diff options
Diffstat (limited to 'bin')
53 files changed, 2041 insertions, 698 deletions
diff --git a/bin/check/named-checkconf.8 b/bin/check/named-checkconf.8 index 67a8f4a3da6a..909184ef2f1d 100644 --- a/bin/check/named-checkconf.8 +++ b/bin/check/named-checkconf.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2002 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and/or distribute this software for any @@ -33,7 +33,7 @@ named\-checkconf \- named configuration file syntax checking tool .SH "SYNOPSIS" .HP 16 -\fBnamed\-checkconf\fR [\fB\-h\fR] [\fB\-v\fR] [\fB\-j\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] {filename} [\fB\-p\fR] [\fB\-z\fR] +\fBnamed\-checkconf\fR [\fB\-h\fR] [\fB\-v\fR] [\fB\-j\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] {filename} [\fB\-p\fR] [\fB\-x\fR] [\fB\-z\fR] .SH "DESCRIPTION" .PP \fBnamed\-checkconf\fR @@ -84,6 +84,14 @@ Print out the and included files in canonical form if no errors were detected. .RE .PP +\-x +.RS 4 +When printing the configuration files in canonical form, obscure shared secrets by replacing them with strings of question marks ('?'). This allows the contents of +\fInamed.conf\fR +and related files to be shared \(em for example, when submitting bug reports \(em without compromising private data. This option cannot be used without +\fB\-p\fR. +.RE +.PP \-z .RS 4 Perform a test load of all master zones found in @@ -113,7 +121,7 @@ BIND 9 Administrator Reference Manual. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC") .br Copyright \(co 2000\-2002 Internet Software Consortium. .br diff --git a/bin/check/named-checkconf.c b/bin/check/named-checkconf.c index ef754ff29af9..30a549c6e1d7 100644 --- a/bin/check/named-checkconf.c +++ b/bin/check/named-checkconf.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007, 2009-2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -39,10 +39,13 @@ #include <bind9/check.h> +#include <dns/db.h> #include <dns/fixedname.h> #include <dns/log.h> #include <dns/name.h> +#include <dns/rdataclass.h> #include <dns/result.h> +#include <dns/rootns.h> #include <dns/zone.h> #include "check-tool.h" @@ -151,6 +154,30 @@ config_get(const cfg_obj_t **maps, const char *name, const cfg_obj_t **obj) { } } +static isc_result_t +configure_hint(const char *zfile, const char *zclass, isc_mem_t *mctx) { + isc_result_t result; + dns_db_t *db = NULL; + dns_rdataclass_t rdclass; + isc_textregion_t r; + + if (zfile == NULL) + return (ISC_R_FAILURE); + + DE_CONST(zclass, r.base); + r.length = strlen(zclass); + result = dns_rdataclass_fromtext(&rdclass, &r); + if (result != ISC_R_SUCCESS) + return (result); + + result = dns_rootns_create(mctx, rdclass, zfile, &db); + if (result != ISC_R_SUCCESS) + return (result); + + dns_db_detach(&db); + return (ISC_R_SUCCESS); +} + /*% configure the zone */ static isc_result_t configure_zone(const char *vclass, const char *view, @@ -161,7 +188,7 @@ configure_zone(const char *vclass, const char *view, isc_result_t result; const char *zclass; const char *zname; - const char *zfile; + const char *zfile = NULL; const cfg_obj_t *maps[4]; const cfg_obj_t *zoptions = NULL; const cfg_obj_t *classobj = NULL; @@ -195,15 +222,26 @@ configure_zone(const char *vclass, const char *view, cfg_map_get(zoptions, "type", &typeobj); if (typeobj == NULL) return (ISC_R_FAILURE); - if (strcasecmp(cfg_obj_asstring(typeobj), "master") != 0) + + cfg_map_get(zoptions, "file", &fileobj); + if (fileobj != NULL) + zfile = cfg_obj_asstring(fileobj); + + /* + * Check hints files for hint zones. + * Skip loading checks for any type other than master. + */ + if (strcasecmp(cfg_obj_asstring(typeobj), "hint") == 0) + return (configure_hint(zfile, zclass, mctx)); + else if ((strcasecmp(cfg_obj_asstring(typeobj), "master") != 0)) return (ISC_R_SUCCESS); + + if (zfile == NULL) + return (ISC_R_FAILURE); + cfg_map_get(zoptions, "database", &dbobj); if (dbobj != NULL) return (ISC_R_SUCCESS); - cfg_map_get(zoptions, "file", &fileobj); - if (fileobj == NULL) - return (ISC_R_FAILURE); - zfile = cfg_obj_asstring(fileobj); obj = NULL; if (get_maps(maps, "check-dup-records", &obj)) { @@ -341,7 +379,7 @@ configure_zone(const char *vclass, const char *view, if (result != ISC_R_SUCCESS) fprintf(stderr, "%s/%s/%s: %s\n", view, zname, zclass, dns_result_totext(result)); - return(result); + return (result); } /*% configure a view */ @@ -442,10 +480,11 @@ main(int argc, char **argv) { isc_entropy_t *ectx = NULL; isc_boolean_t load_zones = ISC_FALSE; isc_boolean_t print = ISC_FALSE; + unsigned int flags = 0; isc_commandline_errprint = ISC_FALSE; - while ((c = isc_commandline_parse(argc, argv, "dhjt:pvz")) != EOF) { + while ((c = isc_commandline_parse(argc, argv, "dhjt:pvxz")) != EOF) { switch (c) { case 'd': debug++; @@ -472,6 +511,10 @@ main(int argc, char **argv) { printf(VERSION "\n"); exit(0); + case 'x': + flags |= CFG_PRINTER_XKEY; + break; + case 'z': load_zones = ISC_TRUE; docheckmx = ISC_FALSE; @@ -494,6 +537,11 @@ main(int argc, char **argv) { } } + if (((flags & CFG_PRINTER_XKEY) != 0) && !print) { + fprintf(stderr, "%s: -x cannot be used without -p\n", program); + exit(1); + } + if (isc_commandline_index + 1 < argc) usage(); if (argv[isc_commandline_index] != NULL) @@ -534,7 +582,7 @@ main(int argc, char **argv) { } if (print && exit_status == 0) - cfg_print(config, output, NULL); + cfg_printx(config, flags, output, NULL); cfg_obj_destroy(parser, &config); cfg_parser_destroy(&parser); diff --git a/bin/check/named-checkconf.docbook b/bin/check/named-checkconf.docbook index 9535e28430cf..485dc42a93d1 100644 --- a/bin/check/named-checkconf.docbook +++ b/bin/check/named-checkconf.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2002 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -36,6 +36,7 @@ <year>2005</year> <year>2007</year> <year>2009</year> + <year>2014</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -60,6 +61,7 @@ <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg> <arg choice="req">filename</arg> <arg><option>-p</option></arg> + <arg><option>-x</option></arg> <arg><option>-z</option></arg> </cmdsynopsis> </refsynopsisdiv> @@ -130,6 +132,21 @@ </varlistentry> <varlistentry> + <term>-x</term> + <listitem> + <para> + When printing the configuration files in canonical + form, obscure shared secrets by replacing them with + strings of question marks ('?'). This allows the + contents of <filename>named.conf</filename> and related + files to be shared — for example, when submitting + bug reports — without compromising private data. + This option cannot be used without <option>-p</option>. + </para> + </listitem> + </varlistentry> + + <varlistentry> <term>-z</term> <listitem> <para> diff --git a/bin/check/named-checkconf.html b/bin/check/named-checkconf.html index aa80c7cbe888..1c5ebc125768 100644 --- a/bin/check/named-checkconf.html +++ b/bin/check/named-checkconf.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2002 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -29,10 +29,10 @@ </div> <div class="refsynopsisdiv"> <h2>Synopsis</h2> -<div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [<code class="option">-h</code>] [<code class="option">-v</code>] [<code class="option">-j</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename} [<code class="option">-p</code>] [<code class="option">-z</code>]</p></div> +<div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [<code class="option">-h</code>] [<code class="option">-v</code>] [<code class="option">-j</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename} [<code class="option">-p</code>] [<code class="option">-x</code>] [<code class="option">-z</code>]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543396"></a><h2>DESCRIPTION</h2> +<a name="id2543403"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">named-checkconf</strong></span> checks the syntax, but not the semantics, of a <span><strong class="command">named</strong></span> configuration file. The file is parsed @@ -52,7 +52,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543445"></a><h2>OPTIONS</h2> +<a name="id2543452"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-h</span></dt> <dd><p> @@ -74,6 +74,16 @@ Print out the <code class="filename">named.conf</code> and included files in canonical form if no errors were detected. </p></dd> +<dt><span class="term">-x</span></dt> +<dd><p> + When printing the configuration files in canonical + form, obscure shared secrets by replacing them with + strings of question marks ('?'). This allows the + contents of <code class="filename">named.conf</code> and related + files to be shared — for example, when submitting + bug reports — without compromising private data. + This option cannot be used without <code class="option">-p</code>. + </p></dd> <dt><span class="term">-z</span></dt> <dd><p> Perform a test load of all master zones found in @@ -91,21 +101,21 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543569"></a><h2>RETURN VALUES</h2> +<a name="id2543596"></a><h2>RETURN VALUES</h2> <p><span><strong class="command">named-checkconf</strong></span> returns an exit status of 1 if errors were detected and 0 otherwise. </p> </div> <div class="refsect1" lang="en"> -<a name="id2543580"></a><h2>SEE ALSO</h2> +<a name="id2543608"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>. </p> </div> <div class="refsect1" lang="en"> -<a name="id2543610"></a><h2>AUTHOR</h2> +<a name="id2543638"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/confgen/ddns-confgen.c b/bin/confgen/ddns-confgen.c index 826b500d950c..675408845976 100644 --- a/bin/confgen/ddns-confgen.c +++ b/bin/confgen/ddns-confgen.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2009, 2011 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2009, 2011, 2014 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -101,7 +101,7 @@ main(int argc, char **argv) { result = isc_file_progname(*argv, program, sizeof(program)); if (result != ISC_R_SUCCESS) - memcpy(program, "ddns-confgen", 13); + memmove(program, "ddns-confgen", 13); progname = program; isc_commandline_errprint = ISC_FALSE; diff --git a/bin/confgen/rndc-confgen.c b/bin/confgen/rndc-confgen.c index 49119ce7adf9..5f812f34100d 100644 --- a/bin/confgen/rndc-confgen.c +++ b/bin/confgen/rndc-confgen.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007-2009, 2011, 2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007-2009, 2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -120,7 +120,7 @@ main(int argc, char **argv) { result = isc_file_progname(*argv, program, sizeof(program)); if (result != ISC_R_SUCCESS) - memcpy(program, "rndc-confgen", 13); + memmove(program, "rndc-confgen", 13); progname = program; keyname = DEFAULT_KEYNAME; diff --git a/bin/dig/dig.1 b/bin/dig/dig.1 index 6d8688e95e2c..198dc84cfb9e 100644 --- a/bin/dig/dig.1 +++ b/bin/dig/dig.1 @@ -20,11 +20,11 @@ .\" Title: dig .\" Author: .\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> -.\" Date: Jun 30, 2000 +.\" Date: June 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 .\" -.TH "DIG" "1" "Jun 30, 2000" "BIND9" "BIND9" +.TH "DIG" "1" "June 30, 2000" "BIND9" "BIND9" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -57,7 +57,7 @@ allows multiple lookups to be issued from the command line. Unless it is told to query a specific name server, \fBdig\fR will try each of the servers listed in -\fI/etc/resolv.conf\fR. If no usable server addreses are found, +\fI/etc/resolv.conf\fR. If no usable server addresses are found, \fBdig\fR will send the query to the local host. .PP @@ -514,6 +514,12 @@ When chasing DNSSEC signature chains perform a top\-down validation. Requires di .RS 4 Include an EDNS name server ID request when sending a query. .RE +.PP +\fB+[no]keepopen\fR +.RS 4 +Keep the TCP socket open between queries and reuse it rather than creating a new TCP socket for each lookup. The default is +\fB+nokeepopen\fR. +.RE .SH "MULTIPLE QUERIES" .PP The BIND 9 implementation of diff --git a/bin/dig/dig.c b/bin/dig/dig.c index ce9ccdeee302..45928e6a6d64 100644 --- a/bin/dig/dig.c +++ b/bin/dig/dig.c @@ -225,6 +225,7 @@ help(void) { #endif " +[no]multiline (Print records in an expanded format)\n" " +[no]onesoa (AXFR prints only one soa record)\n" +" +[no]keepopen (Keep the TCP socket open between queries)\n" " global d-opts and servers (before host name) affect all queries.\n" " local d-opts and servers (after host name) affect only that lookup.\n" " -h (print help and exit)\n" @@ -534,10 +535,11 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) { (msg->rcode == dns_rcode_formerr || msg->rcode == dns_rcode_notimp)) printf("\n;; WARNING: EDNS query returned status " - "%s - retry with '+noedns'\n", - rcode_totext(msg->rcode)); + "%s - retry with '%s+noedns'\n", + rcode_totext(msg->rcode), + query->lookup->dnssec ? "+nodnssec ": ""); if (msg != query->lookup->sendmsg && extrabytes != 0U) - printf(";; WARNING: Messages has %u extra byte%s at " + printf(";; WARNING: Message has %u extra byte%s at " "end\n", extrabytes, extrabytes != 0 ? "s" : ""); } @@ -891,6 +893,10 @@ plus_option(char *option, isc_boolean_t is_batchfile, lookup->ignore = ISC_TRUE; } break; + case 'k': + FULLCHECK("keepopen"); + keep_open = state; + break; case 'm': /* multiline */ FULLCHECK("multiline"); multiline = state; diff --git a/bin/dig/dig.docbook b/bin/dig/dig.docbook index 1285c437dabf..735930be443a 100644 --- a/bin/dig/dig.docbook +++ b/bin/dig/dig.docbook @@ -22,7 +22,7 @@ <refentry id="man.dig"> <refentryinfo> - <date>Jun 30, 2000</date> + <date>June 30, 2000</date> </refentryinfo> <refmeta> @@ -118,7 +118,7 @@ <para> Unless it is told to query a specific name server, <command>dig</command> will try each of the servers listed in - <filename>/etc/resolv.conf</filename>. If no usable server addreses + <filename>/etc/resolv.conf</filename>. If no usable server addresses are found, <command>dig</command> will send the query to the local host. </para> @@ -868,6 +868,16 @@ </listitem> </varlistentry> + <varlistentry> + <term><option>+[no]keepopen</option></term> + <listitem> + <para> + Keep the TCP socket open between queries and reuse it rather + than creating a new TCP socket for each lookup. The default + is <option>+nokeepopen</option>. + </para> + </listitem> + </varlistentry> </variablelist> diff --git a/bin/dig/dig.html b/bin/dig/dig.html index a1cd5cf52daf..ec3a49a63198 100644 --- a/bin/dig/dig.html +++ b/bin/dig/dig.html @@ -58,7 +58,7 @@ <p> Unless it is told to query a specific name server, <span><strong class="command">dig</strong></span> will try each of the servers listed in - <code class="filename">/etc/resolv.conf</code>. If no usable server addreses + <code class="filename">/etc/resolv.conf</code>. If no usable server addresses are found, <span><strong class="command">dig</strong></span> will send the query to the local host. </p> @@ -563,13 +563,19 @@ <dd><p> Include an EDNS name server ID request when sending a query. </p></dd> +<dt><span class="term"><code class="option">+[no]keepopen</code></span></dt> +<dd><p> + Keep the TCP socket open between queries and reuse it rather + than creating a new TCP socket for each lookup. The default + is <code class="option">+nokeepopen</code>. + </p></dd> </dl></div> <p> </p> </div> <div class="refsect1" lang="en"> -<a name="id2545207"></a><h2>MULTIPLE QUERIES</h2> +<a name="id2545224"></a><h2>MULTIPLE QUERIES</h2> <p> The BIND 9 implementation of <span><strong class="command">dig </strong></span> supports @@ -615,7 +621,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr </p> </div> <div class="refsect1" lang="en"> -<a name="id2545337"></a><h2>IDN SUPPORT</h2> +<a name="id2545354"></a><h2>IDN SUPPORT</h2> <p> If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized domain name) support, it can accept and display non-ASCII domain names. @@ -629,14 +635,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr </p> </div> <div class="refsect1" lang="en"> -<a name="id2545360"></a><h2>FILES</h2> +<a name="id2545377"></a><h2>FILES</h2> <p><code class="filename">/etc/resolv.conf</code> </p> <p><code class="filename">${HOME}/.digrc</code> </p> </div> <div class="refsect1" lang="en"> -<a name="id2545377"></a><h2>SEE ALSO</h2> +<a name="id2545462"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>, <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>, @@ -644,7 +650,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr </p> </div> <div class="refsect1" lang="en"> -<a name="id2545414"></a><h2>BUGS</h2> +<a name="id2545499"></a><h2>BUGS</h2> <p> There are probably too many query options. </p> diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c index 8ea7d8ec0366..b5a3c36d4314 100644 --- a/bin/dig/dighost.c +++ b/bin/dig/dighost.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -46,8 +46,10 @@ #include <dns/byaddr.h> #ifdef DIG_SIGCHASE +#include <dns/callbacks.h> #include <dns/dnssec.h> #include <dns/ds.h> +#include <dns/master.h> #include <dns/nsec.h> #include <isc/random.h> #include <ctype.h> @@ -123,7 +125,8 @@ isc_boolean_t usesearch = ISC_FALSE, showsearch = ISC_FALSE, qr = ISC_FALSE, - is_dst_up = ISC_FALSE; + is_dst_up = ISC_FALSE, + keep_open = ISC_FALSE; in_port_t port = 53; unsigned int timeout = 0; unsigned int extrabytes; @@ -155,6 +158,9 @@ static void idn_check_result(idn_result_t r, const char *msg); int idnoptions = 0; #endif +isc_socket_t *keep = NULL; +isc_sockaddr_t keepaddr; + /*% * Exit Codes: * @@ -178,6 +184,7 @@ isc_boolean_t validated = ISC_TRUE; isc_entropy_t *entp = NULL; isc_mempool_t *commctx = NULL; isc_boolean_t debugging = ISC_FALSE; +isc_boolean_t debugtiming = ISC_FALSE; isc_boolean_t memdebugging = ISC_FALSE; char *progname = NULL; isc_mutex_t lookup_lock; @@ -250,11 +257,10 @@ isc_result_t prove_nx(dns_message_t * msg, dns_name_t * name, dns_rdataset_t ** sigrdataset); static void nameFromString(const char *str, dns_name_t *p_ret); int inf_name(dns_name_t * name1, dns_name_t * name2); -isc_result_t opentmpkey(isc_mem_t *mctx, const char *file, - char **tempp, FILE **fp); isc_result_t removetmpkey(isc_mem_t *mctx, const char *file); void clean_trustedkey(void); -void insert_trustedkey(dst_key_t **key); +isc_result_t insert_trustedkey(void *arg, dns_name_t *name, + dns_rdataset_t *rdataset); #if DIG_SIGCHASE_BU isc_result_t getneededrr(dns_message_t *msg); void sigchase_bottom_up(dns_message_t *msg); @@ -444,7 +450,7 @@ static isc_result_t append(const char *text, int len, char **p, char *end) { if (len > end - *p) return (ISC_R_NOSPACE); - memcpy(*p, text, len); + memmove(*p, text, len); *p += len; return (ISC_R_SUCCESS); } @@ -461,7 +467,7 @@ reverse_octets(const char *in, char **p, char *end) { result = append(".", 1, p, end); if (result != ISC_R_SUCCESS) return (result); - len = dot - in; + len = (int)(dot - in); } else { len = strlen(in); } @@ -491,7 +497,7 @@ get_reverse(char *reverse, size_t len, char *value, isc_boolean_t ip6_int, result = dns_byaddr_createptrname2(&addr, options, name); if (result != ISC_R_SUCCESS) return (result); - dns_name_format(name, reverse, len); + dns_name_format(name, reverse, (unsigned int)len); return (ISC_R_SUCCESS); } else { /* @@ -537,9 +543,15 @@ fatal(const char *format, ...) { void debug(const char *format, ...) { va_list args; + isc_time_t t; if (debugging) { fflush(stdout); + if (debugtiming) { + TIME_NOW(&t); + fprintf(stderr, "%d.