d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Vendor import of Bind 9.9.3-P2

Browse Source 
Approved by:	 delphij (mentor, implicit)
Sponsored by:	DK Hostmaster A/S
This commit is contained in:
Erwin Lansing 2013-08-14 11:10:02 +00:00
parent 2f7409b5f6
commit 98ec2cd1fa
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/vendor/bind9/dist/; revision=254322
svn path=/vendor/bind9/9.9.3-P2/; revision=254323; tag=vendor/bind9/9.9.3-P2
331 changed files with 28732 additions and 15121 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

565
CHANGES
View File

File diff suppressed because it is too large Load Diff

2
COPYRIGHT
View File

@ -13,7 +13,7 @@ LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
$Id: COPYRIGHT,v 1.17.14.2 2012/01/04 23:46:18 tbox Exp $
$Id: COPYRIGHT,v 1.19 2012/01/03 23:46:59 tbox Exp $
Portions of this code release fall under one or more of the
following Copyright notices. Please see individual source

7
FREEBSD-Upgrade
View File

@ -56,11 +56,11 @@
$ sed -i.orig -e '/\/tests/d; /docutil/d; /\/xsl/d;' \
-e '/contrib\/check-secure-delegation.pl/d;' \
-e '/contrib\/zone-edit.sh/d;' \
-e '/contrib\/zone-edit.sh/d;' -e '/bin\/python/d;' \
configure.in Makefile.in */Makefile.in
Remove mention of doxygen, pkcs11, unit and related files from
configure.in
Remove mention of doxygen, pkcs11, unit, python and related files
from configure.in
Please do not commit this change. You only need this to generate config.h.
@ -121,6 +121,7 @@
src/usr.sbin/dnssec-revoke bind9/bin/dnssec
src/usr.sbin/dnssec-settime bind9/bin/dnssec
src/usr.sbin/dnssec-signzone bind9/bin/dnssec
src/usr.sbin/dnssec-verify bind9/bin/dnssec
src/usr.sbin/genrandom bind9/bin/tools
src/usr.sbin/isc-hmac-fixup bind9/bin/tools
src/usr.sbin/named bind9/bin/named

1
FREEBSD-Xlist
View File

@ -4,6 +4,7 @@
.cvsignore
bin/named/bindkeys.pl
bin/pkcs11
bin/python
bind.keys
configure
contrib

52
HISTORY
View File

@ -1,5 +1,57 @@
Summary of functional enhancements from prior major releases of BIND 9:
BIND 9.8.0
BIND 9.8.0 includes a number of changes from BIND 9.7 and earlier
releases. New features include:
- Built-in trust anchor for the root zone, which can be
switched on via "dnssec-validation auto;"
- Support for DNS64.
- Support for response policy zones (RPZ).
- Support for writable DLZ zones.
- Improved ease of configuration of GSS/TSIG for
interoperability with Active Directory
- Support for GOST signing algorithm for DNSSEC.
- Removed RTT Banding from server selection algorithm.
- New "static-stub" zone type.
- Allow configuration of resolver timeouts via
"resolver-query-timeout" option.
- The DLZ "dlopen" driver is now built by default.
- Added a new include file with function typedefs
for the DLZ "dlopen" driver.
- Made "--with-gssapi" default.
- More verbose error reporting from DLZ LDAP.
BIND 9.7.0
BIND 9.7.0 includes a number of changes from BIND 9.6 and earlier
releases. Most are intended to simplify DNSSEC configuration.
New features include:
- Fully automatic signing of zones by "named".
- Simplified configuration of DNSSEC Lookaside Validation (DLV).
- Simplified configuration of Dynamic DNS, using the "ddns-confgen"
command line tool or the "local" update-policy option. (As a side
effect, this also makes it easier to configure automatic zone
re-signing.)
- New named option "attach-cache" that allows multiple views to
share a single cache.
- DNS rebinding attack prevention.
- New default values for dnssec-keygen parameters.
- Support for RFC 5011 automated trust anchor maintenance
- Smart signing: simplified tools for zone signing and key
maintenance.
- The "statistics-channels" option is now available on Windows.
- A new DNSSEC-aware libdns API for use by non-BIND9 applications
- On some platforms, named and other binaries can now print out
a stack backtrace on assertion failure, to aid in debugging.
- A "tools only" installation mode on Windows, which only installs
dig, host, nslookup and nsupdate.
- Improved PKCS#11 support, including Keyper support and explicit
OpenSSL engine selection.
BIND 9.6.0
Full NSEC3 support

2
Makefile.in
View File

@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: Makefile.in,v 1.58.250.4 2011/09/06 04:06:11 marka Exp $
# $Id: Makefile.in,v 1.62 2011/09/06 04:06:37 marka Exp $
srcdir = @srcdir@
VPATH = @srcdir@

172
README
View File

@ -51,119 +51,64 @@ BIND 9
For up-to-date release notes and errata, see
http://www.isc.org/software/bind9/releasenotes
BIND 9.8.5
BIND 9.9.3
BIND 9.8.5 includes several bug fixes and patches security
flaws described in CVE-2012-5688, CVE-2012-5689 and CVE-2013-2266.
BIND 9.9.3 is a maintenance release and patches the security
flaws described in CVE-2012-5688, CVE-2012-5689 and CVE-2013-2266.
BIND 9.8.4
BIND 9.9.2
BIND 9.8.4 includes several bug fixes and patches security
flaws described in CVE-2012-1667, CVE-2012-3817 and CVE-2012-4244.
BIND 9.9.2 is a maintenance release and patches the security
flaw described in CVE-2012-4244.
BIND 9.8.3
BIND 9.9.1
BIND 9.8.3 is a maintenance release.
BIND 9.9.1 is a maintenance release.
BIND 9.8.2
BIND 9.9.0
BIND 9.8.2 includes a number of bug fixes and prevents a security
problem described in CVE-2011-4313
BIND 9.9.0 includes a number of changes from BIND 9.8 and earlier
releases. New features include:
BIND 9.8.1
BIND 9.8.1 includes a number of bug fixes and enhancements from
BIND 9.8 and earlier releases. New features include:
- The DLZ "dlopen" driver is now built by default.
- Added a new include file with function typedefs
for the DLZ "dlopen" driver.
- Made "--with-gssapi" default.
- More verbose error reporting from DLZ LDAP.
BIND 9.8.0
BIND 9.8.0 includes a number of changes from BIND 9.7 and earlier
releases. New features include:
- Built-in trust anchor for the root zone, which can be
switched on via "dnssec-validation auto;"
- Support for DNS64.
- Support for response policy zones (RPZ).
- Support for writable DLZ zones.
- Improved ease of configuration of GSS/TSIG for
interoperability with Active Directory
- Support for GOST signing algorithm for DNSSEC.
- Removed RTT Banding from server selection algorithm.
- New "static-stub" zone type.
- Allow configuration of resolver timeouts via
"resolver-query-timeout" option.
BIND 9.7.0
BIND 9.7.0 includes a number of changes from BIND 9.6 and earlier
releases. Most are intended to simplify DNSSEC configuration.
New features include:
- Fully automatic signing of zones by "named".
- Simplified configuration of DNSSEC Lookaside Validation (DLV).
- Simplified configuration of Dynamic DNS, using the "ddns-confgen"
command line tool or the "local" update-policy option. (As a side
effect, this also makes it easier to configure automatic zone
re-signing.)
- New named option "attach-cache" that allows multiple views to
share a single cache.
- DNS rebinding attack prevention.
- New default values for dnssec-keygen parameters.
- Support for RFC 5011 automated trust anchor maintenance
- Smart signing: simplified tools for zone signing and key
maintenance.
- The "statistics-channels" option is now available on Windows.
- A new DNSSEC-aware libdns API for use by non-BIND9 applications
- On some platforms, named and other binaries can now print out
a stack backtrace on assertion failure, to aid in debugging.
- A "tools only" installation mode on Windows, which only installs
dig, host, nslookup and nsupdate.
- Improved PKCS#11 support, including Keyper support and explicit
OpenSSL engine selection.
Known issues in this release:
- In rare cases, DNSSEC validation can leak memory. When this
happens, it will cause an assertion failure when named exits,
but is otherwise harmless. A fix exists, but was too late for
this release; it will be included in BIND 9.7.1.
Compatibility notes:
- If you had built BIND 9.6 with any of ALLOW_NSEC3PARAM_UPDATE,
ALLOW_SECURE_TO_INSECURE or ALLOW_INSECURE_TO_SECURE defined, then
you should ensure that all changes that are in progress have
completed prior to upgrading to BIND 9.7. BIND 9.7 implements
those features in a way which is not backwards compatible.
- Prior releases had a bug which caused HMAC-SHA* keys with long
secrets to be used incorrectly. Fixing this bug means that older
versions of BIND 9 may fail to interoperate with this version
when using TSIG keys. If this occurs, the new "isc-hmac-fixup"
tool will convert a key with a long secret into a form that works
correctly with all versions of BIND 9. See the "isc-hmac-fixup"
man page for additional details.
- Revoking a DNSSEC key with "dnssec-revoke" changes its key ID.
It is possible for the new key ID to collide with that of a
different key. Newly generated keys will not have this problem,
as "dnssec-keygen" looks for potential collisions before
generating keys, but exercise caution if using key revokation
with keys that were generated by older versions of BIND 9. See
the Administrator's Reference Manual, section 4.10 ("Dynamic
Trust Anchor Management") for more details.
- A bug was fixed in which a key's scheduled inactivity date was
stored incorectly. Users who participated in the 9.7.0 BETA test
and had DNSSEC keys with scheduled inactivity dates will need to
reset those keys' dates using "dnssec-settime -I".
- Inline signing, allowing automatic DNSSEC signing of
master zones without modification of the zonefile, or
"bump in the wire" signing in slaves.
- NXDOMAIN redirection.
- New 'rndc flushtree' command clears all data under a given
name from the DNS cache.
- New 'rndc sync' command dumps pending changes in a dynamic
zone to disk without a freeze/thaw cycle.
- New 'rndc signing' command displays or clears signing status
records in 'auto-dnssec' zones.
- NSEC3 parameters for 'auto-dnssec' zones can now be set prior
to signing, eliminating the need to initially sign with NSEC.
- Startup time improvements on large authoritative servers.
- Slave zones are now saved in raw format by default.
- Several improvements to response policy zones (RPZ).
- Improved hardware scalability by using multiple threads
to listen for queries and using finer-grained client locking
- The 'also-notify' option now takes the same syntax as
'masters', so it can used named masterlists and TSIG keys.
- 'dnssec-signzone -D' writes an output file containing only DNSSEC
data, which can be included by the primary zone file.
- 'dnssec-signzone -R' forces removal of signatures that are
not expired but were created by a key which no longer exists.
- 'dnssec-signzone -X' allows a separate expiration date to
be specified for DNSKEY signatures from other signatures.
- New '-L' option to dnssec-keygen, dnssec-settime, and
dnssec-keyfromlabel sets the default TTL for the key.
- dnssec-dsfromkey now supports reading from standard input,
to make it easier to convert DNSKEY to DS.
- RFC 1918 reverse zones have been added to the empty-zones
table per RFC 6303.
- Dynamic updates can now optionally set the zone's SOA serial
number to the current UNIX time.
- DLZ modules can now retrieve the source IP address of
the querying client.
- 'request-ixfr' option can now be set at the per-zone level.
- 'dig +rrcomments' turns on comments about DNSKEY records,
indicating their key ID, algorithm and function
- Simplified nsupdate syntax and added readline support
Building
@ -193,12 +138,12 @@ Building
AIX 4.3, 5L
CentOS 4, 4.5, 5
Darwin 9.0.0d1/ARM
Debian 4
Fedora Core 5, 7
FreeBSD 6.1
Debian 4, 5, 6
Fedora Core 5, 7, 8
FreeBSD 6, 7, 8
HP-UX 11.23 PA
MacOS X 10.4, 10.5
Red Hat Enterprise Linux 4, 5
MacOS X 10.5, 10.6, 10.7
Red Hat Enterprise Linux 4, 5, 6
SCO OpenServer 5.0.6
Slackware 9, 10
SuSE 9, 10
@ -219,7 +164,8 @@ Building
CFLAGS
C compiler flags. Defaults to include -g and/or -O2
as supported by the compiler.
as supported by the compiler. Please include '-g'
if you need to set CFLAGS.
STD_CINCLUDES
System header file directories. Can be used to specify
@ -336,6 +282,10 @@ Building
libraries. sh-utils-1.16 provides a "printf" which compiles
on SunOS 4.
Known limitations
Linux requires kernel build 2.6.39 or later to get the
performance benefits from using multiple sockets.
Documentation

2
bin/Makefile.in
View File

@ -20,7 +20,7 @@ VPATH = @srcdir@
top_srcdir = @top_srcdir@
SUBDIRS = named rndc dig dnssec tools tests nsupdate \
check confgen @PKCS11_TOOLS@
check confgen @PYTHON_TOOLS@ @PKCS11_TOOLS@
TARGETS =
@BIND9_MAKE_RULES@

11
bin/check/check-tool.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: check-tool.c,v 1.41 2010/09/07 23:46:59 tbox Exp $ */
/* $Id: check-tool.c,v 1.44 2011/12/22 07:32:39 each Exp $ */
/*! \file */
@ -638,7 +638,8 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
/*% dump the zone */
isc_result_t
dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
dns_masterformat_t fileformat, const dns_master_style_t *style)
dns_masterformat_t fileformat, const dns_master_style_t *style,
const isc_uint32_t rawversion)
{
isc_result_t result;
FILE *output = stdout;
@ -664,8 +665,8 @@ dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
}
}
result = dns_zone_dumptostream2(zone, output, fileformat, style);
result = dns_zone_dumptostream3(zone, output, fileformat, style,
rawversion);
if (output != stdout)
(void)isc_stdio_close(output);

7
bin/check/check-tool.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004, 2005, 2007, 2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004, 2005, 2007, 2010, 2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: check-tool.h,v 1.16 2010/09/07 23:46:59 tbox Exp $ */
/* $Id: check-tool.h,v 1.18 2011/12/09 23:47:02 tbox Exp $ */
#ifndef CHECK_TOOL_H
#define CHECK_TOOL_H
@ -41,7 +41,8 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
isc_result_t
dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
dns_masterformat_t fileformat, const dns_master_style_t *style);
dns_masterformat_t fileformat, const dns_master_style_t *style,
const isc_uint32_t rawversion);
#ifdef _WIN32
void InitSockets(void);

2
bin/check/named-checkconf.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: named-checkconf.c,v 1.54.62.2 2011/03/12 04:59:13 tbox Exp $ */
/* $Id: named-checkconf.c,v 1.56 2011/03/12 04:59:46 tbox Exp $ */
/*! \file */

27
bin/check/named-checkzone.8
View File

@ -1,4 +1,4 @@
.\" Copyright (C) 2004-2007, 2009, 2010, 2013 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2004-2007, 2009-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2002 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@ -33,9 +33,9 @@
named\-checkzone, named\-compilezone \- zone file validity checking or converting tool
.SH "SYNOPSIS"
.HP 16
\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-h\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-T\ \fR\fB\fImode\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename}
\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-h\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-T\ \fR\fB\fImode\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename}
.HP 18
\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-T\ \fR\fB\fImode\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {\fB\-o\ \fR\fB\fIfilename\fR\fR} {zonename} {filename}
\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-T\ \fR\fB\fImode\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {\fB\-o\ \fR\fB\fIfilename\fR\fR} {zonename} {filename}
.SH "DESCRIPTION"
.PP
\fBnamed\-checkzone\fR
@ -139,11 +139,19 @@ Specify the format of the zone file. Possible formats are
.PP
\-F \fIformat\fR
.RS 4
Specify the format of the output file specified. Possible formats are
Specify the format of the output file specified. For
\fBnamed\-checkzone\fR, this does not cause any effects unless it dumps the zone contents.
.sp
Possible formats are
\fB"text"\fR
(default) and
\fB"raw"\fR. For
\fBnamed\-checkzone\fR, this does not cause any effects unless it dumps the zone contents.
\fB"raw"\fR
or
\fB"raw=N"\fR, which store the zone in a binary format for rapid loading by
\fBnamed\fR.
\fB"raw=N"\fR
specifies the format version of the raw zone file: if N is 0, the raw file can be read by any version of
\fBnamed\fR; if N is 1, the file can be read by release 9.9.0 or higher. The default is 1.
.RE
.PP
\-k \fImode\fR
@ -160,6 +168,11 @@ checks with the specified failure mode. Possible modes are
\fB"ignore"\fR.
.RE
.PP
\-L \fIserial\fR
.RS 4
When compiling a zone to 'raw' format, set the "source serial" value in the header to the specified serial number. (This is expected to be used primarily for testing purposes.)
.RE
.PP
\-m \fImode\fR
.RS 4
Specify whether MX records should be checked to see if they are addresses. Possible modes are
@ -289,7 +302,7 @@ BIND 9 Administrator Reference Manual.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
Copyright \(co 2004\-2007, 2009, 2010, 2013 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2004\-2007, 2009\-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000\-2002 Internet Software Consortium.
.br

