noclass) result = dns_master_stylecreate(&style, styleflags, 24, 24, 32, 40, 80, 8, mctx); - else + else result = dns_master_stylecreate(&style, styleflags, 24, 32, 40, 48, 80, 8, mctx); check_result(result, "dns_master_stylecreate"); @@ -376,7 +377,7 @@ printrdataset(dns_name_t *owner_name, dns_rdataset_t *rdataset, if (style != NULL) dns_master_styledestroy(&style, mctx); - + return(result); } #endif @@ -413,7 +414,7 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) { else if (nottl || noclass) result = dns_master_stylecreate(&style, styleflags, 24, 24, 32, 40, 80, 8, mctx); - else + else result = dns_master_stylecreate(&style, styleflags, 24, 32, 40, 48, 80, 8, mctx); check_result(result, "dns_master_stylecreate"); @@ -613,7 +614,7 @@ printgreeting(int argc, char **argv, dig_lookup_t *lookup) { strncat(lookup->cmdline, append, remaining); } if (first) { - snprintf(append, sizeof(append), + snprintf(append, sizeof(append), ";; global options: %s %s\n", short_form ? "short_form" : "", printcmd ? "printcmd" : ""); @@ -691,7 +692,7 @@ plus_option(char *option, isc_boolean_t is_batchfile, FULLCHECK2("aaonly", "aaflag"); lookup->aaonly = state; break; - case 'd': + case 'd': switch (cmd[2]) { case 'd': /* additional */ FULLCHECK("additional"); @@ -776,11 +777,11 @@ plus_option(char *option, isc_boolean_t is_batchfile, FULLCHECK("defname"); usesearch = state; break; - case 'n': /* dnssec */ + case 'n': /* dnssec */ FULLCHECK("dnssec"); lookup->dnssec = state; break; - case 'o': /* domain */ + case 'o': /* domain */ FULLCHECK("domain"); if (value == NULL) goto need_value; @@ -844,7 +845,7 @@ plus_option(char *option, isc_boolean_t is_batchfile, goto invalid_option; } break; - case 'q': + case 'q': switch (cmd[1]) { case 'r': /* qr */ FULLCHECK("qr"); @@ -907,11 +908,11 @@ plus_option(char *option, isc_boolean_t is_batchfile, break; #ifdef DIG_SIGCHASE case 'i': /* sigchase */ - FULLCHECK("sigchase"); + FULLCHECK("sigchase"); lookup->sigchase = state; if (lookup->sigchase) lookup->dnssec = ISC_TRUE; - break; + break; #endif case 't': /* stats */ FULLCHECK("stats"); @@ -939,7 +940,7 @@ plus_option(char *option, isc_boolean_t is_batchfile, timeout = 1; break; #if DIG_SIGCHASE_TD - case 'o': /* topdown */ + case 'o': /* topdown */ FULLCHECK("topdown"); lookup->do_topdown = state; break; @@ -974,7 +975,7 @@ plus_option(char *option, isc_boolean_t is_batchfile, #ifdef DIG_SIGCHASE case 'u': /* trusted-key */ FULLCHECK("trusted-key"); - if (value == NULL) + if (value == NULL) goto need_value; if (!state) goto invalid_option; @@ -1018,8 +1019,8 @@ static const char *single_dash_opts = "46dhimnv"; static const char *dash_opts = "46bcdfhikmnptvyx"; static isc_boolean_t dash_option(char *option, char *next, dig_lookup_t **lookup, - isc_boolean_t *open_type_class, isc_boolean_t *need_clone, - int argc, char **argv, isc_boolean_t *firstarg) + isc_boolean_t *open_type_class, isc_boolean_t *need_clone, + int argc, char **argv, isc_boolean_t *firstarg) { char opt, *value, *ptr; isc_result_t result; @@ -1107,7 +1108,7 @@ dash_option(char *option, char *next, dig_lookup_t **lookup, hash = strchr(value, '#'); if (hash != NULL) { srcport = (in_port_t) - parse_uint(hash + 1, + parse_uint(hash + 1, "port number", MAXPORT); *hash = '\0'; } else @@ -1179,7 +1180,7 @@ dash_option(char *option, char *next, dig_lookup_t **lookup, (*lookup)->rdtypeset = ISC_TRUE; (*lookup)->ixfr_serial = parse_uint(&value[5], "serial number", - MAXSERIAL); + MAXSERIAL); (*lookup)->section_question = plusquest; (*lookup)->comments = pluscomm; } else { @@ -1286,7 +1287,7 @@ getaddresses(dig_lookup_t *lookup, const char *host) { char tmp[ISC_NETADDR_FORMATSIZE]; result = bind9_getaddresses(host, 0, sockaddrs, - DIG_MAX_ADDRESSES, &count); + DIG_MAX_ADDRESSES, &count); if (result != ISC_R_SUCCESS) fatal("couldn't get address for '%s': %s", host, isc_result_totext(result)); @@ -1348,7 +1349,7 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, if (homedir != NULL) { unsigned int n; n = snprintf(rcfile, sizeof(rcfile), "%s/.digrc", - homedir); + homedir); if (n < sizeof(rcfile)) batchfp = fopen(rcfile, "r"); } @@ -1402,16 +1403,16 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, if (rc <= 1) { if (dash_option(&rv[0][1], NULL, &lookup, &open_type_class, - &need_clone, argc, argv, - &firstarg)) { + &need_clone, argc, argv, + &firstarg)) { rc--; rv++; } } else { if (dash_option(&rv[0][1], rv[1], &lookup, &open_type_class, - &need_clone, argc, argv, - &firstarg)) { + &need_clone, argc, argv, + &firstarg)) { rc--; rv++; } @@ -1428,7 +1429,7 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, tr.base = rv[0]; tr.length = strlen(rv[0]); result = dns_rdatatype_fromtext(&rdtype, - (isc_textregion_t *)&tr); + (isc_textregion_t *)&tr); if (result == ISC_R_SUCCESS && rdtype == dns_rdatatype_ixfr) { result = DNS_R_UNKNOWN; @@ -1449,8 +1450,8 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, lookup->rdtypeset = ISC_TRUE; lookup->ixfr_serial = parse_uint(&rv[0][5], - "serial number", - MAXSERIAL); + "serial number", + MAXSERIAL); lookup->section_question = plusquest; lookup->comments = pluscomm; @@ -1485,7 +1486,7 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, lookup = clone_lookup(default_lookup, ISC_TRUE); need_clone = ISC_TRUE; - strncpy(lookup->textname, rv[0], + strncpy(lookup->textname, rv[0], sizeof(lookup->textname)); lookup->textname[sizeof(lookup->textname)-1]=0; lookup->trace_root = ISC_TF(lookup->trace || diff --git a/bin/dig/dig.docbook b/bin/dig/dig.docbook index 82b2516cbbe6..8a072d191d3a 100644 --- a/bin/dig/dig.docbook +++ b/bin/dig/dig.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dig.docbook,v 1.4.2.7.4.20 2007/08/28 07:19:07 tbox Exp $ --> +<!-- $Id: dig.docbook,v 1.4.2.7.4.23 2008/10/14 00:55:01 marka Exp $ --> <refentry> @@ -38,6 +38,7 @@ <year>2005</year> <year>2006</year> <year>2007</year> + <year>2008</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -62,6 +63,7 @@ <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg> <arg><option>-f <replaceable class="parameter">filename</replaceable></option></arg> <arg><option>-k <replaceable class="parameter">filename</replaceable></option></arg> +<arg><option>-m</option></arg> <arg><option>-p <replaceable class="parameter">port#</replaceable></option></arg> <arg><option>-t <replaceable class="parameter">type</replaceable></option></arg> <arg><option>-x <replaceable class="parameter">addr</replaceable></option></arg> @@ -114,10 +116,10 @@ Unless it is told to query a specific name server, <filename>/etc/resolv.conf</filename>. </para> -<para> -When no command line arguments or options are given, will perform an -NS query for "." (the root). -</para> + <para> + When no command line arguments or options are given, + <command>dig</command> will perform an NS query for "." (the root). + </para> <para> It is possible to set per-user defaults for <command>dig</command> via @@ -128,7 +130,7 @@ are applied before the command line arguments. <para> The IN and CH class names overlap with the IN and CH top level domains names. Either use the <option>-t</option> and - <option>-c</option> options to specify the type and class or + <option>-c</option> options to specify the type and class, or use "IN." and "CH." when looking up these top level domains. </para> @@ -200,6 +202,12 @@ the same way they would be presented as queries to <command>dig</command> using the command-line interface. </para> + <para> + The <option>-m</option> option enables memory usage debugging. + <!-- It enables ISC_MEM_DEBUGTRACE and ISC_MEM_DEBUGRECORD + documented in include/isc/mem.h --> + </para> + <para> If a non-standard port number is to be queried, the <option>-p</option> option is used. <parameter>port#</parameter> is diff --git a/bin/dig/dig.html b/bin/dig/dig.html index 054c1974656b..1c18ec309aa1 100644 --- a/bin/dig/dig.html +++ b/bin/dig/dig.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dig.html,v 1.6.2.4.2.23 2007/05/16 06:10:54 marka Exp $ --> +<!-- $Id: dig.html,v 1.6.2.4.2.25 2008/10/14 01:20:30 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -29,12 +29,12 @@ </div> <div class="refsynopsisdiv"> <h2>Synopsis</h2> -<div class="cmdsynopsis"><p><code class="command">dig</code> [@server] [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-k <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] [<code class="option">-y <em class="replaceable"><code>name:key</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [name] [type] [class] [queryopt...]</p></div> +<div class="cmdsynopsis"><p><code class="command">dig</code> [@server] [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-k <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-m</code>] [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] [<code class="option">-y <em class="replaceable"><code>name:key</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [name] [type] [class] [queryopt...]