%06d: ", isc_time_seconds(&t), + isc_time_nanoseconds(&t) / 1000); + } va_start(args, format); vfprintf(stderr, format, args); va_end(args); @@ -1318,6 +1330,7 @@ setup_libs(void) { result = isc_mem_create(0, 0, &mctx); check_result(result, "isc_mem_create"); + isc_mem_setname(mctx, "dig", NULL); result = isc_log_create(mctx, &lctx, &logconfig); check_result(result, "isc_log_create"); @@ -1336,6 +1349,7 @@ setup_libs(void) { result = isc_task_create(taskmgr, 0, &global_task); check_result(result, "isc_task_create"); + isc_task_setname(global_task, "dig", NULL); result = isc_timermgr_create(mctx, &timermgr); check_result(result, "isc_timermgr_create"); @@ -1884,6 +1898,9 @@ static isc_boolean_t next_origin(dig_query_t *query) { dig_lookup_t *lookup; dig_searchlist_t *search; + dns_fixedname_t fixed; + dns_name_t *name; + isc_result_t result; INSIST(!free_now); @@ -1896,6 +1913,19 @@ next_origin(dig_query_t *query) { * about finding the next entry. */ return (ISC_FALSE); + + /* + * Check for a absolute name or ndots being met. + */ + dns_fixedname_init(&fixed); + name = dns_fixedname_name(&fixed); + result = dns_name_fromstring2(name, query->lookup->textname, NULL, + 0, NULL); + if (result == ISC_R_SUCCESS && + (dns_name_isabsolute(name) || + (int)dns_name_countlabels(name) > ndots)) + return (ISC_FALSE); + if (query->lookup->origin == NULL && !query->lookup->need_search) /* * Then we just did rootorg; there's nothing left. @@ -2304,6 +2334,7 @@ setup_lookup(dig_lookup_t *lookup) { query->rr_count = 0; query->msg_count = 0; query->byte_count = 0; + query->ixfr_axfr = ISC_FALSE; ISC_LIST_INIT(query->recvlist); ISC_LIST_INIT(query->lengthlist); query->sock = NULL; @@ -2352,8 +2383,10 @@ send_done(isc_task_t *_task, isc_event_t *event) { for (b = ISC_LIST_HEAD(sevent->bufferlist); b != NULL; - b = ISC_LIST_HEAD(sevent->bufferlist)) + b = ISC_LIST_HEAD(sevent->bufferlist)) { ISC_LIST_DEQUEUE(sevent->bufferlist, b, link); + isc_mem_free(mctx, b); + } query = event->ev_arg; query->waiting_senddone = ISC_FALSE; @@ -2508,6 +2541,15 @@ send_tcp_connect(dig_query_t *query) { } INSIST(query->sock == NULL); + + if (keep != NULL && isc_sockaddr_equal(&keepaddr, &query->sockaddr)) { + sockcount++; + isc_socket_attach(keep, &query->sock); + query->waiting_connect = ISC_FALSE; + launch_next_query(query, ISC_TRUE); + goto search; + } + result = isc_socket_create(socketmgr, isc_sockaddr_pf(&query->sockaddr), isc_sockettype_tcp, &query->sock); @@ -2530,6 +2572,7 @@ send_tcp_connect(dig_query_t *query) { result = isc_socket_connect(query->sock, &query->sockaddr, global_task, connect_done, query); check_result(result, "isc_socket_connect"); + search: /* * If we're at the endgame of a nameserver search, we need to * immediately bring up all the queries. Do it here. @@ -2545,6 +2588,17 @@ send_tcp_connect(dig_query_t *query) { } } +static isc_buffer_t * +clone_buffer(isc_buffer_t *source) { + isc_buffer_t *buffer; + buffer = isc_mem_allocate(mctx, sizeof(*buffer)); + if (buffer == NULL) + fatal("memory allocation failure in %s:%d", + __FILE__, __LINE__); + *buffer = *source; + return (buffer); +} + /*% * Send a UDP packet to the remote nameserver, possible starting the * recv action as well. Also make sure that the timer is running and @@ -2554,6 +2608,7 @@ static void send_udp(dig_query_t *query) { dig_lookup_t *l = NULL; isc_result_t result; + isc_buffer_t *sendbuf; debug("send_udp(%p)", query); @@ -2600,14 +2655,16 @@ send_udp(dig_query_t *query) { debug("recvcount=%d", recvcount); } ISC_LIST_INIT(query->sendlist); - ISC_LIST_ENQUEUE(query->sendlist, &query->sendbuf, link); + sendbuf = clone_buffer(&query->sendbuf); + ISC_LIST_ENQUEUE(query->sendlist, sendbuf, link); debug("sending a request"); TIME_NOW(&query->time_sent); INSIST(query->sock != NULL); query->waiting_senddone = ISC_TRUE; - result = isc_socket_sendtov(query->sock, &query->sendlist, - global_task, send_done, query, - &query->sockaddr, NULL); + result = isc_socket_sendtov2(query->sock, &query->sendlist, + global_task, send_done, query, + &query->sockaddr, NULL, + ISC_SOCKFLAG_NORETRY); check_result(result, "isc_socket_sendtov"); sendcount++; } @@ -2769,6 +2826,7 @@ static void launch_next_query(dig_query_t *query, isc_boolean_t include_question) { isc_result_t result; dig_lookup_t *l; + isc_buffer_t *buffer; INSIST(!free_now); @@ -2792,9 +2850,15 @@ launch_next_query(dig_query_t *query, isc_boolean_t include_question) { isc_buffer_putuint16(&query->slbuf, (isc_uint16_t) query->sendbuf.used); ISC_LIST_INIT(query->sendlist); ISC_LINK_INIT(&query->slbuf, link); - ISC_LIST_ENQUEUE(query->sendlist, &query->slbuf, link); - if (include_question) - ISC_LIST_ENQUEUE(query->sendlist, &query->sendbuf, link); + if (!query->first_soa_rcvd) { + buffer = clone_buffer(&query->slbuf); + ISC_LIST_ENQUEUE(query->sendlist, buffer, link); + if (include_question) { + buffer = clone_buffer(&query->sendbuf); + ISC_LIST_ENQUEUE(query->sendlist, buffer, link); + } + } + ISC_LINK_INIT(&query->lengthbuf, link); ISC_LIST_ENQUEUE(query->lengthlist, &query->lengthbuf, link); @@ -2894,6 +2958,12 @@ connect_done(isc_task_t *task, isc_event_t *event) { UNLOCK_LOOKUP; return; } + if (keep_open) { + if (keep != NULL) + isc_socket_detach(&keep); + isc_socket_attach(query->sock, &keep); + keepaddr = query->sockaddr; + } launch_next_query(query, ISC_TRUE); isc_event_free(&event); UNLOCK_LOOKUP; @@ -2917,6 +2987,9 @@ check_for_more_data(dig_query_t *query, dns_message_t *msg, isc_boolean_t ixfr = query->lookup->rdtype == dns_rdatatype_ixfr; isc_boolean_t axfr = query->lookup->rdtype == dns_rdatatype_axfr; + if (ixfr) + axfr = query->ixfr_axfr; + debug("check_for_more_data()"); /* @@ -2965,7 +3038,7 @@ check_for_more_data(dig_query_t *query, dns_message_t *msg, query->second_rr_rcvd = ISC_TRUE; query->second_rr_serial = 0; debug("got the second rr as nonsoa"); - axfr = ISC_TRUE; + axfr = query->ixfr_axfr = ISC_TRUE; goto next_rdata; } @@ -3401,7 +3474,7 @@ recv_done(isc_task_t *task, isc_event_t *event) { } if (!l->doing_xfr || l->xfr_q == query) { - if (msg->rcode != dns_rcode_noerror && + if (msg->rcode == dns_rcode_nxdomain && (l->origin != NULL || l->need_search)) { if (!next_origin(query) || showsearch) { printmessage(query, msg, ISC_TRUE); @@ -3672,18 +3745,31 @@ cancel_all(void) { if (current_lookup != NULL) { if (current_lookup->timer != NULL) isc_timer_detach(¤t_lookup->timer); - q = ISC_LIST_HEAD(current_lookup->q); - while (q != NULL) { - debug("canceling query %p, belonging to %p", - q, current_lookup); + for (q = ISC_LIST_HEAD(current_lookup->q); + q != NULL; + q = nq) + { nq = ISC_LIST_NEXT(q, link); - if (q->sock != NULL) { + debug("canceling pending query %p, belonging to %p", + q, current_lookup); + if (q->sock != NULL) isc_socket_cancel(q->sock, NULL, ISC_SOCKCANCEL_ALL); - } else { + else + clear_query(q); + } + for (q = ISC_LIST_HEAD(current_lookup->connecting); + q != NULL; + q = nq) + { + nq = ISC_LIST_NEXT(q, clink); + debug("canceling connecting query %p, belonging to %p", + q, current_lookup); + if (q->sock != NULL) + isc_socket_cancel(q->sock, NULL, + ISC_SOCKCANCEL_ALL); + else clear_query(q); - } - q = nq; } } l = ISC_LIST_HEAD(lookup_list); @@ -3710,6 +3796,8 @@ destroy_libs(void) { isc_result_t result; #endif + if (keep != NULL) + isc_socket_detach(&keep); debug("destroy_libs()"); if (global_task != NULL) { debug("freeing task"); @@ -3861,7 +3949,7 @@ output_filter(isc_buffer_t *buffer, unsigned int used_org, fromlen = isc_buffer_usedlength(buffer) - used_org; if (fromlen >= MAXDLEN) return (ISC_R_SUCCESS); - memcpy(tmp1, (char *)isc_buffer_base(buffer) + used_org, fromlen); + memmove(tmp1, (char *)isc_buffer_base(buffer) + used_org, fromlen); end_with_dot = (tmp1[fromlen - 1] == '.') ? ISC_TRUE : ISC_FALSE; if (absolute && !end_with_dot) { fromlen++; @@ -3890,8 +3978,8 @@ output_filter(isc_buffer_t *buffer, unsigned int used_org, return (ISC_R_NOSPACE); isc_buffer_subtract(buffer, isc_buffer_usedlength(buffer) - used_org); - memcpy(isc_buffer_used(buffer), tmp1, tolen); - isc_buffer_add(buffer, tolen); + memmove(isc_buffer_used(buffer), tmp1, tolen); + isc_buffer_add(buffer, (unsigned int)tolen); return (ISC_R_SUCCESS); } @@ -3910,7 +3998,8 @@ append_textname(char *name, const char *origin, size_t namesize) { if (namelen + 1 + originlen >= namesize) return idn_buffer_overflow; - name[namelen++] = '.'; + if (*origin != '.') + name[namelen++] = '.'; (void)strcpy(name + namelen, origin); return idn_success; } @@ -4133,17 +4222,35 @@ sigchase_scanname(dns_rdatatype_t type, dns_rdatatype_t covers, return (NULL); } -void -insert_trustedkey(dst_key_t **keyp) +isc_result_t +insert_trustedkey(void *arg, dns_name_t *name, dns_rdataset_t *rdataset) { - if (*keyp == NULL) - return; - if (tk_list.nb_tk >= MAX_TRUSTED_KEY) - return; + isc_result_t result; + dst_key_t *key; - tk_list.key[tk_list.nb_tk++] = *keyp; - *keyp = NULL; - return; + UNUSED(arg); + + if (rdataset == NULL || rdataset->type != dns_rdatatype_dnskey) + return (ISC_R_SUCCESS); + + for (result = dns_rdataset_first(rdataset); + result == ISC_R_SUCCESS; + result = dns_rdataset_next(rdataset)) { + dns_rdata_t rdata = DNS_RDATA_INIT; + isc_buffer_t b; + + dns_rdataset_current(rdataset, &rdata); + isc_buffer_init(&b, rdata.data, rdata.length); + isc_buffer_add(&b, rdata.length); + if (tk_list.nb_tk >= MAX_TRUSTED_KEY) + return (ISC_R_SUCCESS); + key = NULL; + result = dst_key_fromdns(name, rdata.rdclass, &b, mctx, &key); + if (result != ISC_R_SUCCESS) + continue; + tk_list.key[tk_list.nb_tk++] = key; + } + return (ISC_R_SUCCESS); } void @@ -4190,86 +4297,11 @@ removetmpkey(isc_mem_t *mctx, const char *file) } isc_result_t -opentmpkey(isc_mem_t *mctx, const char *file, char **tempp, FILE **fp) { - FILE *f = NULL; - isc_result_t result; - char *tempname = NULL; - char *tempnamekey = NULL; - int tempnamelen; - int tempnamekeylen; - char *x; - char *cp; - isc_uint32_t which; - - while (1) { - tempnamelen = strlen(file) + 20; - tempname = isc_mem_allocate(mctx, tempnamelen); - if (tempname == NULL) - return (ISC_R_NOMEMORY); - memset(tempname, 0, tempnamelen); - - result = isc_file_mktemplate(file, tempname, tempnamelen); - if (result != ISC_R_SUCCESS) - goto cleanup; - - cp = tempname; - while (*cp != '\0') - cp++; - if (cp == tempname) { - isc_mem_free(mctx, tempname); - return (ISC_R_FAILURE); - } - - x = cp--; - while (cp >= tempname && *cp == 'X') { - isc_random_get(&which); - *cp = alphnum[which % (sizeof(alphnum) - 1)]; - x = cp--; - } - - tempnamekeylen = tempnamelen+5; - tempnamekey = isc_mem_allocate(mctx, tempnamekeylen); - if (tempnamekey == NULL) - return (ISC_R_NOMEMORY); - - memset(tempnamekey, 0, tempnamekeylen); - strlcpy(tempnamekey, tempname, tempnamelen); - strcat(tempnamekey ,".key"); - - - if (isc_file_exists(tempnamekey)) { - isc_mem_free(mctx, tempnamekey); - isc_mem_free(mctx, tempname); - continue; - } - - if ((f = fopen(tempnamekey, "w")) == NULL) { - printf("get_trusted_key(): trusted key not found %s\n", - tempnamekey); - return (ISC_R_FAILURE); - } - break; - } - isc_mem_free(mctx, tempnamekey); - *tempp = tempname; - *fp = f; - return (ISC_R_SUCCESS); - - cleanup: - isc_mem_free(mctx, tempname); - - return (result); -} - -isc_result_t get_trusted_key(isc_mem_t *mctx) { isc_result_t result; const char *filename = NULL; - char *filetemp = NULL; - char buf[1500]; - FILE *fp, *fptemp; - dst_key_t *key = NULL; + dns_rdatacallbacks_t callbacks; result = isc_file_exists(trustedkey); if (result != ISC_TRUE) { @@ -4290,40 +4322,11 @@ get_trusted_key(isc_mem_t *mctx) return (ISC_R_FAILURE); } - if ((fp = fopen(filename, "r")) == NULL) { - printf("get_trusted_key(): trusted key not found %s\n", - filename); - return (ISC_R_FAILURE); - } - while (fgets(buf, sizeof(buf), fp) != NULL) { - result = opentmpkey(mctx,"tmp_file", &filetemp, &fptemp); - if (result != ISC_R_SUCCESS) { - fclose(fp); - return (ISC_R_FAILURE); - } - if (fputs(buf, fptemp) < 0) { - fclose(fp); - fclose(fptemp); - return (ISC_R_FAILURE); - } - fclose(fptemp); - result = dst_key_fromnamedfile(filetemp, NULL, DST_TYPE_PUBLIC, - mctx, &key); - removetmpkey(mctx, filetemp); - isc_mem_free(mctx, filetemp); - if (result != ISC_R_SUCCESS) { - fclose(fp); - return (ISC_R_FAILURE); - } -#if 0 - dst_key_tofile(key, DST_TYPE_PUBLIC,"/tmp"); -#endif - insert_trustedkey(&key); - if (key != NULL) - dst_key_free(&key); - } - fclose(fp); - return (ISC_R_SUCCESS); + dns_rdatacallbacks_init_stdio(&callbacks); + callbacks.add = insert_trustedkey; + return (dns_master_loadfile(filename, dns_rootname, dns_rootname, + current_lookup->rdclass, 0, &callbacks, + mctx)); } @@ -4337,7 +4340,7 @@ nameFromString(const char *str, dns_name_t *p_ret) { REQUIRE(p_ret != NULL); REQUIRE(str != NULL); - isc_buffer_init(&buffer, str, len); + isc_buffer_constinit(&buffer, str, len); isc_buffer_add(&buffer, len); dns_fixedname_init(&fixedname); diff --git a/bin/dig/host.c b/bin/dig/host.c index 6b37f5f76a1a..baacc2956e2c 100644 --- a/bin/dig/host.c +++ b/bin/dig/host.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007, 2009-2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009-2013 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -638,6 +638,8 @@ pre_parse_args(int argc, char **argv) { case 'w': break; case 'C': break; case 'D': + if (debugging) + debugtiming = ISC_TRUE; debugging = ISC_TRUE; break; case 'N': break; diff --git a/bin/dig/include/dig/dig.h b/bin/dig/include/dig/dig.h index e03974564530..6d63423edbb1 100644 --- a/bin/dig/include/dig/dig.h +++ b/bin/dig/include/dig/dig.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009, 2011-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -202,6 +202,7 @@ struct dig_query { isc_uint32_t second_rr_serial; isc_uint32_t msg_count; isc_uint32_t rr_count; + isc_boolean_t ixfr_axfr; char *servname; char *userarg; isc_bufferlist_t sendlist, @@ -275,7 +276,8 @@ extern isc_boolean_t validated; extern isc_taskmgr_t *taskmgr; extern isc_task_t *global_task; extern isc_boolean_t free_now; -extern isc_boolean_t debugging, memdebugging; +extern isc_boolean_t debugging, debugtiming, memdebugging; +extern isc_boolean_t keep_open; extern char *progname; extern int tries; diff --git a/bin/dig/nslookup.1 b/bin/dig/nslookup.1 index f988995ba86e..3d6975910701 100644 --- a/bin/dig/nslookup.1 +++ b/bin/dig/nslookup.1 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004-2007, 2010 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2007, 2010, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") .\" .\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -216,6 +216,11 @@ Tell the name server to query other servers if it does not have the information. (Default = recurse; abbreviation = [no]rec) .RE .PP +\fBndots=\fR\fInumber\fR +.RS 4 +Set the number of dots (label separators) in a domain that will disable searching. Absolute names always stop searching. +.RE +.PP \fBretry=\fR\fInumber\fR .RS 4 Set the number of retries to number. @@ -254,5 +259,5 @@ Try the next nameserver if a nameserver responds with SERVFAIL or a referral (no .PP Andrew Cherenson .SH "COPYRIGHT" -Copyright \(co 2004\-2007, 2010 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004\-2007, 2010, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") .br diff --git a/bin/dig/nslookup.c b/bin/dig/nslookup.c index 2ef8f84ea2a7..cf64e5899850 100644 --- a/bin/dig/nslookup.c +++ b/bin/dig/nslookup.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -434,8 +434,7 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) { dns_name_format(query->lookup->name, nametext, sizeof(nametext)); printf("** server can't find %s: %s\n", - (msg->rcode != dns_rcode_nxdomain) ? nametext : - query->lookup->textname, rcode_totext(msg->rcode)); + nametext, rcode_totext(msg->rcode)); debug("returning with rcode == 0"); /* the lookup failed */ @@ -494,8 +493,8 @@ show_settings(isc_boolean_t full, isc_boolean_t serv_only) { printf(" %s\t\t%s\n", usesearch ? "search" : "nosearch", recurse ? "recurse" : "norecurse"); - printf(" timeout = %d\t\tretry = %d\tport = %d\n", - timeout, tries, port); + printf(" timeout = %d\t\tretry = %d\tport = %d\tndots = %d\n", + timeout, tries, port, ndots); printf(" querytype = %-8s\tclass = %s\n", deftype, defclass); printf(" srchlist = "); for (listent = ISC_LIST_HEAD(search_list); @@ -567,6 +566,14 @@ set_tries(const char *value) { } static void +set_ndots(const char *value) { + isc_uint32_t n; + isc_result_t result = parse_uint(&n, value, 128, "ndots"); + if (result == ISC_R_SUCCESS) + ndots = n; +} + +static void setoption(char *opt) { if (strncasecmp(opt, "all", 4) == 0) { show_settings(ISC_TRUE, ISC_FALSE); @@ -646,6 +653,8 @@ setoption(char *opt) { nofail=ISC_FALSE; } else if (strncasecmp(opt, "nofail", 3) == 0) { nofail=ISC_TRUE; + } else if (strncasecmp(opt, "ndots=", 6) == 0) { + set_ndots(&opt[6]); } else { printf("*** Invalid option: %s\n", opt); } diff --git a/bin/dig/nslookup.docbook b/bin/dig/nslookup.docbook index f4d497b3998b..4da87b1eb5dd 100644 --- a/bin/dig/nslookup.docbook +++ b/bin/dig/nslookup.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004-2007, 2010 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2007, 2010, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -30,11 +30,7 @@ - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - 3. All advertising materials mentioning features or use of this software - - must display the following acknowledgement: - - This product includes software developed by the University of - - California, Berkeley and its contributors. - - 4. Neither the name of the University nor the names of its contributors + - 3. Neither the name of the University nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - @@ -74,6 +70,8 @@ <year>2006</year> <year>2007</year> <year>2010</year> + <year>2013</year> + <year>2014</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> </docinfo> @@ -410,6 +408,17 @@ nslookup -query=hinfo -timeout=10 </varlistentry> <varlistentry> + <term><constant>ndots=</constant><replaceable>number</replaceable></term> + <listitem> + <para> + Set the number of dots (label separators) in a domain + that will disable searching. Absolute names always + stop searching. + </para> + </listitem> + </varlistentry> + + <varlistentry> <term><constant>retry=</constant><replaceable>number</replaceable></term> <listitem> <para> diff --git a/bin/dig/nslookup.html b/bin/dig/nslookup.html index 4bf6aab5c43c..b7e88e947319 100644 --- a/bin/dig/nslookup.html +++ b/bin/dig/nslookup.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004-2007, 2010 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2007, 2010, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -31,7 +31,7 @@ <div class="cmdsynopsis"><p><code class="command">nslookup</code> [<code class="option">-option</code>] [name | -] [server]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543361"></a><h2>DESCRIPTION</h2> +<a name="id2543435"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">Nslookup</strong></span> is a program to query Internet domain name servers. <span><strong class="command">Nslookup</strong></span> has two modes: interactive and non-interactive. Interactive mode allows @@ -43,7 +43,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543377"></a><h2>ARGUMENTS</h2> +<a name="id2543451"></a><h2>ARGUMENTS</h2> <p> Interactive mode is entered in the following cases: </p> @@ -78,7 +78,7 @@ nslookup -query=hinfo -timeout=10 </p> </div> <div class="refsect1" lang="en"> -<a name="id2543420"></a><h2>INTERACTIVE COMMANDS</h2> +<a name="id2543495"></a><h2>INTERACTIVE COMMANDS</h2> <div class="variablelist"><dl> <dt><span class="term"><code class="constant">host</code> [<span class="optional">server</span>]</span></dt> <dd> @@ -249,6 +249,12 @@ nslookup -query=hinfo -timeout=10 (Default = recurse; abbreviation = [no]rec) </p> </dd> +<dt><span class="term"><code class="constant">ndots=</code><em class="replaceable"><code>number</code></em></span></dt> +<dd><p> + Set the number of dots (label separators) in a domain + that will disable searching. Absolute names always + stop searching. + </p></dd> <dt><span class="term"><code class="constant">retry=</code><em class="replaceable"><code>number</code></em></span></dt> <dd><p> Set the number of retries to number. @@ -288,19 +294,19 @@ nslookup -query=hinfo -timeout=10 </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2546286"></a><h2>FILES</h2> +<a name="id2546309"></a><h2>FILES</h2> <p><code class="filename">/etc/resolv.conf</code> </p> </div> <div class="refsect1" lang="en"> -<a name="id2546298"></a><h2>SEE ALSO</h2> +<a name="id2546321"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>, <span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>, <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>. </p> </div> <div class="refsect1" lang="en"> -<a name="id2546332"></a><h2>Author</h2> +<a name="id2546355"></a><h2>Author</h2> <p> Andrew Cherenson </p> diff --git a/bin/dnssec/dnssec-keygen.c b/bin/dnssec/dnssec-keygen.c index 3d22f997cc2d..9e53674e024b 100644 --- a/bin/dnssec/dnssec-keygen.c +++ b/bin/dnssec/dnssec-keygen.c @@ -646,9 +646,9 @@ main(int argc, char **argv) { mctx, &prevkey); if (ret != ISC_R_SUCCESS) fatal("Invalid keyfile %s: %s", - filename, isc_result_totext(ret)); + predecessor, isc_result_totext(ret)); if (!dst_key_isprivate(prevkey)) - fatal("%s is not a private key", filename); + fatal("%s is not a private key", predecessor); name = dst_key_name(prevkey); alg = dst_key_alg(prevkey); diff --git a/bin/dnssec/dnssec-signzone.8 b/bin/dnssec/dnssec-signzone.8 index 028068803cdb..82a128c08432 100644 --- a/bin/dnssec/dnssec-signzone.8 +++ b/bin/dnssec/dnssec-signzone.