52
bin/check/named-checkzone.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: named-checkzone.c,v 1.61.62.2 2011/12/22 23:45:54 tbox Exp $ */
/* $Id: named-checkzone.c,v 1.65 2011/12/22 17:29:22 each Exp $ */
/*! \file */
@ -39,6 +39,7 @@
#include <dns/db.h>
#include <dns/fixedname.h>
#include <dns/log.h>
#include <dns/master.h>
#include <dns/masterdump.h>
#include <dns/name.h>
#include <dns/rdataclass.h>
@ -112,8 +113,12 @@ main(int argc, char **argv) {
const char *outputformatstr = NULL;
dns_masterformat_t inputformat = dns_masterformat_text;
dns_masterformat_t outputformat = dns_masterformat_text;
dns_masterrawheader_t header;
isc_uint32_t rawversion = 1, serialnum = 0;
isc_boolean_t snset = ISC_FALSE;
isc_boolean_t logdump = ISC_FALSE;
FILE *errout = stdout;
char *endp;
outputstyle = &dns_master_style_full;
@ -159,7 +164,7 @@ main(int argc, char **argv) {
isc_commandline_errprint = ISC_FALSE;
while ((c = isc_commandline_parse(argc, argv,
"c:df:hi:jk:m:n:qr:s:t:o:vw:DF:M:S:T:W:"))
"c:df:hi:jk:L:m:n:qr:s:t:o:vw:DF:M:S:T:W:"))
!= EOF) {
switch (c) {
case 'c':
@ -237,6 +242,17 @@ main(int argc, char **argv) {
}
break;
case 'L':
snset = ISC_TRUE;
endp = NULL;
serialnum = strtol(isc_commandline_argument, &endp, 0);
if (*endp != '\0') {
fprintf(stderr, "source serial number "
"must be numeric");
exit(1);
}
break;
case 'n':
if (ARGCMP("ignore")) {
zone_options &= ~(DNS_ZONEOPT_CHECKNS|
@ -413,7 +429,11 @@ main(int argc, char **argv) {
inputformat = dns_masterformat_text;
else if (strcasecmp(inputformatstr, "raw") == 0)
inputformat = dns_masterformat_raw;
else {
else if (strncasecmp(inputformatstr, "raw=", 4) == 0) {
inputformat = dns_masterformat_raw;
fprintf(stderr,
"WARNING: input format raw, version ignored\n");
} else {
fprintf(stderr, "unknown file format: %s\n",
inputformatstr);
exit(1);
@ -421,11 +441,22 @@ main(int argc, char **argv) {
}
if (outputformatstr != NULL) {
if (strcasecmp(outputformatstr, "text") == 0)
if (strcasecmp(outputformatstr, "text") == 0) {
outputformat = dns_masterformat_text;
else if (strcasecmp(outputformatstr, "raw") == 0)
} else if (strcasecmp(outputformatstr, "raw") == 0) {
outputformat = dns_masterformat_raw;
else {
} else if (strncasecmp(outputformatstr, "raw=", 4) == 0) {
char *end;
outputformat = dns_masterformat_raw;
rawversion = strtol(outputformatstr + 4, &end, 10);
if (end == outputformatstr + 4 || *end != '\0' ||
rawversion > 1U) {
fprintf(stderr,
"unknown raw format version\n");
exit(1);
}
} else {
fprintf(stderr, "unknown file format: %s\n",
outputformatstr);
exit(1);
@ -480,13 +511,20 @@ main(int argc, char **argv) {
result = load_zone(mctx, origin, filename, inputformat, classname,
&zone);
if (snset) {
dns_master_initrawheader(&header);
header.flags = DNS_MASTERRAW_SOURCESERIALSET;
header.sourceserial = serialnum;
dns_zone_setrawdata(zone, &header);
}
if (result == ISC_R_SUCCESS && dumpzone) {
if (logdump) {
fprintf(errout, "dump zone to %s...", output_filename);
fflush(errout);
}
result = dump_zone(origin, zone, output_filename,
outputformat, outputstyle);
outputformat, outputstyle, rawversion);
if (logdump)
fprintf(errout, "done\n");
}

30
bin/check/named-checkzone.docbook
View File

@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2004-2007, 2009, 2010, 2013 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2007, 2009-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2002 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: named-checkzone.docbook,v 1.40 2010/01/16 23:48:15 tbox Exp $ -->
<!-- $Id: named-checkzone.docbook,v 1.44 2011/12/22 07:32:39 each Exp $ -->
<refentry id="man.named-checkzone">
<refentryinfo>
<date>June 13, 2000</date>
@ -38,6 +38,7 @@
<year>2007</year>
<year>2009</year>
<year>2010</year>
<year>2011</year>
<year>2013</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
@ -71,6 +72,7 @@
<arg><option>-m <replaceable class="parameter">mode</replaceable></option></arg>
<arg><option>-M <replaceable class="parameter">mode</replaceable></option></arg>
<arg><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
<arg><option>-L <replaceable class="parameter">serial</replaceable></option></arg>
<arg><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
<arg><option>-r <replaceable class="parameter">mode</replaceable></option></arg>
<arg><option>-s <replaceable class="parameter">style</replaceable></option></arg>
@ -97,6 +99,7 @@
<arg><option>-k <replaceable class="parameter">mode</replaceable></option></arg>
<arg><option>-m <replaceable class="parameter">mode</replaceable></option></arg>
<arg><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
<arg><option>-L <replaceable class="parameter">serial</replaceable></option></arg>
<arg><option>-r <replaceable class="parameter">mode</replaceable></option></arg>
<arg><option>-s <replaceable class="parameter">style</replaceable></option></arg>
<arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
@ -250,12 +253,20 @@
<listitem>
<para>
Specify the format of the output file specified.
Possible formats are <command>"text"</command> (default)
and <command>"raw"</command>.
For <command>named-checkzone</command>,
this does not cause any effects unless it dumps the zone
contents.
</para>
<para>
Possible formats are <command>"text"</command> (default)
and <command>"raw"</command> or <command>"raw=N"</command>,
which store the zone in a binary format for rapid loading
by <command>named</command>. <command>"raw=N"</command>
specifies the format version of the raw zone file: if N
is 0, the raw file can be read by any version of
<command>named</command>; if N is 1, the file can be read
by release 9.9.0 or higher. The default is 1.
</para>
</listitem>
</varlistentry>
@ -274,6 +285,17 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-L <replaceable class="parameter">serial</replaceable></term>
<listitem>
<para>
When compiling a zone to 'raw' format, set the "source serial"
value in the header to the specified serial number. (This is
expected to be used primarily for testing purposes.)
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-m <replaceable class="parameter">mode</replaceable></term>
<listitem>

40
bin/check/named-checkzone.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2004-2007, 2009, 2010, 2013 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2007, 2009-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2002 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@ -29,11 +29,11 @@
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [<code class="option">-d</code>] [<code class="option">-h</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
<div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div>
<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [<code class="option">-d</code>] [<code class="option">-h</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
<div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543716"></a><h2>DESCRIPTION</h2>
<a name="id2543736"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named-checkzone</strong></span>
checks the syntax and integrity of a zone file. It performs the
same checks as <span><strong class="command">named</strong></span> does when loading a
@ -53,7 +53,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543751"></a><h2>OPTIONS</h2>
<a name="id2543771"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-d</span></dt>
<dd><p>
@ -128,14 +128,24 @@
and <span><strong class="command">"raw"</strong></span>.
</p></dd>
<dt><span class="term">-F <em class="replaceable"><code>format</code></em></span></dt>
<dd><p>
<dd>
<p>
Specify the format of the output file specified.
Possible formats are <span><strong class="command">"text"</strong></span> (default)
and <span><strong class="command">"raw"</strong></span>.
For <span><strong class="command">named-checkzone</strong></span>,
this does not cause any effects unless it dumps the zone
contents.
</p></dd>
</p>
<p>
Possible formats are <span><strong class="command">"text"</strong></span> (default)
and <span><strong class="command">"raw"</strong></span> or <span><strong class="command">"raw=N"</strong></span>,
which store the zone in a binary format for rapid loading
by <span><strong class="command">named</strong></span>. <span><strong class="command">"raw=N"</strong></span>
specifies the format version of the raw zone file: if N
is 0, the raw file can be read by any version of
<span><strong class="command">named</strong></span>; if N is 1, the file can be read
by release 9.9.0 or higher. The default is 1.
</p>
</dd>
<dt><span class="term">-k <em class="replaceable"><code>mode</code></em></span></dt>
<dd><p>
Perform <span><strong class="command">"check-names"</strong></span> checks with the
@ -146,6 +156,12 @@
(default for <span><strong class="command">named-checkzone</strong></span>) and
<span><strong class="command">"ignore"</strong></span>.
</p></dd>
<dt><span class="term">-L <em class="replaceable"><code>serial</code></em></span></dt>
<dd><p>
When compiling a zone to 'raw' format, set the "source serial"
value in the header to the specified serial number. (This is
expected to be used primarily for testing purposes.)
</p></dd>
<dt><span class="term">-m <em class="replaceable"><code>mode</code></em></span></dt>
<dd><p>
Specify whether MX records should be checked to see if they
@ -254,14 +270,14 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2544422"></a><h2>RETURN VALUES</h2>
<a name="id2544612"></a><h2>RETURN VALUES</h2>
<p><span><strong class="command">named-checkzone</strong></span>
returns an exit status of 1 if
errors were detected and 0 otherwise.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544434"></a><h2>SEE ALSO</h2>
<a name="id2544624"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
<em class="citetitle">RFC 1035</em>,
@ -269,7 +285,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544603"></a><h2>AUTHOR</h2>
<a name="id2544657"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

2
bin/confgen/ddns-confgen.c
View File

@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: ddns-confgen.c,v 1.9.308.2 2011/03/12 04:59:13 tbox Exp $ */
/* $Id: ddns-confgen.c,v 1.11 2011/03/12 04:59:46 tbox Exp $ */
/*! \file */

2
bin/confgen/rndc-confgen.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: rndc-confgen.c,v 1.5.308.2 2011/03/12 04:59:13 tbox Exp $ */
/* $Id: rndc-confgen.c,v 1.7 2011/03/12 04:59:46 tbox Exp $ */
/*! \file */

6
bin/dig/Makefile.in
View File

@ -1,4 +1,4 @@
# Copyright (C) 2004, 2005, 2007, 2009, 2012 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2004, 2005, 2007, 2009, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2000-2002 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@ -23,6 +23,8 @@ top_srcdir = @top_srcdir@
@BIND9_MAKE_INCLUDES@
READLINE_LIB = @READLINE_LIB@
CINCLUDES = -I${srcdir}/include ${DNS_INCLUDES} ${BIND9_INCLUDES} \
${ISC_INCLUDES} ${LWRES_INCLUDES} ${ISCCFG_INCLUDES}
@ -78,7 +80,7 @@ host@EXEEXT@: host.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
${FINALBUILDCMD}
nslookup@EXEEXT@: nslookup.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
export BASEOBJS="nslookup.@O@ dighost.@O@ ${UOBJS}"; \
export BASEOBJS="nslookup.@O@ dighost.@O@ ${READLINE_LIB} ${UOBJS}"; \
${FINALBUILDCMD}
doc man:: ${MANOBJS}

29
bin/dig/dig.1
View File

@ -1,4 +1,4 @@
.\" Copyright (C) 2004-2010, 2013 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2004-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@ -300,7 +300,7 @@ A synonym for
.PP
\fB+[no]adflag\fR
.RS 4
Set [do not set] the AD (authentic data) bit in the query. This requests the server to return whether all of the answer and authority sections have all been validated as secure according to the security policy of the server. AD=1 indicates that all records have been validated as secure and the answer is not from a OPT\-OUT range. AD=0 indicate that some part of the answer was insecure or not validated.
Set [do not set] the AD (authentic data) bit in the query. This requests the server to return whether all of the answer and authority sections have all been validated as secure according to the security policy of the server. AD=1 indicates that all records have been validated as secure and the answer is not from a OPT\-OUT range. AD=0 indicate that some part of the answer was insecure or not validated. This bit is set by default.
.RE
.PP
\fB+[no]cdflag\fR
@ -341,6 +341,9 @@ attempts to find the authoritative name servers for the zone containing the name
Toggle tracing of the delegation path from the root name servers for the name being looked up. Tracing is disabled by default. When tracing is enabled,
\fBdig\fR
makes iterative queries to resolve the name being looked up. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup.
.sp
\fB+dnssec\fR
is also set when +trace is set to better emulate the default queries from a nameserver.
.RE
.PP
\fB+[no]cmd\fR
@ -367,6 +370,24 @@ option is enabled. If short form answers are requested, the default is not to sh
Toggle the display of comment lines in the output. The default is to print comments.
.RE
.PP
\fB+[no]rrcomments\fR
.RS 4
Toggle the display of per\-record comments in the output (for example, human\-readable key information about DNSKEY records). The default is not to print record comments unless multiline mode is active.
.RE
.PP
\fB+split=W\fR
.RS 4
Split long hex\- or base64\-formatted fields in resource records into chunks of
\fIW\fR
characters (where
\fIW\fR
is rounded up to the nearest multiple of 4).
\fI+nosplit\fR
or
\fI+split=0\fR
causes fields not to be split at all. The default is 56 characters, or 44 characters when multiline mode is active.
.RE
.PP
\fB+[no]stats\fR
.RS 4
This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behavior is to print the query statistics.
@ -454,7 +475,7 @@ bytes. The maximum and minimum sizes of this buffer are 65535 and 0 respectively
.RS 4
Specify the EDNS version to query with. Valid values are 0 to 255. Setting the EDNS version will cause a EDNS query to be sent.
\fB+noedns\fR
clears the remembered EDNS version.
clears the remembered EDNS version. EDNS is set to 0 by default.
.RE
.PP
\fB+[no]multiline\fR
@ -576,7 +597,7 @@ RFC1035.
.PP
There are probably too many query options.
.SH "COPYRIGHT"
Copyright \(co 2004\-2010, 2013 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2004\-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000\-2003 Internet Software Consortium.
.br