</p></div> <div class="cmdsynopsis"><p><code class="command">dig</code> [<code class="option">-h</code>]</p></div> <div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543485"></a><h2>DESCRIPTION</h2> +<a name="id2543493"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">dig</strong></span> (domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and @@ -59,9 +59,9 @@ Unless it is told to query a specific name server, <code class="filename">/etc/resolv.conf</code>. </p> <p> -When no command line arguments or options are given, will perform an -NS query for "." (the root). -</p> + When no command line arguments or options are given, + <span><strong class="command">dig</strong></span> will perform an NS query for "." (the root). + </p> <p> It is possible to set per-user defaults for <span><strong class="command">dig</strong></span> via <code class="filename">${HOME}/.digrc</code>. This file is read and any options in it @@ -70,12 +70,12 @@ are applied before the command line arguments. <p> The IN and CH class names overlap with the IN and CH top level domains names. Either use the <code class="option">-t</code> and - <code class="option">-c</code> options to specify the type and class or + <code class="option">-c</code> options to specify the type and class, or use "IN." and "CH." when looking up these top level domains. </p> </div> <div class="refsect1" lang="en"> -<a name="id2543554"></a><h2>SIMPLE USAGE</h2> +<a name="id2543565"></a><h2>SIMPLE USAGE</h2> <p> A typical invocation of <span><strong class="command">dig</strong></span> looks like: </p> @@ -113,7 +113,7 @@ ANY, A, MX, SIG, etc. </p> </div> <div class="refsect1" lang="en"> -<a name="id2543633"></a><h2>OPTIONS</h2> +<a name="id2543644"></a><h2>OPTIONS</h2> <p> The <code class="option">-b</code> option sets the source IP address of the query to <em class="parameter"><code>address</code></em>. This must be a valid address on @@ -134,6 +134,10 @@ the same way they would be presented as queries to <span><strong class="command">dig</strong></span> using the command-line interface. </p> <p> + The <code class="option">-m</code> option enables memory usage debugging. + + </p> +<p> If a non-standard port number is to be queried, the <code class="option">-p</code> option is used. <em class="parameter"><code>port#</code></em> is the port number that <span><strong class="command">dig</strong></span> will send its queries @@ -194,7 +198,7 @@ being used. In BIND, this is done by providing appropriate </p> </div> <div class="refsect1" lang="en"> -<a name="id2543816"></a><h2>QUERY OPTIONS</h2> +<a name="id2543837"></a><h2>QUERY OPTIONS</h2> <p> <span><strong class="command">dig</strong></span> provides a number of query options which affect the way in which lookups are made and the results displayed. Some of @@ -452,7 +456,7 @@ Requires dig be compiled with -DDIG_SIGCHASE. </p> </div> <div class="refsect1" lang="en"> -<a name="id2544553"></a><h2>MULTIPLE QUERIES</h2> +<a name="id2544574"></a><h2>MULTIPLE QUERIES</h2> <p> The BIND 9 implementation of <span><strong class="command">dig </strong></span> supports specifying multiple queries on the command line (in addition to @@ -493,7 +497,7 @@ will not print the initial query when it looks up the NS records for </p> </div> <div class="refsect1" lang="en"> -<a name="id2544612"></a><h2>FILES</h2> +<a name="id2544633"></a><h2>FILES</h2> <p> <code class="filename">/etc/resolv.conf</code> </p> @@ -502,7 +506,7 @@ will not print the initial query when it looks up the NS records for </p> </div> <div class="refsect1" lang="en"> -<a name="id2544631"></a><h2>SEE ALSO</h2> +<a name="id2544721"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>, <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, @@ -511,7 +515,7 @@ will not print the initial query when it looks up the NS records for </p> </div> <div class="refsect1" lang="en"> -<a name="id2544738"></a><h2>BUGS </h2> +<a name="id2544759"></a><h2>BUGS </h2> <p> There are probably too many query options. </p> diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c index efd24030b17f..2c81fd433c8c 100644 --- a/bin/dig/dighost.c +++ b/bin/dig/dighost.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dighost.c,v 1.221.2.19.2.46.4.2 2008/07/23 23:16:25 marka Exp $ */ +/* $Id: dighost.c,v 1.221.2.19.2.48 2008/07/23 23:36:21 marka Exp $ */ /* * Notice to programmers: Do not use this code as an example of how to diff --git a/bin/dig/host.1 b/bin/dig/host.1 index 2d1687a687c3..1d09af9145de 100644 --- a/bin/dig/host.1 +++ b/bin/dig/host.1 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2003 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,7 +13,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: host.1,v 1.11.2.1.4.12 2007/05/09 03:32:36 marka Exp $ +.\" $Id: host.1,v 1.11.2.1.4.13 2008/04/29 01:21:29 tbox Exp $ .\" .hy 0 .ad l @@ -154,7 +154,7 @@ option is used to select the query type. \fItype\fR can be any recognized query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified, \fBhost\fR -automatically selects an appropriate query type. By default it looks for A records, but if the +automatically selects an appropriate query type. By default it looks for A, AAAA, and MX records, but if the \fB\-C\fR option was given, queries will be made for SOA records, and if \fIname\fR @@ -187,7 +187,7 @@ will effectively wait forever for a reply. The time to wait for a response will \fBdig\fR(1), \fBnamed\fR(8). .SH "COPYRIGHT" -Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") .br Copyright \(co 2000\-2003 Internet Software Consortium. .br diff --git a/bin/dig/host.docbook b/bin/dig/host.docbook index a399043403ba..29ca7ea658f1 100644 --- a/bin/dig/host.docbook +++ b/bin/dig/host.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: host.docbook,v 1.2.2.2.4.12 2007/08/28 07:19:07 tbox Exp $ --> +<!-- $Id: host.docbook,v 1.2.2.2.4.14 2008/04/28 23:45:35 tbox Exp $ --> <refentry> @@ -37,6 +37,7 @@ <year>2004</year> <year>2005</year> <year>2007</year> + <year>2008</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -185,7 +186,7 @@ The <option>-t</option> option is used to select the query type. <parameter>type</parameter> can be any recognized query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified, <command>host</command> automatically selects an appropriate query -type. By default it looks for A records, but if the +type. By default it looks for A, AAAA, and MX records, but if the <option>-C</option> option was given, queries will be made for SOA records, and if <parameter>name</parameter> is a dotted-decimal IPv4 address or colon-delimited IPv6 address, <command>host</command> will diff --git a/bin/dig/host.html b/bin/dig/host.html index 07c930550f45..a1786bb1c578 100644 --- a/bin/dig/host.html +++ b/bin/dig/host.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: host.html,v 1.4.2.1.4.19 2007/05/09 03:32:36 marka Exp $ --> +<!-- $Id: host.html,v 1.4.2.1.4.20 2008/04/29 01:21:29 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">host</code> [<code class="option">-aCdlnrTwv</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>] [<code class="option">-R <em class="replaceable"><code>number</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] {name} [server]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543411"></a><h2>DESCRIPTION</h2> +<a name="id2543414"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">host</strong></span> is a simple utility for performing DNS lookups. @@ -134,7 +134,7 @@ The <code class="option">-t</code> option is used to select the query type. <em class="parameter"><code>type</code></em> can be any recognized query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified, <span><strong class="command">host</strong></span> automatically selects an appropriate query -type. By default it looks for A records, but if the +type. By default it looks for A, AAAA, and MX records, but if the <code class="option">-C</code> option was given, queries will be made for SOA records, and if <em class="parameter"><code>name</code></em> is a dotted-decimal IPv4 address or colon-delimited IPv6 address, <span><strong class="command">host</strong></span> will @@ -155,13 +155,13 @@ value for an integer quantity. </p> </div> <div class="refsect1" lang="en"> -<a name="id2543682"></a><h2>FILES</h2> +<a name="id2543685"></a><h2>FILES</h2> <p> <code class="filename">/etc/resolv.conf</code> </p> </div> <div class="refsect1" lang="en"> -<a name="id2543694"></a><h2>SEE ALSO</h2> +<a name="id2543698"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>, <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>. diff --git a/bin/dnssec/dnssec-keygen.8 b/bin/dnssec/dnssec-keygen.8 index 877ac0782909..2d3215366724 100644 --- a/bin/dnssec/dnssec-keygen.8 +++ b/bin/dnssec/dnssec-keygen.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2003 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,7 +13,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dnssec-keygen.8,v 1.19.12.13 2007/05/09 03:32:36 marka Exp $ +.\" $Id: dnssec-keygen.8,v 1.19.12.14 2008/10/16 01:19:52 tbox Exp $ .\" .hy 0 .ad l @@ -187,14 +187,14 @@ and .PP \fBdnssec\-signzone\fR(8), BIND 9 Administrator Reference Manual, -RFC 2535, +RFC 2539, RFC 2845, -RFC 2539. +RFC 4033. .SH "AUTHOR" .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") .br Copyright \(co 2000\-2003 Internet Software Consortium. .br diff --git a/bin/dnssec/dnssec-keygen.docbook b/bin/dnssec/dnssec-keygen.docbook index 6ef1f090e628..6690f542c25e 100644 --- a/bin/dnssec/dnssec-keygen.docbook +++ b/bin/dnssec/dnssec-keygen.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-keygen.docbook,v 1.3.12.13 2007/08/28 07:19:07 tbox Exp $ --> +<!-- $Id: dnssec-keygen.docbook,v 1.3.12.15 2008/10/15 23:45:34 tbox Exp $ --> <refentry> <refentryinfo> @@ -36,6 +36,7 @@ <year>2004</year> <year>2005</year> <year>2007</year> + <year>2008</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -337,9 +338,9 @@ <manvolnum>8</manvolnum> </citerefentry>, <citetitle>BIND 9 Administrator Reference Manual</citetitle>, - <citetitle>RFC 2535</citetitle>, + <citetitle>RFC 2539</citetitle>, <citetitle>RFC 2845</citetitle>, - <citetitle>RFC 2539</citetitle>. + <citetitle>RFC 4033</citetitle>. </para> </refsect1> diff --git a/bin/dnssec/dnssec-keygen.html b/bin/dnssec/dnssec-keygen.html index 6d3cc83f5ddf..f855d1f433de 100644 --- a/bin/dnssec/dnssec-keygen.html +++ b/bin/dnssec/dnssec-keygen.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-keygen.html,v 1.5.2.1.4.19 2007/05/09 03:32:36 marka Exp $ --> +<!-- $Id: dnssec-keygen.html,v 1.5.2.1.4.20 2008/10/16 01:19:52 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> {-a <em class="replaceable"><code>algorithm</code></em>} {-b <em class="replaceable"><code>keysize</code></em>} {-n <em class="replaceable"><code>nametype</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k</code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543462"></a><h2>DESCRIPTION</h2> +<a name="id2543465"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">dnssec-keygen</strong></span> generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC 4034. It can also generate @@ -41,7 +41,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543475"></a><h2>OPTIONS</h2> +<a name="id2543478"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt> <dd> @@ -144,7 +144,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543744"></a><h2>GENERATED KEYS</h2> +<a name="id2543747"></a><h2>GENERATED KEYS</h2> <p> When <span><strong class="command">dnssec-keygen</strong></span> completes successfully, it prints a string of the form <code class="filename">Knnnn.