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2009, 2013 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2003 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and/or distribute this software for any @@ -309,7 +309,7 @@ Generate an NSEC3 chain with the given hex encoded salt. A dash (\fIsalt\fR) can .PP \-H \fIiterations\fR .RS 4 -When generating an NSEC3 chain, use this many interations. The default is 10. +When generating an NSEC3 chain, use this many iterations. The default is 10. .RE .PP \-A @@ -378,7 +378,7 @@ RFC 4033. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004\-2009 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004\-2009, 2013 Internet Systems Consortium, Inc. ("ISC") .br Copyright \(co 2000\-2003 Internet Software Consortium. .br diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c index 86c3aee7095e..d312bec27596 100644 --- a/bin/dnssec/dnssec-signzone.c +++ b/bin/dnssec/dnssec-signzone.c @@ -1,5 +1,5 @@ /* - * Portions Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -650,7 +650,7 @@ hashlist_add(hashlist_t *l, const unsigned char *hash, size_t len) fatal("unable to grow hashlist: out of memory"); } memset(l->hashbuf + l->entries * l->length, 0, l->length); - memcpy(l->hashbuf + l->entries * l->length, hash, len); + memmove(l->hashbuf + l->entries * l->length, hash, len); l->entries++; } @@ -665,7 +665,8 @@ hashlist_add_dns_name(hashlist_t *l, /*const*/ dns_name_t *name, unsigned int len; size_t i; - len = isc_iterated_hash(hash, hashalg, iterations, salt, salt_length, + len = isc_iterated_hash(hash, hashalg, iterations, + salt, (int)salt_length, name->ndata, name->length); if (verbose) { dns_name_format(name, nametext, sizeof nametext); @@ -717,7 +718,7 @@ static const unsigned char * hashlist_findnext(const hashlist_t *l, const unsigned char hash[NSEC3_MAX_HASH_LENGTH]) { - unsigned int entries = l->entries; + size_t entries = l->entries; const unsigned char *next = bsearch(hash, l->hashbuf, l->entries, l->length, hashlist_comp); INSIST(next != NULL); @@ -729,8 +730,8 @@ hashlist_findnext(const hashlist_t *l, next = l->hashbuf; if (next[l->length - 1] == 0) break; - } while (entries-- > 1); - INSIST(entries != 0); + } while (entries-- > 1U); + INSIST(entries != 0U); return (next); } @@ -1614,7 +1615,8 @@ verifyzone(void) { fprintf(stderr, "No self signing KSK found. Using " "self signed ZSK's for active " "algorithm list.\n"); - memcpy(ksk_algorithms, self_algorithms, sizeof(ksk_algorithms)); + memmove(ksk_algorithms, self_algorithms, + sizeof(ksk_algorithms)); if (!allzsksigned) fprintf(stderr, "warning: not all ZSK's are self " "signed.\n"); @@ -2234,7 +2236,7 @@ nsecify(void) { static void addnsec3param(const unsigned char *salt, size_t salt_length, - unsigned int iterations) + dns_iterations_t iterations) { dns_dbnode_t *node = NULL; dns_rdata_nsec3param_t nsec3param; @@ -2254,7 +2256,7 @@ addnsec3param(const unsigned char *salt, size_t salt_length, nsec3param.flags = 0; nsec3param.hash = unknownalg ? DNS_NSEC3_UNKNOWNALG : dns_hash_sha1; nsec3param.iterations = iterations; - nsec3param.salt_length = salt_length; + nsec3param.salt_length = (unsigned char)salt_length; DE_CONST(salt, nsec3param.salt); isc_buffer_init(&b, nsec3parambuf, sizeof(nsec3parambuf)); @@ -2551,7 +2553,7 @@ remove_duplicates(void) { * Generate NSEC3 records for the zone. */ static void -nsec3ify(unsigned int hashalg, unsigned int iterations, +nsec3ify(unsigned int hashalg, dns_iterations_t iterations, const unsigned char *salt, size_t salt_length, hashlist_t *hashlist) { dns_dbiterator_t *dbiter = NULL; @@ -3082,7 +3084,7 @@ set_nsec3params(isc_boolean_t update_chain, isc_boolean_t set_salt, "Use -u to update it."); } else if (!set_salt) { salt_length = orig_saltlen; - memcpy(saltbuf, orig_salt, orig_saltlen); + memmove(saltbuf, orig_salt, orig_saltlen); salt = saltbuf; } diff --git a/bin/dnssec/dnssec-signzone.docbook b/bin/dnssec/dnssec-signzone.docbook index 128ebe96341b..79bd3793b5f7 100644 --- a/bin/dnssec/dnssec-signzone.docbook +++ b/bin/dnssec/dnssec-signzone.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2009, 2013 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -43,6 +43,7 @@ <year>2007</year> <year>2008</year> <year>2009</year> + <year>2013</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -593,7 +594,7 @@ <term>-H <replaceable class="parameter">iterations</replaceable></term> <listitem> <para> - When generating an NSEC3 chain, use this many interations. The + When generating an NSEC3 chain, use this many iterations. The default is 10. </para> </listitem> diff --git a/bin/dnssec/dnssec-signzone.html b/bin/dnssec/dnssec-signzone.html index 82185c6477d5..6aec6d2b2196 100644 --- a/bin/dnssec/dnssec-signzone.html +++ b/bin/dnssec/dnssec-signzone.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2009, 2013 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-p</code>] [<code class="option">-P</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S</code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-T <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-t</code>] [<code class="option">-u</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-x</code>] [<code class="option">-z</code>] [<code class="option">-3 <em class="replaceable"><code>salt</code></em></code>] [<code class="option">-H <em class="replaceable"><code>iterations</code></em></code>] [<code class="option">-A</code>] {zonefile} [key...]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543597"></a><h2>DESCRIPTION</h2> +<a name="id2543601"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">dnssec-signzone</strong></span> signs a zone. It generates NSEC and RRSIG records and produces a signed version of the @@ -43,7 +43,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543612"></a><h2>OPTIONS</h2> +<a name="id2543616"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-a</span></dt> <dd><p> @@ -347,7 +347,7 @@ </p></dd> <dt><span class="term">-H <em class="replaceable"><code>iterations</code></em></span></dt> <dd><p> - When generating an NSEC3 chain, use this many interations. The + When generating an NSEC3 chain, use this many iterations. The default is 10. </p></dd> <dt><span class="term">-A</span></dt> @@ -379,7 +379,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2544965"></a><h2>EXAMPLE</h2> +<a name="id2544900"></a><h2>EXAMPLE</h2> <p> The following command signs the <strong class="userinput"><code>example.com</code></strong> zone with the DSA key generated by <span><strong class="command">dnssec-keygen</strong></span> @@ -409,14 +409,14 @@ db.example.com.signed %</pre> </div> <div class="refsect1" lang="en"> -<a name="id2545020"></a><h2>SEE ALSO</h2> +<a name="id2545024"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>, <em class="citetitle">RFC 4033</em>. </p> </div> <div class="refsect1" lang="en"> -<a name="id2545045"></a><h2>AUTHOR</h2> +<a name="id2545048"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/dnssec/dnssectool.c b/bin/dnssec/dnssectool.c index 882b042f1b8e..60979dcba0a9 100644 --- a/bin/dnssec/dnssectool.c +++ b/bin/dnssec/dnssectool.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007, 2009-2011 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009-2011, 2013 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -298,11 +298,35 @@ strtotime(const char *str, isc_int64_t now, isc_int64_t base) { isc_result_t result; const char *orig = str; char *endp; + int n; if ((str[0] == '0' || str[0] == '-') && str[1] == '\0') return ((isc_stdtime_t) 0); - if (strncmp(str, "now", 3) == 0) { + /* + * We accept times in the following formats: + * now([+-]offset) + * YYYYMMDD([+-]offset) + * YYYYMMDDhhmmss([+-]offset) + * [+-]offset + */ + n = strspn(str, "0123456789"); + if ((n == 8 || n == 14) && + (str[n] == '\0' || str[n] == '-' || str[n] == '+')) + { + char timestr[15]; + + strlcpy(timestr, str, sizeof(timestr)); + timestr[n] = 0; + if (n == 8) + strlcat(timestr, "000000", sizeof(timestr)); + result = dns_time64_fromtext(timestr, &val); + if (result != ISC_R_SUCCESS) + fatal("time value %s is invalid: %s", orig, + isc_result_totext(result)); + base = val; + str += n; + } else if (strncmp(str, "now", 3) == 0) { base = now; str += 3; } @@ -317,21 +341,8 @@ strtotime(const char *str, isc_int64_t now, isc_int64_t base) { offset = strtol(str + 1, &endp, 0); offset = time_units((isc_stdtime_t) offset, endp, orig); val = base - offset; - } else if (strlen(str) == 8U) { - char timestr[15]; - sprintf(timestr, "%s000000", str); - result = dns_time64_fromtext(timestr, &val); - if (result != ISC_R_SUCCESS) - fatal("time value %s is invalid: %s", orig, - isc_result_totext(result)); - } else if (strlen(str) > 14U) { + } else fatal("time value %s is invalid", orig); - } else { - result = dns_time64_fromtext(str, &val); - if (result != ISC_R_SUCCESS) - fatal("time value %s is invalid: %s", orig, - isc_result_totext(result)); - } return ((isc_stdtime_t) val); } diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in index e3ce3bd1547b..1db94da5790b 100644 --- a/bin/named/Makefile.in +++ b/bin/named/Makefile.in @@ -1,4 +1,4 @@ -# Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 1998-2002 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -102,7 +102,7 @@ SYMOBJS = symtbl.@O@ SRCS = builtin.c client.c config.c control.c \ controlconf.c interfacemgr.c \ listenlist.c log.c logconf.c main.c notify.c \ - query.c server.c sortlist.c statschannel.c symtbl.c symtbl-empty.c \ + query.c server.c sortlist.c statschannel.c \ tkeyconf.c tsigconf.c update.c xfrout.c \ zoneconf.c \ lwaddr.c lwresd.c lwdclient.c lwderror.c lwdgabn.c \ @@ -124,6 +124,7 @@ main.@O@: main.c -DDESCRIPTION=\"${DESCRIPTION}\" \ -DSRCID=\"${SRCID}\" \ -DCONFIGARGS="\"${CONFIGARGS}\"" \ + -DBUILDER="\"make\"" \ -DNS_LOCALSTATEDIR=\"${localstatedir}\" \ -DNS_SYSCONFDIR=\"${sysconfdir}\" -c ${srcdir}/main.c diff --git a/bin/named/builtin.c b/bin/named/builtin.c index 14204cd295c6..65f4ba57ca02 100644 --- a/bin/named/builtin.c +++ b/bin/named/builtin.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007, 2009-2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -117,7 +117,7 @@ dns64_rdata(unsigned char *v, size_t start, unsigned char *rdata) { rdata[j++] = decimal[c]; } } - memcpy(&rdata[j], "\07in-addr\04arpa", 14); + memmove(&rdata[j], "\07in-addr\04arpa", 14); return (j + 14); } @@ -276,7 +276,8 @@ dns64_cname(const dns_name_t *zone, const dns_name_t *name, */ return (ISC_R_NOTFOUND); } - return (dns_sdb_putrdata(lookup, dns_rdatatype_cname, 600, rdata, len)); + return (dns_sdb_putrdata(lookup, dns_rdatatype_cname, 600, + rdata, (unsigned int)len)); } static isc_result_t @@ -312,7 +313,7 @@ put_txt(dns_sdblookup_t *lookup, const char *text) { if (len > 255) len = 255; /* Silently truncate */ buf[0] = len; - memcpy(&buf[1], text, len); + memmove(&buf[1], text, len); return (dns_sdb_putrdata(lookup, dns_rdatatype_txt, 0, buf, len + 1)); } @@ -492,11 +493,11 @@ builtin_create(const char *zone, int argc, char **argv, isc_mem_put(ns_g_mctx, empty, sizeof (*empty)); } else { if (strcmp(argv[0], "empty") == 0) - memcpy(empty, &empty_builtin, - sizeof (empty_builtin)); + memmove(empty, &empty_builtin, + sizeof (empty_builtin)); else - memcpy(empty, &dns64_builtin, - sizeof (empty_builtin)); + memmove(empty, &dns64_builtin, + sizeof (empty_builtin)); empty->server = server; empty->contact = contact; *dbdata = empty; diff --git a/bin/named/client.c b/bin/named/client.c index ff4ab691c184..4cc814efc0ba 100644 --- a/bin/named/client.c +++ b/bin/named/client.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -972,6 +972,7 @@ ns_client_send(ns_client_t *client) { result = dns_compress_init(&cctx, -1, client->mctx); if (result != ISC_R_SUCCESS) goto done; + dns_compress_setsensitive(&cctx, ISC_TRUE); cleanup_cctx = ISC_TRUE; result = dns_message_renderbegin(client->message, &cctx, &buffer); @@ -1188,62 +1189,30 @@ ns_client_error(ns_client_t *client, isc_result_t result) { static inline isc_result_t client_addopt(ns_client_t *client) { - dns_rdataset_t *rdataset; - dns_rdatalist_t *rdatalist; - dns_rdata_t *rdata; + char nsid[BUFSIZ], *nsidp; isc_result_t result; dns_view_t *view; dns_resolver_t *resolver; isc_uint16_t udpsize; + dns_ednsopt_t ednsopts[2]; + int count = 0; + unsigned int flags; REQUIRE(client->opt == NULL); /* XXXRTH free old. */ - rdatalist = NULL; - result = dns_message_gettemprdatalist(client->message, &rdatalist); - if (result != ISC_R_SUCCESS) - return (result); - rdata = NULL; - result = dns_message_gettemprdata(client->message, &rdata); - if (result != ISC_R_SUCCESS) - return (result); - rdataset = NULL; - result = dns_message_gettemprdataset(client->message, &rdataset); - if (result != ISC_R_SUCCESS) - return (result); - dns_rdataset_init(rdataset); - - rdatalist->type = dns_rdatatype_opt; - rdatalist->covers = 0; - - /* - * Set the maximum UDP buffer size. - */ view = client->view; resolver = (view != NULL) ? view->resolver : NULL; if (resolver != NULL) udpsize = dns_resolver_getudpsize(resolver); else udpsize = ns_g_udpsize; - rdatalist->rdclass = udpsize; - /* - * Set EXTENDED-RCODE, VERSION and Z to 0. - */ - rdatalist->ttl = (client->extflags & DNS_MESSAGEEXTFLAG_REPLYPRESERVE); + flags = client->extflags & DNS_MESSAGEEXTFLAG_REPLYPRESERVE; /* Set EDNS options if applicable */ - if (client->attributes & NS_CLIENTATTR_WANTNSID && + if ((client->attributes & NS_CLIENTATTR_WANTNSID) != 0 && (ns_g_server->server_id != NULL || ns_g_server->server_usehostname)) { - /* - * Space required for NSID data: - * 2 bytes for opt code - * + 2 bytes for NSID length - * + NSID itself - */ - char nsid[BUFSIZ], *nsidp; - isc_buffer_t *buffer = NULL; - if (ns_g_server->server_usehostname) { isc_result_t result; result = ns_os_gethostname(nsid, sizeof(nsid)); @@ -1254,35 +1223,15 @@ client_addopt(ns_client_t *client) { } else nsidp = ns_g_server->server_id; - rdata->length = strlen(nsidp) + 4; - result = isc_buffer_allocate(client->mctx, &buffer, - rdata->length); - if (result != ISC_R_SUCCESS) - goto no_nsid; - - isc_buffer_putuint16(buffer, DNS_OPT_NSID); - isc_buffer_putuint16(buffer, strlen(nsidp)); - isc_buffer_putstr(buffer, nsidp); - rdata->data = buffer->base; - dns_message_takebuffer(client->message, &buffer); - } else { -no_nsid: - rdata->data = NULL; - rdata->length = 0; + ednsopts[count].code = DNS_OPT_NSID; + ednsopts[count].length = strlen(nsidp); + ednsopts[count].value = (unsigned char *)nsidp; + count++; } - - rdata->rdclass = rdatalist->rdclass; - rdata->type = rdatalist->type; - rdata->flags = 0; - - ISC_LIST_INIT(rdatalist->rdata); - ISC_LIST_APPEND(rdatalist->rdata, rdata, link); - RUNTIME_CHECK(dns_rdatalist_tordataset(rdatalist, rdataset) - == ISC_R_SUCCESS); - - client->opt = rdataset; - - return (ISC_R_SUCCESS); + no_nsid: + result = dns_message_buildopt(client->message, &client->opt, 0, + udpsize, flags, ednsopts, count); + return (result); } static inline isc_boolean_t @@ -1363,6 +1312,83 @@ ns_client_isself(dns_view_t *myview, dns_tsigkey_t *mykey, return (ISC_TF(view == myview)); } +static isc_result_t +process_opt(ns_client_t *client, dns_rdataset_t *opt) { + dns_rdata_t rdata; + isc_buffer_t optbuf; + isc_result_t result; + isc_uint16_t optcode; + isc_uint16_t optlen; + + /* + * Set the client's UDP buffer size. + */ + client->udpsize = opt->rdclass; + + /* + * If the requested UDP buffer size is less than 512, + * ignore it and use 512. + */ + if (client->udpsize < 512) + client->udpsize = 512; + + /* + * Get the flags out of the OPT record. + */ + client->extflags = (isc_uint16_t)(opt->ttl & 0xFFFF); + + /* + * Do we understand this version of EDNS? + * + * XXXRTH need library support for this! + */ + client->ednsversion = (opt->ttl & 0x00FF0000) >> 16; + if (client->ednsversion > 0) { + isc_stats_increment(ns_g_server->nsstats, + dns_nsstatscounter_badednsver); + result = client_addopt(client); + if (result == ISC_R_SUCCESS) + result = DNS_R_BADVERS; + ns_client_error(client, result); + goto cleanup; + } + + /* Check for NSID request */ + result = dns_rdataset_first(opt); + if (result == ISC_R_SUCCESS) { + dns_rdata_init(&rdata); + dns_rdataset_current(opt, &rdata); + isc_buffer_init(&optbuf, rdata.data, rdata.length); + isc_buffer_add(&optbuf, rdata.length); + while (isc_buffer_remaininglength(&optbuf) >= 4) { + optcode = isc_buffer_getuint16(&optbuf); + optlen = isc_buffer_getuint16(&optbuf); + switch (optcode) { + case DNS_OPT_NSID: + client->attributes |= NS_CLIENTATTR_WANTNSID; + isc_buffer_forward(&optbuf, optlen); + break; + default: + isc_buffer_forward(&optbuf, optlen); + break; + } + } + } + + isc_stats_increment(ns_g_server->nsstats, dns_nsstatscounter_edns0in); + + /* + * Create an OPT for our reply. + */ + result = client_addopt(client); + if (result != ISC_R_SUCCESS) { + ns_client_error(client, result); + goto cleanup; + } + cleanup: + return (result); +} + /* * Handle an incoming request event from the socket (UDP case) * or tcpmsg (TCP case). @@ -1384,8 +1410,6 @@ client_request(isc_task_t *task, isc_event_t *event) { dns_messageid_t id; unsigned int flags; isc_boolean_t notimp; - dns_rdata_t rdata; - isc_uint16_t optcode; REQUIRE(event != NULL); client = event->ev_arg; @@ -1585,67 +1609,9 @@ client_request(isc_task_t *task, isc_event_t *event) { */ opt = dns_message_getopt(client->message); if (opt != NULL) { - /* - * Set the client's UDP buffer size. - */ - client->udpsize = opt->rdclass; - - /* - * If the requested UDP buffer size is less than 512, - * ignore it and use 512. - */ - if (client->udpsize < 512) - client->udpsize = 512; - - /* - * Get the flags out of the OPT record. - */ - client->extflags = (isc_uint16_t)(opt->ttl & 0xFFFF); - - /* - * Do we understand this version of EDNS? - * - * XXXRTH need library support for this! - */ - client->ednsversion = (opt->ttl & 0x00FF0000) >> 16; - if (client->ednsversion > 0) { - isc_stats_increment(ns_g_server->nsstats, - dns_nsstatscounter_badednsver); - result = client_addopt(client); - if (result == ISC_R_SUCCESS) - result = DNS_R_BADVERS; - ns_client_error(client, result); - goto cleanup; - } - - /* Check for NSID request */ - result = dns_rdataset_first(opt); - if (result == ISC_R_SUCCESS) { - dns_rdata_init(&rdata); - dns_rdataset_current(opt, &rdata); - if (rdata.length >= 2) { - isc_buffer_t nsidbuf; - isc_buffer_init(&nsidbuf, - rdata.data, rdata.length); - isc_buffer_add(&nsidbuf, rdata.length); - optcode = isc_buffer_getuint16(&nsidbuf); - if (optcode == DNS_OPT_NSID) - client->attributes |= - NS_CLIENTATTR_WANTNSID; - } - } - - isc_stats_increment(ns_g_server->nsstats, - dns_nsstatscounter_edns0in); - - /* - * Create an OPT for our reply. - */ - result = client_addopt(client); - if (result != ISC_R_SUCCESS) { - ns_client_error(client, result); + result = process_opt(client, opt); + if (result != ISC_R_SUCCESS) goto cleanup; - } } if (client->message->rdclass == 0) { @@ -2691,7 +2657,8 @@ ns_client_checkacl(ns_client_t *client, isc_sockaddr_t *sockaddr, static void ns_client_name(ns_client_t *client, char *peerbuf, size_t len) { if (client->peeraddr_valid) - isc_sockaddr_format(&client->peeraddr, peerbuf, len); + isc_sockaddr_format(&client->peeraddr, peerbuf, + (unsigned int)len); else snprintf(peerbuf, len, "@%p", client); } diff --git a/bin/named/config.c b/bin/named/config.c index 25ebac4db0c1..757bd5f8754e 100644 --- a/bin/named/config.c +++ b/bin/named/config.