91
bin/dig/dig.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dig.c,v 1.237.124.4 2011/12/07 17:23:55 each Exp $ */
/* $Id: dig.c,v 1.245 2011/12/07 17:23:28 each Exp $ */
/*! \file */
@ -67,7 +67,8 @@ static char domainopt[DNS_NAME_MAXTEXT];
static isc_boolean_t short_form = ISC_FALSE, printcmd = ISC_TRUE,
ip6_int = ISC_FALSE, plusquest = ISC_FALSE, pluscomm = ISC_FALSE,
multiline = ISC_FALSE, nottl = ISC_FALSE, noclass = ISC_FALSE,
onesoa = ISC_FALSE;
onesoa = ISC_FALSE, rrcomments = ISC_FALSE;
static isc_uint32_t splitwidth = 0xffffffff;
/*% opcode text */
static const char * const opcodetext[] = {
@ -201,6 +202,8 @@ help(void) {
" +[no]cl (Control display of class in records)\n"
" +[no]cmd (Control display of command line)\n"
" +[no]comments (Control display of comment lines)\n"
" +[no]rrcomments (Control display of per-record "
"comments)\n"
" +[no]question (Control display of question)\n"
" +[no]answer (Control display of answer)\n"
" +[no]authority (Control display of authority)\n"
@ -213,7 +216,7 @@ help(void) {
" +[no]qr (Print question before sending)\n"
" +[no]nssearch (Search all authoritative nameservers)\n"
" +[no]identify (ID responders in short answers)\n"
" +[no]trace (Trace delegation down from root)\n"
" +[no]trace (Trace delegation down from root [+dnssec])\n"
" +[no]dnssec (Request DNSSEC records)\n"
" +[no]nsid (Request Name Server ID)\n"
#ifdef DIG_SIGCHASE
@ -223,6 +226,7 @@ help(void) {
" +[no]topdown (Do DNSSEC validation top down mode)\n"
#endif
#endif
" +[no]split=## (Split hex/base64 fields into chunks)\n"
" +[no]multiline (Print records in an expanded format)\n"
" +[no]onesoa (AXFR prints only one soa record)\n"
" global d-opts and servers (before host name) affect all queries.\n"
@ -395,6 +399,8 @@ printrdataset(dns_name_t *owner_name, dns_rdataset_t *rdataset,
styleflags |= DNS_STYLEFLAG_NO_TTL;
if (noclass)
styleflags |= DNS_STYLEFLAG_NO_CLASS;
if (rrcomments)
styleflags |= DNS_STYLEFLAG_RRCOMMENT;
if (multiline) {
styleflags |= DNS_STYLEFLAG_OMIT_OWNER;
styleflags |= DNS_STYLEFLAG_OMIT_CLASS;
@ -403,16 +409,21 @@ printrdataset(dns_name_t *owner_name, dns_rdataset_t *rdataset,
styleflags |= DNS_STYLEFLAG_TTL;
styleflags |= DNS_STYLEFLAG_MULTILINE;
styleflags |= DNS_STYLEFLAG_COMMENT;
styleflags |= DNS_STYLEFLAG_RRCOMMENT;
}
if (multiline || (nottl && noclass))
result = dns_master_stylecreate(&style, styleflags,
24, 24, 24, 32, 80, 8, mctx);
result = dns_master_stylecreate2(&style, styleflags,
24, 24, 24, 32, 80, 8,
splitwidth, mctx);
else if (nottl || noclass)
result = dns_master_stylecreate(&style, styleflags,
24, 24, 32, 40, 80, 8, mctx);
result = dns_master_stylecreate2(&style, styleflags,
24, 24, 32, 40, 80, 8,
splitwidth, mctx);
else
result = dns_master_stylecreate(&style, styleflags,
24, 32, 40, 48, 80, 8, mctx);
result = dns_master_stylecreate2(&style, styleflags,
24, 32, 40, 48, 80, 8,
splitwidth, mctx);
check_result(result, "dns_master_stylecreate");
result = dns_master_rdatasettotext(owner_name, rdataset, style, target);
@ -437,6 +448,10 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
unsigned int styleflags = 0;
styleflags |= DNS_STYLEFLAG_REL_OWNER;
if (query->lookup->comments)
styleflags |= DNS_STYLEFLAG_COMMENT;
if (rrcomments)
styleflags |= DNS_STYLEFLAG_RRCOMMENT;
if (nottl)
styleflags |= DNS_STYLEFLAG_NO_TTL;
if (noclass)
@ -448,17 +463,20 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
styleflags |= DNS_STYLEFLAG_OMIT_TTL;
styleflags |= DNS_STYLEFLAG_TTL;
styleflags |= DNS_STYLEFLAG_MULTILINE;
styleflags |= DNS_STYLEFLAG_COMMENT;
styleflags |= DNS_STYLEFLAG_RRCOMMENT;
}
if (multiline || (nottl && noclass))
result = dns_master_stylecreate(&style, styleflags,
24, 24, 24, 32, 80, 8, mctx);
result = dns_master_stylecreate2(&style, styleflags,
24, 24, 24, 32, 80, 8,
splitwidth, mctx);
else if (nottl || noclass)
result = dns_master_stylecreate(&style, styleflags,
24, 24, 32, 40, 80, 8, mctx);
result = dns_master_stylecreate2(&style, styleflags,
24, 24, 32, 40, 80, 8,
splitwidth, mctx);
else
result = dns_master_stylecreate(&style, styleflags,
24, 32, 40, 48, 80, 8, mctx);
result = dns_master_stylecreate2(&style, styleflags,
24, 32, 40, 48, 80, 8,
splitwidth, mctx);
check_result(result, "dns_master_stylecreate");
if (query->lookup->cmdline[0] != 0) {
@ -765,6 +783,7 @@ plus_option(char *option, isc_boolean_t is_batchfile,
lookup->section_answer = state;
lookup->section_additional = state;
lookup->comments = state;
rrcomments = state;
lookup->stats = state;
printcmd = state;
break;
@ -925,6 +944,7 @@ plus_option(char *option, isc_boolean_t is_batchfile,
lookup->identify = ISC_TRUE;
lookup->stats = ISC_FALSE;
lookup->comments = ISC_FALSE;
rrcomments = ISC_FALSE;
lookup->section_additional = ISC_FALSE;
lookup->section_authority = ISC_FALSE;
lookup->section_question = ISC_FALSE;
@ -985,6 +1005,10 @@ plus_option(char *option, isc_boolean_t is_batchfile,
goto invalid_option;
}
break;
case 'r': /* rrcomments */
FULLCHECK("rrcomments");
rrcomments = state;
break;
default:
goto invalid_option;
}
@ -1011,6 +1035,7 @@ plus_option(char *option, isc_boolean_t is_batchfile,
lookup->section_authority = ISC_FALSE;
lookup->section_question = ISC_FALSE;
lookup->comments = ISC_FALSE;
rrcomments = ISC_FALSE;
lookup->stats = ISC_FALSE;
}
break;
@ -1033,6 +1058,36 @@ plus_option(char *option, isc_boolean_t is_batchfile,
lookup->dnssec = ISC_TRUE;
break;
#endif
case 'p': /* split */
FULLCHECK("split");
if (value != NULL && !state)
goto invalid_option;
if (!state) {
splitwidth = 0;
break;
} else if (value == NULL)
break;
result = parse_uint(&splitwidth, value,
1023, "split");
if (splitwidth % 4 != 0) {
splitwidth = ((splitwidth + 3) / 4) * 4;
fprintf(stderr, ";; Warning, split must be "
"a multiple of 4; adjusting "
"to %d\n", splitwidth);
}
/*
* There is an adjustment done in the
* totext_<rrtype>() functions which causes
* splitwidth to shrink. This is okay when we're
* using the default width but incorrect in this
* case, so we correct for it
*/
if (splitwidth)
splitwidth += 3;
if (result != ISC_R_SUCCESS)
fatal("Couldn't parse retries");
break;
case 't': /* stats */
FULLCHECK("stats");
lookup->stats = state;
@ -1077,10 +1132,12 @@ plus_option(char *option, isc_boolean_t is_batchfile,
lookup->recurse = ISC_FALSE;
lookup->identify = ISC_TRUE;
lookup->comments = ISC_FALSE;
rrcomments = ISC_FALSE;
lookup->stats = ISC_FALSE;
lookup->section_additional = ISC_FALSE;
lookup->section_authority = ISC_TRUE;
lookup->section_question = ISC_FALSE;
lookup->dnssec = ISC_TRUE;
usesearch = ISC_FALSE;
}
break;
@ -1484,6 +1541,8 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
if (!is_batchfile) {
debug("making new lookup");
default_lookup = make_empty_lookup();
default_lookup->adflag = ISC_TRUE;
default_lookup->edns = 0;
#ifndef NOPOSIX
/*

99
bin/dig/dig.docbook
View File

@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2004-2010, 2013 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dig.docbook,v 1.47 2010/03/04 23:50:34 tbox Exp $ -->
<!-- $Id: dig.docbook,v 1.51 2011/11/04 11:02:50 jreed Exp $ -->
<refentry id="man.dig">
<refentryinfo>
@ -45,6 +45,7 @@
<year>2008</year>
<year>2009</year>
<year>2010</year>
<year>2011</year>
<year>2013</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
@ -467,7 +468,8 @@
policy of the server. AD=1 indicates that all records
have been validated as secure and the answer is not
from a OPT-OUT range. AD=0 indicate that some part
of the answer was insecure or not validated.
of the answer was insecure or not validated. This
bit is set by default.
</para>
</listitem>
</varlistentry>
@ -504,19 +506,17 @@
<varlistentry>
<term><option>+[no]recurse</option></term>
<listitem>
<para>
Toggle the setting of the RD (recursion desired) bit in the
query.
This bit is set by default, which means <command>dig</command>
normally sends recursive queries. Recursion is automatically
disabled
when the <parameter>+nssearch</parameter> or
<parameter>+trace</parameter> query options are
used.
</para>
</listitem>
</varlistentry>
<listitem>
<para>
Toggle the setting of the RD (recursion desired) bit
in the query. This bit is set by default, which means
<command>dig</command> normally sends recursive
queries. Recursion is automatically disabled when
the <parameter>+nssearch</parameter> or
<parameter>+trace</parameter> query options are used.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>+[no]nssearch</option></term>
@ -536,20 +536,21 @@
<varlistentry>
<term><option>+[no]trace</option></term>
<listitem>
<para>
Toggle tracing of the delegation path from the root name servers
for
the name being looked up. Tracing is disabled by default. When
tracing is enabled, <command>dig</command> makes
iterative queries to
resolve the name being looked up. It will follow referrals from
the
root servers, showing the answer from each server that was used
to
resolve the lookup.
</para>
</listitem>
</varlistentry>
<para>
Toggle tracing of the delegation path from the root
name servers for the name being looked up. Tracing
is disabled by default. When tracing is enabled,
<command>dig</command> makes iterative queries to
resolve the name being looked up. It will follow
referrals from the root servers, showing the answer
from each server that was used to resolve the lookup.
</para>
<para>
<command>+dnssec</command> is also set when +trace is
set to better emulate the default queries from a nameserver.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>+[no]cmd</option></term>
@ -594,8 +595,35 @@
<listitem>
<para>
Toggle the display of comment lines in the output. The default
is to
print comments.
is to print comments.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>+[no]rrcomments</option></term>
<listitem>
<para>
Toggle the display of per-record comments in the output (for
example, human-readable key information about DNSKEY records).
The default is not to print record comments unless multiline
mode is active.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>+split=W</option></term>
<listitem>
<para>
Split long hex- or base64-formatted fields in resource
records into chunks of <parameter>W</parameter> characters
(where <parameter>W</parameter> is rounded up to the nearest
multiple of 4).
<parameter>+nosplit</parameter> or
<parameter>+split=0</parameter> causes fields not to be
split at all. The default is 56 characters, or 44 characters
when multiline mode is active.
</para>
</listitem>
</varlistentry>
@ -755,9 +783,10 @@
<listitem>
<para>
Specify the EDNS version to query with. Valid values
are 0 to 255. Setting the EDNS version will cause a
EDNS query to be sent. <option>+noedns</option> clears the
remembered EDNS version.
are 0 to 255. Setting the EDNS version will cause
a EDNS query to be sent. <option>+noedns</option>
clears the remembered EDNS version. EDNS is set to
0 by default.
</para>
</listitem>
</varlistentry>

94
bin/dig/dig.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2004-2010, 2013 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@ -34,7 +34,7 @@
<div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543527"></a><h2>DESCRIPTION</h2>
<a name="id2543530"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dig</strong></span>
(domain information groper) is a flexible tool
for interrogating DNS name servers. It performs DNS lookups and
@ -81,7 +81,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543606"></a><h2>SIMPLE USAGE</h2>
<a name="id2543609"></a><h2>SIMPLE USAGE</h2>
<p>
A typical invocation of <span><strong class="command">dig</strong></span> looks like:
</p>
@ -134,7 +134,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543709"></a><h2>OPTIONS</h2>
<a name="id2543713"></a><h2>OPTIONS</h2>
<p>
The <code class="option">-b</code> option sets the source IP address of the query
to <em class="parameter"><code>address</code></em>. This must be a valid
@ -238,7 +238,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544058"></a><h2>QUERY OPTIONS</h2>
<a name="id2544061"></a><h2>QUERY OPTIONS</h2>
<p><span><strong class="command">dig</strong></span>
provides a number of query options which affect
the way in which lookups are made and the results displayed. Some of
@ -323,7 +323,8 @@
policy of the server. AD=1 indicates that all records
have been validated as secure and the answer is not
from a OPT-OUT range. AD=0 indicate that some part
of the answer was insecure or not validated.
of the answer was insecure or not validated. This
bit is set by default.
</p></dd>
<dt><span class="term"><code class="option">+[no]cdflag</code></span></dt>
<dd><p>
@ -342,15 +343,13 @@
</p></dd>
<dt><span class="term"><code class="option">+[no]recurse</code></span></dt>
<dd><p>
Toggle the setting of the RD (recursion desired) bit in the
query.
This bit is set by default, which means <span><strong class="command">dig</strong></span>
normally sends recursive queries. Recursion is automatically
disabled
when the <em class="parameter"><code>+nssearch</code></em> or
<em class="parameter"><code>+trace</code></em> query options are
used.
</p></dd>
Toggle the setting of the RD (recursion desired) bit
in the query. This bit is set by default, which means
<span><strong class="command">dig</strong></span> normally sends recursive
queries. Recursion is automatically disabled when
the <em class="parameter"><code>+nssearch</code></em> or
<em class="parameter"><code>+trace</code></em> query options are used.
</p></dd>
<dt><span class="term"><code class="option">+[no]nssearch</code></span></dt>
<dd><p>
When this option is set, <span><strong class="command">dig</strong></span>
@ -362,18 +361,21 @@
zone.
</p></dd>
<dt><span class="term"><code class="option">+[no]trace</code></span></dt>
<dd><p>
Toggle tracing of the delegation path from the root name servers
for
the name being looked up. Tracing is disabled by default. When
tracing is enabled, <span><strong class="command">dig</strong></span> makes
iterative queries to
resolve the name being looked up. It will follow referrals from
the
root servers, showing the answer from each server that was used
to
resolve the lookup.
</p></dd>
<dd>
<p>
Toggle tracing of the delegation path from the root
name servers for the name being looked up. Tracing
is disabled by default. When tracing is enabled,
<span><strong class="command">dig</strong></span> makes iterative queries to
resolve the name being looked up. It will follow
referrals from the root servers, showing the answer
from each server that was used to resolve the lookup.
</p>
<p>
<span><strong class="command">+dnssec</strong></span> is also set when +trace is
set to better emulate the default queries from a nameserver.
</p>
</dd>
<dt><span class="term"><code class="option">+[no]cmd</code></span></dt>
<dd><p>
Toggles the printing of the initial comment in the output
@ -400,8 +402,25 @@
<dt><span class="term"><code class="option">+[no]comments</code></span></dt>
<dd><p>
Toggle the display of comment lines in the output. The default
is to
print comments.
is to print comments.
</p></dd>
<dt><span class="term"><code class="option">+[no]rrcomments</code></span></dt>
<dd><p>
Toggle the display of per-record comments in the output (for
example, human-readable key information about DNSKEY records).
The default is not to print record comments unless multiline
mode is active.
</p></dd>
<dt><span class="term"><code class="option">+split=W</code></span></dt>
<dd><p>
Split long hex- or base64-formatted fields in resource
records into chunks of <em class="parameter"><code>W</code></em> characters
(where <em class="parameter"><code>W</code></em> is rounded up to the nearest
multiple of 4).
<em class="parameter"><code>+nosplit</code></em> or
<em class="parameter"><code>+split=0</code></em> causes fields not to be
split at all. The default is 56 characters, or 44 characters
when multiline mode is active.
</p></dd>
<dt><span class="term"><code class="option">+[no]stats</code></span></dt>
<dd><p>
@ -496,9 +515,10 @@
<dt><span class="term"><code class="option">+edns=#</code></span></dt>
<dd><p>
Specify the EDNS version to query with. Valid values
are 0 to 255. Setting the EDNS version will cause a
EDNS query to be sent. <code class="option">+noedns</code> clears the
remembered EDNS version.
are 0 to 255. Setting the EDNS version will cause
a EDNS query to be sent. <code class="option">+noedns</code>
clears the remembered EDNS version. EDNS is set to
0 by default.
</p></dd>
<dt><span class="term"><code class="option">+[no]multiline</code></span></dt>
<dd><p>
@ -569,7 +589,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2545207"></a><h2>MULTIPLE QUERIES</h2>
<a name="id2545324"></a><h2>MULTIPLE QUERIES</h2>
<p>
The BIND 9 implementation of <span><strong class="command">dig </strong></span>
supports
@ -615,7 +635,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2545337"></a><h2>IDN SUPPORT</h2>
<a name="id2545386"></a><h2>IDN SUPPORT</h2>
<p>
If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
@ -629,14 +649,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2545360"></a><h2>FILES</h2>
<a name="id2545409"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
<p><code class="filename">${HOME}/.digrc</code>
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2545377"></a><h2>SEE ALSO</h2>
<a name="id2545426"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
@ -644,7 +664,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2545414"></a><h2>BUGS</h2>
<a name="id2545531"></a><h2>BUGS</h2>
<p>
There are probably too many query options.
</p>