+aaa+iiiii</code> @@ -187,7 +187,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543900"></a><h2>EXAMPLE</h2> +<a name="id2543835"></a><h2>EXAMPLE</h2> <p> To generate a 768-bit DSA key for the domain <strong class="userinput"><code>example.com</code></strong>, the following command would be @@ -209,17 +209,17 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543946"></a><h2>SEE ALSO</h2> +<a name="id2543881"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>, - <em class="citetitle">RFC 2535</em>, + <em class="citetitle">RFC 2539</em>, <em class="citetitle">RFC 2845</em>, - <em class="citetitle">RFC 2539</em>. + <em class="citetitle">RFC 4033</em>. </p> </div> <div class="refsect1" lang="en"> -<a name="id2543979"></a><h2>AUTHOR</h2> +<a name="id2543982"></a><h2>AUTHOR</h2> <p> <span class="corpauthor">Internet Systems Consortium</span> </p> diff --git a/bin/dnssec/dnssec-signzone.8 b/bin/dnssec/dnssec-signzone.8 index e1e88c8466ce..f1d55adf451e 100644 --- a/bin/dnssec/dnssec-signzone.8 +++ b/bin/dnssec/dnssec-signzone.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2003 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,7 +13,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dnssec-signzone.8,v 1.23.2.1.4.14 2007/05/09 03:32:36 marka Exp $ +.\" $Id: dnssec-signzone.8,v 1.23.2.1.4.15 2008/10/16 01:19:52 tbox Exp $ .\" .hy 0 .ad l @@ -209,12 +209,12 @@ db.example.com.signed .PP \fBdnssec\-keygen\fR(8), BIND 9 Administrator Reference Manual, -RFC 2535. +RFC 4033. .SH "AUTHOR" .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") .br Copyright \(co 2000\-2003 Internet Software Consortium. .br diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c index 10e1133660c4..4d35f98f8ff2 100644 --- a/bin/dnssec/dnssec-signzone.c +++ b/bin/dnssec/dnssec-signzone.c @@ -16,7 +16,7 @@ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssec-signzone.c,v 1.139.2.2.4.29 2008/01/30 01:51:54 marka Exp $ */ +/* $Id: dnssec-signzone.c,v 1.139.2.2.4.30 2008/06/02 00:26:20 marka Exp $ */ #include <config.h> @@ -117,7 +117,6 @@ static dns_name_t *gorigin; /* The database origin */ static isc_task_t *master = NULL; static unsigned int ntasks = 0; static isc_boolean_t shuttingdown = ISC_FALSE, finished = ISC_FALSE; -static unsigned int assigned = 0, completed = 0; static isc_boolean_t nokeys = ISC_FALSE; static isc_boolean_t removefile = ISC_FALSE; static isc_boolean_t generateds = ISC_FALSE; @@ -1094,16 +1093,19 @@ assignwork(isc_task_t *task, isc_task_t *worker) { dns_rdataset_t nsec; isc_boolean_t found; isc_result_t result; + static unsigned int ended = 0; /* Protected by namelock. */ if (shuttingdown) return; + LOCK(&namelock); if (finished) { - if (assigned == completed) { + ended++; + if (ended == ntasks) { isc_task_detach(&task); isc_app_shutdown(); } - return; + goto unlock; } fname = isc_mem_get(mctx, sizeof(dns_fixedname_t)); @@ -1113,7 +1115,6 @@ assignwork(isc_task_t *task, isc_task_t *worker) { name = dns_fixedname_name(fname); node = NULL; found = ISC_FALSE; - LOCK(&namelock); while (!found) { result = dns_dbiterator_current(gdbiter, &node, name); if (result != ISC_R_SUCCESS) @@ -1140,14 +1141,14 @@ assignwork(isc_task_t *task, isc_task_t *worker) { fatal("failure iterating database: %s", isc_result_totext(result)); } - UNLOCK(&namelock); if (!found) { - if (assigned == completed) { + ended++; + if (ended == ntasks) { isc_task_detach(&task); isc_app_shutdown(); } isc_mem_put(mctx, fname, sizeof(dns_fixedname_t)); - return; + goto unlock; } sevent = (sevent_t *) isc_event_allocate(mctx, task, SIGNER_EVENT_WORK, @@ -1158,7 +1159,8 @@ assignwork(isc_task_t *task, isc_task_t *worker) { sevent->node = node; sevent->fname = fname; isc_task_send(worker, ISC_EVENT_PTR(&sevent)); - assigned++; + unlock: + UNLOCK(&namelock); } /* @@ -1181,7 +1183,6 @@ writenode(isc_task_t *task, isc_event_t *event) { isc_task_t *worker; sevent_t *sevent = (sevent_t *)event; - completed++; worker = (isc_task_t *)event->ev_sender; dumpnode(dns_fixedname_name(sevent->fname), sevent->node); cleannode(gdb, gversion, sevent->node); diff --git a/bin/dnssec/dnssec-signzone.docbook b/bin/dnssec/dnssec-signzone.docbook index d3f9fc5c5b83..b5587d2153fd 100644 --- a/bin/dnssec/dnssec-signzone.docbook +++ b/bin/dnssec/dnssec-signzone.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-signzone.docbook,v 1.2.2.2.4.16 2007/08/28 07:19:07 tbox Exp $ --> +<!-- $Id: dnssec-signzone.docbook,v 1.2.2.2.4.18 2008/10/15 23:45:34 tbox Exp $ --> <refentry> <refentryinfo> @@ -36,6 +36,7 @@ <year>2004</year> <year>2005</year> <year>2007</year> + <year>2008</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -366,7 +367,7 @@ db.example.com.signed <manvolnum>8</manvolnum> </citerefentry>, <citetitle>BIND 9 Administrator Reference Manual</citetitle>, - <citetitle>RFC 2535</citetitle>. + <citetitle>RFC 4033</citetitle>. </para> </refsect1> diff --git a/bin/dnssec/dnssec-signzone.html b/bin/dnssec/dnssec-signzone.html index b3d00ce0f056..85ec6d61dea3 100644 --- a/bin/dnssec/dnssec-signzone.html +++ b/bin/dnssec/dnssec-signzone.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-signzone.html,v 1.4.2.1.4.20 2007/05/09 03:32:36 marka Exp $ --> +<!-- $Id: dnssec-signzone.html,v 1.4.2.1.4.21 2008/10/16 01:19:52 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nthreads</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-p</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-t</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] {zonefile} [key...]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543485"></a><h2>DESCRIPTION</h2> +<a name="id2543489"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">dnssec-signzone</strong></span> signs a zone. It generates NSEC and RRSIG records and produces a signed version of the @@ -43,7 +43,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543501"></a><h2>OPTIONS</h2> +<a name="id2543505"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-a</span></dt> <dd><p> @@ -181,7 +181,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543874"></a><h2>EXAMPLE</h2> +<a name="id2543877"></a><h2>EXAMPLE</h2> <p> The following command signs the <strong class="userinput"><code>example.com</code></strong> zone with the DSA key generated by <span><strong class="command">dnssec-keygen</strong></span> @@ -210,15 +210,15 @@ db.example.com.signed %</pre> </div> <div class="refsect1" lang="en"> -<a name="id2543993"></a><h2>SEE ALSO</h2> +<a name="id2543996"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>, - <em class="citetitle">RFC 2535</em>. + <em class="citetitle">RFC 4033</em>. </p> </div> <div class="refsect1" lang="en"> -<a name="id2544020"></a><h2>AUTHOR</h2> +<a name="id2544023"></a><h2>AUTHOR</h2> <p> <span class="corpauthor">Internet Systems Consortium</span> </p> diff --git a/bin/named/client.c b/bin/named/client.c index fbc3bad18de7..9c22b1fe5606 100644 --- a/bin/named/client.c +++ b/bin/named/client.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: client.c,v 1.176.2.13.4.38.4.2 2008/07/23 07:28:11 tbox Exp $ */ +/* $Id: client.c,v 1.176.2.13.4.40 2008/05/22 23:45:34 tbox Exp $ */ #include <config.h> diff --git a/bin/named/config.c b/bin/named/config.c index dc4d928d4f6e..b57b24a0f722 100644 --- a/bin/named/config.c +++ b/bin/named/config.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: config.c,v 1.11.2.4.8.36.4.3 2008/07/23 23:47:49 tbox Exp $ */ +/* $Id: config.c,v 1.11.2.4.8.39 2008/09/04 08:11:24 marka Exp $ */ #include <config.h> diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c index e9c53ec8dd80..ffebec8048b4 100644 --- a/bin/named/controlconf.c +++ b/bin/named/controlconf.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: controlconf.c,v 1.28.2.9.2.13.4.2 2008/07/23 23:16:25 marka Exp $ */ +/* $Id: controlconf.c,v 1.28.2.9.2.15 2008/07/23 23:36:22 marka Exp $ */ #include <config.h> diff --git a/bin/named/include/named/globals.h b/bin/named/include/named/globals.h index b8137e8d3321..b7aaf5a90323 100644 --- a/bin/named/include/named/globals.h +++ b/bin/named/include/named/globals.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: globals.h,v 1.59.68.7 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: globals.h,v 1.59.68.9 2008/10/24 01:42:46 tbox Exp $ */ #ifndef NAMED_GLOBALS_H #define NAMED_GLOBALS_H 1 @@ -46,6 +46,7 @@ EXTERN isc_taskmgr_t * ns_g_taskmgr INIT(NULL); EXTERN dns_dispatchmgr_t * ns_g_dispatchmgr INIT(NULL); EXTERN isc_entropy_t * ns_g_entropy INIT(NULL); EXTERN isc_entropy_t * ns_g_fallbackentropy INIT(NULL); +EXTERN unsigned int ns_g_cpus_detected INIT(1); /* * XXXRTH We're going to want multiple timer managers eventually. One diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c index 524f47b3387f..e56bd9c3876e 100644 --- a/bin/named/interfacemgr.c +++ b/bin/named/interfacemgr.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: interfacemgr.c,v 1.59.2.5.8.21.4.3 2008/07/23 23:16:25 marka Exp $ */ +/* $Id: interfacemgr.c,v 1.59.2.5.8.24 2008/07/23 23:36:22 marka Exp $ */ #include <config.h> diff --git a/bin/named/lwresd.8 b/bin/named/lwresd.8 index 91d0e8a79167..77e90907c77f 100644 --- a/bin/named/lwresd.8 +++ b/bin/named/lwresd.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,7 +13,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwresd.8,v 1.13.208.10 2007/05/16 06:10:54 marka Exp $ +.\" $Id: lwresd.8,v 1.13.208.11 2008/10/17 01:19:58 tbox Exp $ .\" .hy 0 .ad l @@ -85,9 +85,9 @@ Use \fIconfig\-file\fR as the configuration file instead of the default, \fI/etc/lwresd.conf\fR. -<term>\-c</term> +\fB\-c\fR can not be used with -<term>\-C</term>. +\fB\-C\fR. .RE .PP \-C \fIconfig\-file\fR @@ -96,9 +96,9 @@ Use \fIconfig\-file\fR as the configuration file instead of the default, \fI/etc/resolv.conf\fR. -<term>\-C</term> +\fB\-C\fR can not be used with -<term>\-c</term>. +\fB\-c\fR. .RE .PP \-d \fIdebug\-level\fR @@ -217,7 +217,7 @@ The default process\-id file. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") .br Copyright \(co 2000, 2001 Internet Software Consortium. .br diff --git a/bin/named/lwresd.c b/bin/named/lwresd.c index 7dcdad4d47bb..77dce1e4ff41 100644 --- a/bin/named/lwresd.c +++ b/bin/named/lwresd.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwresd.c,v 1.37.2.2.2.8.14.3 2008/07/23 23:16:26 marka Exp $ */ +/* $Id: lwresd.c,v 1.37.2.2.2.11 2008/07/23 23:36:22 marka Exp $ */ /* * Main program for the Lightweight Resolver Daemon. diff --git a/bin/named/lwresd.docbook b/bin/named/lwresd.docbook index 354a4ab85d58..b4cd22bc66e0 100644 --- a/bin/named/lwresd.docbook +++ b/bin/named/lwresd.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: lwresd.docbook,v 1.6.208.9 2007/08/28 07:19:08 tbox Exp $ --> +<!-- $Id: lwresd.docbook,v 1.6.208.11 2008/10/16 23:45:27 tbox Exp $ --> <refentry> <refentryinfo> @@ -36,6 +36,7 @@ <year>2004</year> <year>2005</year> <year>2007</year> + <year>2008</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -143,7 +144,7 @@ Use <replaceable class="parameter">config-file</replaceable> as the configuration file instead of the default, <filename>/etc/lwresd.conf</filename>. - <term>-c</term> can not be used with <term>-C</term>. + <option>-c</option> can not be used with <option>-C</option>. </para> </listitem> </varlistentry> @@ -155,7 +156,7 @@ Use <replaceable class="parameter">config-file</replaceable> as the configuration file instead of the default, <filename>/etc/resolv.conf</filename>. - <term>-C</term> can not be used with <term>-c</term>. + <option>-C</option> can not be used with <option>-c</option>. </para> </listitem> </varlistentry> diff --git a/bin/named/lwresd.html b/bin/named/lwresd.html index 45837e8ed4a1..bb794583a570 100644 --- a/bin/named/lwresd.html +++ b/bin/named/lwresd.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: lwresd.html,v 1.4.2.1.4.15 2007/05/16 06:10:55 marka Exp $ --> +<!-- $Id: lwresd.html,v 1.4.2.1.4.16 2008/10/17 01:19:58 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">lwresd</code> [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-C <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-i <em class="replaceable"><code>pid-file</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-P <em class="replaceable"><code>port</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-4</code>] [<code class="option">-6</code>]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543451"></a><h2>DESCRIPTION</h2> +<a name="id2543454"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">lwresd</strong></span> is the daemon providing name lookup services to clients that use the BIND 9 lightweight resolver @@ -67,7 +67,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543500"></a><h2>OPTIONS</h2> +<a name="id2543504"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-4</span></dt> <dd><p> @@ -86,14 +86,14 @@ Use <em class="replaceable"><code>config-file</code></em> as the configuration file instead of the default, <code class="filename">/etc/lwresd.conf</code>. - <font color="red"><term>-c</term></font> can not be used with <font color="red"><term>-C</term></font>. + <code class="option">-c</code> can not be used with <code class="option">-C</code>. </p></dd> <dt><span class="term">-C <em class="replaceable"><code>config-file</code></em></span></dt> <dd><p> Use <em class="replaceable"><code>config-file</code></em> as the configuration file instead of the default, <code class="filename">/etc/resolv.conf</code>. - <font color="red"><term>-C</term></font> can not be used with <font color="red"><term>-c</term></font>. + <code class="option">-C</code> can not be used with <code class="option">-c</code>. </p></dd> <dt><span class="term">-d <em class="replaceable"><code>debug-level</code></em></span></dt> <dd><p> @@ -194,7 +194,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543915"></a><h2>FILES</h2> +<a name="id2543918"></a><h2>FILES</h2> <div class="variablelist"><dl> <dt><span class="term"><code class="filename">/etc/resolv.conf</code></span></dt> <dd><p> @@ -207,7 +207,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543955"></a><h2>SEE ALSO</h2> +<a name="id2543958"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">lwres</span>(3)</span>, @@ -215,7 +215,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543993"></a><h2>AUTHOR</h2> +<a name="id2543996"></a><h2>AUTHOR</h2> <p> <span class="corpauthor">Internet Systems Consortium</span> </p> diff --git a/bin/named/main.c b/bin/named/main.c index 960de2a34bb1..11a56c9ba88a 100644 --- a/bin/named/main.c +++ b/bin/named/main.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: main.c,v 1.119.2.3.2.25 2006/11/10 18:51:06 marka Exp $ */ +/* $Id: main.c,v 1.119.2.3.2.29 2008/10/24 01:28:55 marka Exp $ */ #include <config.h> @@ -31,6 +31,7 @@ #include <isc/hash.h> #include <isc/os.h> #include <isc/platform.h> +#include <isc/print.h> #include <isc/resource.h> #include <isc/stdio.h> #include <isc/string.h> @@ -76,6 +77,7 @@ static char program_name[ISC_DIR_NAMEMAX] = "named"; static char absolute_conffile[ISC_DIR_PATHMAX]; static char saved_command_line[512]; static char version[512]; +static unsigned int maxsocks = 0; void ns_main_earlywarning(const char *format, ...) { @@ -345,7 +347,8 @@ parse_command_line(int argc, char *argv[]) { isc_commandline_errprint = ISC_FALSE; while ((ch = isc_commandline_parse(argc, argv, - "46c:C:d:fgi:lm:n:N:p:P:st:u:vx:")) != -1) { + "46c:C:d:fgi:lm:n:N:p:P:" + "sS:t:u:vx:")) != -1) { switch (ch) { case '4': if (disable4) @@ -424,6 +427,10 @@ parse_command_line(int argc, char *argv[]) { /* XXXRTH temporary syntax */ want_stats = ISC_TRUE; break; + case 'S': + maxsocks = parse_int(isc_commandline_argument, + "max number of sockets"); + break; case 't': /* XXXJAB should we make a copy? */ ns_g_chrootdir = isc_commandline_argument; @@ -455,17 +462,14 @@ parse_command_line(int argc, char *argv[]) { static isc_result_t create_managers(void) { isc_result_t result; -#ifdef ISC_PLATFORM_USETHREADS - unsigned int cpus_detected; -#endif + unsigned int socks; #ifdef ISC_PLATFORM_USETHREADS - cpus_detected = isc_os_ncpus(); if (ns_g_cpus == 0) - ns_g_cpus = cpus_detected; + ns_g_cpus = ns_g_cpus_detected; isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_INFO, "found %u CPU%s, using %u worker thread%s", - cpus_detected, cpus_detected == 1 ? "" : "s", + ns_g_cpus_detected, ns_g_cpus_detected == 1 ? "" : "s", ns_g_cpus, ns_g_cpus == 1 ? "" : "s"); #else ns_g_cpus = 1; @@ -486,13 +490,19 @@ create_managers(void) { return (ISC_R_UNEXPECTED); } - result = isc_socketmgr_create(ns_g_mctx, &ns_g_socketmgr); + result = isc_socketmgr_create2(ns_g_mctx, &ns_g_socketmgr, maxsocks); if (result != ISC_R_SUCCESS) { UNEXPECTED_ERROR(__FILE__, __LINE__, "isc_socketmgr_create() failed: %s", isc_result_totext(result)); return (ISC_R_UNEXPECTED); } + result = isc_socketmgr_getmaxsockets(ns_g_socketmgr, &socks); + if (result == ISC_R_SUCCESS) { + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, + ISC_LOG_INFO, "using up to %u sockets", socks); + } result = isc_entropy_create(ns_g_mctx, &ns_g_entropy); if (result != ISC_R_SUCCESS) { @@ -539,6 +549,7 @@ destroy_managers(void) { static void setup(void) { isc_result_t result; + isc_resourcevalue_t old_openfiles; #ifdef HAVE_LIBSCF char *instance = NULL; #endif @@ -592,6 +603,13 @@ setup(void) { } #endif +#ifdef ISC_PLATFORM_USETHREADS + /* + * Check for the number of cpu's before ns_os_chroot(). + */ + ns_g_cpus_detected = isc_os_ncpus(); +#endif + ns_os_chroot(ns_g_chrootdir); /* @@ -645,6 +663,23 @@ setup(void) { &ns_g_initopenfiles); /* + * System resources cannot effectively be tuned on some systems. + * Raise the limit in such cases for safety. + */ + old_openfiles = ns_g_initopenfiles; + ns_os_adjustnofile(); + (void)isc_resource_getlimit(isc_resource_openfiles, + &ns_g_initopenfiles); + if (old_openfiles != ns_g_initopenfiles) { + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_MAIN, ISC_LOG_NOTICE, + "adjusted limit on open files from " + "%" ISC_PRINT_QUADFORMAT "u to " + "%" ISC_PRINT_QUADFORMAT "u", + old_openfiles, ns_g_initopenfiles); + } + + /* * If the named configuration filename is relative, prepend the current * directory's name before possibly changing to another directory. */ @@ -654,7 +689,7 @@ setup(void) { sizeof(absolute_conffile)); if (result != ISC_R_SUCCESS) ns_main_earlyfatal("could not construct absolute path of " - "configuration file: %s", + "configuration file: %s", isc_result_totext(result)); ns_g_conffile = absolute_conffile; } @@ -727,7 +762,7 @@ ns_smf_get_instance(char **ins_name, int debug, isc_mem_t *mctx) { if (debug) UNEXPECTED_ERROR(__FILE__, __LINE__, "scf_handle_create() failed: %s", - scf_strerror(scf_error())); + scf_strerror(scf_error())); return (ISC_R_FAILURE); } diff --git a/bin/named/named.8 b/bin/named/named.8 index a8d49747fe68..ab554211a152 100644 --- a/bin/named/named.8 +++ b/bin/named/named.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,7 +13,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: named.8,v 1.17.208.14 2007/06/20 02:26:23 marka Exp $ +.\" $Id: named.8,v 1.17.208.16 2008/08/22 01:21:36 tbox Exp $ .\" .hy 0 .ad l @@ -33,7 +33,7 @@ named \- Internet domain name server .SH "SYNOPSIS" .HP 6 -\fBnamed\fR [\fB\-4\fR] [\fB\-6\fR] [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] [\fB\-x\ \fR\fB\fIcache\-file\fR\fR] +\fBnamed\fR [\fB\-4\fR] [\fB\-6\fR] [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-S\ \fR\fB\fI#max\-socks\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] [\fB\-x\ \fR\fB\fIcache\-file\fR\fR] .SH "DESCRIPTION" .PP \fBnamed\fR @@ -129,6 +129,21 @@ This option is mainly of interest to BIND 9 developers and may be removed or cha .RE .RE .PP +\-S \fI#max\-socks\fR +.RS 4 +Allow +\fBnamed\fR +to use up to +\fI#max\-socks\fR +sockets. +.RS +.B "Warning:" +This option should be unnecessary for the vast majority of users. The use of this option could even be harmful because the specified value may exceed the limitation of the underlying system API. It is therefore set only when the default configuration causes exhaustion of file descriptors and the operational environment is known to support the specified number of sockets. Note also that the actual maximum number is normally a little fewer than the specified value because +\fBnamed\fR +reserves some file descriptors for its internal use. +.RE +.RE +.PP \-t \fIdirectory\fR .RS 4 \fBChroot\fR @@ -230,7 +245,7 @@ BIND 9 Administrator Reference Manual. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004\-2008 Internet Systems Consortium, Inc. ("ISC") .br Copyright \(co 2000, 2001, 2003 Internet Software Consortium. .br diff --git a/bin/named/named.conf.5 b/bin/named/named.conf.5 index 15a8cf723c45..790745511cf9 100644 --- a/bin/named/named.conf.5 +++ b/bin/named/named.conf.5 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -12,7 +12,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: named.conf.5,v 1.1.4.14 2007/06/20 02:26:23 marka Exp $ +.\" $Id: named.conf.5,v 1.1.4.15 2008/09/05 01:21:40 tbox Exp $ .\" .hy 0 .ad l @@ -173,6 +173,7 @@ options { port \fIinteger\fR; querylog \fIboolean\fR; recursing\-file \fIquoted_string\fR; + reserved\-sockets \fIinteger\fR; random\-device \fIquoted_string\fR; recursive\-clients \fIinteger\fR; serial\-query\-rate \fIinteger\fR; @@ -464,5 +465,5 @@ zone \fIstring\fR \fIoptional_class\fR { \fBrndc\fR(8), BIND 9 Administrator Reference Manual .SH "COPYRIGHT" -Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004\-2008 Internet Systems Consortium, Inc. ("ISC") .br diff --git a/bin/named/named.conf.docbook b/bin/named/named.conf.docbook index 0f5676cfdd61..6a9c384d1fb7 100644 --- a/bin/named/named.conf.docbook +++ b/bin/named/named.conf.docbook @@ -17,7 +17,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named.conf.docbook,v 1.1.4.13.4.2 2008/07/23 23:47:49 tbox Exp $ --> +<!-- $Id: named.conf.docbook,v 1.1.4.15 2008/09/04 23:45:32 tbox Exp $ --> <refentry> <refentryinfo> diff --git a/bin/named/named.conf.html b/bin/named/named.conf.html index 54f20fbf731c..e2e965a3585c 100644 --- a/bin/named/named.conf.html +++ b/bin/named/named.conf.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -13,7 +13,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named.conf.html,v 1.1.4.20 2007/06/20 02:26:23 marka Exp $ --> +<!-- $Id: named.conf.html,v 1.1.4.21 2008/09/05 01:21:40 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -31,7 +31,7 @@ <div class="cmdsynopsis"><p><code class="command">named.conf</code> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543330"></a><h2>DESCRIPTION</h2> +<a name="id2543333"></a><h2>DESCRIPTION</h2> <p> <code class="filename">named.conf</code> is the configuration file for <span><strong class="command">named</strong></span>. Statements are enclosed @@ -50,14 +50,14 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543358"></a><h2>ACL</h2> +<a name="id2543362"></a><h2>ACL</h2> <div class="literallayout"><p><br> acl <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> <br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543374"></a><h2>KEY</h2> +<a name="id2543378"></a><h2>KEY</h2> <div class="literallayout"><p><br> key <em class="replaceable"><code>domain_name</code></em> {<br> algorithm <em class="replaceable"><code>string</code></em>;<br> @@ -66,7 +66,7 @@ key <em class="replaceable"><code>domain_name</code></em> {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543394"></a><h2>MASTERS</h2> +<a name="id2543397"></a><h2>MASTERS</h2> <div class="literallayout"><p><br> masters <em class="replaceable"><code>string</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br> ( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br> @@ -75,7 +75,7 @@ masters <em class="replaceable"><code>string</code></em> [<span class="optional" </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543440"></a><h2>SERVER</h2> +<a name="id2543443"></a><h2>SERVER</h2> <div class="literallayout"><p><br> server ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) {<br> bogus <em class="replaceable"><code>boolean</code></em>;<br> @@ -95,7 +95,7 @@ server ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="rep </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543497"></a><h2>TRUSTED-KEYS</h2> +<a name="id2543500"></a><h2>TRUSTED-KEYS</h2> <div class="literallayout"><p><br> trusted-keys {<br> <em class="replaceable"><code>domain_name</code></em> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ... <br> @@ -103,7 +103,7 @@ trusted-keys {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543523"></a><h2>CONTROLS</h2> +<a name="id2543526"></a><h2>CONTROLS</h2> <div class="literallayout"><p><br> controls {<br> inet ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> | * )<br> @@ -115,7 +115,7 @@ controls {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543558"></a><h2>LOGGING</h2> +<a name="id2543561"></a><h2>LOGGING</h2> <div class="literallayout"><p><br> logging {<br> channel <em class="replaceable"><code>string</code></em> {<br> @@ -133,7 +133,7 @@ logging {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543596"></a><h2>LWRES</h2> +<a name="id2543600"></a><h2>LWRES</h2> <div class="literallayout"><p><br> lwres {<br> listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br> @@ -146,7 +146,7 @@ lwres {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543638"></a><h2>OPTIONS</h2> +<a name="id2543641"></a><h2>OPTIONS</h2> <div class="literallayout"><p><br> options {<br> avoid-v4-udp-ports { <em class="replaceable"><code>port</code></em>; ... };<br> @@ -171,6 +171,7 @@ options {<br> port <em class="replaceable"><code>integer</code></em>;<br> querylog <em class="replaceable"><code>boolean</code></em>;<br> recursing-file <em class="replaceable"><code>quoted_string</code></em>;<br> + reserved-sockets <em class="replaceable"><code>integer</code></em>;<br> random-device <em class="replaceable"><code>quoted_string</code></em>;<br> recursive-clients <em class="replaceable"><code>integer</code></em>;<br> serial-query-rate <em class="replaceable"><code>integer</code></em>;<br> @@ -290,7 +291,7 @@ options {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2544322"></a><h2>VIEW</h2> +<a name="id2544328"></a><h2>VIEW</h2> <div class="literallayout"><p><br> view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br> match-clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> @@ -408,7 +409,7 @@ view <em class="replaceable"><code>string</code></em> <em class="replaceable"><c </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2544820"></a><h2>ZONE</h2> +<a name="id2544826"></a><h2>ZONE</h2> <div class="literallayout"><p><br> zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br> type ( master | slave | stub | hint |<br> @@ -484,13 +485,13 @@ zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><c </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2545089"></a><h2>FILES</h2> +<a name="id2545095"></a><h2>FILES</h2> <p> <code class="filename">/etc/named.conf</code> </p> </div> <div class="refsect1" lang="en"> -<a name="id2545101"></a><h2>SEE ALSO</h2> +<a name="id2545108"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>, diff --git a/bin/named/named.docbook b/bin/named/named.docbook index 43401d027447..c6073c34dd36 100644 --- a/bin/named/named.docbook +++ b/bin/named/named.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001, 2003 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named.docbook,v 1.5.98.13 2007/08/28 07:19:08 tbox Exp $ --> +<!-- $Id: named.docbook,v 1.5.98.15 2008/08/21 23:45:31 tbox Exp $ --> <refentry> <refentryinfo> @@ -37,6 +37,7 @@ <year>2005</year> <year>2006</year> <year>2007</year> + <year>2008</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -65,6 +66,7 @@ <arg><option>-n <replaceable class="parameter">#cpus</replaceable></option></arg> <arg><option>-p <replaceable class="parameter">port</replaceable></option></arg> <arg><option>-s</option></arg> + <arg><option>-S <replaceable class="parameter">#max-socks</replaceable></option></arg> <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg> <arg><option>-u <replaceable class="parameter">user</replaceable></option></arg> <arg><option>-v</option></arg> @@ -218,6 +220,33 @@ </varlistentry> <varlistentry> + <term>-S <replaceable class="parameter">#max-socks</replaceable></term> + <listitem> + <para> + Allow <command>named</command> to use up to + <replaceable class="parameter">#max-socks</replaceable> sockets. + </para> + <warning> + <para> + This option should be unnecessary for the vast majority + of users. + The use of this option could even be harmful because the + specified value may exceed the limitation of the + underlying system API. + It is therefore set only when the default configuration + causes exhaustion of file descriptors and the + operational environment is known to support the + specified number of sockets. + Note also that the actual maximum number is normally a little + fewer than the specified value because + <command>named</command> reserves some file descriptors + for its internal use. + </para> + </warning> + </listitem> + </varlistentry> + + <varlistentry> <term>-t <replaceable class="parameter">directory</replaceable></term> <listitem> <para> diff --git a/bin/named/named.html b/bin/named/named.html index f90b087b25c3..101c3b4ee334 100644 --- a/bin/named/named.html +++ b/bin/named/named.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001, 2003 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named.html,v 1.4.2.1.4.19 2007/06/20 02:26:23 marka Exp $ --> +<!