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -97,7 +97,7 @@ options {\n\ statistics-file \"named.stats\";\n\ statistics-interval 60;\n\ tcp-clients 100;\n\ - tcp-listen-queue 3;\n\ + tcp-listen-queue 10;\n\ # tkey-dhkey <none>\n\ # tkey-gssapi-credential <none>\n\ # tkey-domain <none>\n\ @@ -555,7 +555,7 @@ ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list, if (new == NULL) goto cleanup; if (listcount != 0) { - memcpy(new, lists, oldsize); + memmove(new, lists, oldsize); isc_mem_put(mctx, lists, oldsize); } lists = new; @@ -590,7 +590,7 @@ ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list, if (new == NULL) goto cleanup; if (stackcount != 0) { - memcpy(new, stack, oldsize); + memmove(new, stack, oldsize); isc_mem_put(mctx, stack, oldsize); } stack = new; @@ -617,7 +617,7 @@ ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list, if (new == NULL) goto cleanup; if (addrcount != 0) { - memcpy(new, addrs, oldsize); + memmove(new, addrs, oldsize); isc_mem_put(mctx, addrs, oldsize); } addrs = new; @@ -629,7 +629,7 @@ ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list, if (new == NULL) goto cleanup; if (keycount != 0) { - memcpy(new, keys, oldsize); + memmove(new, keys, oldsize); isc_mem_put(mctx, keys, oldsize); } keys = new; @@ -677,7 +677,7 @@ ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list, new = isc_mem_get(mctx, newsize); if (new == NULL) goto cleanup; - memcpy(new, addrs, newsize); + memmove(new, addrs, newsize); } else new = NULL; isc_mem_put(mctx, addrs, oldsize); @@ -690,7 +690,7 @@ ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list, new = isc_mem_get(mctx, newsize); if (new == NULL) goto cleanup; - memcpy(new, keys, newsize); + memmove(new, keys, newsize); } else new = NULL; isc_mem_put(mctx, keys, oldsize); diff --git a/bin/named/control.c b/bin/named/control.c index 2a1a5a8e734e..c98c92f7bed1 100644 --- a/bin/named/control.c +++ b/bin/named/control.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007, 2009, 2010, 2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009, 2010, 2012, 2013 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -105,7 +105,8 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) { } else if (command_compare(command, NS_COMMAND_REFRESH)) { result = ns_server_refreshcommand(ns_g_server, command, text); } else if (command_compare(command, NS_COMMAND_RETRANSFER)) { - result = ns_server_retransfercommand(ns_g_server, command); + result = ns_server_retransfercommand(ns_g_server, + command, text); } else if (command_compare(command, NS_COMMAND_HALT)) { #ifdef HAVE_LIBSCF /* @@ -196,11 +197,11 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) { result = ns_server_validation(ns_g_server, command); } else if (command_compare(command, NS_COMMAND_SIGN) || command_compare(command, NS_COMMAND_LOADKEYS)) { - result = ns_server_rekey(ns_g_server, command); + result = ns_server_rekey(ns_g_server, command, text); } else if (command_compare(command, NS_COMMAND_ADDZONE)) { result = ns_server_add_zone(ns_g_server, command); } else if (command_compare(command, NS_COMMAND_DELZONE)) { - result = ns_server_del_zone(ns_g_server, command); + result = ns_server_del_zone(ns_g_server, command, text); } else { isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_CONTROL, ISC_LOG_WARNING, diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c index 73c0f37e9737..b5e8b7f56670 100644 --- a/bin/named/controlconf.c +++ b/bin/named/controlconf.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2008, 2011-2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008, 2011-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -367,7 +367,7 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) { secret.rstart = isc_mem_get(listener->mctx, key->secret.length); if (secret.rstart == NULL) goto cleanup; - memcpy(secret.rstart, key->secret.base, key->secret.length); + memmove(secret.rstart, key->secret.base, key->secret.length); secret.rend = secret.rstart + key->secret.length; result = isccc_cc_fromwire(&ccregion, &request, &secret); if (result == ISC_R_SUCCESS) @@ -784,8 +784,8 @@ register_keys(const cfg_obj_t *control, const cfg_obj_t *keylist, free_controlkey(keyid, mctx); break; } - memcpy(keyid->secret.base, isc_buffer_base(&b), - keyid->secret.length); + memmove(keyid->secret.base, isc_buffer_base(&b), + keyid->secret.length); } } } @@ -864,8 +864,8 @@ get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) { "out of memory", keyid->keyname); CHECK(ISC_R_NOMEMORY); } - memcpy(keyid->secret.base, isc_buffer_base(&b), - keyid->secret.length); + memmove(keyid->secret.base, isc_buffer_base(&b), + keyid->secret.length); ISC_LIST_APPEND(*keyids, keyid, link); keyid = NULL; result = ISC_R_SUCCESS; diff --git a/bin/named/include/named/globals.h b/bin/named/include/named/globals.h index 39307f36996b..b632ad6c1a65 100644 --- a/bin/named/include/named/globals.h +++ b/bin/named/include/named/globals.h @@ -70,6 +70,7 @@ EXTERN const char * ns_g_product INIT(PRODUCT); EXTERN const char * ns_g_description INIT(DESCRIPTION); EXTERN const char * ns_g_srcid INIT(SRCID); EXTERN const char * ns_g_configargs INIT(CONFIGARGS); +EXTERN const char * ns_g_builder INIT(BUILDER); EXTERN in_port_t ns_g_port INIT(0); EXTERN in_port_t lwresd_g_listenport INIT(0); diff --git a/bin/named/include/named/main.h b/bin/named/include/named/main.h index 44251fa825c6..1537fb641da6 100644 --- a/bin/named/include/named/main.h +++ b/bin/named/include/named/main.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009, 2013 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -22,6 +22,10 @@ /*! \file */ +#ifdef ISC_MAIN_HOOK +#define main(argc, argv) bindmain(argc, argv) +#endif + ISC_PLATFORM_NORETURN_PRE void ns_main_earlyfatal(const char *format, ...) ISC_FORMAT_PRINTF(1, 2) ISC_PLATFORM_NORETURN_POST; diff --git a/bin/named/include/named/server.h b/bin/named/include/named/server.h index 9982e88e09e4..aa5a76b54721 100644 --- a/bin/named/include/named/server.h +++ b/bin/named/include/named/server.h @@ -224,7 +224,8 @@ ns_server_refreshcommand(ns_server_t *server, char *args, isc_buffer_t *text); */ isc_result_t -ns_server_retransfercommand(ns_server_t *server, char *args); +ns_server_retransfercommand(ns_server_t *server, char *args, + isc_buffer_t *text); /*%< * Act on a "retransfer" command from the command channel. */ @@ -304,7 +305,7 @@ ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args, * take place incrementally. */ isc_result_t -ns_server_rekey(ns_server_t *server, char *args); +ns_server_rekey(ns_server_t *server, char *args, isc_buffer_t *text); /*% * Dump the current recursive queries. @@ -334,6 +335,6 @@ ns_server_add_zone(ns_server_t *server, char *args); * Deletes a zone from a running process */ isc_result_t -ns_server_del_zone(ns_server_t *server, char *args); +ns_server_del_zone(ns_server_t *server, char *args, isc_buffer_t *text); #endif /* NAMED_SERVER_H */ diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c index 15ffe00aa51a..9cf3cde697b5 100644 --- a/bin/named/interfacemgr.c +++ b/bin/named/interfacemgr.c @@ -525,15 +525,22 @@ setup_locals(ns_interfacemgr_t *mgr, isc_interface_t *interface) { return (result); if (result != ISC_R_SUCCESS) { - isc_log_write(IFMGR_COMMON_LOGARGS, - ISC_LOG_WARNING, + isc_log_write(IFMGR_COMMON_LOGARGS, ISC_LOG_WARNING, "omitting IPv4 interface %s from " - "localnets ACL: %s", - interface->name, + "localnets ACL: %s", interface->name, isc_result_totext(result)); return (ISC_R_SUCCESS); } + if (prefixlen == 0U) { + isc_log_write(IFMGR_COMMON_LOGARGS, ISC_LOG_WARNING, + "omitting %s interface %s from localnets ACL: " + "zero prefix length detected", + (netaddr->family == AF_INET) ? "IPv4" : "IPv6", + interface->name); + return (ISC_R_SUCCESS); + } + result = dns_iptable_addprefix(mgr->aclenv.localnets->iptable, netaddr, prefixlen, ISC_TRUE); if (result != ISC_R_SUCCESS) diff --git a/bin/named/logconf.c b/bin/named/logconf.c index f02b97fcddee..592a7ae92b17 100644 --- a/bin/named/logconf.c +++ b/bin/named/logconf.c @@ -41,10 +41,10 @@ /*% * Set up a logging category according to the named.conf data - * in 'ccat' and add it to 'lctx'. + * in 'ccat' and add it to 'logconfig'. */ static isc_result_t -category_fromconf(const cfg_obj_t *ccat, isc_logconfig_t *lctx) { +category_fromconf(const cfg_obj_t *ccat, isc_logconfig_t *logconfig) { isc_result_t result; const char *catname; isc_logcategory_t *category; @@ -64,6 +64,9 @@ category_fromconf(const cfg_obj_t *ccat, isc_logconfig_t *lctx) { return (ISC_R_SUCCESS); } + if (logconfig == NULL) + return (ISC_R_SUCCESS); + module = NULL; destinations = cfg_tuple_get(ccat, "destinations"); @@ -74,7 +77,7 @@ category_fromconf(const cfg_obj_t *ccat, isc_logconfig_t *lctx) { const cfg_obj_t *channel = cfg_listelt_value(element); const char *channelname = cfg_obj_asstring(channel); - result = isc_log_usechannel(lctx, channelname, category, + result = isc_log_usechannel(logconfig, channelname, category, module); if (result != ISC_R_SUCCESS) { isc_log_write(ns_g_lctx, CFG_LOGCATEGORY_CONFIG, @@ -89,10 +92,11 @@ category_fromconf(const cfg_obj_t *ccat, isc_logconfig_t *lctx) { /*% * Set up a logging channel according to the named.conf data - * in 'cchan' and add it to 'lctx'. + * in 'cchan' and add it to 'logconfig'. */ static isc_result_t -channel_fromconf(const cfg_obj_t *channel, isc_logconfig_t *lctx) { +channel_fromconf(const cfg_obj_t *channel, isc_logconfig_t *logconfig) +{ isc_result_t result; isc_logdestination_t dest; unsigned int type; @@ -215,8 +219,11 @@ channel_fromconf(const cfg_obj_t *channel, isc_logconfig_t *lctx) { level = cfg_obj_asuint32(severity); } - result = isc_log_createchannel(lctx, channelname, - type, level, &dest, flags); + if (logconfig == NULL) + result = ISC_R_SUCCESS; + else + result = isc_log_createchannel(logconfig, channelname, + type, level, &dest, flags); if (result == ISC_R_SUCCESS && type == ISC_LOG_TOFILE) { FILE *fp; @@ -226,32 +233,31 @@ channel_fromconf(const cfg_obj_t *channel, isc_logconfig_t *lctx) { * Fix defect #22771 */ result = isc_file_isplainfile(dest.file.name); - if (result == ISC_R_SUCCESS || - result == ISC_R_FILENOTFOUND) { + if (result == ISC_R_SUCCESS || result == ISC_R_FILENOTFOUND) { /* * Test that the file can be opened, since * isc_log_open() can't effectively report - * failures when called in - * isc_log_doit(). + * failures when called in isc_log_doit(). */ result = isc_stdio_open(dest.file.name, "a", &fp); if (result != ISC_R_SUCCESS) { - syslog(LOG_ERR, - "isc_stdio_open '%s' failed: %s", - dest.file.name, - isc_result_totext(result)); + if (logconfig != NULL && !ns_g_nosyslog) + syslog(LOG_ERR, + "isc_stdio_open '%s' failed: " + "%s", dest.file.name, + isc_result_totext(result)); fprintf(stderr, - "isc_stdio_open '%s' failed: %s", + "isc_stdio_open '%s' failed: %s\n", dest.file.name, isc_result_totext(result)); } else (void)isc_stdio_close(fp); goto done; } - if (!ns_g_nosyslog) + if (logconfig != NULL && !ns_g_nosyslog) syslog(LOG_ERR, "isc_file_isplainfile '%s' failed: %s", dest.file.name, isc_result_totext(result)); - fprintf(stderr, "isc_file_isplainfile '%s' failed: %s", + fprintf(stderr, "isc_file_isplainfile '%s' failed: %s\n", dest.file.name, isc_result_totext(result)); } @@ -260,7 +266,7 @@ channel_fromconf(const cfg_obj_t *channel, isc_logconfig_t *lctx) { } isc_result_t -ns_log_configure(isc_logconfig_t *logconf, const cfg_obj_t *logstmt) { +ns_log_configure(isc_logconfig_t *logconfig, const cfg_obj_t *logstmt) { isc_result_t result; const cfg_obj_t *channels = NULL; const cfg_obj_t *categories = NULL; @@ -269,7 +275,8 @@ ns_log_configure(isc_logconfig_t *logconf, const cfg_obj_t *logstmt) { isc_boolean_t unmatched_set = ISC_FALSE; const cfg_obj_t *catname; - CHECK(ns_log_setdefaultchannels(logconf)); + if (logconfig != NULL) + CHECK(ns_log_setdefaultchannels(logconfig)); (void)cfg_map_get(logstmt, "channel", &channels); for (element = cfg_list_first(channels); @@ -277,7 +284,7 @@ ns_log_configure(isc_logconfig_t *logconf, const cfg_obj_t *logstmt) { element = cfg_list_next(element)) { const cfg_obj_t *channel = cfg_listelt_value(element); - CHECK(channel_fromconf(channel, logconf)); + CHECK(channel_fromconf(channel, logconfig)); } (void)cfg_map_get(logstmt, "category", &categories); @@ -286,7 +293,7 @@ ns_log_configure(isc_logconfig_t *logconf, const cfg_obj_t *logstmt) { element = cfg_list_next(element)) { const cfg_obj_t *category = cfg_listelt_value(element); - CHECK(category_fromconf(category, logconf)); + CHECK(category_fromconf(category, logconfig)); if (!default_set) { catname = cfg_tuple_get(category, "name"); if (strcmp(cfg_obj_asstring(catname), "default") == 0) @@ -299,16 +306,14 @@ ns_log_configure(isc_logconfig_t *logconf, const cfg_obj_t *logstmt) { } } - if (!default_set) - CHECK(ns_log_setdefaultcategory(logconf)); + if (logconfig != NULL && !default_set) + CHECK(ns_log_setdefaultcategory(logconfig)); - if (!unmatched_set) - CHECK(ns_log_setunmatchedcategory(logconf)); + if (logconfig != NULL && !unmatched_set) + CHECK(ns_log_setunmatchedcategory(logconfig)); return (ISC_R_SUCCESS); cleanup: - if (logconf != NULL) - isc_logconfig_destroy(&logconf); return (result); } diff --git a/bin/named/lwaddr.c b/bin/named/lwaddr.c index ed7880ac2682..aecccce21172 100644 --- a/bin/named/lwaddr.c +++ b/bin/named/lwaddr.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2008, 2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -41,11 +41,11 @@ lwaddr_netaddr_fromlwresaddr(isc_netaddr_t *na, lwres_addr_t *la) { if (la->family == LWRES_ADDRTYPE_V4) { struct in_addr ina; - memcpy(&ina.s_addr, la->address, 4); + memmove(&ina.s_addr, la->address, 4); isc_netaddr_fromin(na, &ina); } else { struct in6_addr ina6; - memcpy(&ina6.s6_addr, la->address, 16); + memmove(&ina6.s6_addr, la->address, 16); isc_netaddr_fromin6(na, &ina6); } return (ISC_R_SUCCESS); @@ -77,11 +77,11 @@ lwaddr_lwresaddr_fromnetaddr(lwres_addr_t *la, isc_netaddr_t *na) { if (na->family == AF_INET) { la->family = LWRES_ADDRTYPE_V4; la->length = 4; - memcpy(la->address, &na->type.in, 4); + memmove(la->address, &na->type.in, 4); } else { la->family = LWRES_ADDRTYPE_V6; la->length = 16; - memcpy(la->address, &na->type.in6, 16); + memmove(la->address, &na->type.in6, 16); } return (ISC_R_SUCCESS); } diff --git a/bin/named/lwdgnba.c b/bin/named/lwdgnba.c index dfc2ad654399..2de5287d63df 100644 --- a/bin/named/lwdgnba.c +++ b/bin/named/lwdgnba.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2008, 2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -226,12 +226,12 @@ ns_lwdclient_processgnba(ns_lwdclient_t *client, lwres_buffer_t *b) { client->na.family = AF_INET; if (req->addr.length != 4) goto out; - memcpy(&client->na.type.in, req->addr.address, 4); + memmove(&client->na.type.in, req->addr.address, 4); } else if (req->addr.family == LWRES_ADDRTYPE_V6) { client->na.family = AF_INET6; if (req->addr.length != 16) goto out; - memcpy(&client->na.type.in6, req->addr.address, 16); + memmove(&client->na.type.in6, req->addr.address, 16); } else { goto out; } diff --git a/bin/named/lwdgrbn.c b/bin/named/lwdgrbn.c index 5c858cbedacd..3e7b15bbdbbf 100644 --- a/bin/named/lwdgrbn.c +++ b/bin/named/lwdgrbn.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -124,8 +124,8 @@ iterate_node(lwres_grbnresponse_t *grbn, dns_db_t *db, dns_dbnode_t *node, lens = isc_mem_get(mctx, size * sizeof(*lens)); if (lens == NULL) goto out; - memcpy(rdatas, oldrdatas, used * sizeof(*rdatas)); - memcpy(lens, oldlens, used * sizeof(*lens)); + memmove(rdatas, oldrdatas, used * sizeof(*rdatas)); + memmove(lens, oldlens, used * sizeof(*lens)); isc_mem_put(mctx, oldrdatas, oldsize * sizeof(*oldrdatas)); isc_mem_put(mctx, oldlens, oldsize * sizeof(*oldlens)); @@ -158,8 +158,8 @@ iterate_node(lwres_grbnresponse_t *grbn, dns_db_t *db, dns_dbnode_t *node, newlens = isc_mem_get(mctx, used * sizeof(*lens)); if (newlens == NULL) goto out; - memcpy(newrdatas, rdatas, used * sizeof(*rdatas)); - memcpy(newlens, lens, used * sizeof(*lens)); + memmove(newrdatas, rdatas, used * sizeof(*rdatas)); + memmove(newlens, lens, used * sizeof(*lens)); isc_mem_put(mctx, rdatas, size * sizeof(*rdatas)); isc_mem_put(mctx, lens, size * sizeof(*lens)); grbn->rdatas = newrdatas; @@ -204,6 +204,8 @@ lookup_done(isc_task_t *task, isc_event_t *event) { lwres_grbnresponse_t *grbn; int i; + REQUIRE(event != NULL); + UNUSED(task); lwb.base = NULL; @@ -324,9 +326,6 @@ lookup_done(isc_task_t *task, isc_event_t *event) { (grbn->nsigs == 1) ? "" : "s"); } - dns_lookup_destroy(&client->lookup); - isc_event_free(&event); - /* * Render the packet. */ @@ -362,6 +361,9 @@ lookup_done(isc_task_t *task, isc_event_t *event) { NS_LWDCLIENT_SETSEND(client); + dns_lookup_destroy(&client->lookup); + isc_event_free(&event); + return; out: @@ -384,8 +386,7 @@ lookup_done(isc_task_t *task, isc_event_t *event) { if (lwb.base != NULL) lwres_context_freemem(cm->lwctx, lwb.base, lwb.length); - if (event != NULL) - isc_event_free(&event); + isc_event_free(&event); ns_lwdclient_log(50, "error constructing getrrsetbyname response"); ns_lwdclient_errorpktsend(client, LWRES_R_FAILURE); diff --git a/bin/named/main.c b/bin/named/main.c index f6c929e5b967..d3d9fa23a7a3 100644 --- a/bin/named/main.c +++ b/bin/named/main.c @@ -390,7 +390,7 @@ set_flags(const char *arg, struct flag_def *defs, unsigned int *ret) { int arglen; if (end == NULL) end = arg + strlen(arg); - arglen = end - arg; + arglen = (int)(end - arg); for (def = defs; def->name != NULL; def++) { if (arglen == (int)strlen(def->name) && memcmp(arg, def->name, arglen) == 0) { @@ -415,6 +415,7 @@ parse_command_line(int argc, char *argv[]) { save_command_line(argc, argv); + /* PLEASE keep options synchronized when main is hooked! */ isc_commandline_errprint = ISC_FALSE; while ((ch = isc_commandline_parse(argc, argv, "46c:C:d:E:fFgi:lm:n:N:p:P:" @@ -544,8 +545,25 @@ parse_command_line(int argc, char *argv[]) { printf("%s %s", ns_g_product, ns_g_version); if (*ns_g_description != 0) printf(" %s", ns_g_description); - printf(" <id:%s> built with %s\n", ns_g_srcid, - ns_g_configargs); + printf(" <id:%s> built by %s with %s\n", ns_g_srcid, + ns_g_builder, ns_g_configargs); +#ifdef __clang__ + printf("compiled by CLANG %s\n", __VERSION__); +#else +#if defined(__ICC) || defined(__INTEL_COMPILER) + printf("compiled by ICC %s\n", __VERSION__); +#else +#ifdef __GNUC__ + printf("compiled by GCC %s\n", __VERSION__); +#endif +#endif +#endif +#ifdef _MSC_VER + printf("compiled by MSVC %d\n", _MSC_VER); +#endif +#ifdef __SUNPRO_C + printf("compiled by Solaris Studio %x\n", __SUNPRO_C); +#endif #ifdef OPENSSL printf("using OpenSSL version: %s\n", OPENSSL_VERSION_TEXT); @@ -1026,6 +1044,8 @@ ns_smf_get_instance(char **ins_name, int debug, isc_mem_t *mctx) { } #endif /* HAVE_LIBSCF */ +/* main entry point, possibly hooked */ + int main(int argc, char *argv[]) { isc_result_t result; diff --git a/bin/named/named.conf.5 b/bin/named/named.conf.5 index 09b147ee7de2..e03021a1e878 100644 --- a/bin/named/named.conf.5 +++ b/bin/named/named.conf.5 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004-2011, 2013 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") .\" .\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -187,7 +187,7 @@ options { random\-device \fIquoted_string\fR; recursive\-clients \fIinteger\fR; serial\-query\-rate \fIinteger\fR; - server\-id ( \fIquoted_string\fR | none ); + server\-id ( \fIquoted_string\fR | hostname | none ); stacksize \fIsize\fR; statistics\-file \fIquoted_string\fR; statistics\-interval \fIinteger\fR; // not yet implemented @@ -322,7 +322,7 @@ options { zone\-statistics \fIboolean\fR; key\-directory \fIquoted_string\fR; managed\-keys\-directory \fIquoted_string\fR; - auto\-dnssec \fBallow\fR|\fBmaintain\fR|\fBcreate\fR|\fBoff\fR; + auto\-dnssec \fBallow\fR|\fBmaintain\fR|\fBoff\fR; try\-tcp\-refresh \fIboolean\fR; zero\-no\-soa\-ttl \fIboolean\fR; zero\-no\-soa\-ttl\-cache \fIboolean\fR; @@ -592,5 +592,5 @@ zone \fIstring\fR \fIoptional_class\fR { \fBrndc\fR(8), BIND 9 Administrator Reference Manual. .SH "COPYRIGHT" -Copyright \(co 2004\-2011, 2013 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004\-2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") .br diff --git a/bin/named/named.conf.docbook b/bin/named/named.conf.docbook index 2527ac3ae7e8..ad0b90c143a7 100644 --- a/bin/named/named.conf.docbook +++ b/bin/named/named.conf.