8
bin/dig/dighost.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dighost.c,v 1.336.22.9 2011/12/07 17:23:55 each Exp $ */
/* $Id: dighost.c,v 1.345 2011/12/07 17:23:28 each Exp $ */
/*! \file
* \note
@ -362,8 +362,6 @@ connect_timeout(isc_task_t *task, isc_event_t *event);
static void
launch_next_query(dig_query_t *query, isc_boolean_t include_question);
static void
send_tcp_connect(dig_query_t *query);
static void *
mem_alloc(void *arg, size_t size) {
@ -791,7 +789,6 @@ make_empty_lookup(void) {
looknew->new_search = ISC_FALSE;
looknew->done_as_is = ISC_FALSE;
looknew->need_search = ISC_FALSE;
dns_fixedname_init(&looknew->fdomain);
ISC_LINK_INIT(looknew, link);
ISC_LIST_INIT(looknew->q);
ISC_LIST_INIT(looknew->connecting);
@ -868,8 +865,6 @@ clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers) {
looknew->tsigctx = NULL;
looknew->need_search = lookold->need_search;
looknew->done_as_is = lookold->done_as_is;
dns_name_copy(dns_fixedname_name(&lookold->fdomain),
dns_fixedname_name(&looknew->fdomain), NULL);
if (servers)
clone_server_list(lookold->my_server_list,
@ -1814,6 +1809,7 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section)
lookup->trace_root = ISC_FALSE;
if (lookup->ns_search_only)
lookup->recurse = ISC_FALSE;
dns_fixedname_init(&lookup->fdomain);
domain = dns_fixedname_name(&lookup->fdomain);
dns_name_copy(name, domain, NULL);
}

2
bin/dig/host.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: host.c,v 1.124.40.3 2011/03/11 06:46:59 marka Exp $ */
/* $Id: host.c,v 1.127 2011/03/11 06:11:20 marka Exp $ */
/*! \file */

2
bin/dig/include/dig/dig.h
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dig.h,v 1.111.306.3 2011/12/07 17:23:55 each Exp $ */
/* $Id: dig.h,v 1.114 2011/12/07 17:23:28 each Exp $ */
#ifndef DIG_H
#define DIG_H

68
bin/dig/nslookup.c
View File

@ -15,11 +15,12 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: nslookup.c,v 1.127.38.2 2011/02/28 01:19:58 tbox Exp $ */
/* $Id: nslookup.c,v 1.130 2011/12/16 23:01:16 each Exp $ */
#include <config.h>
#include <stdlib.h>
#include <unistd.h>
#include <isc/app.h>
#include <isc/buffer.h>
@ -45,6 +46,11 @@
#include <dig/dig.h>
#if defined(HAVE_READLINE)
#include <readline/readline.h>
#include <readline/history.h>
#endif
static isc_boolean_t short_form = ISC_TRUE,
tcpmode = ISC_FALSE,
identify = ISC_FALSE, stats = ISC_TRUE,
@ -53,6 +59,8 @@ static isc_boolean_t short_form = ISC_TRUE,
section_additional = ISC_TRUE, recurse = ISC_TRUE,
aaonly = ISC_FALSE, nofail = ISC_TRUE;
static isc_boolean_t interactive;
static isc_boolean_t in_use = ISC_FALSE;
static char defclass[MXRD] = "IN";
static char deftype[MXRD] = "A";
@ -715,28 +723,12 @@ addlookup(char *opt) {
}
static void
get_next_command(void) {
char *buf;
do_next_command(char *input) {
char *ptr, *arg;
char *input;
fflush(stdout);
buf = isc_mem_allocate(mctx, COMMSIZE);
if (buf == NULL)
fatal("memory allocation failure");
fputs("> ", stderr);
fflush(stderr);
isc_app_block();
ptr = fgets(buf, COMMSIZE, stdin);
isc_app_unblock();
if (ptr == NULL) {
in_use = ISC_FALSE;
goto cleanup;
}
input = buf;
ptr = next_token(&input, " \t\r\n");
if (ptr == NULL)
goto cleanup;
return;
arg = next_token(&input, " \t\r\n");
if ((strcasecmp(ptr, "set") == 0) &&
(arg != NULL))
@ -750,20 +742,48 @@ get_next_command(void) {
show_settings(ISC_TRUE, ISC_TRUE);
} else if (strcasecmp(ptr, "exit") == 0) {
in_use = ISC_FALSE;
goto cleanup;
} else if (strcasecmp(ptr, "help") == 0 ||
strcasecmp(ptr, "?") == 0) {
printf("The '%s' command is not yet implemented.\n", ptr);
goto cleanup;
} else if (strcasecmp(ptr, "finger") == 0 ||
strcasecmp(ptr, "root") == 0 ||
strcasecmp(ptr, "ls") == 0 ||
strcasecmp(ptr, "view") == 0) {
printf("The '%s' command is not implemented.\n", ptr);
goto cleanup;
} else
addlookup(ptr);
cleanup:
}
static void
get_next_command(void) {
char *buf;
char *ptr;
fflush(stdout);
buf = isc_mem_allocate(mctx, COMMSIZE);
if (buf == NULL)
fatal("memory allocation failure");
isc_app_block();
if (interactive) {
#ifdef HAVE_READLINE
ptr = readline("> ");
add_history(ptr);
#else
fputs("> ", stderr);
fflush(stderr);
ptr = fgets(buf, COMMSIZE, stdin);
#endif
} else
ptr = fgets(buf, COMMSIZE, stdin);
isc_app_unblock();
if (ptr == NULL) {
in_use = ISC_FALSE;
} else
do_next_command(ptr);
#ifdef HAVE_READLINE
if (interactive)
free(ptr);
#endif
isc_mem_free(mctx, buf);
}
@ -859,6 +879,8 @@ int
main(int argc, char **argv) {
isc_result_t result;
interactive = ISC_TF(isatty(0));
ISC_LIST_INIT(lookup_list);
ISC_LIST_INIT(server_list);
ISC_LIST_INIT(search_list);

22
bin/dnssec/Makefile.in
View File

@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: Makefile.in,v 1.42 2009/12/05 23:31:40 each Exp $
# $Id: Makefile.in,v 1.42.332.1 2011/03/16 06:37:51 each Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@ -44,19 +44,23 @@ NOSYMLIBS = ${DNSLIBS} ${ISCNOSYMLIBS} @LIBS@
# Alphabetically
TARGETS = dnssec-keygen@EXEEXT@ dnssec-signzone@EXEEXT@ \
dnssec-keyfromlabel@EXEEXT@ dnssec-dsfromkey@EXEEXT@ \
dnssec-revoke@EXEEXT@ dnssec-settime@EXEEXT@
dnssec-revoke@EXEEXT@ dnssec-settime@EXEEXT@ \
dnssec-verify@EXEEXT@
OBJS = dnssectool.@O@
SRCS = dnssec-dsfromkey.c dnssec-keyfromlabel.c dnssec-keygen.c \
dnssec-revoke.c dnssec-settime.c dnssec-signzone.c dnssectool.c
dnssec-revoke.c dnssec-settime.c dnssec-signzone.c \
dnssec-verify.c dnssectool.c
MANPAGES = dnssec-dsfromkey.8 dnssec-keyfromlabel.8 dnssec-keygen.8 \
dnssec-revoke.8 dnssec-settime.8 dnssec-signzone.8
dnssec-revoke.8 dnssec-settime.8 dnssec-signzone.8 \
dnssec-verify.8
HTMLPAGES = dnssec-dsfromkey.html dnssec-keyfromlabel.html \
dnssec-keygen.html dnssec-revoke.html \
dnssec-settime.html dnssec-signzone.html
dnssec-settime.html dnssec-signzone.html \
dnssec-verify.html
MANOBJS = ${MANPAGES} ${HTMLPAGES}
@ -82,6 +86,14 @@ dnssec-signzone@EXEEXT@: dnssec-signzone.@O@ ${OBJS} ${DEPLIBS}
export BASEOBJS="dnssec-signzone.@O@ ${OBJS}"; \
${FINALBUILDCMD}
dnssec-verify.@O@: dnssec-verify.c
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \
-c ${srcdir}/dnssec-verify.c
dnssec-verify@EXEEXT@: dnssec-verify.@O@ ${OBJS} ${DEPLIBS}
export BASEOBJS="dnssec-verify.@O@ ${OBJS}"; \
${FINALBUILDCMD}
dnssec-revoke@EXEEXT@: dnssec-revoke.@O@ ${OBJS} ${DEPLIBS}
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
dnssec-revoke.@O@ ${OBJS} ${LIBS}

22
bin/dnssec/dnssec-dsfromkey.8
View File

@ -1,4 +1,4 @@
.\" Copyright (C) 2008-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2008-2012 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@ -32,9 +32,9 @@
dnssec\-dsfromkey \- DNSSEC DS RR generation tool
.SH "SYNOPSIS"
.HP 17
\fBdnssec\-dsfromkey\fR [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-1\fR] [\fB\-2\fR] [\fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] {keyfile}
\fBdnssec\-dsfromkey\fR [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-1\fR] [\fB\-2\fR] [\fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-T\ \fR\fB\fITTL\fR\fR] {keyfile}
.HP 17
\fBdnssec\-dsfromkey\fR {\-s} [\fB\-1\fR] [\fB\-2\fR] [\fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-s\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIfile\fR\fR] [\fB\-A\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] {dnsname}
\fBdnssec\-dsfromkey\fR {\-s} [\fB\-1\fR] [\fB\-2\fR] [\fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-s\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-T\ \fR\fB\fITTL\fR\fR] [\fB\-f\ \fR\fB\fIfile\fR\fR] [\fB\-A\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] {dnsname}
.SH "DESCRIPTION"
.PP
\fBdnssec\-dsfromkey\fR
@ -58,6 +58,11 @@ Select the digest algorithm. The value of
must be one of SHA\-1 (SHA1), SHA\-256 (SHA256), GOST or SHA\-384 (SHA384). These values are case insensitive.
.RE
.PP
\-T \fITTL\fR
.RS 4
Specifies the TTL of the DS records.
.RE
.PP
\-K \fIdirectory\fR
.RS 4
Look for key files (or, in keyset mode,
@ -71,6 +76,15 @@ files) in
Zone file mode: in place of the keyfile name, the argument is the DNS domain name of a zone master file, which can be read from
\fBfile\fR. If the zone name is the same as
\fBfile\fR, then it may be omitted.
.sp
If
\fBfile\fR
is set to
"\-", then the zone data is read from the standard input. This makes it possible to use the output of the
\fBdig\fR
command as input, as in:
.sp
\fBdig dnskey example.com | dnssec\-dsfromkey \-f \- example.com\fR
.RE
.PP
\-A
@ -139,5 +153,5 @@ RFC 4509.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
Copyright \(co 2008\-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2008\-2012 Internet Systems Consortium, Inc. ("ISC")
.br

57
bin/dnssec/dnssec-dsfromkey.c
View File

@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-dsfromkey.c,v 1.19.14.2 2011/09/05 23:45:53 tbox Exp $ */
/* $Id: dnssec-dsfromkey.c,v 1.24 2011/10/25 01:54:18 marka Exp $ */
/*! \file */
@ -31,12 +31,13 @@
#include <isc/string.h>
#include <isc/util.h>
#include <dns/callbacks.h>
#include <dns/db.h>
#include <dns/dbiterator.h>
#include <dns/ds.h>
#include <dns/fixedname.h>
#include <dns/log.h>
#include <dns/keyvalues.h>
#include <dns/log.h>
#include <dns/master.h>
#include <dns/name.h>
#include <dns/rdata.h>
@ -61,6 +62,7 @@ static dns_rdataclass_t rdclass;
static dns_fixedname_t fixed;
static dns_name_t *name = NULL;
static isc_mem_t *mctx = NULL;
static isc_uint32_t ttl;
static isc_result_t
initname(char *setname) {
@ -76,8 +78,28 @@ initname(char *setname) {
return (result);
}
static void
db_load_from_stream(dns_db_t *db, FILE *fp) {
isc_result_t result;
dns_rdatacallbacks_t callbacks;
dns_rdatacallbacks_init(&callbacks);
result = dns_db_beginload(db, &callbacks.add, &callbacks.add_private);
if (result != ISC_R_SUCCESS)
fatal("dns_db_beginload failed: %s", isc_result_totext(result));
result = dns_master_loadstream(fp, name, name, rdclass, 0,
&callbacks, mctx);
if (result != ISC_R_SUCCESS)
fatal("can't load from input: %s", isc_result_totext(result));
result = dns_db_endload(db, &callbacks.add_private);
if (result != ISC_R_SUCCESS)
fatal("dns_db_endload failed: %s", isc_result_totext(result));
}
static isc_result_t
loadsetfromfile(char *filename, dns_rdataset_t *rdataset) {
loadset(const char *filename, dns_rdataset_t *rdataset) {
isc_result_t result;
dns_db_t *db = NULL;
dns_dbnode_t *node = NULL;
@ -90,9 +112,15 @@ loadsetfromfile(char *filename, dns_rdataset_t *rdataset) {
if (result != ISC_R_SUCCESS)
fatal("can't create database");
result = dns_db_load(db, filename);
if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE)
fatal("can't load %s: %s", filename, isc_result_totext(result));
if (strcmp(filename, "-") == 0) {
db_load_from_stream(db, stdin);
filename = "input";
} else {
result = dns_db_load(db, filename);
if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE)
fatal("can't load %s: %s", filename,
isc_result_totext(result));
}
result = dns_db_findnode(db, name, ISC_FALSE, &node);
if (result != ISC_R_SUCCESS)
@ -141,7 +169,7 @@ loadkeyset(char *dirname, dns_rdataset_t *rdataset) {
return (ISC_R_NOSPACE);
isc_buffer_putuint8(&buf, 0);
return (loadsetfromfile(filename, rdataset));
return (loadset(filename, rdataset));
}
static void
@ -256,7 +284,9 @@ emit(unsigned int dtype, isc_boolean_t showall, char *lookaside,
}
}
result = dns_rdata_totext(&ds, (dns_name_t *) NULL, &textb);
result = dns_rdata_tofmttext(&ds, (dns_name_t *) NULL, 0, 0, 0, "",
&textb);
if (result != ISC_R_SUCCESS)
fatal("can't print rdata");
@ -267,6 +297,9 @@ emit(unsigned int dtype, isc_boolean_t showall, char *lookaside,
isc_buffer_usedregion(&nameb, &r);
printf("%.*s ", (int)r.length, r.base);
if (ttl != 0U)
printf("%u ", ttl);
isc_buffer_usedregion(&classb, &r);
printf("%.*s", (int)r.length, r.base);
@ -302,6 +335,7 @@ usage(void) {
fprintf(stderr, " -l: add lookaside zone and print DLV records\n");
fprintf(stderr, " -s: read keyset from keyset-<dnsname> file\n");
fprintf(stderr, " -c class: rdata class for DS set (default: IN)\n");
fprintf(stderr, " -T TTL\n");
fprintf(stderr, " -f file: read keyset from zone file\n");
fprintf(stderr, " -A: when used with -f, "
"include all keys in DS set, not just KSKs\n");
@ -341,7 +375,7 @@ main(int argc, char **argv) {
isc_commandline_errprint = ISC_FALSE;
while ((ch = isc_commandline_parse(argc, argv,
"12Aa:c:d:Ff:K:l:sv:h")) != -1) {
"12Aa:c:d:Ff:K:l:sT:v:h")) != -1) {
switch (ch) {
case '1':
dtype = DNS_DSDIGEST_SHA1;
@ -381,6 +415,9 @@ main(int argc, char **argv) {
case 's':
usekeyset = ISC_TRUE;
break;
case 'T':
ttl = atol(isc_commandline_argument);
break;
case 'v':
verbose = strtol(isc_commandline_argument, &endp, 0);
if (*endp != '\0')
@ -466,7 +503,7 @@ main(int argc, char **argv) {
if (usekeyset)
result = loadkeyset(dir, &rdataset);
else
result = loadsetfromfile(filename, &rdataset);
result = loadset(filename, &rdataset);
if (result != ISC_R_SUCCESS)
fatal("could not load DNSKEY set: %s\n",