-- $Id: named.html,v 1.4.2.1.4.21 2008/08/22 01:21:36 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -29,10 +29,10 @@ </div> <div class="refsynopsisdiv"> <h2>Synopsis</h2> -<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div> +<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-S <em class="replaceable"><code>#max-socks</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543441"></a><h2>DESCRIPTION</h2> +<a name="id2543452"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">named</strong></span> is a Domain Name System (DNS) server, part of the BIND 9 distribution from ISC. For more @@ -46,7 +46,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543466"></a><h2>OPTIONS</h2> +<a name="id2543478"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-4</span></dt> <dd><p> @@ -123,6 +123,31 @@ </p> </div> </dd> +<dt><span class="term">-S <em class="replaceable"><code>#max-socks</code></em></span></dt> +<dd> +<p> + Allow <span><strong class="command">named</strong></span> to use up to + <em class="replaceable"><code>#max-socks</code></em> sockets. + </p> +<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"> +<h3 class="title">Warning</h3> +<p> + This option should be unnecessary for the vast majority + of users. + The use of this option could even be harmful because the + specified value may exceed the limitation of the + underlying system API. + It is therefore set only when the default configuration + causes exhaustion of file descriptors and the + operational environment is known to support the + specified number of sockets. + Note also that the actual maximum number is normally a little + fewer than the specified value because + <span><strong class="command">named</strong></span> reserves some file descriptors + for its internal use. + </p> +</div> +</dd> <dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt> <dd> <p> @@ -186,7 +211,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543851"></a><h2>SIGNALS</h2> +<a name="id2543011"></a><h2>SIGNALS</h2> <p> In routine operation, signals should not be used to control the nameserver; <span><strong class="command">rndc</strong></span> should be used @@ -207,7 +232,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543898"></a><h2>CONFIGURATION</h2> +<a name="id2543058"></a><h2>CONFIGURATION</h2> <p> The <span><strong class="command">named</strong></span> configuration file is too complex to describe in detail here. A complete description is @@ -216,7 +241,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543915"></a><h2>FILES</h2> +<a name="id2543075"></a><h2>FILES</h2> <div class="variablelist"><dl> <dt><span class="term"><code class="filename">/etc/named.conf</code></span></dt> <dd><p> @@ -229,7 +254,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543955"></a><h2>SEE ALSO</h2> +<a name="id2543114"></a><h2>SEE ALSO</h2> <p> <em class="citetitle">RFC 1033</em>, <em class="citetitle">RFC 1034</em>, @@ -243,7 +268,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2544026"></a><h2>AUTHOR</h2> +<a name="id2544210"></a><h2>AUTHOR</h2> <p> <span class="corpauthor">Internet Systems Consortium</span> </p> diff --git a/bin/named/query.c b/bin/named/query.c index 858df8cd975b..2b2705fd363f 100644 --- a/bin/named/query.c +++ b/bin/named/query.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: query.c,v 1.198.2.13.4.53 2008/01/17 23:45:27 tbox Exp $ */ +/* $Id: query.c,v 1.198.2.13.4.56 2008/10/15 22:30:47 marka Exp $ */ #include <config.h> @@ -1900,6 +1900,13 @@ query_addwildcardproof(ns_client_t *client, dns_db_t *db, &olabels); (void)dns_name_fullcompare(name, &nsec.next, &order, &nlabels); + /* + * Check for a pathological condition created when + * serving some malformed signed zones and bail out. + */ + if (dns_name_countlabels(name) == nlabels) + goto cleanup; + if (olabels > nlabels) dns_name_split(name, olabels, NULL, wname); else @@ -2067,12 +2074,13 @@ query_resume(isc_task_t *task, isc_event_t *event) { static isc_result_t query_recurse(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qdomain, - dns_rdataset_t *nameservers) + dns_rdataset_t *nameservers, isc_boolean_t resuming) { isc_result_t result; dns_rdataset_t *rdataset, *sigrdataset; - inc_stats(client, dns_statscounter_recursion); + if (!resuming) + inc_stats(client, dns_statscounter_recursion); /* * We are about to recurse, which means that this client will @@ -2367,6 +2375,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) unsigned int options; isc_boolean_t empty_wild; dns_rdataset_t *noqname; + isc_boolean_t resuming; CTRACE("query_find"); @@ -2392,6 +2401,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) need_wildcardproof = ISC_FALSE; empty_wild = ISC_FALSE; options = 0; + resuming = ISC_FALSE; + is_zone = ISC_FALSE; if (event != NULL) { /* @@ -2401,7 +2412,6 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) want_restart = ISC_FALSE; authoritative = ISC_FALSE; - is_zone = ISC_FALSE; qtype = event->qtype; if (qtype == dns_rdatatype_rrsig || qtype == dns_rdatatype_sig) @@ -2434,6 +2444,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) } result = event->result; + resuming = ISC_TRUE; goto resume; } @@ -2624,7 +2635,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) */ if (RECURSIONOK(client)) { result = query_recurse(client, qtype, - NULL, NULL); + NULL, NULL, resuming); if (result == ISC_R_SUCCESS) client->query.attributes |= NS_QUERYATTR_RECURSING; @@ -2791,10 +2802,12 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) */ if (dns_rdatatype_atparent(type)) result = query_recurse(client, qtype, - NULL, NULL); + NULL, NULL, + resuming); else result = query_recurse(client, qtype, - fname, rdataset); + fname, rdataset, + resuming); if (result == ISC_R_SUCCESS) client->query.attributes |= NS_QUERYATTR_RECURSING; @@ -3223,7 +3236,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) result = query_recurse(client, qtype, NULL, - NULL); + NULL, + resuming); if (result == ISC_R_SUCCESS) client->query.attributes |= NS_QUERYATTR_RECURSING; diff --git a/bin/named/server.c b/bin/named/server.c index afbecb8487ef..8acb00875210 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: server.c,v 1.339.2.15.2.78.4.3 2008/07/23 23:47:49 tbox Exp $ */ +/* $Id: server.c,v 1.339.2.15.2.84 2008/09/04 23:45:32 tbox Exp $ */ #include <config.h> @@ -30,8 +30,10 @@ #include <isc/hash.h> #include <isc/lex.h> #include <isc/parseint.h> +#include <isc/portset.h> #include <isc/print.h> #include <isc/resource.h> +#include <isc/socket.h> #include <isc/stdio.h> #include <isc/string.h> #include <isc/task.h> @@ -427,13 +429,15 @@ mustbesecure(const cfg_obj_t *mbs, dns_resolver_t *resolver) */ static isc_result_t get_view_querysource_dispatch(const cfg_obj_t **maps, - int af, dns_dispatch_t **dispatchp) + int af, dns_dispatch_t **dispatchp, + isc_boolean_t is_firstview) { isc_result_t result; dns_dispatch_t *disp; isc_sockaddr_t sa; unsigned int attrs, attrmask; const cfg_obj_t *obj = NULL; + unsigned int maxdispatchbuffers; /* * Make compiler happy. @@ -485,12 +489,18 @@ get_view_querysource_dispatch(const cfg_obj_t **maps, attrs |= DNS_DISPATCHATTR_IPV6; break; } - - if (isc_sockaddr_getport(&sa) != 0) { + if (isc_sockaddr_getport(&sa) == 0) { + attrs |= DNS_DISPATCHATTR_EXCLUSIVE; + maxdispatchbuffers = 4096; + } else { INSIST(obj != NULL); - cfg_obj_log(obj, ns_g_lctx, ISC_LOG_INFO, - "using specific query-source port suppresses port " - "randomization and can be insecure."); + if (is_firstview) { + cfg_obj_log(obj, ns_g_lctx, ISC_LOG_INFO, + "using specific query-source port " + "suppresses port randomization and can be " + "insecure."); + } + maxdispatchbuffers = 1000; } attrmask = 0; @@ -502,7 +512,7 @@ get_view_querysource_dispatch(const cfg_obj_t **maps, disp = NULL; result = dns_dispatch_getudp(ns_g_dispatchmgr, ns_g_socketmgr, ns_g_taskmgr, &sa, 4096, - 1024, 32768, 16411, 16433, + maxdispatchbuffers, 32768, 16411, 16433, attrs, attrmask, &disp); if (result != ISC_R_SUCCESS) { isc_sockaddr_t any; @@ -912,8 +922,12 @@ configure_view(dns_view_t *view, const cfg_obj_t *config, * * XXXRTH Hardwired number of tasks. */ - CHECK(get_view_querysource_dispatch(maps, AF_INET, &dispatch4)); - CHECK(get_view_querysource_dispatch(maps, AF_INET6, &dispatch6)); + CHECK(get_view_querysource_dispatch(maps, AF_INET, &dispatch4, + ISC_TF(ISC_LIST_PREV(view, link) + == NULL))); + CHECK(get_view_querysource_dispatch(maps, AF_INET6, &dispatch6, + ISC_TF(ISC_LIST_PREV(view, link) + == NULL))); if (dispatch4 == NULL && dispatch6 == NULL) { UNEXPECTED_ERROR(__FILE__, __LINE__, "unable to obtain neither an IPv4 nor" @@ -2129,24 +2143,41 @@ set_limits(const cfg_obj_t **maps) { SETLIMIT("files", openfiles, "open files"); } -static isc_result_t -portlist_fromconf(dns_portlist_t *portlist, unsigned int family, - const cfg_obj_t *ports) +static void +portset_fromconf(isc_portset_t *portset, const cfg_obj_t *ports, + isc_boolean_t positive) { const cfg_listelt_t *element; - isc_result_t result = ISC_R_SUCCESS; for (element = cfg_list_first(ports); element != NULL; element = cfg_list_next(element)) { const cfg_obj_t *obj = cfg_listelt_value(element); - in_port_t port = (in_port_t)cfg_obj_asuint32(obj); - result = dns_portlist_add(portlist, family, port); - if (result != ISC_R_SUCCESS) - break; + if (cfg_obj_isuint32(obj)) { + in_port_t port = (in_port_t)cfg_obj_asuint32(obj); + + if (positive) + isc_portset_add(portset, port); + else + isc_portset_remove(portset, port); + } else { + const cfg_obj_t *obj_loport, *obj_hiport; + in_port_t loport, hiport; + + obj_loport = cfg_tuple_get(obj, "loport"); + loport = (in_port_t)cfg_obj_asuint32(obj_loport); + obj_hiport = cfg_tuple_get(obj, "hiport"); + hiport = (in_port_t)cfg_obj_asuint32(obj_hiport); + + if (positive) + isc_portset_addrange(portset, loport, hiport); + else { + isc_portset_removerange(portset, loport, + hiport); + } + } } - return (result); } static isc_result_t @@ -2160,21 +2191,24 @@ load_configuration(const char *filename, ns_server_t *server, const cfg_obj_t *maps[3]; const cfg_obj_t *obj; const cfg_obj_t *options; - const cfg_obj_t *v4ports, *v6ports; + const cfg_obj_t *usev4ports, *avoidv4ports, *usev6ports, *avoidv6ports; const cfg_obj_t *views; dns_view_t *view = NULL; dns_view_t *view_next; dns_viewlist_t tmpviewlist; dns_viewlist_t viewlist; - in_port_t listen_port; + in_port_t listen_port, udpport_low, udpport_high; int i; - isc_resourcevalue_t files; + isc_portset_t *v4portset = NULL; + isc_portset_t *v6portset = NULL; + isc_resourcevalue_t nfiles; isc_result_t result; isc_uint32_t heartbeat_interval; isc_uint32_t interface_interval; isc_uint32_t reserved; isc_uint32_t udpsize; ns_aclconfctx_t aclconfctx; + unsigned int maxsocks; ns_aclconfctx_init(&aclconfctx); ISC_LIST_INIT(viewlist); @@ -2234,15 +2268,6 @@ load_configuration(const char *filename, ns_server_t *server, CHECK(result); /* - * Check that the working directory is writable. - */ - if (access(".", W_OK) != 0) { - isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, - NS_LOGMODULE_SERVER, ISC_LOG_ERROR, - "the working directory is not writable"); - } - - /* * Check the validity of the configuration. */ CHECK(bind9_check_namedconf(config, ns_g_lctx, ns_g_mctx)); @@ -2264,20 +2289,22 @@ load_configuration(const char *filename, ns_server_t *server, set_limits(maps); /* - * Sanity check on "files" limit. + * Check if max number of open sockets that the system allows is + * sufficiently large. Failing this condition is not necessarily fatal, + * but may cause subsequent runtime failures for a busy recursive + * server. */ - result = isc_resource_curlimit(isc_resource_openfiles, &files); - if (result == ISC_R_SUCCESS && files < FD_SETSIZE) { + result = isc_socketmgr_getmaxsockets(ns_g_socketmgr, &maxsocks); + if (result != ISC_R_SUCCESS) + maxsocks = 0; + result = isc_resource_getcurlimit(isc_resource_openfiles, &nfiles); + if (result == ISC_R_SUCCESS && (isc_resourcevalue_t)maxsocks > nfiles) { isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_WARNING, - "the 'files' limit (%" ISC_PRINT_QUADFORMAT "u) " - "is less than FD_SETSIZE (%d), increase " - "'files' in named.conf or recompile with a " - "smaller FD_SETSIZE.", files, FD_SETSIZE); - if (files > FD_SETSIZE) - files = FD_SETSIZE; - } else - files = FD_SETSIZE; + "max open files (%" ISC_PRINT_QUADFORMAT "u)" + " is smaller than max sockets (%u)", + nfiles, maxsocks); + } /* * Set the number of socket reserved for TCP, stdio etc. @@ -2286,17 +2313,20 @@ load_configuration(const char *filename, ns_server_t *server, result = ns_config_get(maps, "reserved-sockets", &obj); INSIST(result == ISC_R_SUCCESS); reserved = cfg_obj_asuint32(obj); - if (files < 128U) /* Prevent underflow. */ - reserved = 0; - else if (reserved > files - 128U) /* Mimimum UDP space. */ - reserved = files - 128; - if (reserved < 128U) /* Mimimum TCP/stdio space. */ + if (maxsocks != 0) { + if (maxsocks < 128U) /* Prevent underflow. */ + reserved = 0; + else if (reserved > maxsocks - 128U) /* Minimum UDP space. */ + reserved = maxsocks - 128; + } + /* Minimum TCP/stdio space. */ + if (reserved < 128U) reserved = 128; - if (reserved + 128U > files) { + if (reserved + 128U > maxsocks && maxsocks != 0) { isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_WARNING, "less than 128 UDP sockets available after " - "applying 'reserved-sockets' and 'files'"); + "applying 'reserved-sockets' and 'maxsockets'"); } isc__socketmgr_setreserved(ns_g_socketmgr, reserved); @@ -2324,24 +2354,64 @@ load_configuration(const char *filename, ns_server_t *server, INSIST(result == ISC_R_SUCCESS); server->aclenv.match_mapped = cfg_obj_asboolean(obj); - v4ports = NULL; - v6ports = NULL; - (void)ns_config_get(maps, "avoid-v4-udp-ports", &v4ports); - (void)ns_config_get(maps, "avoid-v6-udp-ports", &v6ports); - if (v4ports != NULL || v6ports != NULL) { - dns_portlist_t *portlist = NULL; - result = dns_portlist_create(ns_g_mctx, &portlist); - if (result == ISC_R_SUCCESS && v4ports != NULL) - result = portlist_fromconf(portlist, AF_INET, v4ports); - if (result == ISC_R_SUCCESS && v6ports != NULL) - portlist_fromconf(portlist, AF_INET6, v6ports); - if (result == ISC_R_SUCCESS) - dns_dispatchmgr_setblackportlist(ns_g_dispatchmgr, portlist); - if (portlist != NULL) - dns_portlist_detach(&portlist); - CHECK(result); - } else - dns_dispatchmgr_setblackportlist(ns_g_dispatchmgr, NULL); + /* + * Configure sets of UDP query source ports. + */ + CHECKM(isc_portset_create(ns_g_mctx, &v4portset), + "creating UDP port set"); + CHECKM(isc_portset_create(ns_g_mctx, &v6portset), + "creating UDP port set"); + + usev4ports = NULL; + usev6ports = NULL; + avoidv4ports = NULL; + avoidv6ports = NULL; + + (void)ns_config_get(maps, "use-v4-udp-ports", &usev4ports); + if (usev4ports != NULL) + portset_fromconf(v4portset, usev4ports, ISC_TRUE); + else { + CHECKM(isc_net_getudpportrange(AF_INET, &udpport_low, + &udpport_high), + "get the default UDP/IPv4 port range"); + if (udpport_low == udpport_high) + isc_portset_add(v4portset, udpport_low); + else { + isc_portset_addrange(v4portset, udpport_low, + udpport_high); + } + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_INFO, + "using default UDP/IPv4 port range: [%d, %d]", + udpport_low, udpport_high); + } + (void)ns_config_get(maps, "avoid-v4-udp-ports", &avoidv4ports); + if (avoidv4ports != NULL) + portset_fromconf(v4portset, avoidv4ports, ISC_FALSE); + + (void)ns_config_get(maps, "use-v6-udp-ports", &usev6ports); + if (usev6ports != NULL) + portset_fromconf(v6portset, usev6ports, ISC_TRUE); + else { + CHECKM(isc_net_getudpportrange(AF_INET6, &udpport_low, + &udpport_high), + "get the default UDP/IPv6 port range"); + if (udpport_low == udpport_high) + isc_portset_add(v6portset, udpport_low); + else { + isc_portset_addrange(v6portset, udpport_low, + udpport_high); + } + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_INFO, + "using default UDP/IPv6 port range: [%d, %d]", + udpport_low, udpport_high); + } + (void)ns_config_get(maps, "avoid-v6-udp-ports", &avoidv6ports); + if (avoidv6ports != NULL) + portset_fromconf(v6portset, avoidv6ports, ISC_FALSE); + + dns_dispatchmgr_setavailports(ns_g_dispatchmgr, v4portset, v6portset); /* * Set the EDNS UDP size when we don't match a view. @@ -2648,6 +2718,15 @@ load_configuration(const char *filename, ns_server_t *server, ns_os_changeuser(); /* + * Check that the working directory is writable. + */ + if (access(".", W_OK) != 0) { + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_ERROR, + "the working directory is not writable"); + } + + /* * Configure the logging system. * * Do this after changing UID to make sure that any log @@ -2807,6 +2886,12 @@ load_configuration(const char *filename, ns_server_t *server, result = ISC_R_SUCCESS; cleanup: + if (v4portset != NULL) + isc_portset_destroy(ns_g_mctx, &v4portset); + + if (v6portset != NULL) + isc_portset_destroy(ns_g_mctx, &v6portset); + ns_aclconfctx_destroy(&aclconfctx); if (parser != NULL) { diff --git a/bin/named/unix/include/named/os.h b/bin/named/unix/include/named/os.h index 1c4bec070727..96604e54acd4 100644 --- a/bin/named/unix/include/named/os.h +++ b/bin/named/unix/include/named/os.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: os.h,v 1.14.2.2.8.12 2007/08/28 07:19:08 tbox Exp $ */ +/* $Id: os.h,v 1.14.2.2.8.14 2008/10/24 01:42:46 tbox Exp $ */ #ifndef NS_OS_H #define NS_OS_H 1 @@ -44,11 +44,13 @@ void ns_os_changeuser(void); void +ns_os_adjustnofile(void); + +void ns_os_minprivs(void); void ns_os_writepidfile(const char *filename, isc_boolean_t first_time); - void ns_os_shutdown(void); diff --git a/bin/named/unix/os.c b/bin/named/unix/os.c index f8026660391e..3fe15cb1a007 100644 --- a/bin/named/unix/os.c +++ b/bin/named/unix/os.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: os.c,v 1.46.2.4.8.30 2008/01/17 23:45:27 tbox Exp $ */ +/* $Id: os.c,v 1.46.2.4.8.33 2008/10/24 01:42:46 tbox Exp $ */ #include <config.h> #include <stdarg.h> @@ -40,6 +40,7 @@ #include <isc/buffer.h> #include <isc/file.h> #include <isc/print.h> +#include <isc/resource.h> #include <isc/result.h> #include <isc/strerror.h> #include <isc/string.h> @@ -114,6 +115,16 @@ static int dfd[2] = { -1, -1 }; static isc_boolean_t non_root = ISC_FALSE; static isc_boolean_t non_root_caps = ISC_FALSE; +#if defined(HAVE_CAPSET) +#undef _POSIX_SOURCE +#ifdef HAVE_SYS_CAPABILITY_H +#include <sys/capability.h> +#else +#include <linux/capability.h> +int capset(cap_user_header_t hdrp, const cap_user_data_t datap); +#endif +#include <sys/prctl.h> +#else /* * We define _LINUX_FS_H to prevent it from being included. We don't need * anything from it, and the files it includes cause warnings with 2.2 @@ -146,6 +157,7 @@ static isc_boolean_t non_root_caps = ISC_FALSE; #endif #define SYS_capset __NR_capset #endif +#endif static void linux_setcaps(unsigned int caps) { @@ -163,13 +175,23 @@ linux_setcaps(unsigned int caps) { cap.effective = caps; cap.permitted = caps; cap.inheritable = 0; - if (syscall(SYS_capset, &caphead, &cap) < 0) { +#ifdef HAVE_CAPSET + if (capset(&caphead, &cap) < 0 ) { isc__strerror(errno, strbuf, sizeof(strbuf)); ns_main_earlyfatal("capset failed: %s:" " please ensure that the capset kernel" " module is loaded. see insmod(8)", strbuf); } +#else + if (syscall(SYS_capset, &caphead, &cap) < 0) { + isc__strerror(errno, strbuf, sizeof(strbuf)); + ns_main_earlyfatal("syscall(capset) failed: %s:" + " please ensure that the capset kernel" + " module is loaded. see insmod(8)", + strbuf); + } +#endif } static void @@ -511,6 +533,24 @@ ns_os_changeuser(void) { } void +ns_os_adjustnofile() { +#ifdef HAVE_LINUXTHREADS + isc_result_t result; + isc_resourcevalue_t newvalue; + + /* + * Linux: max number of open files specified by one thread doesn't seem + * to apply to other threads on Linux. + */ + newvalue = ISC_RESOURCE_UNLIMITED; + + result = isc_resource_setlimit(isc_resource_openfiles, newvalue); + if (result != ISC_R_SUCCESS) + ns_main_earlywarning("couldn't adjust limit on open files"); +#endif +} + +void ns_os_minprivs(void) { #ifdef HAVE_SYS_PRCTL_H linux_keepcaps(); diff --git a/bin/named/update.c b/bin/named/update.c index 6733d76902b1..b556935a7bca 100644 --- a/bin/named/update.c +++ b/bin/named/update.