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004-2011, 2013 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -45,6 +45,7 @@ <year>2010</year> <year>2011</year> <year>2013</year> + <year>2014</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> </docinfo> @@ -219,7 +220,7 @@ options { random-device <replaceable>quoted_string</replaceable>; recursive-clients <replaceable>integer</replaceable>; serial-query-rate <replaceable>integer</replaceable>; - server-id ( <replaceable>quoted_string</replaceable> | none ); + server-id ( <replaceable>quoted_string</replaceable> | hostname | none ); stacksize <replaceable>size</replaceable>; statistics-file <replaceable>quoted_string</replaceable>; statistics-interval <replaceable>integer</replaceable>; // not yet implemented @@ -365,7 +366,7 @@ options { zone-statistics <replaceable>boolean</replaceable>; key-directory <replaceable>quoted_string</replaceable>; managed-keys-directory <replaceable>quoted_string</replaceable>; - auto-dnssec <constant>allow</constant>|<constant>maintain</constant>|<constant>create</constant>|<constant>off</constant>; + auto-dnssec <constant>allow</constant>|<constant>maintain</constant>|<constant>off</constant>; try-tcp-refresh <replaceable>boolean</replaceable>; zero-no-soa-ttl <replaceable>boolean</replaceable>; zero-no-soa-ttl-cache <replaceable>boolean</replaceable>; diff --git a/bin/named/named.conf.html b/bin/named/named.conf.html index a8b35edc8602..0fa370a4bda6 100644 --- a/bin/named/named.conf.html +++ b/bin/named/named.conf.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004-2011, 2013 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -31,7 +31,7 @@ <div class="cmdsynopsis"><p><code class="command">named.conf</code> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543356"></a><h2>DESCRIPTION</h2> +<a name="id2543360"></a><h2>DESCRIPTION</h2> <p><code class="filename">named.conf</code> is the configuration file for <span><strong class="command">named</strong></span>. Statements are enclosed @@ -50,14 +50,14 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543384"></a><h2>ACL</h2> +<a name="id2543387"></a><h2>ACL</h2> <div class="literallayout"><p><br> acl <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> <br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543400"></a><h2>KEY</h2> +<a name="id2543403"></a><h2>KEY</h2> <div class="literallayout"><p><br> key <em class="replaceable"><code>domain_name</code></em> {<br> algorithm <em class="replaceable"><code>string</code></em>;<br> @@ -66,7 +66,7 @@ key <em class="replaceable"><code>domain_name</code></em> {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543419"></a><h2>MASTERS</h2> +<a name="id2543422"></a><h2>MASTERS</h2> <div class="literallayout"><p><br> masters <em class="replaceable"><code>string</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br> ( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br> @@ -75,7 +75,7 @@ masters <em class="replaceable"><code>string</code></em> [<span class="optional" </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543465"></a><h2>SERVER</h2> +<a name="id2543468"></a><h2>SERVER</h2> <div class="literallayout"><p><br> server ( <em class="replaceable"><code>ipv4_address[<span class="optional">/prefixlen</span>]</code></em> | <em class="replaceable"><code>ipv6_address[<span class="optional">/prefixlen</span>]</code></em> ) {<br> bogus <em class="replaceable"><code>boolean</code></em>;<br> @@ -97,7 +97,7 @@ server ( <em class="replaceable"><code>ipv4_address[<span class="optional">/pref </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543533"></a><h2>TRUSTED-KEYS</h2> +<a name="id2543537"></a><h2>TRUSTED-KEYS</h2> <div class="literallayout"><p><br> trusted-keys {<br> <em class="replaceable"><code>domain_name</code></em> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ... <br> @@ -105,7 +105,7 @@ trusted-keys {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543559"></a><h2>MANAGED-KEYS</h2> +<a name="id2543562"></a><h2>MANAGED-KEYS</h2> <div class="literallayout"><p><br> managed-keys {<br> <em class="replaceable"><code>domain_name</code></em> <code class="constant">initial-key</code> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ... <br> @@ -113,7 +113,7 @@ managed-keys {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543588"></a><h2>CONTROLS</h2> +<a name="id2543591"></a><h2>CONTROLS</h2> <div class="literallayout"><p><br> controls {<br> inet ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> | * )<br> @@ -125,7 +125,7 @@ controls {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543623"></a><h2>LOGGING</h2> +<a name="id2543626"></a><h2>LOGGING</h2> <div class="literallayout"><p><br> logging {<br> channel <em class="replaceable"><code>string</code></em> {<br> @@ -143,7 +143,7 @@ logging {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543661"></a><h2>LWRES</h2> +<a name="id2543665"></a><h2>LWRES</h2> <div class="literallayout"><p><br> lwres {<br> listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br> @@ -156,7 +156,7 @@ lwres {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543703"></a><h2>OPTIONS</h2> +<a name="id2543706"></a><h2>OPTIONS</h2> <div class="literallayout"><p><br> options {<br> avoid-v4-udp-ports { <em class="replaceable"><code>port</code></em>; ... };<br> @@ -184,7 +184,7 @@ options {<br> random-device <em class="replaceable"><code>quoted_string</code></em>;<br> recursive-clients <em class="replaceable"><code>integer</code></em>;<br> serial-query-rate <em class="replaceable"><code>integer</code></em>;<br> - server-id ( <em class="replaceable"><code>quoted_string</code></em> | none );<br> + server-id ( <em class="replaceable"><code>quoted_string</code></em> | hostname | none );<br> stacksize <em class="replaceable"><code>size</code></em>;<br> statistics-file <em class="replaceable"><code>quoted_string</code></em>;<br> statistics-interval <em class="replaceable"><code>integer</code></em>; // not yet implemented<br> @@ -330,7 +330,7 @@ options {<br> zone-statistics <em class="replaceable"><code>boolean</code></em>;<br> key-directory <em class="replaceable"><code>quoted_string</code></em>;<br> managed-keys-directory <em class="replaceable"><code>quoted_string</code></em>;<br> - auto-dnssec <code class="constant">allow</code>|<code class="constant">maintain</code>|<code class="constant">create</code>|<code class="constant">off</code>;<br> + auto-dnssec <code class="constant">allow</code>|<code class="constant">maintain</code>|<code class="constant">off</code>;<br> try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br> zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br> zero-no-soa-ttl-cache <em class="replaceable"><code>boolean</code></em>;<br> @@ -360,7 +360,7 @@ options {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2544578"></a><h2>VIEW</h2> +<a name="id2544579"></a><h2>VIEW</h2> <div class="literallayout"><p><br> view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br> match-clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> @@ -523,7 +523,7 @@ view <em class="replaceable"><code>string</code></em> <em class="replaceable"><c </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2545287"></a><h2>ZONE</h2> +<a name="id2545288"></a><h2>ZONE</h2> <div class="literallayout"><p><br> zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br> type ( master | slave | stub | hint |<br> @@ -618,12 +618,12 @@ zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><c </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2545667"></a><h2>FILES</h2> +<a name="id2545668"></a><h2>FILES</h2> <p><code class="filename">/etc/named.conf</code> </p> </div> <div class="refsect1" lang="en"> -<a name="id2545678"></a><h2>SEE ALSO</h2> +<a name="id2545680"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>, diff --git a/bin/named/query.c b/bin/named/query.c index 8c589841396b..c582e4c8a61b 100644 --- a/bin/named/query.c +++ b/bin/named/query.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -773,7 +773,7 @@ query_validatezonedb(ns_client_t *client, dns_name_t *name, if (queryonacl == NULL) queryonacl = client->view->queryonacl; - result = ns_client_checkaclsilent(client, NULL, + result = ns_client_checkaclsilent(client, &client->destaddr, queryonacl, ISC_TRUE); if ((options & DNS_GETDB_NOLOG) == 0 && result != ISC_R_SUCCESS) @@ -4900,12 +4900,12 @@ rdata_tonetaddr(const dns_rdata_t *rdata, isc_netaddr_t *netaddr) { switch (rdata->type) { case dns_rdatatype_a: INSIST(rdata->length == 4); - memcpy(&ina.s_addr, rdata->data, 4); + memmove(&ina.s_addr, rdata->data, 4); isc_netaddr_fromin(netaddr, &ina); return (ISC_R_SUCCESS); case dns_rdatatype_aaaa: INSIST(rdata->length == 16); - memcpy(in6a.s6_addr, rdata->data, 16); + memmove(in6a.s6_addr, rdata->data, 16); isc_netaddr_fromin6(netaddr, &in6a); return (ISC_R_SUCCESS); default: @@ -5178,8 +5178,7 @@ query_findclosestnsec3(dns_name_t *qname, dns_db_t *db, dns_fixedname_t fixed; dns_hash_t hash; dns_name_t name; - int order; - unsigned int count; + unsigned int skip = 0, labels; dns_rdata_nsec3_t nsec3; dns_rdata_t rdata = DNS_RDATA_INIT; isc_boolean_t optout; @@ -5192,6 +5191,7 @@ query_findclosestnsec3(dns_name_t *qname, dns_db_t *db, dns_name_init(&name, NULL); dns_name_clone(qname, &name); + labels = dns_name_countlabels(&name); /* * Map unknown algorithm to known value. @@ -5223,13 +5223,14 @@ query_findclosestnsec3(dns_name_t *qname, dns_db_t *db, dns_rdata_reset(&rdata); optout = ISC_TF((nsec3.flags & DNS_NSEC3FLAG_OPTOUT) != 0); if (found != NULL && optout && - dns_name_fullcompare(&name, dns_db_origin(db), &order, - &count) == dns_namereln_subdomain) { + dns_name_issubdomain(&name, dns_db_origin(db))) + { dns_rdataset_disassociate(rdataset); if (dns_rdataset_isassociated(sigrdataset)) dns_rdataset_disassociate(sigrdataset); - count = dns_name_countlabels(&name) - 1; - dns_name_getlabelsequence(&name, 1, count, &name); + skip++; + dns_name_getlabelsequence(qname, skip, labels - skip, + &name); ns_client_log(client, DNS_LOGCATEGORY_DNSSEC, NS_LOGMODULE_QUERY, ISC_LOG_DEBUG(3), "looking for closest provable encloser"); @@ -5247,7 +5248,11 @@ query_findclosestnsec3(dns_name_t *qname, dns_db_t *db, ns_client_log(client, DNS_LOGCATEGORY_DNSSEC, NS_LOGMODULE_QUERY, ISC_LOG_WARNING, "expected covering NSEC3, got an exact match"); - if (found != NULL) + if (found == qname) { + if (skip != 0U) + dns_name_getlabelsequence(qname, skip, labels - skip, + found); + } else if (found != NULL) dns_name_copy(&name, found, NULL); return; } @@ -6814,7 +6819,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) goto addauth; } - if (dns_db_issecure(db)) { + if (qtype == dns_rdatatype_rrsig && + dns_db_issecure(db)) { char namebuf[DNS_NAME_FORMATSIZE]; dns_name_format(client->query.qname, namebuf, diff --git a/bin/named/server.c b/bin/named/server.c index 05c68b992ec4..bc1e76e951e6 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -74,11 +74,13 @@ #include <dns/portlist.h> #include <dns/rbt.h> #include <dns/rdataclass.h> +#include <dns/rdatalist.h> #include <dns/rdataset.h> #include <dns/rdatastruct.h> #include <dns/resolver.h> #include <dns/rootns.h> #include <dns/secalg.h> +#include <dns/soa.h> #include <dns/stats.h> #include <dns/tkey.h> #include <dns/tsig.h> @@ -370,6 +372,12 @@ end_reserved_dispatches(ns_server_t *server, isc_boolean_t all); static void newzone_cfgctx_destroy(void **cfgp); +static isc_result_t +putstr(isc_buffer_t *b, const char *str); + +isc_result_t +add_comment(FILE *fp, const char *viewname); + /*% * Configure a single view ACL at '*aclp'. Get its configuration from * 'vconfig' (for per-view configuration) and maybe from 'config' @@ -1302,26 +1310,22 @@ on_disable_list(const cfg_obj_t *disablelist, dns_name_t *zonename) { return (ISC_FALSE); } -static void -check_dbtype(dns_zone_t **zonep, unsigned int dbtypec, const char **dbargv, +static isc_result_t +check_dbtype(dns_zone_t *zone, unsigned int dbtypec, const char **dbargv, isc_mem_t *mctx) { char **argv = NULL; unsigned int i; - isc_result_t result; + isc_result_t result = ISC_R_SUCCESS; - result = dns_zone_getdbtype(*zonep, &argv, mctx); - if (result != ISC_R_SUCCESS) { - dns_zone_detach(zonep); - return; - } + CHECK(dns_zone_getdbtype(zone, &argv, mctx)); /* * Check that all the arguments match. */ for (i = 0; i < dbtypec; i++) if (argv[i] == NULL || strcmp(argv[i], dbargv[i]) != 0) { - dns_zone_detach(zonep); + CHECK(ISC_R_FAILURE); break; } @@ -1329,8 +1333,11 @@ check_dbtype(dns_zone_t **zonep, unsigned int dbtypec, const char **dbargv, * Check that there are not extra arguments. */ if (i == dbtypec && argv[i] != NULL) - dns_zone_detach(zonep); + result = ISC_R_FAILURE; + + cleanup: isc_mem_free(mctx, argv); + return (result); } static isc_result_t @@ -1623,6 +1630,235 @@ configure_rpz(dns_view_t *view, const cfg_listelt_t *element, return (ISC_R_SUCCESS); } +static isc_result_t +add_soa(dns_db_t *db, dns_dbversion_t *version, dns_name_t *name, + dns_name_t *origin, dns_name_t *contact) +{ + dns_dbnode_t *node = NULL; + dns_rdata_t rdata = DNS_RDATA_INIT; + dns_rdatalist_t rdatalist; + dns_rdataset_t rdataset; + isc_result_t result; + unsigned char buf[DNS_SOA_BUFFERSIZE]; + + dns_rdataset_init(&rdataset); + dns_rdatalist_init(&rdatalist); + CHECK(dns_soa_buildrdata(origin, contact, dns_db_class(db), + 0, 28800, 7200, 604800, 86400, buf, &rdata)); + rdatalist.type = rdata.type; + rdatalist.covers = 0; + rdatalist.rdclass = rdata.rdclass; + rdatalist.ttl = 86400; + ISC_LIST_APPEND(rdatalist.rdata, &rdata, link); + CHECK(dns_rdatalist_tordataset(&rdatalist, &rdataset)); + CHECK(dns_db_findnode(db, name, ISC_TRUE, &node)); + CHECK(dns_db_addrdataset(db, node, version, 0, &rdataset, 0, NULL)); + cleanup: + if (node != NULL) + dns_db_detachnode(db, &node); + return (result); +} + +static isc_result_t +add_ns(dns_db_t *db, dns_dbversion_t *version, dns_name_t *name, + dns_name_t *nsname) +{ + dns_dbnode_t *node = NULL; + dns_rdata_ns_t ns; + dns_rdata_t rdata = DNS_RDATA_INIT; + dns_rdatalist_t rdatalist; + dns_rdataset_t rdataset; + isc_result_t result; + isc_buffer_t b; + unsigned char buf[DNS_NAME_MAXWIRE]; + + isc_buffer_init(&b, buf, sizeof(buf)); + + dns_rdataset_init(&rdataset); + dns_rdatalist_init(&rdatalist); + ns.common.rdtype = dns_rdatatype_ns; + ns.common.rdclass = dns_db_class(db); + ns.mctx = NULL; + dns_name_init(&ns.name, NULL); + dns_name_clone(nsname, &ns.name); + CHECK(dns_rdata_fromstruct(&rdata, dns_db_class(db), dns_rdatatype_ns, + &ns, &b)); + rdatalist.type = rdata.type; + rdatalist.covers = 0; + rdatalist.rdclass = rdata.rdclass; + rdatalist.ttl = 86400; + ISC_LIST_APPEND(rdatalist.rdata, &rdata, link); + CHECK(dns_rdatalist_tordataset(&rdatalist, &rdataset)); + CHECK(dns_db_findnode(db, name, ISC_TRUE, &node)); + CHECK(dns_db_addrdataset(db, node, version, 0, &rdataset, 0, NULL)); + cleanup: + if (node != NULL) + dns_db_detachnode(db, &node); + return (result); +} + +static isc_result_t +create_empty_zone(dns_zone_t *zone, dns_name_t *name, dns_view_t *view, + const cfg_obj_t *zonelist, const char **empty_dbtype, + int empty_dbtypec, isc_boolean_t zonestats_on) +{ + char namebuf[DNS_NAME_FORMATSIZE]; + const cfg_listelt_t *element; + const cfg_obj_t *obj; + const cfg_obj_t *zconfig; + const cfg_obj_t *zoptions; + const char *rbt_dbtype[4] = { "rbt" }; + const char *sep = ": view "; + const char *str; + const char *viewname = view->name; + dns_db_t *db = NULL; + dns_dbversion_t *version = NULL; + dns_fixedname_t cfixed; + dns_fixedname_t fixed; + dns_fixedname_t nsfixed; + dns_name_t *contact; + dns_name_t *ns; + dns_name_t *zname; + dns_zone_t *myzone = NULL; + int rbt_dbtypec = 1; + isc_result_t result; + dns_namereln_t namereln; + int order; + unsigned int nlabels; + + dns_fixedname_init(&fixed); + zname = dns_fixedname_name(&fixed); + dns_fixedname_init(&nsfixed); + ns = dns_fixedname_name(&nsfixed); + dns_fixedname_init(&cfixed); + contact = dns_fixedname_name(&cfixed); + + /* + * Look for forward "zones" beneath this empty zone and if so + * create a custom db for the empty zone. + */ + for (element = cfg_list_first(zonelist); + element != NULL; + element = cfg_list_next(element)) { + + zconfig = cfg_listelt_value(element); + str = cfg_obj_asstring(cfg_tuple_get(zconfig, "name")); + CHECK(dns_name_fromstring(zname, str, 0, NULL)); + namereln = dns_name_fullcompare(zname, name, &order, &nlabels); + if (namereln != dns_namereln_subdomain) + continue; + + zoptions = cfg_tuple_get(zconfig, "options"); + + obj = NULL; + (void)cfg_map_get(zoptions, "type", &obj); + INSIST(obj != NULL); + if (strcasecmp(cfg_obj_asstring(obj), "forward") == 0) { + obj = NULL; + (void)cfg_map_get(zoptions, "forward", &obj); + if (obj == NULL) + continue; + if (strcasecmp(cfg_obj_asstring(obj), "only") != 0) + continue; + } + if (db == NULL) { + CHECK(dns_db_create(view->mctx, "rbt", name, + dns_dbtype_zone, view->rdclass, + 0, NULL, &db)); + CHECK(dns_db_newversion(db, &version)); + if (strcmp(empty_dbtype[2], "@") == 0) + dns_name_clone(name, ns); + else + CHECK(dns_name_fromstring(ns, empty_dbtype[2], + 0, NULL)); + CHECK(dns_name_fromstring(contact, empty_dbtype[3], + 0, NULL)); + CHECK(add_soa(db, version, name, ns, contact)); + CHECK(add_ns(db, version, name, ns)); + } + CHECK(add_ns(db, version, zname, dns_rootname)); + } + + /* + * Is the existing zone the ok to use? + */ + if (zone != NULL) { + unsigned int typec; + const char **dbargv; + + if (db != NULL) { + typec = rbt_dbtypec; + dbargv = rbt_dbtype; + } else { + typec = empty_dbtypec; + dbargv = empty_dbtype; + } + + result = check_dbtype(zone, typec, dbargv, view->mctx); + if (result != ISC_R_SUCCESS) + zone = NULL; + + if (zone != NULL && dns_zone_gettype(zone) != dns_zone_master) + zone = NULL; + if (zone != NULL && dns_zone_getfile(zone) != NULL) + zone = NULL; + } + + if (zone == NULL) { + CHECK(dns_zone_create(&myzone, view->mctx)); + zone = myzone; + CHECK(dns_zone_setorigin(zone, name)); + CHECK(dns_zonemgr_managezone(ns_g_server->zonemgr, zone)); + if (db == NULL) + CHECK(dns_zone_setdbtype(zone, empty_dbtypec, + empty_dbtype)); + dns_zone_setclass(zone, view->rdclass); + dns_zone_settype(zone, dns_zone_master); + dns_zone_setstats(zone, ns_g_server->zonestats); + } + + dns_zone_setoption(zone, ~DNS_ZONEOPT_NOCHECKNS, ISC_FALSE); + dns_zone_setoption(zone, DNS_ZONEOPT_NOCHECKNS, ISC_TRUE); + dns_zone_setnotifytype(zone, dns_notifytype_no); + dns_zone_setdialup(zone, dns_dialuptype_no); + if (view->queryacl) + dns_zone_setqueryacl(zone, view->queryacl); + else + dns_zone_clearqueryacl(zone); + if (view->queryonacl) + dns_zone_setqueryonacl(zone, view->queryonacl); + else + dns_zone_clearqueryonacl(zone); + dns_zone_clearupdateacl(zone); + dns_zone_clearxfracl(zone); + + CHECK(setquerystats(zone, view->mctx, zonestats_on)); + if (db != NULL) { + dns_db_closeversion(db, &version, ISC_TRUE); + CHECK(dns_zone_replacedb(zone, db, ISC_FALSE)); + } + dns_zone_setview(zone, view); + CHECK(dns_view_addzone(view, zone)); + + if (!strcmp(viewname, "_default")) { + sep = ""; + viewname = ""; + } + dns_name_format(name, namebuf, sizeof(namebuf)); + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, + ISC_LOG_INFO, "automatic empty zone%s%s: %s", + sep, viewname, namebuf); + + cleanup: + if (myzone != NULL) + dns_zone_detach(&myzone); + if (version != NULL) + dns_db_closeversion(db, &version, ISC_FALSE); + if (db != NULL) + dns_db_detach(&db); + return (result); +} + /* * Configure 'view' according to 'vconfig', taking defaults from 'config' * where values are missing in 'vconfig'. @@ -1676,7 +1912,6 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, isc_uint32_t max_clients_per_query; const char *sep = ": view "; const char *viewname = view->name; - const