25
bin/dnssec/dnssec-dsfromkey.docbook
View File

@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2008-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2008-2012 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-dsfromkey.docbook,v 1.12 2010/12/23 23:47:08 tbox Exp $ -->
<!-- $Id: dnssec-dsfromkey.docbook,v 1.17 2011/10/25 01:54:18 marka Exp $ -->
<refentry id="man.dnssec-dsfromkey">
<refentryinfo>
<date>August 26, 2009</date>
@ -39,6 +39,7 @@
<year>2008</year>
<year>2009</year>
<year>2010</year>
<year>2011</year>
<year>2012</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
@ -52,6 +53,7 @@
<arg><option>-2</option></arg>
<arg><option>-a <replaceable class="parameter">alg</replaceable></option></arg>
<arg><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
<arg><option>-T <replaceable class="parameter">TTL</replaceable></option></arg>
<arg choice="req">keyfile</arg>
</cmdsynopsis>
<cmdsynopsis>
@ -64,6 +66,7 @@
<arg><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
<arg><option>-s</option></arg>
<arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
<arg><option>-T <replaceable class="parameter">TTL</replaceable></option></arg>
<arg><option>-f <replaceable class="parameter">file</replaceable></option></arg>
<arg><option>-A</option></arg>
<arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
@ -114,6 +117,15 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-T <replaceable class="parameter">TTL</replaceable></term>
<listitem>
<para>
Specifies the TTL of the DS records.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-K <replaceable class="parameter">directory</replaceable></term>
<listitem>
@ -134,6 +146,15 @@
from <option>file</option>. If the zone name is the same as
<option>file</option>, then it may be omitted.
</para>
<para>
If <option>file</option> is set to <literal>"-"</literal>, then
the zone data is read from the standard input. This makes it
possible to use the output of the <command>dig</command>
command as input, as in:
</para>
<para>
<userinput>dig dnskey example.com | dnssec-dsfromkey -f - example.com</userinput>
</para>
</listitem>
</varlistentry>

39
bin/dnssec/dnssec-dsfromkey.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2008-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2008-2012 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@ -28,18 +28,18 @@
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] {keyfile}</p></div>
<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> {-s} [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-s</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-A</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {dnsname}</p></div>
<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-T <em class="replaceable"><code>TTL</code></em></code>] {keyfile}</p></div>
<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> {-s} [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-s</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-T <em class="replaceable"><code>TTL</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-A</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {dnsname}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543468"></a><h2>DESCRIPTION</h2>
<a name="id2543489"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-dsfromkey</strong></span>
outputs the Delegation Signer (DS) resource record (RR), as defined in
RFC 3658 and RFC 4509, for the given key(s).
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543480"></a><h2>OPTIONS</h2>
<a name="id2543500"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-1</span></dt>
<dd><p>
@ -57,6 +57,10 @@
SHA-256 (SHA256), GOST or SHA-384 (SHA384).
These values are case insensitive.
</p></dd>
<dt><span class="term">-T <em class="replaceable"><code>TTL</code></em></span></dt>
<dd><p>
Specifies the TTL of the DS records.
</p></dd>
<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
<dd><p>
Look for key files (or, in keyset mode,
@ -64,12 +68,23 @@
<code class="option">directory</code>.
</p></dd>
<dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt>
<dd><p>
<dd>
<p>
Zone file mode: in place of the keyfile name, the argument is
the DNS domain name of a zone master file, which can be read
from <code class="option">file</code>. If the zone name is the same as
<code class="option">file</code>, then it may be omitted.
</p></dd>
</p>
<p>
If <code class="option">file</code> is set to <code class="literal">"-"</code>, then
the zone data is read from the standard input. This makes it
possible to use the output of the <span><strong class="command">dig</strong></span>
command as input, as in:
</p>
<p>
<strong class="userinput"><code>dig dnskey example.com | dnssec-dsfromkey -f - example.com</code></strong>
</p>
</dd>
<dt><span class="term">-A</span></dt>
<dd><p>
Include ZSK's when generating DS records. Without this option,
@ -101,7 +116,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543667"></a><h2>EXAMPLE</h2>
<a name="id2543726"></a><h2>EXAMPLE</h2>
<p>
To build the SHA-256 DS RR from the
<strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
@ -116,7 +131,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543697"></a><h2>FILES</h2>
<a name="id2543756"></a><h2>FILES</h2>
<p>
The keyfile can be designed by the key identification
<code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
@ -130,13 +145,13 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543732"></a><h2>CAVEAT</h2>
<a name="id2543792"></a><h2>CAVEAT</h2>
<p>
A keyfile error can give a "file not found" even if the file exists.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543741"></a><h2>SEE ALSO</h2>
<a name="id2543801"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@ -146,7 +161,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543781"></a><h2>AUTHOR</h2>
<a name="id2543841"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

11
bin/dnssec/dnssec-keyfromlabel.8
View File

@ -32,7 +32,7 @@
dnssec\-keyfromlabel \- DNSSEC key generation tool
.SH "SYNOPSIS"
.HP 20
\fBdnssec\-keyfromlabel\fR {\-l\ \fIlabel\fR} [\fB\-3\fR] [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-k\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-y\fR] {name}
\fBdnssec\-keyfromlabel\fR {\-l\ \fIlabel\fR} [\fB\-3\fR] [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-k\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-y\fR] {name}
.SH "DESCRIPTION"
.PP
\fBdnssec\-keyfromlabel\fR
@ -122,6 +122,15 @@ Sets the directory in which the key files are to be written.
Generate KEY records rather than DNSKEY records.
.RE
.PP
\-L \fIttl\fR
.RS 4
Sets the default TTL to use for this key when it is converted into a DNSKEY RR. If the key is imported into a zone, this is the TTL that will be used for it, unless there was already a DNSKEY RRset in place, in which case the existing TTL would take precedence. Setting the default TTL to
0
or
none
removes it.
.RE
.PP
\-p \fIprotocol\fR
.RS 4
Sets the protocol value for the key. The protocol is a number between 0 and 255. The default is 3 (DNSSEC). Other possible values for this argument are listed in RFC 2535 and its successors.

19
bin/dnssec/dnssec-keyfromlabel.c
View File

@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-keyfromlabel.c,v 1.32.14.4 2011/11/30 00:51:38 marka Exp $ */
/* $Id: dnssec-keyfromlabel.c,v 1.38 2011/11/30 00:48:51 marka Exp $ */
/*! \file */
@ -85,6 +85,7 @@ usage(void) {
fprintf(stderr, " -K directory: directory in which to place "
"key files\n");
fprintf(stderr, " -k: generate a TYPE=KEY key\n");
fprintf(stderr, " -L ttl: default key TTL\n");
fprintf(stderr, " -n nametype: ZONE | HOST | ENTITY | USER | OTHER\n");
fprintf(stderr, " (DNSKEY generation defaults to ZONE\n");
fprintf(stderr, " -p protocol: default: 3 [dnssec]\n");
@ -139,12 +140,13 @@ main(int argc, char **argv) {
dns_rdataclass_t rdclass;
int options = DST_TYPE_PRIVATE | DST_TYPE_PUBLIC;
char *label = NULL;
dns_ttl_t ttl = 0;
isc_stdtime_t publish = 0, activate = 0, revoke = 0;
isc_stdtime_t inactive = 0, delete = 0;
isc_stdtime_t now;
isc_boolean_t setpub = ISC_FALSE, setact = ISC_FALSE;
isc_boolean_t setrev = ISC_FALSE, setinact = ISC_FALSE;
isc_boolean_t setdel = ISC_FALSE;
isc_boolean_t setdel = ISC_FALSE, setttl = ISC_FALSE;
isc_boolean_t unsetpub = ISC_FALSE, unsetact = ISC_FALSE;
isc_boolean_t unsetrev = ISC_FALSE, unsetinact = ISC_FALSE;
isc_boolean_t unsetdel = ISC_FALSE;
@ -166,7 +168,7 @@ main(int argc, char **argv) {
isc_stdtime_get(&now);
while ((ch = isc_commandline_parse(argc, argv,
"3a:Cc:E:f:K:kl:n:p:t:v:yFhGP:A:R:I:D:")) != -1)
"3a:Cc:E:f:K:kl:L:n:p:t:v:yFhGP:A:R:I:D:")) != -1)
{
switch (ch) {
case '3':
@ -204,6 +206,13 @@ main(int argc, char **argv) {
case 'k':
options |= DST_TYPE_KEY;
break;
case 'L':
if (strcmp(isc_commandline_argument, "none") == 0)
ttl = 0;
else
ttl = strtottl(isc_commandline_argument);
setttl = ISC_TRUE;
break;
case 'l':
label = isc_mem_strdup(mctx, isc_commandline_argument);
break;
@ -517,6 +526,10 @@ main(int argc, char **argv) {
dst_key_setprivateformat(key, 1, 2);
}
/* Set default key TTL */
if (setttl)
dst_key_setttl(key, ttl);
/*
* Do not overwrite an existing key. Warn LOUDLY if there
* is a risk of ID collision due to this key or another key

17
bin/dnssec/dnssec-keyfromlabel.docbook
View File

@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-keyfromlabel.docbook,v 1.18.14.2 2011/02/28 01:19:58 tbox Exp $ -->
<!-- $Id: dnssec-keyfromlabel.docbook,v 1.21 2011/03/17 01:40:34 each Exp $ -->
<refentry id="man.dnssec-keyfromlabel">
<refentryinfo>
<date>February 8, 2008</date>
@ -60,6 +60,7 @@
<arg><option>-I <replaceable class="parameter">date/offset</replaceable></option></arg>
<arg><option>-k</option></arg>
<arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
<arg><option>-L <replaceable class="parameter">ttl</replaceable></option></arg>
<arg><option>-n <replaceable class="parameter">nametype</replaceable></option></arg>
<arg><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg>
<arg><option>-p <replaceable class="parameter">protocol</replaceable></option></arg>
@ -236,6 +237,20 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-L <replaceable class="parameter">ttl</replaceable></term>
<listitem>
<para>
Sets the default TTL to use for this key when it is converted
into a DNSKEY RR. If the key is imported into a zone,
this is the TTL that will be used for it, unless there was
already a DNSKEY RRset in place, in which case the existing TTL
would take precedence. Setting the default TTL to
<literal>0</literal> or <literal>none</literal> removes it.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-p <replaceable class="parameter">protocol</replaceable></term>
<listitem>

23
bin/dnssec/dnssec-keyfromlabel.html
View File

@ -28,10 +28,10 @@
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code> {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-3</code>] [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-k</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-y</code>] {name}</p></div>
<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code> {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-3</code>] [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-k</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-y</code>] {name}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543498"></a><h2>DESCRIPTION</h2>
<a name="id2543507"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-keyfromlabel</strong></span>
gets keys with the given label from a crypto hardware and builds
key files for DNSSEC (Secure DNS), as defined in RFC 2535
@ -44,7 +44,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543516"></a><h2>OPTIONS</h2>
<a name="id2543525"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
@ -135,6 +135,15 @@
<dd><p>
Generate KEY records rather than DNSKEY records.
</p></dd>
<dt><span class="term">-L <em class="replaceable"><code>ttl</code></em></span></dt>
<dd><p>
Sets the default TTL to use for this key when it is converted
into a DNSKEY RR. If the key is imported into a zone,
this is the TTL that will be used for it, unless there was
already a DNSKEY RRset in place, in which case the existing TTL
would take precedence. Setting the default TTL to
<code class="literal">0</code> or <code class="literal">none</code> removes it.
</p></dd>
<dt><span class="term">-p <em class="replaceable"><code>protocol</code></em></span></dt>
<dd><p>
Sets the protocol value for the key. The protocol
@ -164,7 +173,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543880"></a><h2>TIMING OPTIONS</h2>
<a name="id2543980"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@ -211,7 +220,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2544046"></a><h2>GENERATED KEY FILES</h2>
<a name="id2543054"></a><h2>GENERATED KEY FILES</h2>
<p>
When <span><strong class="command">dnssec-keyfromlabel</strong></span> completes
successfully,
@ -250,7 +259,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544119"></a><h2>SEE ALSO</h2>
<a name="id2543127"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@ -258,7 +267,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544152"></a><h2>AUTHOR</h2>
<a name="id2543160"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

20
bin/dnssec/dnssec-keygen.8
View File

@ -1,4 +1,4 @@
.\" Copyright (C) 2004, 2005, 2007-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2004, 2005, 2007-2012 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@ -33,7 +33,7 @@
dnssec\-keygen \- DNSSEC key generation tool
.SH "SYNOPSIS"
.HP 14
\fBdnssec\-keygen\fR [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-3\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-C\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-e\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-g\ \fR\fB\fIgenerator\fR\fR] [\fB\-h\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-k\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-q\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-S\ \fR\fB\fIkey\fR\fR] [\fB\-s\ \fR\fB\fIstrength\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-z\fR] {name}
\fBdnssec\-keygen\fR [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-3\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-C\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-g\ \fR\fB\fIgenerator\fR\fR] [\fB\-h\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-k\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-q\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-S\ \fR\fB\fIkey\fR\fR] [\fB\-s\ \fR\fB\fIstrength\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-z\fR] {name}
.SH "DESCRIPTION"
.PP
\fBdnssec\-keygen\fR
@ -103,11 +103,6 @@ Indicates that the DNS record containing the key should have the specified class
Uses a crypto hardware (OpenSSL engine) for random number and, when supported, key generation. When compiled with PKCS#11 support it defaults to pkcs11; the empty name resets it to no engine.
.RE
.PP
\-e
.RS 4
If generating an RSAMD5/RSASHA1 key, use a large exponent.
.RE
.PP
\-f \fIflag\fR
.RS 4
Set the specified flag in the flag field of the KEY/DNSKEY record. The only recognized flags are KSK (Key Signing Key) and REVOKE.
@ -139,6 +134,15 @@ Sets the directory in which the key files are to be written.
Deprecated in favor of \-T KEY.
.RE
.PP
\-L \fIttl\fR
.RS 4
Sets the default TTL to use for this key when it is converted into a DNSKEY RR. If the key is imported into a zone, this is the TTL that will be used for it, unless there was already a DNSKEY RRset in place, in which case the existing TTL would take precedence. Setting the default TTL to
0
or
none
removes it.
.RE
.PP
\-p \fIprotocol\fR
.RS 4
Sets the protocol value for the generated key. The protocol is a number between 0 and 255. The default is 3 (DNSSEC). Other possible values for this argument are listed in RFC 2535 and its successors.
@ -298,7 +302,7 @@ RFC 4034.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
Copyright \(co 2004, 2005, 2007\-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2004, 2005, 2007\-2012 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000\-2003 Internet Software Consortium.
.br