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: update.c,v 1.88.2.5.2.35 2008/01/17 23:45:27 tbox Exp $ */ +/* $Id: update.c,v 1.88.2.5.2.36 2008/04/28 03:28:10 marka Exp $ */ #include <config.h> @@ -1612,10 +1612,10 @@ find_zone_keys(dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, * Add RRSIG records for an RRset, recording the change in "diff". */ static isc_result_t -add_sigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, - dns_rdatatype_t type, dns_diff_t *diff, dst_key_t **keys, - unsigned int nkeys, isc_mem_t *mctx, isc_stdtime_t inception, - isc_stdtime_t expire) +add_sigs(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, + dns_dbversion_t *ver, dns_name_t *name, dns_rdatatype_t type, + dns_diff_t *diff, dst_key_t **keys, unsigned int nkeys, + isc_mem_t *mctx, isc_stdtime_t inception, isc_stdtime_t expire) { isc_result_t result; dns_dbnode_t *node = NULL; @@ -1624,6 +1624,7 @@ add_sigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, isc_buffer_t buffer; unsigned char data[1024]; /* XXX */ unsigned int i; + isc_boolean_t added_sig = ISC_FALSE; dns_rdataset_init(&rdataset); isc_buffer_init(&buffer, data, sizeof(data)); @@ -1648,6 +1649,13 @@ add_sigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, CHECK(update_one_rr(db, ver, diff, DNS_DIFFOP_ADD, name, rdataset.ttl, &sig_rdata)); dns_rdata_reset(&sig_rdata); + added_sig = ISC_TRUE; + } + if (!added_sig) { + update_log(client, zone, ISC_LOG_ERROR, + "found no private keys, " + "unable to generate any signatures"); + result = ISC_R_NOTFOUND; } failure: @@ -1767,9 +1775,9 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, */ CHECK(rrset_exists(db, newver, name, type, 0, &flag)); if (flag) { - CHECK(add_sigs(db, newver, name, type, - &sig_diff, zone_keys, nkeys, - client->mctx, inception, + CHECK(add_sigs(client, zone, db, newver, name, + type, &sig_diff, zone_keys, + nkeys, client->mctx, inception, expire)); } skip: @@ -1953,9 +1961,10 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, dns_rdatatype_rrsig, dns_rdatatype_nsec, NULL, &sig_diff)); } else if (t->op == DNS_DIFFOP_ADD) { - CHECK(add_sigs(db, newver, &t->name, dns_rdatatype_nsec, - &sig_diff, zone_keys, nkeys, - client->mctx, inception, expire)); + CHECK(add_sigs(client, zone, db, newver, &t->name, + dns_rdatatype_nsec, &sig_diff, + zone_keys, nkeys, client->mctx, + inception, expire)); } else { INSIST(0); } diff --git a/bin/nsupdate/Makefile.in b/bin/nsupdate/Makefile.in index 3474f7cfa06c..a09760353e0c 100644 --- a/bin/nsupdate/Makefile.in +++ b/bin/nsupdate/Makefile.in @@ -1,4 +1,4 @@ -# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2000-2003 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.15.12.13 2007/08/28 07:19:08 tbox Exp $ +# $Id: Makefile.in,v 1.15.12.15 2008/08/29 23:45:33 tbox Exp $ srcdir = @srcdir@ VPATH = @srcdir@ @@ -55,7 +55,7 @@ UOBJS = SRCS = nsupdate.c -MANPAGES = nsupdate.8 +MANPAGES = nsupdate.1 HTMLPAGES = nsupdate.html @@ -76,8 +76,8 @@ clean distclean:: installdirs: $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir} - $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8 + $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man1 install:: nsupdate@EXEEXT@ installdirs ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} nsupdate@EXEEXT@ ${DESTDIR}${bindir} - ${INSTALL_DATA} ${srcdir}/nsupdate.8 ${DESTDIR}${mandir}/man8 + ${INSTALL_DATA} ${srcdir}/nsupdate.1 ${DESTDIR}${mandir}/man1 diff --git a/bin/nsupdate/nsupdate.8 b/bin/nsupdate/nsupdate.1 index 5d608e3565af..14b9eeb53a61 100644 --- a/bin/nsupdate/nsupdate.8 +++ b/bin/nsupdate/nsupdate.1 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2003 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,7 +13,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: nsupdate.8,v 1.24.2.2.2.13 2007/05/09 03:32:36 marka Exp $ +.\" $Id: nsupdate.1,v 1.1.6.2 2008/09/01 01:53:43 tbox Exp $ .\" .hy 0 .ad l @@ -24,7 +24,7 @@ .\" Manual: BIND9 .\" Source: BIND9 .\" -.TH "NSUPDATE" "8" "Jun 30, 2000" "BIND9" "BIND9" +.TH "NSUPDATE" "1" "Jun 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -342,7 +342,7 @@ base\-64 encoding of HMAC\-MD5 key created by .PP The TSIG key is redundantly stored in two separate files. This is a consequence of nsupdate using the DST library for its cryptographic operations, and may change in future releases. .SH "COPYRIGHT" -Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004\-2008 Internet Systems Consortium, Inc. ("ISC") .br Copyright \(co 2000\-2003 Internet Software Consortium. .br diff --git a/bin/nsupdate/nsupdate.docbook b/bin/nsupdate/nsupdate.docbook index f45ec143bbd5..7e4ba9666a2b 100644 --- a/bin/nsupdate/nsupdate.docbook +++ b/bin/nsupdate/nsupdate.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: nsupdate.docbook,v 1.8.2.3.2.16 2007/08/28 07:19:08 tbox Exp $ --> +<!-- $Id: nsupdate.docbook,v 1.8.2.3.2.18 2008/08/29 23:45:33 tbox Exp $ --> <refentry> <refentryinfo> @@ -26,7 +26,7 @@ </refentryinfo> <refmeta> <refentrytitle>nsupdate</refentrytitle> -<manvolnum>8</manvolnum> +<manvolnum>1</manvolnum> <refmiscinfo>BIND9</refmiscinfo> </refmeta> @@ -36,6 +36,7 @@ <year>2005</year> <year>2006</year> <year>2007</year> + <year>2008</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> diff --git a/bin/nsupdate/nsupdate.html b/bin/nsupdate/nsupdate.html index 009942d11b4e..f64368a715c9 100644 --- a/bin/nsupdate/nsupdate.html +++ b/bin/nsupdate/nsupdate.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: nsupdate.html,v 1.9.2.3.2.20 2007/05/09 03:32:36 marka Exp $ --> +<!-- $Id: nsupdate.html,v 1.9.2.3.2.21 2008/09/01 01:53:43 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">nsupdate</code> [<code class="option">-d</code>] [[<code class="option">-y <em class="replaceable"><code>keyname:secret</code></em></code>] | [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-v</code>] [filename]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543405"></a><h2>DESCRIPTION</h2> +<a name="id2543409"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">nsupdate</strong></span> is used to submit Dynamic DNS Update requests as defined in RFC2136 @@ -160,7 +160,7 @@ and number of UDP retries. </p> </div> <div class="refsect1" lang="en"> -<a name="id2543562"></a><h2>INPUT FORMAT</h2> +<a name="id2543565"></a><h2>INPUT FORMAT</h2> <p> <span><strong class="command">nsupdate</strong></span> reads input from @@ -399,7 +399,7 @@ Lines beginning with a semicolon are comments and are ignored. </p> </div> <div class="refsect1" lang="en"> -<a name="id2544279"></a><h2>EXAMPLES</h2> +<a name="id2544282"></a><h2>EXAMPLES</h2> <p> The examples below show how <span><strong class="command">nsupdate</strong></span> @@ -452,7 +452,7 @@ RRSIG, DNSKEY and NSEC records.) </p> </div> <div class="refsect1" lang="en"> -<a name="id2544323"></a><h2>FILES</h2> +<a name="id2544326"></a><h2>FILES</h2> <div class="variablelist"><dl> <dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt> <dd><p> @@ -471,7 +471,7 @@ base-64 encoding of HMAC-MD5 key created by </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2544459"></a><h2>SEE ALSO</h2> +<a name="id2544462"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">RFC2136</span></span>, <span class="citerefentry"><span class="refentrytitle">RFC3007</span></span>, @@ -485,7 +485,7 @@ base-64 encoding of HMAC-MD5 key created by </p> </div> <div class="refsect1" lang="en"> -<a name="id2544531"></a><h2>BUGS</h2> +<a name="id2544534"></a><h2>BUGS</h2> <p> The TSIG key is redundantly stored in two separate files. This is a consequence of nsupdate using the DST library diff --git a/bin/rndc/rndc-confgen.c b/bin/rndc/rndc-confgen.c index f6e578ed9878..f0cd0cbd367b 100644 --- a/bin/rndc/rndc-confgen.c +++ b/bin/rndc/rndc-confgen.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rndc-confgen.c,v 1.9.2.6.2.5 2004/09/28 07:14:57 marka Exp $ */ +/* $Id: rndc-confgen.c,v 1.9.2.6.2.7 2008/10/15 23:45:34 tbox Exp $ */ #include <config.h> @@ -51,7 +51,7 @@ #define DEFAULT_PORT 953 static char program[256]; -char *progname; +const char *progname; isc_boolean_t verbose = ISC_FALSE; @@ -137,7 +137,7 @@ main(int argc, char **argv) { isc_boolean_t keyonly = ISC_FALSE; int len; - keydef = keyfile = RNDC_KEYFILE; + keydef = keyfile = RNDC_KEYFILE; result = isc_file_progname(*argv, program, sizeof(program)); if (result != ISC_R_SUCCESS) @@ -275,7 +275,7 @@ main(int argc, char **argv) { fatal("isc_mem_get(%d) failed\n", len); snprintf(buf, len, "%s%s%s", chrootdir, (*keyfile != '/') ? "/" : "", keyfile); - + write_key_file(buf, user, keyname, &key_txtbuffer); isc_mem_put(mctx, buf, len); } diff --git a/bin/rndc/rndc.c b/bin/rndc/rndc.c index a5e912ddfd42..977a8ba60541 100644 --- a/bin/rndc/rndc.c +++ b/bin/rndc/rndc.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2006, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rndc.c,v 1.77.2.5.2.19 2006/08/04 03:03:08 marka Exp $ */ +/* $Id: rndc.c,v 1.77.2.5.2.21 2008/10/15 23:45:34 tbox Exp $ */ /* * Principal Author: DCL @@ -56,7 +56,7 @@ #define SERVERADDRS 10 -char *progname; +const char *progname; isc_boolean_t verbose; static const char *admin_conffile; @@ -86,7 +86,7 @@ static void usage(int status) { fprintf(stderr, "\ Usage: %s [-c config] [-s server] [-p port]\n\ - [-k key-file ] [-y key] [-V] command\n\ + [-k key-file ] [-y key] [-V] command\n\ \n\ command is one of the following:\n\ \n\ @@ -98,9 +98,9 @@ command is one of the following:\n\ retransfer zone [class [view]]\n\ Retransfer a single zone without checking serial number.\n\ freeze zone [class [view]]\n\ - Suspend updates to a dynamic zone.\n\ + Suspend updates to a dynamic zone.\n\ thaw zone [class [view]]\n\ - Enable updates to a frozen dynamic zone and reload it.\n\ + Enable updates to a frozen dynamic zone and reload it.\n\ reconfig Reload configuration file and new zones only.\n\ stats Write server statistics to the statistics file.\n\ querylog Toggle query logging.\n\ @@ -443,7 +443,7 @@ parse_config(isc_mem_t *mctx, isc_log_t *log, const char *keyname, (void)cfg_map_get(config, "server", &servers); if (servers != NULL) { for (elt = cfg_list_first(servers); - elt != NULL; + elt != NULL; elt = cfg_list_next(elt)) { const char *name; @@ -479,7 +479,7 @@ parse_config(isc_mem_t *mctx, isc_log_t *log, const char *keyname, else { DO("get config key list", cfg_map_get(config, "key", &keys)); for (elt = cfg_list_first(keys); - elt != NULL; + elt != NULL; elt = cfg_list_next(elt)) { key = cfg_listelt_value(elt); @@ -624,7 +624,7 @@ main(int argc, char **argv) { logdest.file.maximum_size = 0; DO("creating log channel", isc_log_createchannel(logconfig, "stderr", - ISC_LOG_TOFILEDESC, ISC_LOG_INFO, &logdest, + ISC_LOG_TOFILEDESC, ISC_LOG_INFO, &logdest, ISC_LOG_PRINTTAG|ISC_LOG_PRINTLEVEL)); DO("enabling log channel", isc_log_usechannel(logconfig, "stderr", NULL, NULL)); |