char *forview = " for view "; isc_boolean_t rfc1918; isc_boolean_t empty_zones_enable; const cfg_obj_t *disablelist = NULL; @@ -1722,8 +1957,6 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, if (!strcmp(viewname, "_default")) { sep = ""; viewname = ""; - forview = ""; - POST(forview); } /* @@ -2980,44 +3213,13 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, if (pview != NULL) { (void)dns_view_findzone(pview, name, &zone); dns_view_detach(&pview); - if (zone != NULL) - check_dbtype(&zone, empty_dbtypec, - empty_dbtype, mctx); - if (zone != NULL) { - dns_zone_setview(zone, view); - CHECK(dns_view_addzone(view, zone)); - CHECK(setquerystats(zone, mctx, - zonestats_on)); - dns_zone_detach(&zone); - continue; - } } - CHECK(dns_zone_create(&zone, mctx)); - CHECK(dns_zone_setorigin(zone, name)); - dns_zone_setview(zone, view); - CHECK(dns_zonemgr_managezone(ns_g_server->zonemgr, - zone)); - dns_zone_setclass(zone, view->rdclass); - dns_zone_settype(zone, dns_zone_master); - dns_zone_setstats(zone, ns_g_server->zonestats); - CHECK(dns_zone_setdbtype(zone, empty_dbtypec, - empty_dbtype)); - if (view->queryacl != NULL) - dns_zone_setqueryacl(zone, view->queryacl); - if (view->queryonacl != NULL) - dns_zone_setqueryonacl(zone, view->queryonacl); - dns_zone_setdialup(zone, dns_dialuptype_no); - dns_zone_setnotifytype(zone, dns_notifytype_no); - dns_zone_setoption(zone, DNS_ZONEOPT_NOCHECKNS, - ISC_TRUE); - CHECK(setquerystats(zone, mctx, zonestats_on)); - CHECK(dns_view_addzone(view, zone)); - isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, - NS_LOGMODULE_SERVER, ISC_LOG_INFO, - "automatic empty zone%s%s: %s", - sep, viewname, empty); - dns_zone_detach(&zone); + CHECK(create_empty_zone(zone, name, view, zonelist, + empty_dbtype, empty_dbtypec, + zonestats_on)); + if (zone != NULL) + dns_zone_detach(&zone); } } @@ -4437,7 +4639,10 @@ load_configuration(const char *filename, ns_server_t *server, dns_viewlist_t viewlist, builtin_viewlist; in_port_t listen_port, udpport_low, udpport_high; int i; + int num_zones = 0; + isc_boolean_t exclusive = ISC_FALSE; isc_interval_t interval; + isc_logconfig_t *logc = NULL; isc_portset_t *v4portset = NULL; isc_portset_t *v6portset = NULL; isc_resourcevalue_t nfiles; @@ -4446,12 +4651,10 @@ load_configuration(const char *filename, ns_server_t *server, isc_uint32_t interface_interval; isc_uint32_t reserved; isc_uint32_t udpsize; - ns_cachelist_t cachelist, tmpcachelist; - unsigned int maxsocks; ns_cache_t *nsc; + ns_cachelist_t cachelist, tmpcachelist; struct cfg_context *nzctx; - int num_zones = 0; - isc_boolean_t exclusive = ISC_FALSE; + unsigned int maxsocks; ISC_LIST_INIT(viewlist); ISC_LIST_INIT(builtin_viewlist); @@ -4739,8 +4942,8 @@ load_configuration(const char *filename, ns_server_t *server, result = ns_config_get(maps, "tcp-listen-queue", &obj); INSIST(result == ISC_R_SUCCESS); ns_g_listen = cfg_obj_asuint32(obj); - if (ns_g_listen < 3) - ns_g_listen = 3; + if ((ns_g_listen > 0) && (ns_g_listen < 10)) + ns_g_listen = 10; /* * Configure the interface manager according to the "listen-on" @@ -5112,13 +5315,30 @@ load_configuration(const char *filename, ns_server_t *server, * unprivileged user, not root. */ if (ns_g_logstderr) { + const cfg_obj_t *logobj = NULL; + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_INFO, - "ignoring config file logging " - "statement due to -g option"); + "not using config file logging " + "statement for logging due to " + "-g option"); + + (void)cfg_map_get(config, "logging", &logobj); + if (logobj != NULL) { + result = ns_log_configure(NULL, logobj); + if (result != ISC_R_SUCCESS) { + isc_log_write(ns_g_lctx, + NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, + ISC_LOG_ERROR, + "checking logging configuration " + "failed: %s", + isc_result_totext(result)); + goto cleanup; + } + } } else { const cfg_obj_t *logobj = NULL; - isc_logconfig_t *logc = NULL; CHECKM(isc_logconfig_create(ns_g_lctx, &logc), "creating new logging configuration"); @@ -5137,11 +5357,9 @@ load_configuration(const char *filename, ns_server_t *server, "setting up default 'category default'"); } - result = isc_logconfig_use(ns_g_lctx, logc); - if (result != ISC_R_SUCCESS) { - isc_logconfig_destroy(&logc); - CHECKM(result, "installing logging configuration"); - } + CHECKM(isc_logconfig_use(ns_g_lctx, logc), + "installing logging configuration"); + logc = NULL; isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_DEBUG(1), @@ -5273,6 +5491,9 @@ load_configuration(const char *filename, ns_server_t *server, result = ISC_R_SUCCESS; cleanup: + if (logc != NULL) + isc_logconfig_destroy(&logc); + if (v4portset != NULL) isc_portset_destroy(ns_g_mctx, &v4portset); @@ -5971,17 +6192,18 @@ next_token(char **stringp, const char *delim) { */ static isc_result_t zone_from_args(ns_server_t *server, char *args, dns_zone_t **zonep, - const char **zonename) + const char **zonename, isc_buffer_t *text) { char *input, *ptr; const char *zonetxt; char *classtxt; const char *viewtxt = NULL; - dns_fixedname_t name; + dns_fixedname_t fname; + dns_name_t *name; isc_result_t result; - isc_buffer_t buf; dns_view_t *view = NULL; dns_rdataclass_t rdclass; + char problem[DNS_NAME_FORMATSIZE + 500] = ""; REQUIRE(zonep != NULL && *zonep == NULL); REQUIRE(zonename == NULL || *zonename == NULL); @@ -6007,38 +6229,40 @@ zone_from_args(ns_server_t *server, char *args, dns_zone_t **zonep, viewtxt = next_token(&input, " \t"); } - isc_buffer_constinit(&buf, zonetxt, strlen(zonetxt)); - isc_buffer_add(&buf, strlen(zonetxt)); - dns_fixedname_init(&name); - result = dns_name_fromtext(dns_fixedname_name(&name), - &buf, dns_rootname, 0, NULL); - if (result != ISC_R_SUCCESS) - goto fail1; + dns_fixedname_init(&fname); + name = dns_fixedname_name(&fname); + CHECK(dns_name_fromstring(name, zonetxt, 0, NULL)); if (classtxt != NULL) { isc_textregion_t r; r.base = classtxt; r.length = strlen(classtxt); - result = dns_rdataclass_fromtext(&rdclass, &r); - if (result != ISC_R_SUCCESS) - goto fail1; + CHECK(dns_rdataclass_fromtext(&rdclass, &r)); } else rdclass = dns_rdataclass_in; if (viewtxt == NULL) { - result = dns_viewlist_findzone(&server->viewlist, - dns_fixedname_name(&name), + result = dns_viewlist_findzone(&server->viewlist, name, ISC_TF(classtxt == NULL), rdclass, zonep); + if (result == ISC_R_NOTFOUND) + snprintf(problem, sizeof(problem), + "no matching zone '%s' in any view", + zonetxt); } else { result = dns_viewlist_find(&server->viewlist, viewtxt, rdclass, &view); - if (result != ISC_R_SUCCESS) - goto fail1; + if (result != ISC_R_SUCCESS) { + snprintf(problem, sizeof(problem), + "no matching view '%s'", viewtxt); + goto report; + } - result = dns_zt_find(view->zonetable, dns_fixedname_name(&name), - 0, NULL, zonep); - dns_view_detach(&view); + result = dns_zt_find(view->zonetable, name, 0, NULL, zonep); + if (result != ISC_R_SUCCESS) + snprintf(problem, sizeof(problem), + "no matching zone '%s' in view '%s'", + zonetxt, viewtxt); } /* Partial match? */ @@ -6046,7 +6270,20 @@ zone_from_args(ns_server_t *server, char *args, dns_zone_t **zonep, dns_zone_detach(zonep); if (result == DNS_R_PARTIALMATCH) result = ISC_R_NOTFOUND; - fail1: + report: + if (result != ISC_R_SUCCESS) { + isc_result_t tresult; + + tresult = putstr(text, problem); + if (tresult == ISC_R_SUCCESS && + isc_buffer_availablelength(text) > 0U) + isc_buffer_putuint8(text, 0); + } + + cleanup: + if (view != NULL) + dns_view_detach(&view); + return (result); } @@ -6054,12 +6291,14 @@ zone_from_args(ns_server_t *server, char *args, dns_zone_t **zonep, * Act on a "retransfer" command from the command channel. */ isc_result_t -ns_server_retransfercommand(ns_server_t *server, char *args) { +ns_server_retransfercommand(ns_server_t *server, char *args, + isc_buffer_t *text) +{ isc_result_t result; dns_zone_t *zone = NULL; dns_zonetype_t type; - result = zone_from_args(server, args, &zone, NULL); + result = zone_from_args(server, args, &zone, NULL, text); if (result != ISC_R_SUCCESS) return (result); if (zone == NULL) @@ -6083,7 +6322,7 @@ ns_server_reloadcommand(ns_server_t *server, char *args, isc_buffer_t *text) { dns_zonetype_t type; const char *msg = NULL; - result = zone_from_args(server, args, &zone, NULL); + result = zone_from_args(server, args, &zone, NULL, text); if (result != ISC_R_SUCCESS) return (result); if (zone == NULL) { @@ -6143,7 +6382,7 @@ ns_server_notifycommand(ns_server_t *server, char *args, isc_buffer_t *text) { dns_zone_t *zone = NULL; const unsigned char msg[] = "zone notify queued"; - result = zone_from_args(server, args, &zone, NULL); + result = zone_from_args(server, args, &zone, NULL, text); if (result != ISC_R_SUCCESS) return (result); if (zone == NULL) @@ -6168,7 +6407,7 @@ ns_server_refreshcommand(ns_server_t *server, char *args, isc_buffer_t *text) { const unsigned char msg2[] = "not a slave or stub zone"; dns_zonetype_t type; - result = zone_from_args(server, args, &zone, NULL); + result = zone_from_args(server, args, &zone, NULL, text); if (result != ISC_R_SUCCESS) return (result); if (zone == NULL) @@ -7001,7 +7240,7 @@ ns_server_status(ns_server_t *server, isc_buffer_t *text) { n = snprintf((char *)isc_buffer_used(text), isc_buffer_availablelength(text), - "version: %s%s%s%s\n" + "version: %s%s%s%s <id:%s>\n" #ifdef ISC_PLATFORM_USETHREADS "CPUs found: %u\n" "worker threads: %u\n" @@ -7015,7 +7254,7 @@ ns_server_status(ns_server_t *server, isc_buffer_t *text) { "recursive clients: %d/%d/%d\n" "tcp clients: %d/%d\n" "server is up and running", - ns_g_version, ob, alt, cb, + ns_g_version, ob, alt, cb, ns_g_srcid, #ifdef ISC_PLATFORM_USETHREADS ns_g_cpus_detected, ns_g_cpus, #endif @@ -7259,7 +7498,7 @@ ns_server_tsiglist(ns_server_t *server, isc_buffer_t *text) { * Act on a "sign" or "loadkeys" command from the command channel. */ isc_result_t -ns_server_rekey(ns_server_t *server, char *args) { +ns_server_rekey(ns_server_t *server, char *args, isc_buffer_t *text) { isc_result_t result; dns_zone_t *zone = NULL; dns_zonetype_t type; @@ -7269,7 +7508,7 @@ ns_server_rekey(ns_server_t *server, char *args) { if (strncasecmp(args, NS_COMMAND_SIGN, strlen(NS_COMMAND_SIGN)) == 0) fullsign = ISC_TRUE; - result = zone_from_args(server, args, &zone, NULL); + result = zone_from_args(server, args, &zone, NULL, text); if (result != ISC_R_SUCCESS) return (result); if (zone == NULL) @@ -7313,7 +7552,7 @@ ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args, isc_boolean_t frozen; const char *msg = NULL; - result = zone_from_args(server, args, &zone, NULL); + result = zone_from_args(server, args, &zone, NULL, text); if (result != ISC_R_SUCCESS) return (result); if (zone == NULL) { @@ -7433,6 +7672,23 @@ ns_smf_add_message(isc_buffer_t *text) { #endif /* HAVE_LIBSCF */ /* + * Emit a comment at the top of the nzf file containing the viewname + * Expects the fp to already be open for writing + */ +#define HEADER1 "# New zone file for view: " +#define HEADER2 "\n# This file contains configuration for zones added by\n" \ + "# the 'rndc addzone' command. DO NOT EDIT BY HAND.\n" +isc_result_t +add_comment(FILE *fp, const char *viewname) { + isc_result_t result; + CHECK(isc_stdio_write(HEADER1, sizeof(HEADER1) - 1, 1, fp, NULL)); + CHECK(isc_stdio_write(viewname, strlen(viewname), 1, fp, NULL)); + CHECK(isc_stdio_write(HEADER2, sizeof(HEADER2) - 1, 1, fp, NULL)); + cleanup: + return (result); +} + +/* * Act on an "addzone" command from the command channel. */ isc_result_t @@ -7453,15 +7709,18 @@ ns_server_add_zone(ns_server_t *server, char *args) { const char *viewname = NULL; dns_rdataclass_t rdclass; dns_view_t *view = 0; - isc_buffer_t buf, *nbuf = NULL; - dns_name_t dnsname; + isc_buffer_t buf; + dns_fixedname_t fname; + dns_name_t *dnsname; dns_zone_t *zone = NULL; FILE *fp = NULL; struct cfg_context *cfg = NULL; + char namebuf[DNS_NAME_FORMATSIZE]; + off_t offset; /* Try to parse the argument string */ arglen = strlen(args); - isc_buffer_init(&argbuf, args, arglen); + isc_buffer_init(&argbuf, args, (unsigned int)arglen); isc_buffer_add(&argbuf, strlen(args)); CHECK(cfg_parser_create(server->mctx, ns_g_lctx, &parser)); CHECK(cfg_parse_buffer(parser, &argbuf, &cfg_type_addzoneconf, @@ -7471,10 +7730,10 @@ ns_server_add_zone(ns_server_t *server, char *args) { zonename = cfg_obj_asstring(cfg_tuple_get(parms, "name")); isc_buffer_constinit(&buf, zonename, strlen(zonename)); isc_buffer_add(&buf, strlen(zonename)); - dns_name_init(&dnsname, NULL); - isc_buffer_allocate(server->mctx, &nbuf, 256); - dns_name_setbuffer(&dnsname, nbuf); - CHECK(dns_name_fromtext(&dnsname, &buf, dns_rootname, ISC_FALSE, NULL)); + + dns_fixedname_init(&fname); + dnsname = dns_fixedname_name(&fname); + CHECK(dns_name_fromtext(dnsname, &buf, dns_rootname, ISC_FALSE, NULL)); /* Make sense of optional class argument */ obj = cfg_tuple_get(parms, "class"); @@ -7503,7 +7762,7 @@ ns_server_add_zone(ns_server_t *server, char *args) { } /* Zone shouldn't already exist */ - result = dns_zt_find(view->zonetable, &dnsname, 0, NULL, &zone); + result = dns_zt_find(view->zonetable, dnsname, 0, NULL, &zone); if (result == ISC_R_SUCCESS) { result = ISC_R_EXISTS; goto cleanup; @@ -7531,6 +7790,9 @@ ns_server_add_zone(ns_server_t *server, char *args) { /* Open save file for write configuration */ CHECK(isc_stdio_open(view->new_zone_file, "a", &fp)); + CHECK(isc_stdio_tell(fp, &offset)); + if (offset == 0) + CHECK(add_comment(fp, view->name)); /* Mark view unfrozen so that zone can be added */ result = isc_task_beginexclusive(server->task); @@ -7544,7 +7806,7 @@ ns_server_add_zone(ns_server_t *server, char *args) { goto cleanup; /* Is it there yet? */ - CHECK(dns_zt_find(view->zonetable, &dnsname, 0, NULL, &zone)); + CHECK(dns_zt_find(view->zonetable, dnsname, 0, NULL, &zone)); /* * Load the zone from the master file. If this fails, we'll @@ -7572,10 +7834,13 @@ ns_server_add_zone(ns_server_t *server, char *args) { /* Flag the zone as having been added at runtime */ dns_zone_setadded(zone, ISC_TRUE); - /* Emit just the zone name from args */ - CHECK(isc_stdio_write("zone ", 5, 1, fp, NULL)); - CHECK(isc_stdio_write(zonename, strlen(zonename), 1, fp, NULL)); - CHECK(isc_stdio_write(" ", 1, 1, fp, NULL)); + /* Emit the zone name, quoted and escaped */ + isc_buffer_init(&buf, namebuf, sizeof(namebuf)); + CHECK(dns_name_totext(dnsname, ISC_TRUE, &buf)); + isc_buffer_putuint8(&buf, 0); + CHECK(isc_stdio_write("zone \"", 6, 1, fp, NULL)); + CHECK(isc_stdio_write(namebuf, strlen(namebuf), 1, fp, NULL)); + CHECK(isc_stdio_write("\" ", 2, 1, fp, NULL)); /* Classname, if not default */ if (classname != NULL && *classname != '\0') { @@ -7619,8 +7884,6 @@ ns_server_add_zone(ns_server_t *server, char *args) { dns_zone_detach(&zone); if (view != NULL) dns_view_detach(&view); - if (nbuf != NULL) - isc_buffer_free(&nbuf); return (result); } @@ -7629,20 +7892,21 @@ ns_server_add_zone(ns_server_t *server, char *args) { * Act on a "delzone" command from the command channel. */ isc_result_t -ns_server_del_zone(ns_server_t *server, char *args) { - isc_result_t result; - dns_zone_t *zone = NULL; - dns_view_t *view = NULL; - dns_db_t *dbp = NULL; - const char *filename = NULL; - char *tmpname = NULL; - char buf[1024]; - const char *zonename = NULL; - size_t znamelen = 0; - FILE *ifp = NULL, *ofp = NULL; +ns_server_del_zone(ns_server_t *server, char *args, isc_buffer_t *text) { + isc_result_t result; + dns_zone_t *zone = NULL; + dns_view_t *view = NULL; + dns_db_t *dbp = NULL; + const char *filename = NULL; + char *tmpname = NULL; + char buf[1024]; + const char *zonename = NULL; + size_t znamelen = 0; + FILE *ifp = NULL, *ofp = NULL; + isc_boolean_t inheader = ISC_TRUE; /* Parse parameters */ - CHECK(zone_from_args(server, args, &zone, &zonename)); + CHECK(zone_from_args(server, args, &zone, &zonename, text)); if (zone == NULL) { result = ISC_R_UNEXPECTEDEND; @@ -7684,28 +7948,44 @@ ns_server_del_zone(ns_server_t *server, char *args) { goto cleanup; } CHECK(isc_stdio_open(tmpname, "w", &ofp)); + CHECK(add_comment(ofp, view->name)); /* Look for the entry for that zone */ while (fgets(buf, 1024, ifp)) { - /* A 'zone' line */ - if (strncasecmp(buf, "zone", 4)) { + /* Skip initial comment, if any */ + if (inheader && *buf == '#') + continue; + if (*buf != '#') + inheader = ISC_FALSE; + + /* + * Any other lines not starting with zone, copy + * them out and continue. + */ + if (strncasecmp(buf, "zone", 4) != 0) { fputs(buf, ofp); continue; } p = buf+4; - /* Locate a name */ + /* This is a zone; find its name. */ while (*p && ((*p == '"') || isspace((unsigned char)*p))) p++; - /* Is that the zone we're looking for */ - if (strncasecmp(p, zonename, znamelen)) { + /* + * If it's not the zone we're looking for, copy + * it out and continue + */ + if (strncasecmp(p, zonename, znamelen) != 0) { fputs(buf, ofp); continue; } - /* And nothing else? */ + /* + * But if it is the zone we want, skip over it + * so it will be omitted from the new file + */ p += znamelen; if (isspace((unsigned char)*p) || *p == '"' || *p == '{') { @@ -7714,7 +7994,7 @@ ns_server_del_zone(ns_server_t *server, char *args) { break; } - /* Spit it out, keep looking */ + /* Copy the rest of the buffer out and continue */ fputs(buf, ofp); } @@ -7809,3 +8089,17 @@ newzone_cfgctx_destroy(void **cfgp) { isc_mem_putanddetach(&cfg->mctx, cfg, sizeof(*cfg)); *cfgp = NULL; } + +static isc_result_t +putstr(isc_buffer_t *b, const char *str) { + size_t l = strlen(str); + + /* + * Use >= to leave space for NUL termination. + */ + if (l >= isc_buffer_availablelength(b)) + return (ISC_R_NOSPACE); + + isc_buffer_putmem(b, (const unsigned char *)str, l); + return (ISC_R_SUCCESS); +} diff --git a/bin/named/statschannel.c b/bin/named/statschannel.c index 8d30b452f2bd..e4f56e210f44 100644 --- a/bin/named/statschannel.c +++ b/bin/named/statschannel.c @@ -958,6 +958,8 @@ generatexml(ns_server_t *server, int *buflen, xmlChar **buf) { xmlFreeTextWriter(writer); xmlDocDumpFormatMemoryEnc(doc, buf, buflen, "UTF-8", 1); + if (*buf == NULL) + goto error; xmlFreeDoc(doc); return (ISC_R_SUCCESS); @@ -982,7 +984,7 @@ render_index(const char *url, const char *querystring, void *arg, isc_buffer_t *b, isc_httpdfree_t **freecb, void **freecb_args) { - unsigned char *msg; + unsigned char *msg = NULL; int msglen; ns_server_t *server = arg; isc_result_t result; diff --git a/bin/named/unix/os.c b/bin/named/unix/os.c index 9637ded473e5..0b7fd31a8bd7 100644 --- a/bin/named/unix/os.c +++ b/bin/named/unix/os.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2011, 2013 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -120,6 +120,9 @@ static isc_boolean_t non_root_caps = ISC_FALSE; #ifdef HAVE_SYS_CAPABILITY_H #include <sys/capability.h> #else +#ifdef HAVE_LINUX_TYPES_H +#include <linux/types.h> +#endif /*% * We define _LINUX_FS_H to prevent it from being included. We don't need * anything from it, and the files it includes cause warnings with 2.2 diff --git a/bin/named/update.c b/bin/named/update.c index abf5c08c6d30..f6b0f5fdf739 100644 --- a/bin/named/update.c +++ b/bin/named/update.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -398,7 +398,6 @@ do_one_tuple(dns_difftuple_t **tuple, dns_db_t *db, dns_dbversion_t *ver, * Create a singleton diff. */ dns_diff_init(diff->mctx, &temp_diff); - temp_diff.resign = diff->resign; ISC_LIST_APPEND(temp_diff.tuples, *tuple, link); /* @@ -2004,7 +2003,8 @@ del_keysigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, for (i = 0; i < nkeys; i++) { if (rrsig.keyid == dst_key_id(keys[i])) { found = ISC_TRUE; - if (!dst_key_isprivate(keys[i])) { + if (!dst_key_inactive(keys[i]) && + !dst_key_isprivate(keys[i])) { /* * The re-signing code in zone.c * will mark this as offline. @@ -2147,7 +2147,6 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, dns_diff_init(client->mctx, &affected); dns_diff_init(client->mctx, &sig_diff); - sig_diff.resign = dns_zone_getsigresigninginterval(zone); dns_diff_init(client->mctx, &nsec_diff); dns_diff_init(client->mctx, &nsec_mindiff); @@ -4467,6 +4466,8 @@ forward_action(isc_task_t *task, isc_event_t *event) { static isc_result_t send_forward_event(ns_client_t *client, dns_zone_t *zone) { + char namebuf[DNS_NAME_FORMATSIZE]; + char classbuf[DNS_RDATACLASS_FORMATSIZE]; isc_result_t result = ISC_R_SUCCESS; update_event_t *event = NULL; isc_task_t *zonetask = NULL; @@ -4492,6 +4493,15 @@ send_forward_event(ns_client_t *client, dns_zone_t *zone) { client->nupdates++; event->ev_arg = evclient; + dns_name_format(dns_zone_getorigin(zone), namebuf, + sizeof(namebuf)); + dns_rdataclass_format(dns_zone_getclass(zone), classbuf, + sizeof(classbuf)); + + ns_client_log(client, NS_LOGCATEGORY_UPDATE, NS_LOGMODULE_UPDATE, + LOGLEVEL_PROTOCOL, "forwarding update for zone '%s/%s'", + namebuf, classbuf); + dns_zone_gettask(zone, &zonetask); isc_task_send(zonetask, ISC_EVENT_PTR(&event)); diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c index 404c238f02a4..d8d3b4c2756e 100644 --- a/bin/named/zoneconf.c +++ b/bin/named/zoneconf.