37
bin/dnssec/dnssec-keygen.c
View File

@ -29,7 +29,7 @@
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-keygen.c,v 1.115.14.4 2011/11/30 00:51:38 marka Exp $ */
/* $Id: dnssec-keygen.c,v 1.120 2011/11/30 00:48:51 marka Exp $ */
/*! \file */
@ -124,11 +124,12 @@ usage(void) {
#else
fprintf(stderr, " -E <engine name>\n");
#endif
fprintf(stderr, " -e: use large exponent (RSAMD5/RSASHA1 only)\n");
fprintf(stderr, " -f <keyflag>: KSK | REVOKE\n");
fprintf(stderr, " -g <generator>: use specified generator "
"(DH only)\n");
fprintf(stderr, " -L <ttl>: default key TTL\n");
fprintf(stderr, " -p <protocol>: (default: 3 [dnssec])\n");
fprintf(stderr, " -r <randomdev>: a file containing random data\n");
fprintf(stderr, " -s <strength>: strength value this key signs DNS "
"records with (default: 0)\n");
fprintf(stderr, " -T <rrtype>: DNSKEY | KEY (default: DNSKEY; "
@ -137,8 +138,6 @@ usage(void) {
fprintf(stderr, " -t <type>: "
"AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF "
"(default: AUTHCONF)\n");
fprintf(stderr, " -r <randomdev>: a file containing random data\n");
fprintf(stderr, " -h: print usage and exit\n");
fprintf(stderr, " -m <memory debugging mode>:\n");
fprintf(stderr, " usage | trace | record | size | mctx\n");
@ -212,7 +211,7 @@ main(int argc, char **argv) {
isc_boolean_t conflict = ISC_FALSE, null_key = ISC_FALSE;
isc_boolean_t oldstyle = ISC_FALSE;
isc_mem_t *mctx = NULL;
int ch, rsa_exp = 0, generator = 0, param = 0;
int ch, generator = 0, param = 0;
int protocol = -1, size = -1, signatory = 0;
isc_result_t ret;
isc_textregion_t r;
@ -231,6 +230,7 @@ main(int argc, char **argv) {
dns_rdataclass_t rdclass;
int options = DST_TYPE_PRIVATE | DST_TYPE_PUBLIC;
int dbits = 0;
dns_ttl_t ttl = 0;
isc_boolean_t use_default = ISC_FALSE, use_nsec3 = ISC_FALSE;
isc_stdtime_t publish = 0, activate = 0, revoke = 0;
isc_stdtime_t inactive = 0, delete = 0;
@ -238,7 +238,7 @@ main(int argc, char **argv) {
int prepub = -1;
isc_boolean_t setpub = ISC_FALSE, setact = ISC_FALSE;
isc_boolean_t setrev = ISC_FALSE, setinact = ISC_FALSE;
isc_boolean_t setdel = ISC_FALSE;
isc_boolean_t setdel = ISC_FALSE, setttl = ISC_FALSE;
isc_boolean_t unsetpub = ISC_FALSE, unsetact = ISC_FALSE;
isc_boolean_t unsetrev = ISC_FALSE, unsetinact = ISC_FALSE;
isc_boolean_t unsetdel = ISC_FALSE;
@ -257,7 +257,7 @@ main(int argc, char **argv) {
/*
* Process memory debugging argument first.
*/
#define CMDLINE_FLAGS "3A:a:b:Cc:D:d:E:eFf:Gg:hI:i:K:km:n:P:p:qR:r:S:s:T:t:v:"
#define CMDLINE_FLAGS "3A:a:b:Cc:D:d:E:eFf:Gg:hI:i:K:kL:m:n:P:p:qR:r:S:s:T:t:v:"
while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) {
switch (ch) {
case 'm':
@ -310,7 +310,9 @@ main(int argc, char **argv) {
engine = isc_commandline_argument;
break;
case 'e':
rsa_exp = 1;
fprintf(stderr,
"phased-out option -e "
"(was 'use (RSA) large exponent)\n");
break;
case 'f':
c = (unsigned char)(isc_commandline_argument[0]);
@ -340,6 +342,13 @@ main(int argc, char **argv) {
"To generate a key-signing key, use -f KSK.\n"
"To generate a key with TYPE=KEY, use -T KEY.\n");
break;
case 'L':
if (strcmp(isc_commandline_argument, "none") == 0)
ttl = 0;
else
ttl = strtottl(isc_commandline_argument);
setttl = ISC_TRUE;
break;
case 'n':
nametype = isc_commandline_argument;
break;
@ -782,13 +791,6 @@ main(int argc, char **argv) {
break;
}
if (!(alg == DNS_KEYALG_RSAMD5 || alg == DNS_KEYALG_RSASHA1 ||
alg == DNS_KEYALG_NSEC3RSASHA1 || alg == DNS_KEYALG_RSASHA256 ||
alg == DNS_KEYALG_RSASHA512 || alg == DST_ALG_ECCGOST ||
alg == DST_ALG_ECDSA256 || alg == DST_ALG_ECDSA384) &&
rsa_exp != 0)
fatal("specified RSA exponent for a non-RSA key");
if (alg != DNS_KEYALG_DH && generator != 0)
fatal("specified DH generator for a non-DH key");
@ -848,7 +850,6 @@ main(int argc, char **argv) {
case DNS_KEYALG_NSEC3RSASHA1:
case DNS_KEYALG_RSASHA256:
case DNS_KEYALG_RSASHA512:
param = rsa_exp;
show_progress = ISC_TRUE;
break;
@ -983,6 +984,10 @@ main(int argc, char **argv) {
dst_key_setprivateformat(key, 1, 2);
}
/* Set the default key TTL */
if (setttl)
dst_key_setttl(key, ttl);
/*
* Do not overwrite an existing key, or create a key
* if there is a risk of ID collision due to this key

30
bin/dnssec/dnssec-keygen.docbook
View File

@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2004, 2005, 2007-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004, 2005, 2007-2012 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-keygen.docbook,v 1.36 2010/12/23 04:07:59 marka Exp $ -->
<!-- $Id: dnssec-keygen.docbook,v 1.38 2011/03/17 23:47:29 tbox Exp $ -->
<refentry id="man.dnssec-keygen">
<refentryinfo>
<date>June 30, 2000</date>
@ -43,6 +43,7 @@
<year>2008</year>
<year>2009</year>
<year>2010</year>
<year>2011</year>
<year>2012</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
@ -67,7 +68,6 @@
<arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
<arg><option>-D <replaceable class="parameter">date/offset</replaceable></option></arg>
<arg><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
<arg><option>-e</option></arg>
<arg><option>-f <replaceable class="parameter">flag</replaceable></option></arg>
<arg><option>-G</option></arg>
<arg><option>-g <replaceable class="parameter">generator</replaceable></option></arg>
@ -75,6 +75,7 @@
<arg><option>-I <replaceable class="parameter">date/offset</replaceable></option></arg>
<arg><option>-i <replaceable class="parameter">interval</replaceable></option></arg>
<arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
<arg><option>-L <replaceable class="parameter">ttl</replaceable></option></arg>
<arg><option>-k</option></arg>
<arg><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg>
<arg><option>-p <replaceable class="parameter">protocol</replaceable></option></arg>
@ -231,15 +232,6 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-e</term>
<listitem>
<para>
If generating an RSAMD5/RSASHA1 key, use a large exponent.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-f <replaceable class="parameter">flag</replaceable></term>
<listitem>
@ -300,6 +292,20 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-L <replaceable class="parameter">ttl</replaceable></term>
<listitem>
<para>
Sets the default TTL to use for this key when it is converted
into a DNSKEY RR. If the key is imported into a zone,
this is the TTL that will be used for it, unless there was
already a DNSKEY RRset in place, in which case the existing TTL
would take precedence. Setting the default TTL to
<literal>0</literal> or <literal>none</literal> removes it.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-p <replaceable class="parameter">protocol</replaceable></term>
<listitem>

31
bin/dnssec/dnssec-keygen.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2004, 2005, 2007-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004, 2005, 2007-2012 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@ -29,10 +29,10 @@
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-3</code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-C</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-k</code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-q</code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S <em class="replaceable"><code>key</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] {name}</p></div>
<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-3</code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-C</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-k</code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-q</code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S <em class="replaceable"><code>key</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] {name}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543582"></a><h2>DESCRIPTION</h2>
<a name="id2543590"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-keygen</strong></span>
generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
and RFC 4034. It can also generate keys for use with
@ -46,7 +46,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543601"></a><h2>OPTIONS</h2>
<a name="id2543608"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
@ -139,10 +139,6 @@
support it defaults to pkcs11; the empty name resets it to
no engine.
</p></dd>
<dt><span class="term">-e</span></dt>
<dd><p>
If generating an RSAMD5/RSASHA1 key, use a large exponent.
</p></dd>
<dt><span class="term">-f <em class="replaceable"><code>flag</code></em></span></dt>
<dd><p>
Set the specified flag in the flag field of the KEY/DNSKEY record.
@ -173,6 +169,15 @@
<dd><p>
Deprecated in favor of -T KEY.
</p></dd>
<dt><span class="term">-L <em class="replaceable"><code>ttl</code></em></span></dt>
<dd><p>
Sets the default TTL to use for this key when it is converted
into a DNSKEY RR. If the key is imported into a zone,
this is the TTL that will be used for it, unless there was
already a DNSKEY RRset in place, in which case the existing TTL
would take precedence. Setting the default TTL to
<code class="literal">0</code> or <code class="literal">none</code> removes it.
</p></dd>
<dt><span class="term">-p <em class="replaceable"><code>protocol</code></em></span></dt>
<dd><p>
Sets the protocol value for the generated key. The protocol
@ -251,7 +256,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2544169"></a><h2>TIMING OPTIONS</h2>
<a name="id2544187"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@ -322,7 +327,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2544359"></a><h2>GENERATED KEYS</h2>
<a name="id2544377"></a><h2>GENERATED KEYS</h2>
<p>
When <span><strong class="command">dnssec-keygen</strong></span> completes
successfully,
@ -368,7 +373,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544441"></a><h2>EXAMPLE</h2>
<a name="id2544459"></a><h2>EXAMPLE</h2>
<p>
To generate a 768-bit DSA key for the domain
<strong class="userinput"><code>example.com</code></strong>, the following command would be
@ -389,7 +394,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544485"></a><h2>SEE ALSO</h2>
<a name="id2544571"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 2539</em>,
@ -398,7 +403,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544584"></a><h2>AUTHOR</h2>
<a name="id2544602"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

2
bin/dnssec/dnssec-revoke.c
View File

@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-revoke.c,v 1.22.124.2 2011/10/20 23:46:27 tbox Exp $ */
/* $Id: dnssec-revoke.c,v 1.24 2011/10/20 23:46:51 tbox Exp $ */
/*! \file */

2
bin/dnssec/dnssec-revoke.docbook
View File

@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-revoke.docbook,v 1.7.266.2 2011/10/20 23:46:27 tbox Exp $ -->
<!-- $Id: dnssec-revoke.docbook,v 1.9 2011/10/20 23:46:51 tbox Exp $ -->
<refentry id="man.dnssec-revoke">
<refentryinfo>
<date>June 1, 2009</date>

11
bin/dnssec/dnssec-settime.8
View File

@ -32,7 +32,7 @@
dnssec\-settime \- Set the key timing metadata for a DNSSEC key
.SH "SYNOPSIS"
.HP 15
\fBdnssec\-settime\fR [\fB\-f\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-h\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] {keyfile}
\fBdnssec\-settime\fR [\fB\-f\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-h\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] {keyfile}
.SH "DESCRIPTION"
.PP
\fBdnssec\-settime\fR
@ -67,6 +67,15 @@ will fail when attempting to update a legacy key. With this option, the key will
Sets the directory in which the key files are to reside.
.RE
.PP
\-L \fIttl\fR
.RS 4
Sets the default TTL to use for this key when it is converted into a DNSKEY RR. If the key is imported into a zone, this is the TTL that will be used for it, unless there was already a DNSKEY RRset in place, in which case the existing TTL would take precedence. Setting the default TTL to
0
or
none
removes it.
.RE
.PP
\-h
.RS 4
Emit usage message and exit.

21
bin/dnssec/dnssec-settime.c
View File

@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-settime.c,v 1.28.16.3 2011/06/02 20:24:11 each Exp $ */
/* $Id: dnssec-settime.c,v 1.32 2011/06/02 20:24:45 each Exp $ */
/*! \file */
@ -66,6 +66,7 @@ usage(void) {
fprintf(stderr, " -f: force update of old-style "
"keys\n");
fprintf(stderr, " -K directory: set key file location\n");
fprintf(stderr, " -L ttl: set default key TTL\n");
fprintf(stderr, " -v level: set level of verbosity\n");
fprintf(stderr, " -h: help\n");
fprintf(stderr, "Timing options:\n");
@ -137,12 +138,13 @@ main(int argc, char **argv) {
unsigned int size = 0;
isc_uint16_t flags = 0;
int prepub = -1;
dns_ttl_t ttl = 0;
isc_stdtime_t now;
isc_stdtime_t pub = 0, act = 0, rev = 0, inact = 0, del = 0;
isc_stdtime_t prevact = 0, previnact = 0, prevdel = 0;
isc_boolean_t setpub = ISC_FALSE, setact = ISC_FALSE;
isc_boolean_t setrev = ISC_FALSE, setinact = ISC_FALSE;
isc_boolean_t setdel = ISC_FALSE;
isc_boolean_t setdel = ISC_FALSE, setttl = ISC_FALSE;
isc_boolean_t unsetpub = ISC_FALSE, unsetact = ISC_FALSE;
isc_boolean_t unsetrev = ISC_FALSE, unsetinact = ISC_FALSE;
isc_boolean_t unsetdel = ISC_FALSE;
@ -169,7 +171,7 @@ main(int argc, char **argv) {
isc_stdtime_get(&now);
#define CMDLINE_FLAGS "A:D:E:fhI:i:K:P:p:R:S:uv:"
#define CMDLINE_FLAGS "A:D:E:fhI:i:K:L:P:p:R:S:uv:"
while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) {
switch (ch) {
case 'E':
@ -233,6 +235,13 @@ main(int argc, char **argv) {
"directory");
}
break;
case 'L':
if (strcmp(isc_commandline_argument, "none") == 0)
ttl = 0;
else
ttl = strtottl(isc_commandline_argument);
setttl = ISC_TRUE;
break;
case 'v':
verbose = strtol(isc_commandline_argument, &endp, 0);
if (*endp != '\0')
@ -535,6 +544,9 @@ main(int argc, char **argv) {
else if (unsetdel)
dst_key_unsettime(key, DST_TIME_DELETE);
if (setttl)
dst_key_setttl(key, ttl);
/*
* No metadata changes were made but we're forcing an upgrade
* to the new format anyway: use "-P now -A now" as the default
@ -545,6 +557,9 @@ main(int argc, char **argv) {
changed = ISC_TRUE;
}
if (!changed && setttl)
changed = ISC_TRUE;
/*
* Print out time values, if -p was used.
*/

17
bin/dnssec/dnssec-settime.docbook
View File

@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-settime.docbook,v 1.11.70.3 2011/11/03 20:21:30 each Exp $ -->
<!-- $Id: dnssec-settime.docbook,v 1.15 2011/11/03 20:21:37 each Exp $ -->
<refentry id="man.dnssec-settime">
<refentryinfo>
<date>July 15, 2009</date>
@ -48,6 +48,7 @@
<command>dnssec-settime</command>
<arg><option>-f</option></arg>
<arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
<arg><option>-L <replaceable class="parameter">ttl</replaceable></option></arg>
<arg><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg>
<arg><option>-A <replaceable class="parameter">date/offset</replaceable></option></arg>
<arg><option>-R <replaceable class="parameter">date/offset</replaceable></option></arg>
@ -116,6 +117,20 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-L <replaceable class="parameter">ttl</replaceable></term>
<listitem>
<para>
Sets the default TTL to use for this key when it is converted
into a DNSKEY RR. If the key is imported into a zone,
this is the TTL that will be used for it, unless there was
already a DNSKEY RRset in place, in which case the existing TTL
would take precedence. Setting the default TTL to
<literal>0</literal> or <literal>none</literal> removes it.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-h</term>
<listitem>

23
bin/dnssec/dnssec-settime.html
View File

@ -28,10 +28,10 @@
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">dnssec-settime</code> [<code class="option">-f</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] {keyfile}</p></div>
<div class="cmdsynopsis"><p><code class="command">dnssec-settime</code> [<code class="option">-f</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] {keyfile}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543424"></a><h2>DESCRIPTION</h2>
<a name="id2543432"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-settime</strong></span>
reads a DNSSEC private key file and sets the key timing metadata
as specified by the <code class="option">-P</code>, <code class="option">-A</code>,
@ -57,7 +57,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543472"></a><h2>OPTIONS</h2>
<a name="id2543480"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-f</span></dt>
<dd><p>
@ -74,6 +74,15 @@
<dd><p>
Sets the directory in which the key files are to reside.
</p></dd>
<dt><span class="term">-L <em class="replaceable"><code>ttl</code></em></span></dt>
<dd><p>
Sets the default TTL to use for this key when it is converted
into a DNSKEY RR. If the key is imported into a zone,
this is the TTL that will be used for it, unless there was
already a DNSKEY RRset in place, in which case the existing TTL
would take precedence. Setting the default TTL to
<code class="literal">0</code> or <code class="literal">none</code> removes it.
</p></dd>
<dt><span class="term">-h</span></dt>
<dd><p>
Emit usage message and exit.
@ -90,7 +99,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543563"></a><h2>TIMING OPTIONS</h2>
<a name="id2543664"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@ -169,7 +178,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543770"></a><h2>PRINTING OPTIONS</h2>
<a name="id2543802"></a><h2>PRINTING OPTIONS</h2>
<p>
<span><strong class="command">dnssec-settime</strong></span> can also be used to print the
timing metadata associated with a key.
@ -195,7 +204,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543848"></a><h2>SEE ALSO</h2>
<a name="id2543880"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@ -203,7 +212,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543881"></a><h2>AUTHOR</h2>
<a name="id2542138"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

66
bin/dnssec/dnssec-signzone.8
View File

@ -1,4 +1,4 @@
.\" Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@ -33,7 +33,7 @@
dnssec\-signzone \- DNSSEC zone signing tool
.SH "SYNOPSIS"
.HP 16
\fBdnssec\-signzone\fR [\fB\-a\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIdirectory\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-e\ \fR\fB\fIend\-time\fR\fR] [\fB\-f\ \fR\fB\fIoutput\-file\fR\fR] [\fB\-g\fR] [\fB\-h\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-k\ \fR\fB\fIkey\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-I\ \fR\fB\fIinput\-format\fR\fR] [\fB\-j\ \fR\fB\fIjitter\fR\fR] [\fB\-N\ \fR\fB\fIsoa\-serial\-format\fR\fR] [\fB\-o\ \fR\fB\fIorigin\fR\fR] [\fB\-O\ \fR\fB\fIoutput\-format\fR\fR] [\fB\-p\fR] [\fB\-P\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-S\fR] [\fB\-s\ \fR\fB\fIstart\-time\fR\fR] [\fB\-T\ \fR\fB\fIttl\fR\fR] [\fB\-t\fR] [\fB\-u\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-x\fR] [\fB\-z\fR] [\fB\-3\ \fR\fB\fIsalt\fR\fR] [\fB\-H\ \fR\fB\fIiterations\fR\fR] [\fB\-A\fR] {zonefile} [key...]
\fBdnssec\-signzone\fR [\fB\-a\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-e\ \fR\fB\fIend\-time\fR\fR] [\fB\-f\ \fR\fB\fIoutput\-file\fR\fR] [\fB\-g\fR] [\fB\-h\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-k\ \fR\fB\fIkey\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-I\ \fR\fB\fIinput\-format\fR\fR] [\fB\-j\ \fR\fB\fIjitter\fR\fR] [\fB\-N\ \fR\fB\fIsoa\-serial\-format\fR\fR] [\fB\-o\ \fR\fB\fIorigin\fR\fR] [\fB\-O\ \fR\fB\fIoutput\-format\fR\fR] [\fB\-P\fR] [\fB\-p\fR] [\fB\-R\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-S\fR] [\fB\-s\ \fR\fB\fIstart\-time\fR\fR] [\fB\-T\ \fR\fB\fIttl\fR\fR] [\fB\-t\fR] [\fB\-u\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-X\ \fR\fB\fIextended\ end\-time\fR\fR] [\fB\-x\fR] [\fB\-z\fR] [\fB\-3\ \fR\fB\fIsalt\fR\fR] [\fB\-H\ \fR\fB\fIiterations\fR\fR] [\fB\-A\fR] {zonefile} [key...]
.SH "DESCRIPTION"
.PP
\fBdnssec\-signzone\fR
@ -72,6 +72,15 @@ files in
\fBdirectory\fR.
.RE
.PP
\-D
.RS 4
Output only those record types automatically managed by
\fBdnssec\-signzone\fR, i.e. RRSIG, NSEC, NSEC3 and NSEC3PARAM records. If smart signing (\fB\-S\fR) is used, DNSKEY records are also included. The resulting file can be included in the original zone file with
\fB$INCLUDE\fR. This option cannot be combined with
\fB\-O raw\fR
or serial number updating.
.RE
.PP
\-E \fIengine\fR
.RS 4
Uses a crypto hardware (OpenSSL engine) for the crypto operations it supports, for instance signing with private keys from a secure key store. When compiled with PKCS#11 support it defaults to pkcs11; the empty name resets it to no engine.
@ -119,11 +128,29 @@ must be later than
\fBstart\-time\fR.
.RE
.PP
\-X \fIextended end\-time\fR
.RS 4
Specify the date and time when the generated RRSIG records for the DNSKEY RRset will expire. This is to be used in cases when the DNSKEY signatures need to persist longer than signatures on other records; e.g., when the private component of the KSK is kept offline and the KSK signature is to be refreshed manually.
.sp
As with
\fBstart\-time\fR, an absolute time is indicated in YYYYMMDDHHMMSS notation. A time relative to the start time is indicated with +N, which is N seconds from the start time. A time relative to the current time is indicated with now+N. If no
\fBextended end\-time\fR
is specified, the value of
\fBend\-time\fR
is used as the default. (\fBend\-time\fR, in turn, defaults to 30 days from the start time.)
\fBextended end\-time\fR
must be later than
\fBstart\-time\fR.
.RE
.PP
\-f \fIoutput\-file\fR
.RS 4
The name of the output file containing the signed zone. The default is to append
\fI.signed\fR
to the input filename.
to the input filename. If
\fBoutput\-file\fR
is set to
"\-", then the signed zone is written to the standard output, with a default output format of "full".
.RE
.PP
\-h
@ -164,6 +191,11 @@ option specifies a jitter window that will be used to randomize the signature ex
Signature lifetime jitter also to some extent benefits validators and servers by spreading out cache expiration, i.e. if large numbers of RRSIGs don't expire at the same time from all caches there will be less congestion than if all validators need to refetch at mostly the same time.
.RE
.PP
\-L \fIserial\fR
.RS 4
When writing a signed zone to 'raw' format, set the "source serial" value in the header to the specified serial number. (This is expected to be used primarily for testing purposes.)
.RE
.PP
\-n \fIncpus\fR
.RS 4
Specifies the number of threads to use. By default, one thread is started for each detected CPU.
@ -205,8 +237,15 @@ The zone origin. If not specified, the name of the zone file is assumed to be th
.RS 4
The format of the output file containing the signed zone. Possible formats are
\fB"text"\fR
(default) and
\fB"raw"\fR.
(default)
\fB"full"\fR, which is text output in a format suitable for processing by external scripts, and
\fB"raw"\fR
or
\fB"raw=N"\fR, which store the zone in a binary format for rapid loading by
\fBnamed\fR.
\fB"raw=N"\fR
specifies the format version of the raw zone file: if N is 0, the raw file can be read by any version of
\fBnamed\fR; if N is 1, the file can be read by release 9.9.0 or higher. The default is 1.
.RE
.PP
\-p
@ -221,6 +260,17 @@ Disable post sign verification tests.
The post sign verification test ensures that for each algorithm in use there is at least one non revoked self signed KSK key, that all revoked KSK keys are self signed, and that all records in the zone are signed by the algorithm. This option skips these tests.
.RE
.PP
\-R
.RS 4
Remove signatures from keys that no longer exist.
.sp
Normally, when a previously\-signed zone is passed as input to the signer, and a DNSKEY record has been removed and replaced with a new one, signatures from the old key that are still within their validity period are retained. This allows the zone to continue to validate with cached copies of the old DNSKEY RRset. The
\fB\-R\fR
forces
\fBdnssec\-signzone\fR
to remove all orphaned signatures.
.RE
.PP
\-r \fIrandomdev\fR
.RS 4
Specifies the source of randomness. If the operating system does not provide a
@ -265,8 +315,8 @@ If either of the key's unpublication or deletion dates are set and in the past,
.PP
\-T \fIttl\fR
.RS 4
Specifies the TTL to be used for new DNSKEY records imported into the zone from the key repository. If not specified, the default is the minimum TTL value from the zone's SOA record. This option is ignored when signing without
\fB\-S\fR, since DNSKEY records are not imported from the key repository in that case. It is also ignored if there are any pre\-existing DNSKEY records at the zone apex, in which case new records' TTL values will be set to match them.
Specifies a TTL to be used for new DNSKEY records imported into the zone from the key repository. If not specified, the default is the TTL value from the zone's SOA record. This option is ignored when signing without
\fB\-S\fR, since DNSKEY records are not imported from the key repository in that case. It is also ignored if there are any pre\-existing DNSKEY records at the zone apex, in which case new records' TTL values will be set to match them, or if any of the imported DNSKEY records had a default TTL value. In the event of a a conflict between TTL values in imported keys, the shortest one is used.
.RE
.PP
\-t
@ -378,7 +428,7 @@ RFC 4033.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
Copyright \(co 2004\-2009 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2004\-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000\-2003 Internet Software Consortium.
.br

892
bin/dnssec/dnssec-signzone.c
View File

File diff suppressed because it is too large Load Diff

107
bin/dnssec/dnssec-signzone.docbook
View File

@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-signzone.docbook,v 1.44 2009/12/03 23:18:16 each Exp $ -->
<!-- $Id: dnssec-signzone.docbook,v 1.52 2011/12/22 07:32:40 each Exp $ -->
<refentry id="man.dnssec-signzone">
<refentryinfo>
<date>June 05, 2009</date>
@ -43,6 +43,7 @@
<year>2007</year>
<year>2008</year>
<year>2009</year>
<year>2011</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@ -60,6 +61,7 @@
<arg><option>-a</option></arg>
<arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
<arg><option>-d <replaceable class="parameter">directory</replaceable></option></arg>
<arg><option>-D</option></arg>
<arg><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
<arg><option>-e <replaceable class="parameter">end-time</replaceable></option></arg>
<arg><option>-f <replaceable class="parameter">output-file</replaceable></option></arg>
@ -67,6 +69,7 @@
<arg><option>-h</option></arg>
<arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
<arg><option>-k <replaceable class="parameter">key</replaceable></option></arg>
<arg><option>-L <replaceable class="parameter">serial</replaceable></option></arg>
<arg><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
<arg><option>-i <replaceable class="parameter">interval</replaceable></option></arg>
<arg><option>-I <replaceable class="parameter">input-format</replaceable></option></arg>
@ -74,8 +77,9 @@
<arg><option>-N <replaceable class="parameter">soa-serial-format</replaceable></option></arg>
<arg><option>-o <replaceable class="parameter">origin</replaceable></option></arg>
<arg><option>-O <replaceable class="parameter">output-format</replaceable></option></arg>
<arg><option>-p</option></arg>
<arg><option>-P</option></arg>
<arg><option>-p</option></arg>
<arg><option>-R</option></arg>
<arg><option>-r <replaceable class="parameter">randomdev</replaceable></option></arg>
<arg><option>-S</option></arg>
<arg><option>-s <replaceable class="parameter">start-time</replaceable></option></arg>
@ -83,6 +87,7 @@
<arg><option>-t</option></arg>
<arg><option>-u</option></arg>
<arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
<arg><option>-X <replaceable class="parameter">extended end-time</replaceable></option></arg>
<arg><option>-x</option></arg>
<arg><option>-z</option></arg>
<arg><option>-3 <replaceable class="parameter">salt</replaceable></option></arg>
@ -151,6 +156,22 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-D</term>
<listitem>
<para>
Output only those record types automatically managed by
<command>dnssec-signzone</command>, i.e. RRSIG, NSEC,
NSEC3 and NSEC3PARAM records. If smart signing
(<option>-S</option>) is used, DNSKEY records are also
included. The resulting file can be included in the original
zone file with <command>$INCLUDE</command>. This option
cannot be combined with <option>-O raw</option> or serial
number updating.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-E <replaceable class="parameter">engine</replaceable></term>
<listitem>
@ -237,14 +258,41 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-X <replaceable class="parameter">extended end-time</replaceable></term>
<listitem>
<para>
Specify the date and time when the generated RRSIG records
for the DNSKEY RRset will expire. This is to be used in cases
when the DNSKEY signatures need to persist longer than
signatures on other records; e.g., when the private component
of the KSK is kept offline and the KSK signature is to be
refreshed manually.
</para>
<para>
As with <option>start-time</option>, an absolute
time is indicated in YYYYMMDDHHMMSS notation. A time relative
to the start time is indicated with +N, which is N seconds from
the start time. A time relative to the current time is
indicated with now+N. If no <option>extended end-time</option> is
specified, the value of <option>end-time</option> is used as
the default. (<option>end-time</option>, in turn, defaults to
30 days from the start time.) <option>extended end-time</option>
must be later than <option>start-time</option>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-f <replaceable class="parameter">output-file</replaceable></term>
<listitem>
<para>
The name of the output file containing the signed zone. The
default is to append <filename>.signed</filename> to
the
input filename.
the input filename. If <option>output-file</option> is
set to <literal>"-"</literal>, then the signed zone is
written to the standard output, with a default output
format of "full".
</para>
</listitem>
</varlistentry>
@ -324,6 +372,17 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-L <replaceable class="parameter">serial</replaceable></term>
<listitem>
<para>
When writing a signed zone to 'raw' format, set the "source serial"
value in the header to the specified serial number. (This is
expected to be used primarily for testing purposes.)
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-n <replaceable class="parameter">ncpus</replaceable></term>
<listitem>
@ -388,7 +447,15 @@
<para>
The format of the output file containing the signed zone.
Possible formats are <command>"text"</command> (default)
and <command>"raw"</command>.
<command>"full"</command>, which is text output in a
format suitable for processing by external scripts,
and <command>"raw"</command> or <command>"raw=N"</command>,
which store the zone in a binary format for rapid loading
by <command>named</command>. <command>"raw=N"</command>
specifies the format version of the raw zone file: if N
is 0, the raw file can be read by any version of
<command>named</command>; if N is 1, the file can be
read by release 9.9.0 or higher. The default is 1.
</para>
</listitem>
</varlistentry>
@ -421,6 +488,24 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-R</term>
<listitem>
<para>
Remove signatures from keys that no longer exist.
</para>
<para>
Normally, when a previously-signed zone is passed as input
to the signer, and a DNSKEY record has been removed and
replaced with a new one, signatures from the old key
that are still within their validity period are retained.
This allows the zone to continue to validate with cached
copies of the old DNSKEY RRset. The <option>-R</option> forces
<command>dnssec-signzone</command> to remove all orphaned
signatures.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-r <replaceable class="parameter">randomdev</replaceable></term>
<listitem>
@ -508,15 +593,17 @@
<term>-T <replaceable class="parameter">ttl</replaceable></term>
<listitem>
<para>
Specifies the TTL to be used for new DNSKEY records imported
into the zone from the key repository. If not specified,
the default is the minimum TTL value from the zone's SOA
Specifies a TTL to be used for new DNSKEY records imported
into the zone from the key repository. If not
specified, the default is the TTL value from the zone's SOA
record. This option is ignored when signing without
<option>-S</option>, since DNSKEY records are not imported
from the key repository in that case. It is also ignored if
there are any pre-existing DNSKEY records at the zone apex,
in which case new records' TTL values will be set to match
them.
them, or if any of the imported DNSKEY records had a default
TTL value. In the event of a a conflict between TTL values in
imported keys, the shortest one is used.
</para>
</listitem>
</varlistentry>