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -462,7 +462,7 @@ configure_staticstub_serveraddrs(const cfg_obj_t *zconfig, dns_zone_t *zone, if (rdata == NULL) return (ISC_R_NOMEMORY); region.base = (unsigned char *)(rdata + 1); - memcpy(region.base, &na.type, region.length); + memmove(region.base, &na.type, region.length); dns_rdata_init(rdata); dns_rdata_fromregion(rdata, dns_zone_getclass(zone), rdatalist->type, ®ion); @@ -490,7 +490,7 @@ configure_staticstub_serveraddrs(const cfg_obj_t *zconfig, dns_zone_t *zone, } region.length = sregion.length; region.base = (unsigned char *)(rdata + 1); - memcpy(region.base, sregion.base, region.length); + memmove(region.base, sregion.base, region.length); dns_rdata_init(rdata); dns_rdata_fromregion(rdata, dns_zone_getclass(zone), dns_rdatatype_ns, ®ion); @@ -554,7 +554,7 @@ configure_staticstub_servernames(const cfg_obj_t *zconfig, dns_zone_t *zone, return (ISC_R_NOMEMORY); region.length = sregion.length; region.base = (unsigned char *)(rdata + 1); - memcpy(region.base, sregion.base, region.length); + memmove(region.base, sregion.base, region.length); dns_rdata_init(rdata); dns_rdata_fromregion(rdata, dns_zone_getclass(zone), dns_rdatatype_ns, ®ion); diff --git a/bin/nsupdate/Makefile.in b/bin/nsupdate/Makefile.in index f62ee348663c..c2dc35a174f4 100644 --- a/bin/nsupdate/Makefile.in +++ b/bin/nsupdate/Makefile.in @@ -1,4 +1,4 @@ -# Copyright (C) 2004, 2006-2009, 2012 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2006-2009, 2012, 2014 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2000-2002 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -23,8 +23,10 @@ top_srcdir = @top_srcdir@ @BIND9_MAKE_INCLUDES@ +DST_GSSAPI_INC = @DST_GSSAPI_INC@ + CINCLUDES = ${LWRES_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES} \ - ${ISC_INCLUDES} ${ISCCFG_INCLUDES} @DST_GSSAPI_INC@ + ${ISC_INCLUDES} ${ISCCFG_INCLUDES} ${DST_GSSAPI_INC} CDEFINES = @USE_GSSAPI@ CWARNINGS = diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c index e11f080c01f6..e9e17977c9e9 100644 --- a/bin/nsupdate/nsupdate.c +++ b/bin/nsupdate/nsupdate.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -81,8 +81,12 @@ #ifdef GSSAPI #include <dst/gssapi.h> +#ifdef WIN32 +#include <krb5/krb5.h> +#else #include ISC_PLATFORM_KRB5HEADER #endif +#endif #include <bind9/getaddresses.h> @@ -539,8 +543,8 @@ setup_keystr(void) { n = s; } - isc_buffer_init(&keynamesrc, name, n - name); - isc_buffer_add(&keynamesrc, n - name); + isc_buffer_init(&keynamesrc, name, (unsigned int)(n - name)); + isc_buffer_add(&keynamesrc, (unsigned int)(n - name)); debug("namefromtext"); result = dns_name_fromtext(keyname, &keynamesrc, dns_rootname, 0, NULL); @@ -832,13 +836,16 @@ setup_system(void) { if (servers == NULL) fatal("out of memory"); for (i = 0; i < ns_total; i++) { - if (lwconf->nameservers[i].family == LWRES_ADDRTYPE_V4) { + if (lwconf->nameservers[i].family == LWRES_ADDRTYPE_V4) + { struct in_addr in4; - memcpy(&in4, lwconf->nameservers[i].address, 4); + memmove(&in4, + lwconf->nameservers[i].address, 4); isc_sockaddr_fromin(&servers[i], &in4, dnsport); } else { struct in6_addr in6; - memcpy(&in6, lwconf->nameservers[i].address, 16); + memmove(&in6, + lwconf->nameservers[i].address, 16); isc_sockaddr_fromin6(&servers[i], &in6, dnsport); } @@ -1535,16 +1542,20 @@ evaluate_realm(char *cmdline) { #ifdef GSSAPI char *word; char buf[1024]; + int n; - word = nsu_strsep(&cmdline, " \t\r\n"); - if (word == NULL || *word == 0) { - if (realm != NULL) - isc_mem_free(mctx, realm); + if (realm != NULL) { + isc_mem_free(mctx, realm); realm = NULL; - return (STATUS_MORE); } - snprintf(buf, sizeof(buf), "@%s", word); + word = nsu_strsep(&cmdline, " \t\r\n"); + if (word == NULL || *word == 0) + return (STATUS_MORE); + + n = snprintf(buf, sizeof(buf), "@%s", word); + if (n < 0 || (size_t)n >= sizeof(buf)) + fatal("realm is too long"); realm = isc_mem_strdup(mctx, buf); if (realm == NULL) fatal("out of memory"); @@ -2536,7 +2547,7 @@ start_gssrequest(dns_name_t *master) { if (userserver == NULL) get_address(namestr, dnsport, kserver); else - (void)memcpy(kserver, userserver, sizeof(isc_sockaddr_t)); + (void)memmove(kserver, userserver, sizeof(isc_sockaddr_t)); dns_fixedname_init(&fname); servname = dns_fixedname_name(&fname); diff --git a/bin/rndc/rndc.8 b/bin/rndc/rndc.8 index 7197ed0b9288..e0cdf0cf66ce 100644 --- a/bin/rndc/rndc.8 +++ b/bin/rndc/rndc.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007, 2013 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and/or distribute this software for any @@ -20,11 +20,11 @@ .\" Title: rndc .\" Author: .\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> -.\" Date: June 30, 2000 +.\" Date: June 7, 2013 .\" Manual: BIND9 .\" Source: BIND9 .\" -.TH "RNDC" "8" "June 30, 2000" "BIND9" "BIND9" +.TH "RNDC" "8" "June 7, 2013" "BIND9" "BIND9" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -113,17 +113,236 @@ is specified, \fBrndc\fR will first look for a key clause in the server statement of the server being used, or if no server statement is present for that host, then the default\-key clause of the options statement. Note that the configuration file contains shared secrets which are used to send authenticated control commands to name servers. It should therefore not have general read or write access. .RE +.SH "COMMANDS" .PP -For the complete set of commands supported by -\fBrndc\fR, see the BIND 9 Administrator Reference Manual or run +A list of commands supported by \fBrndc\fR -without arguments to see its help message. -.SH "LIMITATIONS" -.PP +can be seen by running \fBrndc\fR -does not yet support all the commands of the BIND 8 -\fBndc\fR -utility. +without arguments. +.PP +Currently supported commands are: +.PP +\fBreload\fR +.RS 4 +Reload configuration file and zones. +.RE +.PP +\fBreload \fR\fB\fIzone\fR\fR\fB \fR\fB[\fIclass\fR [\fIview\fR]]\fR +.RS 4 +Reload the given zone. +.RE +.PP +\fBrefresh \fR\fB\fIzone\fR\fR\fB \fR\fB[\fIclass\fR [\fIview\fR]]\fR +.RS 4 +Schedule zone maintenance for the given zone. +.RE +.PP +\fBretransfer \fR\fB\fIzone\fR\fR\fB \fR\fB[\fIclass\fR [\fIview\fR]]\fR +.RS 4 +Retransfer the given zone from the master. +.RE +.PP +\fBsign \fR\fB\fIzone\fR\fR\fB \fR\fB[\fIclass\fR [\fIview\fR]]\fR +.RS 4 +Fetch all DNSSEC keys for the given zone from the key directory (see the +\fBkey\-directory\fR +option in the BIND 9 Administrator Reference Manual). If they are within their publication period, merge them into the zone's DNSKEY RRset. If the DNSKEY RRset is changed, then the zone is automatically re\-signed with the new key set. +.sp +This command requires that the +\fBauto\-dnssec\fR +zone option be set to +allow +or +maintain, and also requires the zone to be configured to allow dynamic DNS. (See "Dynamic Update Policies" in the Administrator Reference Manual for more details.) +.RE +.PP +\fBloadkeys \fR\fB\fIzone\fR\fR\fB \fR\fB[\fIclass\fR [\fIview\fR]]\fR +.RS 4 +Fetch all DNSSEC keys for the given zone from the key directory. If they are within their publication period, merge them into the zone's DNSKEY RRset. Unlike +\fBrndc sign\fR, however, the zone is not immediately re\-signed by the new keys, but is allowed to incrementally re\-sign over time. +.sp +This command requires that the +\fBauto\-dnssec\fR +zone option be set to +maintain, and also requires the zone to be configured to allow dynamic DNS. (See "Dynamic Update Policies" in the Administrator Reference Manual for more details.) +.RE +.PP +\fBfreeze \fR\fB[\fIzone\fR [\fIclass\fR [\fIview\fR]]]\fR +.RS 4 +Suspend updates to a dynamic zone. If no zone is specified, then all zones are suspended. This allows manual edits to be made to a zone normally updated by dynamic update. It also causes changes in the journal file to be synced into the master file, and the journal file to be removed. All dynamic update attempts will be refused while the zone is frozen. +.RE +.PP +\fBthaw \fR\fB[\fIzone\fR [\fIclass\fR [\fIview\fR]]]\fR +.RS 4 +Enable updates to a frozen dynamic zone. If no zone is specified, then all frozen zones are enabled. This causes the server to reload the zone from disk, and re\-enables dynamic updates after the load has completed. After a zone is thawed, dynamic updates will no longer be refused. +.RE +.PP +\fBnotify \fR\fB\fIzone\fR\fR\fB \fR\fB[\fIclass\fR [\fIview\fR]]\fR +.RS 4 +Resend NOTIFY messages for the zone. +.RE +.PP +\fBreconfig\fR +.RS 4 +Reload the configuration file and load new zones, but do not reload existing zone files even if they have changed. This is faster than a full +\fBreload\fR +when there is a large number of zones because it avoids the need to examine the modification times of the zones files. +.RE +.PP +\fBstats\fR +.RS 4 +Write server statistics to the statistics file. +.RE +.PP +\fBquerylog\fR [on|off] +.RS 4 +Toggle query logging. Query logging can also be enabled by explicitly directing the +\fBqueries\fR +\fBcategory\fR +to a +\fBchannel\fR +in the +\fBlogging\fR +section of +\fInamed.conf\fR +or by specifying +\fBquerylog yes;\fR +in the +\fBoptions\fR +section of +\fInamed.conf\fR. +.RE +.PP +\fBdumpdb \fR\fB[\-all|\-cache|\-zone]\fR\fB \fR\fB[\fIview ...\fR]\fR +.RS 4 +Dump the server's caches (default) and/or zones to the dump file for the specified views. If no view is specified, all views are dumped. +.RE +.PP +\fBsecroots \fR\fB[\fIview ...\fR]\fR +.RS 4 +Dump the server's security roots to the secroots file for the specified views. If no view is specified, security roots for all views are dumped. +.RE +.PP +\fBstop \fR\fB[\-p]\fR +.RS 4 +Stop the server, making sure any recent changes made through dynamic update or IXFR are first saved to the master files of the updated zones. If +\fB\-p\fR +is specified +\fBnamed\fR's process id is returned. This allows an external process to determine when +\fBnamed\fR +had completed stopping. +.RE +.PP +\fBhalt \fR\fB[\-p]\fR +.RS 4 +Stop the server immediately. Recent changes made through dynamic update or IXFR are not saved to the master files, but will be rolled forward from the journal files when the server is restarted. If +\fB\-p\fR +is specified +\fBnamed\fR's process id is returned. This allows an external process to determine when +\fBnamed\fR +had completed halting. +.RE +.PP +\fBtrace\fR +.RS 4 +Increment the servers debugging level by one. +.RE +.PP +\fBtrace \fR\fB\fIlevel\fR\fR +.RS 4 +Sets the server's debugging level to an explicit value. +.RE +.PP +\fBnotrace\fR +.RS 4 +Sets the server's debugging level to 0. +.RE +.PP +\fBflush\fR +.RS 4 +Flushes the server's cache. +.RE +.PP +\fBflushname\fR \fIname\fR [\fIview\fR] +.RS 4 +Flushes the given name from the server's cache. +.RE +.PP +\fBstatus\fR +.RS 4 +Display status of the server. Note that the number of zones includes the internal +\fBbind/CH\fR +zone and the default +\fB./IN\fR +hint zone if there is not an explicit root zone configured. +.RE +.PP +\fBrecursing\fR +.RS 4 +Dump the list of queries +\fBnamed\fR +is currently recursing on. +.RE +.PP +\fBvalidation ( on | off | check ) \fR\fB[\fIview ...\fR]\fR\fB \fR +.RS 4 +Enable, disable, or check the current status of DNSSEC validation. Note +\fBdnssec\-enable\fR +also needs to be set to +\fByes\fR +or +\fBauto\fR +to be effective. It defaults to enabled. +.RE +.PP +\fBtsig\-list\fR +.RS 4 +List the names of all TSIG keys currently configured for use by +\fBnamed\fR +in each view. The list both statically configured keys and dynamic TKEY\-negotiated keys. +.RE +.PP +\fBtsig\-delete\fR \fIkeyname\fR [\fIview\fR] +.RS 4 +Delete a given TKEY\-negotiated key from the server. (This does not apply to statically configured TSIG keys.) +.RE +.PP +\fBaddzone \fR\fB\fIzone\fR\fR\fB \fR\fB[\fIclass\fR [\fIview\fR]]\fR\fB \fR\fB\fIconfiguration\fR\fR\fB \fR +.RS 4 +Add a zone while the server is running. This command requires the +\fBallow\-new\-zones\fR +option to be set to +\fByes\fR. The +\fIconfiguration\fR +string specified on the command line is the zone configuration text that would ordinarily be placed in +\fInamed.conf\fR. +.sp +The configuration is saved in a file called +\fI\fIhash\fR\fR\fI.nzf\fR, where +\fIhash\fR +is a cryptographic hash generated from the name of the view. When +\fBnamed\fR +is restarted, the file will be loaded into the view configuration, so that zones that were added can persist after a restart. +.sp +This sample +\fBaddzone\fR +command would add the zone +example.com +to the default view: +.sp +$\fBrndc addzone example.com '{ type master; file "example.com.db"; };'\fR +.sp +(Note the brackets and semi\-colon around the zone configuration text.) +.RE +.PP +\fBdelzone \fR\fB\fIzone\fR\fR\fB \fR\fB[\fIclass\fR [\fIview\fR]]\fR\fB \fR +.RS 4 +Delete a zone while the server is running. Only zones that were originally added via +\fBrndc addzone\fR +can be deleted in this manner. +.RE +.SH "LIMITATIONS" .PP There is currently no way to provide the shared secret for a \fBkey_id\fR @@ -142,7 +361,7 @@ BIND 9 Administrator Reference Manual. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007, 2013 Internet Systems Consortium, Inc. ("ISC") .br Copyright \(co 2000, 2001 Internet Software Consortium. .br diff --git a/bin/rndc/rndc.c b/bin/rndc/rndc.c index e4ce5563cc3c..23d2f6b8563d 100644 --- a/bin/rndc/rndc.c +++ b/bin/rndc/rndc.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -469,6 +469,9 @@ parse_config(isc_mem_t *mctx, isc_log_t *log, const char *keyname, conffile = admin_keyfile; conftype = &cfg_type_rndckey; + if (c_flag) + fatal("%s does not exist", admin_conffile); + if (! isc_file_exists(conffile)) fatal("neither %s nor %s was found", admin_conffile, admin_keyfile); @@ -699,7 +702,7 @@ main(int argc, char **argv) { result = isc_file_progname(*argv, program, sizeof(program)); if (result != ISC_R_SUCCESS) - memcpy(program, "rndc", 5); + memmove(program, "rndc", 5); progname = program; admin_conffile = RNDC_CONFFILE; @@ -831,7 +834,7 @@ main(int argc, char **argv) { p = args; for (i = 0; i < argc; i++) { size_t len = strlen(argv[i]); - memcpy(p, argv[i], len); + memmove(p, argv[i], len); p += len; *p++ = ' '; } diff --git a/bin/rndc/rndc.docbook b/bin/rndc/rndc.docbook index d407f2b515cb..963af15aaf28 100644 --- a/bin/rndc/rndc.docbook +++ b/bin/rndc/rndc.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007, 2013 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -21,7 +21,7 @@ <!-- $Id: rndc.docbook,v 1.21 2007/12/14 20:39:14 marka Exp $ --> <refentry id="man.rndc"> <refentryinfo> - <date>June 30, 2000</date> + <date>June 7, 2013</date> </refentryinfo> <refmeta> @@ -40,6 +40,7 @@ <year>2004</year> <year>2005</year> <year>2007</year> + <year>2013</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -194,22 +195,399 @@ </varlistentry> </variablelist> + </refsect1> + <refsect1> + <title>COMMANDS</title> + <para> + A list of commands supported by <command>rndc</command> can + be seen by running <command>rndc</command> without arguments. + </para> <para> - For the complete set of commands supported by <command>rndc</command>, - see the BIND 9 Administrator Reference Manual or run - <command>rndc</command> without arguments to see its help - message. + Currently supported commands are: </para> + <variablelist> + <varlistentry> + <term><userinput>reload</userinput></term> + <listitem> + <para> + Reload configuration file and zones. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>reload <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term> + <listitem> + <para> + Reload the given zone. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>refresh <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term> + <listitem> + <para> + Schedule zone maintenance for the given zone. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>retransfer <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term> + <listitem> + <para> + Retransfer the given zone from the master. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>sign <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term> + <listitem> + <para> + Fetch all DNSSEC keys for the given zone + from the key directory (see the + <command>key-directory</command> option in + the BIND 9 Administrator Reference Manual). If they are within + their publication period, merge them into the + zone's DNSKEY RRset. If the DNSKEY RRset + is changed, then the zone is automatically + re-signed with the new key set. + </para> + <para> + This command requires that the + <command>auto-dnssec</command> zone option be set + to <literal>allow</literal> or + <literal>maintain</literal>, + and also requires the zone to be configured to + allow dynamic DNS. + (See "Dynamic Update Policies" in the Administrator + Reference Manual for more details.) + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>loadkeys <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term> + <listitem> + <para> + Fetch all DNSSEC keys for the given zone + from the key directory. If they are within + their publication period, merge them into the + zone's DNSKEY RRset. Unlike <command>rndc + sign</command>, however, the zone is not + immediately re-signed by the new keys, but is + allowed to incrementally re-sign over time. + </para> + <para> + This command requires that the + <command>auto-dnssec</command> zone option + be set to <literal>maintain</literal>, + and also requires the zone to be configured to + allow dynamic DNS. + (See "Dynamic Update Policies" in the Administrator + Reference Manual for more details.) + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>freeze <optional><replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></optional></userinput></term> + <listitem> + <para> + Suspend updates to a dynamic zone. If no zone is + specified, then all zones are suspended. This allows + manual edits to be made to a zone normally updated by + dynamic update. It also causes changes in the + journal file to be synced into the master file, + and the journal file to be removed. + All dynamic update attempts will be refused while + the zone is frozen. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>thaw <optional><replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></optional></userinput></term> + <listitem> + <para> + Enable updates to a frozen dynamic zone. If no + zone is specified, then all frozen zones are + enabled. This causes the server to reload the zone + from disk, and re-enables dynamic updates after the + load has completed. After a zone is thawed, + dynamic updates will no longer be refused. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>notify <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional></userinput></term> + <listitem> + <para> + Resend NOTIFY messages for the zone. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>reconfig</userinput></term> + <listitem> + <para> + Reload the configuration file and load new zones, + but do not reload existing zone files even if they + have changed. + This is faster than a full <command>reload</command> when there + is a large number of zones because it avoids the need + to examine the + modification times of the zones files. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>stats</userinput></term> + <listitem> + <para> + Write server statistics to the statistics file. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>querylog</userinput> <optional>on|off</optional> </term> + <listitem> + <para> + Toggle query logging. Query logging can also be enabled + by explicitly directing the <command>queries</command> + <command>category</command> to a + <command>channel</command> in the + <command>logging</command> section of + <filename>named.conf</filename> or by specifying + <command>querylog yes;</command> in the + <command>options</command> section of + <filename>named.conf</filename>. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>dumpdb <optional>-all|-cache|-zone</optional> <optional><replaceable>view ...</replaceable></optional></userinput></term> + <listitem> + <para> + Dump the server's caches (default) and/or zones to + the + dump file for the specified views. If no view is + specified, all + views are dumped. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>secroots <optional><replaceable>view ...</replaceable></optional></userinput></term> + <listitem> + <para> + Dump the server's security roots to the secroots + file for the specified views. If no view is + specified, security roots for all + views are dumped. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>stop <optional>-p</optional></userinput></term> + <listitem> + <para> + Stop the server, making sure any recent changes + made through dynamic update or IXFR are first saved to + the master files of the updated zones. + If <option>-p</option> is specified <command>named</command>'s process id is returned. + This allows an external process to determine when <command>named</command> + had completed stopping. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>halt <optional>-p</optional></userinput></term> + <listitem> + <para> + Stop the server immediately. Recent changes + made through dynamic update or IXFR are not saved to + the master files, but will be rolled forward from the + journal files when the server is restarted. + If <option>-p</option> is specified <command>named</command>'s process id is returned. + This allows an external process to determine when <command>named</command> + had completed halting. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>trace</userinput></term> + <listitem> + <para> + Increment the servers debugging level by one. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>trace <replaceable>level</replaceable></userinput></term> + <listitem> + <para> + Sets the server's debugging level to an explicit + value. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>notrace</userinput></term> + <listitem> + <para> + Sets the server's debugging level to 0. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>flush</userinput></term> + <listitem> + <para> + Flushes the server's cache. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>flushname</userinput> <replaceable>name</replaceable> <optional><replaceable>view</replaceable></optional> </term> + <listitem> + <para> + Flushes the given name from the server's cache. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>status</userinput></term> + <listitem> + <para> + Display status of the server. + Note that the number of zones includes the internal <command>bind/CH</command> zone + and the default <command>./IN</command> + hint zone if there is not an + explicit root zone configured. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>recursing</userinput></term> + <listitem> + <para> + Dump the list of queries <command>named</command> is currently recursing + on. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>validation ( on | off | check ) <optional><replaceable>view ...</replaceable></optional> </userinput></term> + <listitem> + <para> + Enable, disable, or check the current status of + DNSSEC validation. + Note <command>dnssec-enable</command> also needs to be + set to <userinput>yes</userinput> or + <userinput>auto</userinput> to be effective. + It defaults to enabled. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>tsig-list</userinput></term> + <listitem> + <para> + List the names of all TSIG keys currently configured + for use by <command>named</command> in each view. The + list both statically configured keys and dynamic + TKEY-negotiated keys. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>tsig-delete</userinput> <replaceable>keyname</replaceable> <optional><replaceable>view</replaceable></optional></term> + <listitem> + <para> + Delete a given TKEY-negotiated key from the server. + (This does not apply to statically configured TSIG + keys.) + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>addzone <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional> <replaceable>configuration</replaceable> </userinput></term> + <listitem> + <para> + Add a zone while the server is running. This + command requires the + <command>allow-new-zones</command> option to be set + to <userinput>yes</userinput>. The + <replaceable>configuration</replaceable> string + specified on the command line is the zone + configuration text that would ordinarily be + placed in <filename>named.conf</filename>. + </para> + <para> + The configuration is saved in a file called + <filename><replaceable>hash</replaceable>.nzf</filename>, + where <replaceable>hash</replaceable> is a + cryptographic hash generated from the name of + the view. When <command>named</command> is + restarted, the file will be loaded into the view + configuration, so that zones that were added + can persist after a restart. + </para> + <para> + This sample <command>addzone</command> command + would add the zone <literal>example.com</literal> + to the default view: + </para> + <para> +<prompt>$ </prompt><userinput>rndc addzone example.com '{ type master; file "example.com.db"; };'</userinput> + </para> + <para> + (Note the brackets and semi-colon around the zone + configuration text.) + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><userinput>delzone <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional> </userinput></term> + <listitem> + <para> + Delete a zone while the server is running. + Only zones that were originally added via + <command>rndc addzone</command> can be deleted + in this manner. + </para> + </listitem> + </varlistentry> + </variablelist> </refsect1> <refsect1> <title>LIMITATIONS</title> - <para><command>rndc</command> - does not yet support all the commands of - the BIND 8 <command>ndc</command> utility. - </para> <para> There is currently no way to provide the shared secret for a <option>key_id</option> without using the configuration file. diff --git a/bin/rndc/rndc.html b/bin/rndc/rndc.html index 4195c4e07e9f..c0050c5faef9 100644 --- a/bin/rndc/rndc.html +++ b/bin/rndc/rndc.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007, 2013 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">rndc</code> [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543415"></a><h2>DESCRIPTION</h2> +<a name="id2543418"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">rndc</strong></span> controls the operation of a name server. It supersedes the <span><strong class="command">ndc</strong></span> utility @@ -61,7 +61,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543450"></a><h2>OPTIONS</h2> +<a name="id2543453"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt> <dd><p> @@ -125,19 +125,263 @@ or write access. </p></dd> </dl></div> +</div> +<div class="refsect1" lang="en"> +<a name="id2543650"></a><h2>COMMANDS</h2> <p> - For the complete set of commands supported by <span><strong class="command">rndc</strong></span>, - see the BIND 9 Administrator Reference Manual or run - <span><strong class="command">rndc</strong></span> without arguments to see its help - message. + A list of commands supported by <span><strong class="command">rndc</strong></span> can + be seen by running <span><strong class="command">rndc</strong></span> without arguments. </p> +<p> + Currently supported commands are: + </p> +<div class="variablelist"><dl> +<dt><span class="term"><strong class="userinput"><code>reload</code></strong></span></dt> +<dd><p> + Reload configuration file and zones. + </p></dd> +<dt><span class="term"><strong class="userinput"><code>reload <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt> +<dd><p> + Reload the given zone. + </p></dd> +<dt><span class="term"><strong class="userinput"><code>refresh <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt> +<dd><p> + Schedule zone maintenance for the given zone. + </p></dd> +<dt><span class="term"><strong class="userinput"><code>retransfer <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt> +<dd><p> + Retransfer the given zone from the master. + </p></dd> +<dt><span class="term"><strong class="userinput"><code>sign <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt> +<dd> +<p> + Fetch all DNSSEC keys for the given zone + from the key directory (see the + <span><strong class="command">key-directory</strong></span> option in + the BIND 9 Administrator Reference Manual). If they are within + their publication period, merge them into the + zone's DNSKEY RRset. If the DNSKEY RRset + is changed, then the zone is automatically + re-signed with the new key set. + </p> +<p> + This command requires that the + <span><strong class="command">auto-dnssec</strong></span> zone option be set + to <code class="literal">allow</code> or + <code class="literal">maintain</code>, + and also requires the zone to be configured to + allow dynamic DNS. + (See "Dynamic Update Policies" in the Administrator + Reference Manual for more details.) + </p> +</dd> +<dt><span class="term"><strong class="userinput"><code>loadkeys <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt> +<dd> +<p> + Fetch all DNSSEC keys for the given zone + from the key directory. If they are within + their publication period, merge them into the + zone's DNSKEY RRset. Unlike <span><strong class="command">rndc + sign</strong></span>, however, the zone is not + immediately re-signed by the new keys, but is + allowed to incrementally re-sign over time. + </p> +<p> + This command requires that the + <span><strong class="command">auto-dnssec</strong></span> zone option + be set to <code class="literal">maintain</code>, + and also requires the zone to be configured to + allow dynamic DNS. + (See "Dynamic Update Policies" in the Administrator + Reference Manual for more details.) + </p> +</dd> +<dt><span class="term"><strong class="userinput"><code>freeze [<span class="optional"><em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt> +<dd><p> + Suspend updates to a dynamic zone. If no zone is + specified, then all zones are suspended. This allows + manual edits to be made to a zone normally updated by + dynamic update. It also causes changes in the + journal file to be synced into the master file, + and the journal file to be removed. + All dynamic update attempts will be refused while + the zone is frozen. + </p></dd> +<dt><span class="term"><strong class="userinput"><code>thaw [<span class="optional"><em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt> +<dd><p> + Enable updates to a frozen dynamic zone. If no + zone is specified, then all frozen zones are + enabled. This causes the server to reload the zone + from disk, and re-enables dynamic updates after the + load has completed. After a zone is thawed, + dynamic updates will no longer be refused. + </p></dd> +<dt><span class="term"><strong class="userinput"><code>notify <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt> +<dd><p> + Resend NOTIFY messages for the zone. + </p></dd> +<dt><span class="term"><strong class="userinput"><code>reconfig</code></strong></span></dt> +<dd><p> + Reload the configuration file and load new zones, + but do not reload existing zone files even if they + have changed. + This is faster than a full <span><strong class="command">reload</strong></span> when there + is a large number of zones because it avoids the need + to examine the + modification times of the zones files. + </p></dd> +<dt><span class="term"><strong class="userinput"><code>stats</code></strong></span></dt> +<dd><p> + Write server statistics to the statistics file. + </p></dd> +<dt><span class="term"><strong class="userinput"><code>querylog</code></strong> [<span class="optional">on|off</span>] </span></dt> +<dd><p> + Toggle query logging. Query logging can also be enabled + by explicitly directing the <span><strong class="command">queries</strong></span> + <span><strong class="command">category</strong></span> to a + <span><strong class="command">channel</strong></span> in the + <span><strong class="command">logging</strong></span> section of + <code class="filename">named.conf</code> or by specifying + <span><strong class="command">querylog yes;</strong></span> in the + <span><strong class="command">options</strong></span> section of + <code class="filename">named.conf</code>. + </p></dd> +<dt><span class="term"><strong class="userinput"><code>dumpdb [<span class="optional">-all|-cache|-zone</span>] [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt> +<dd><p> + Dump the server's caches (default) and/or zones to + the + dump file for the specified views. If no view is + specified, all + views are dumped. + </p></dd> +<dt><span class="term"><strong class="userinput"><code>secroots [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt> +<dd><p> + Dump the server's security roots to the secroots + file for the specified views. If no view is + specified, security roots for all + views are dumped. + </p></dd> +<dt><span class="term"><strong class="userinput"><code>stop [<span class="optional">-p</span>]</code></strong></span></dt> +<dd><p> + Stop the server, making sure any recent changes + made through dynamic update or IXFR are first saved to + the master files of the updated zones. + If <code class="option">-p</code> is specified <span><strong class="command">named</strong></span>'s process id is returned. + This allows an external process to determine when <span><strong class="command">named</strong></span> + had completed stopping. + </p></dd> +<dt><span class="term"><strong class="userinput"><code>halt [<span class="optional">-p</span>]</code></strong></span></dt> +<dd><p> + Stop the server immediately. Recent changes + made through dynamic update or IXFR are not saved to + the master files, but will be rolled forward from the + journal files when the server is restarted. + If <code class="option">-p</code> is specified <span><strong class="command">named</strong></span>'s process id is returned. + This allows an external process to determine when <span><strong class="command">named</strong></span> + had completed halting. + </p></dd> +<dt><span class="term"><strong class="userinput"><code>trace</code></strong></span></dt> +<dd><p> + Increment the servers debugging level by one. + </p></dd> +<dt><span class="term"><strong class="userinput"><code>trace <em class="replaceable"><code>level</code></em></code></strong></span></dt> +<dd><p> + Sets the server's debugging level to an explicit + value. + </p></dd> +<dt><span class="term"><strong class="userinput"><code>notrace</code></strong></span></dt> +<dd><p> + Sets the server's debugging level to 0. + </p></dd> +<dt><span class="term"><strong class="userinput"><code>flush</code></strong></span></dt> +<dd><p> + Flushes the server's cache. + </p></dd> +<dt><span class="term"><strong class="userinput"><code>flushname</code></strong> <em class="replaceable"><code>name</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>] </span></dt> +<dd><p> + Flushes the given name from the server's cache. + </p></dd> +<dt><span class="term"><strong class="userinput"><code>status</code></strong></span></dt> +<dd><p> + Display status of the server. + Note that the number of zones includes the internal <span><strong class="command">bind/CH</strong></span> zone + and the default <span><strong class="command">./IN</strong></span> + hint zone if there is not an + explicit root zone configured. + </p></dd> +<dt><span class="term"><strong class="userinput"><code>recursing</code></strong></span></dt> +<dd><p> + Dump the list of queries <span><strong class="command">named</strong></span> is currently recursing + on. + </p></dd> +<dt><span class="term"><strong class="userinput"><code>validation ( on | off | check ) [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>] </code></strong></span></dt> +<dd><p> + Enable, disable, or check the current status of + DNSSEC validation. + Note <span><strong class="command">dnssec-enable</strong></span> also needs to be + set to <strong class="userinput"><code>yes</code></strong> or + <strong class="userinput"><code>auto</code></strong> to be effective. + It defaults to enabled. + </p></dd> +<dt><span class="term"><strong class="userinput"><code>tsig-list</code></strong></span></dt> +<dd><p> + List the names of all TSIG keys currently configured + for use by <span><strong class="command">named</strong></span> in each view. The + list both statically configured keys and dynamic + TKEY-negotiated keys. + </p></dd> +<dt><span class="term"><strong class="userinput"><code>tsig-delete</code></strong> <em class="replaceable"><code>keyname</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span></dt> +<dd><p> + Delete a given TKEY-negotiated key from the server. + (This does not apply to statically configured TSIG + keys.) + </p></dd> +<dt><span class="term"><strong class="userinput"><code>addzone <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>] <em class="replaceable"><code>configuration</code></em> </code></strong></span></dt> +<dd> +<p> + Add a zone while the server is running. This + command requires the + <span><strong class="command">allow-new-zones</strong></span> option to be set + to <strong class="userinput"><code>yes</code></strong>. The + <em class="replaceable"><code>configuration</code></em> string + specified on the command line is the zone + configuration text that would ordinarily be + placed in <code class="filename">named.conf</code>. + </p> +<p> + The configuration is saved in a file called + <code class="filename"><em class="replaceable"><code>hash</code></em>.nzf</code>, + where <em class="replaceable"><code>hash</code></em> is a + cryptographic hash generated from the name of + the view. When <span><strong class="command">named</strong></span> is + restarted, the file will be loaded into the view + configuration, so that zones that were added + can persist after a restart. + </p> +<p> + This sample <span><strong class="command">addzone</strong></span> command + would add the zone <code class="literal">example.com</code> + to the default view: + </p> +<p> +<code class="prompt">$ </code><strong class="userinput"><code>rndc addzone example.com '{ type master; file "example.com.db"; };'</code></strong> + </p> +<p> + (Note the brackets and semi-colon around the zone + configuration text.) + </p> +</dd> +<dt><span class="term"><strong class="userinput"><code>delzone <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>] </code></strong></span></dt> +<dd><p> + Delete a zone while the server is running. + Only zones that were originally added via + <span><strong class="command">rndc addzone</strong></span> can be deleted + in this manner. + </p></dd> +</dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543658"></a><h2>LIMITATIONS</h2> -<p><span><strong class="command">rndc</strong></span> - does not yet support all the commands of - the BIND 8 <span><strong class="command">ndc</strong></span> utility. - </p> +<a name="id2544662"></a><h2>LIMITATIONS</h2> <p> There is currently no way to provide the shared secret for a <code class="option">key_id</code> without using the configuration file. @@ -147,7 +391,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543685"></a><h2>SEE ALSO</h2> +<a name="id2544680"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>, <span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, @@ -157,7 +401,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543740"></a><h2>AUTHOR</h2> +<a name="id2544736"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> |