95
bin/dnssec/dnssec-signzone.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@ -29,10 +29,10 @@
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-p</code>] [<code class="option">-P</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S</code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-T <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-t</code>] [<code class="option">-u</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-x</code>] [<code class="option">-z</code>] [<code class="option">-3 <em class="replaceable"><code>salt</code></em></code>] [<code class="option">-H <em class="replaceable"><code>iterations</code></em></code>] [<code class="option">-A</code>] {zonefile} [key...]</p></div>
<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-P</code>] [<code class="option">-p</code>] [<code class="option">-R</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S</code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-T <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-t</code>] [<code class="option">-u</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-X <em class="replaceable"><code>extended end-time</code></em></code>] [<code class="option">-x</code>] [<code class="option">-z</code>] [<code class="option">-3 <em class="replaceable"><code>salt</code></em></code>] [<code class="option">-H <em class="replaceable"><code>iterations</code></em></code>] [<code class="option">-A</code>] {zonefile} [key...]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543597"></a><h2>DESCRIPTION</h2>
<a name="id2543626"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-signzone</strong></span>
signs a zone. It generates
NSEC and RRSIG records and produces a signed version of the
@ -43,7 +43,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543612"></a><h2>OPTIONS</h2>
<a name="id2543641"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a</span></dt>
<dd><p>
@ -67,6 +67,17 @@
Look for <code class="filename">dsset-</code> or
<code class="filename">keyset-</code> files in <code class="option">directory</code>.
</p></dd>
<dt><span class="term">-D</span></dt>
<dd><p>
Output only those record types automatically managed by
<span><strong class="command">dnssec-signzone</strong></span>, i.e. RRSIG, NSEC,
NSEC3 and NSEC3PARAM records. If smart signing
(<code class="option">-S</code>) is used, DNSKEY records are also
included. The resulting file can be included in the original
zone file with <span><strong class="command">$INCLUDE</strong></span>. This option
cannot be combined with <code class="option">-O raw</code> or serial
number updating.
</p></dd>
<dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt>
<dd><p>
Uses a crypto hardware (OpenSSL engine) for the crypto operations
@ -118,12 +129,36 @@
<code class="option">end-time</code> must be later than
<code class="option">start-time</code>.
</p></dd>
<dt><span class="term">-X <em class="replaceable"><code>extended end-time</code></em></span></dt>
<dd>
<p>
Specify the date and time when the generated RRSIG records
for the DNSKEY RRset will expire. This is to be used in cases
when the DNSKEY signatures need to persist longer than
signatures on other records; e.g., when the private component
of the KSK is kept offline and the KSK signature is to be
refreshed manually.
</p>
<p>
As with <code class="option">start-time</code>, an absolute
time is indicated in YYYYMMDDHHMMSS notation. A time relative
to the start time is indicated with +N, which is N seconds from
the start time. A time relative to the current time is
indicated with now+N. If no <code class="option">extended end-time</code> is
specified, the value of <code class="option">end-time</code> is used as
the default. (<code class="option">end-time</code>, in turn, defaults to
30 days from the start time.) <code class="option">extended end-time</code>
must be later than <code class="option">start-time</code>.
</p>
</dd>
<dt><span class="term">-f <em class="replaceable"><code>output-file</code></em></span></dt>
<dd><p>
The name of the output file containing the signed zone. The
default is to append <code class="filename">.signed</code> to
the
input filename.
the input filename. If <code class="option">output-file</code> is
set to <code class="literal">"-"</code>, then the signed zone is
written to the standard output, with a default output
format of "full".
</p></dd>
<dt><span class="term">-h</span></dt>
<dd><p>
@ -184,6 +219,12 @@
validators need to refetch at mostly the same time.
</p>
</dd>
<dt><span class="term">-L <em class="replaceable"><code>serial</code></em></span></dt>
<dd><p>
When writing a signed zone to 'raw' format, set the "source serial"
value in the header to the specified serial number. (This is
expected to be used primarily for testing purposes.)
</p></dd>
<dt><span class="term">-n <em class="replaceable"><code>ncpus</code></em></span></dt>
<dd><p>
Specifies the number of threads to use. By default, one
@ -217,7 +258,15 @@
<dd><p>
The format of the output file containing the signed zone.
Possible formats are <span><strong class="command">"text"</strong></span> (default)
and <span><strong class="command">"raw"</strong></span>.
<span><strong class="command">"full"</strong></span>, which is text output in a
format suitable for processing by external scripts,
and <span><strong class="command">"raw"</strong></span> or <span><strong class="command">"raw=N"</strong></span>,
which store the zone in a binary format for rapid loading
by <span><strong class="command">named</strong></span>. <span><strong class="command">"raw=N"</strong></span>
specifies the format version of the raw zone file: if N
is 0, the raw file can be read by any version of
<span><strong class="command">named</strong></span>; if N is 1, the file can be
read by release 9.9.0 or higher. The default is 1.
</p></dd>
<dt><span class="term">-p</span></dt>
<dd><p>
@ -239,6 +288,22 @@
This option skips these tests.
</p>
</dd>
<dt><span class="term">-R</span></dt>
<dd>
<p>
Remove signatures from keys that no longer exist.
</p>
<p>
Normally, when a previously-signed zone is passed as input
to the signer, and a DNSKEY record has been removed and
replaced with a new one, signatures from the old key
that are still within their validity period are retained.
This allows the zone to continue to validate with cached
copies of the old DNSKEY RRset. The <code class="option">-R</code> forces
<span><strong class="command">dnssec-signzone</strong></span> to remove all orphaned
signatures.
</p>
</dd>
<dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
<dd><p>
Specifies the source of randomness. If the operating
@ -297,15 +362,17 @@
</dd>
<dt><span class="term">-T <em class="replaceable"><code>ttl</code></em></span></dt>
<dd><p>
Specifies the TTL to be used for new DNSKEY records imported
into the zone from the key repository. If not specified,
the default is the minimum TTL value from the zone's SOA
Specifies a TTL to be used for new DNSKEY records imported
into the zone from the key repository. If not
specified, the default is the TTL value from the zone's SOA
record. This option is ignored when signing without
<code class="option">-S</code>, since DNSKEY records are not imported
from the key repository in that case. It is also ignored if
there are any pre-existing DNSKEY records at the zone apex,
in which case new records' TTL values will be set to match
them.
them, or if any of the imported DNSKEY records had a default
TTL value. In the event of a a conflict between TTL values in
imported keys, the shortest one is used.
</p></dd>
<dt><span class="term">-t</span></dt>
<dd><p>
@ -379,7 +446,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2544965"></a><h2>EXAMPLE</h2>
<a name="id2545127"></a><h2>EXAMPLE</h2>
<p>
The following command signs the <strong class="userinput"><code>example.com</code></strong>
zone with the DSA key generated by <span><strong class="command">dnssec-keygen</strong></span>
@ -409,14 +476,14 @@ db.example.com.signed
%</pre>
</div>
<div class="refsect1" lang="en">
<a name="id2545020"></a><h2>SEE ALSO</h2>
<a name="id2545182"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 4033</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2545045"></a><h2>AUTHOR</h2>
<a name="id2545207"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

97
bin/dnssec/dnssec-verify.8 Normal file
View File

@ -0,0 +1,97 @@
.\" Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id$
.\"
.hy 0
.ad l
.\" Title: dnssec\-verify
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
.\" Date: April 12, 2012
.\" Manual: BIND9
.\" Source: BIND9
.\"
.TH "DNSSEC\-VERIFY" "8" "April 12, 2012" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.SH "NAME"
dnssec\-verify \- DNSSEC zone verification tool
.SH "SYNOPSIS"
.HP 14
\fBdnssec\-verify\fR [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-I\ \fR\fB\fIinput\-format\fR\fR] [\fB\-o\ \fR\fB\fIorigin\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-x\fR] [\fB\-z\fR] {zonefile}
.SH "DESCRIPTION"
.PP
\fBdnssec\-verify\fR
verifies that a zone is fully signed for each algorithm found in the DNSKEY RRset for the zone, and that the NSEC / NSEC3 chains are complete.
.SH "OPTIONS"
.PP
\-c \fIclass\fR
.RS 4
Specifies the DNS class of the zone.
.RE
.PP
\-I \fIinput\-format\fR
.RS 4
The format of the input zone file. Possible formats are
\fB"text"\fR
(default) and
\fB"raw"\fR. This option is primarily intended to be used for dynamic signed zones so that the dumped zone file in a non\-text format containing updates can be verified independently. The use of this option does not make much sense for non\-dynamic zones.
.RE
.PP
\-o \fIorigin\fR
.RS 4
The zone origin. If not specified, the name of the zone file is assumed to be the origin.
.RE
.PP
\-v \fIlevel\fR
.RS 4
Sets the debugging level.
.RE
.PP
\-x
.RS 4
Only verify that the DNSKEY RRset is signed with key\-signing keys. Without this flag, it is assumed that the DNSKEY RRset will be signed by all active keys. When this flag is set, it will not be an error if the DNSKEY RRset is not signed by zone\-signing keys. This corresponds to the
\fB\-x\fR
option in
\fBdnssec\-signzone\fR.
.RE
.PP
\-z
.RS 4
Ignore the KSK flag on the keys when determining whether the zone if correctly signed. Without this flag it is assumed that there will be a non\-revoked, self\-signed DNSKEY with the KSK flag set for each algorithm and that RRsets other than DNSKEY RRset will be signed with a different DNSKEY without the KSK flag set.
.sp
With this flag set, we only require that for each algorithm, there will be at least one non\-revoked, self\-signed DNSKEY, regardless of the KSK flag state, and that other RRsets will be signed by a non\-revoked key for the same algorithm that includes the self\-signed key; the same key may be used for both purposes. This corresponds to the
\fB\-z\fR
option in
\fBdnssec\-signzone\fR.
.RE
.PP
zonefile
.RS 4
The file containing the zone to be signed.
.RE
.SH "SEE ALSO"
.PP
\fBdnssec\-signzone\fR(8),
BIND 9 Administrator Reference Manual,
RFC 4033.
.SH "AUTHOR"
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
Copyright \(co 2012 Internet Systems Consortium, Inc. ("ISC")
.br

328
bin/dnssec/dnssec-verify.c Normal file
View File

@ -0,0 +1,328 @@
/*
* Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
* LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
* OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-verify.c,v 1.1.2.1 2011/03/16 06:37:51 each Exp $ */
/*! \file */
#include <config.h>
#include <stdlib.h>
#include <time.h>
#include <isc/app.h>
#include <isc/base32.h>
#include <isc/commandline.h>
#include <isc/entropy.h>
#include <isc/event.h>
#include <isc/file.h>
#include <isc/hash.h>
#include <isc/hex.h>
#include <isc/mem.h>
#include <isc/mutex.h>
#include <isc/os.h>
#include <isc/print.h>
#include <isc/random.h>
#include <isc/rwlock.h>
#include <isc/serial.h>
#include <isc/stdio.h>
#include <isc/stdlib.h>
#include <isc/string.h>
#include <isc/time.h>
#include <isc/util.h>
#include <dns/db.h>
#include <dns/dbiterator.h>
#include <dns/diff.h>
#include <dns/dnssec.h>
#include <dns/ds.h>
#include <dns/fixedname.h>
#include <dns/keyvalues.h>
#include <dns/log.h>
#include <dns/master.h>
#include <dns/masterdump.h>
#include <dns/nsec.h>
#include <dns/nsec3.h>
#include <dns/rdata.h>
#include <dns/rdatalist.h>
#include <dns/rdataset.h>
#include <dns/rdataclass.h>
#include <dns/rdatasetiter.h>
#include <dns/rdatastruct.h>
#include <dns/rdatatype.h>
#include <dns/result.h>
#include <dns/soa.h>
#include <dns/time.h>
#include <dst/dst.h>
#include "dnssectool.h"
const char *program = "dnssec-verify";
int verbose;
static isc_stdtime_t now;
static isc_mem_t *mctx = NULL;
static isc_entropy_t *ectx = NULL;
static dns_masterformat_t inputformat = dns_masterformat_text;
static dns_db_t *gdb; /* The database */
static dns_dbversion_t *gversion; /* The database version */
static dns_rdataclass_t gclass; /* The class */
static dns_name_t *gorigin; /* The database origin */
static isc_boolean_t ignore_kskflag = ISC_FALSE;
static isc_boolean_t keyset_kskonly = ISC_FALSE;
/*%
* Load the zone file from disk
*/
static void
loadzone(char *file, char *origin, dns_rdataclass_t rdclass, dns_db_t **db) {
isc_buffer_t b;
int len;
dns_fixedname_t fname;
dns_name_t *name;
isc_result_t result;
len = strlen(origin);
isc_buffer_init(&b, origin, len);
isc_buffer_add(&b, len);
dns_fixedname_init(&fname);
name = dns_fixedname_name(&fname);
result = dns_name_fromtext(name, &b, dns_rootname, 0, NULL);
if (result != ISC_R_SUCCESS)
fatal("failed converting name '%s' to dns format: %s",
origin, isc_result_totext(result));
result = dns_db_create(mctx, "rbt", name, dns_dbtype_zone,
rdclass, 0, NULL, db);
check_result(result, "dns_db_create()");
result = dns_db_load2(*db, file, inputformat);
if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE)
fatal("failed loading zone from '%s': %s",
file, isc_result_totext(result));
}
ISC_PLATFORM_NORETURN_PRE static void
usage(void) ISC_PLATFORM_NORETURN_POST;
static void
usage(void) {
fprintf(stderr, "Usage:\n");
fprintf(stderr, "\t%s [options] zonefile [keys]\n", program);
fprintf(stderr, "\n");
fprintf(stderr, "Version: %s\n", VERSION);
fprintf(stderr, "Options: (default value in parenthesis) \n");
fprintf(stderr, "\t-v debuglevel (0)\n");
fprintf(stderr, "\t-o origin:\n");
fprintf(stderr, "\t\tzone origin (name of zonefile)\n");
fprintf(stderr, "\t-I format:\n");
fprintf(stderr, "\t\tfile format of input zonefile (text)\n");
fprintf(stderr, "\t-c class (IN)\n");
fprintf(stderr, "\t-E engine:\n");
#ifdef USE_PKCS11
fprintf(stderr, "\t\tname of an OpenSSL engine to use "
"(default is \"pkcs11\")\n");
#else
fprintf(stderr, "\t\tname of an OpenSSL engine to use\n");
#endif
fprintf(stderr, "\t-x:\tDNSKEY record signed with KSKs only, "
"not ZSKs\n");
fprintf(stderr, "\t-z:\tAll records signed with KSKs\n");
exit(0);
}
int
main(int argc, char *argv[]) {
char *origin = NULL, *file = NULL;
char *inputformatstr = NULL;
isc_result_t result;
isc_log_t *log = NULL;
#ifdef USE_PKCS11
const char *engine = "pkcs11";
#else
const char *engine = NULL;
#endif
char *classname = NULL;
dns_rdataclass_t rdclass;
char ch, *endp;
#define CMDLINE_FLAGS \
"m:o:I:c:E:v:xz"
/*
* Process memory debugging argument first.
*/
while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) {
switch (ch) {
case 'm':
if (strcasecmp(isc_commandline_argument, "record") == 0)
isc_mem_debugging |= ISC_MEM_DEBUGRECORD;
if (strcasecmp(isc_commandline_argument, "trace") == 0)
isc_mem_debugging |= ISC_MEM_DEBUGTRACE;
if (strcasecmp(isc_commandline_argument, "usage") == 0)
isc_mem_debugging |= ISC_MEM_DEBUGUSAGE;
if (strcasecmp(isc_commandline_argument, "size") == 0)
isc_mem_debugging |= ISC_MEM_DEBUGSIZE;
if (strcasecmp(isc_commandline_argument, "mctx") == 0)
isc_mem_debugging |= ISC_MEM_DEBUGCTX;
break;
default:
break;
}
}
isc_commandline_reset = ISC_TRUE;
check_result(isc_app_start(), "isc_app_start");
result = isc_mem_create(0, 0, &mctx);
if (result != ISC_R_SUCCESS)
fatal("out of memory");
dns_result_register();
isc_commandline_errprint = ISC_FALSE;
while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) {
switch (ch) {
case 'c':
classname = isc_commandline_argument;
break;
case 'E':
engine = isc_commandline_argument;
break;
case 'h':
usage();
break;
case 'I':
inputformatstr = isc_commandline_argument;
break;
case 'm':
break;
case 'o':
origin = isc_commandline_argument;
break;
case 'v':
endp = NULL;
verbose = strtol(isc_commandline_argument, &endp, 0);
if (*endp != '\0')
fatal("verbose level must be numeric");
break;
case 'x':
keyset_kskonly = ISC_TRUE;
break;
case 'z':
ignore_kskflag = ISC_TRUE;
break;
case '?':
if (isc_commandline_option != '?')
fprintf(stderr, "%s: invalid argument -%c\n",
program, isc_commandline_option);
usage();
break;
default:
fprintf(stderr, "%s: unhandled option -%c\n",
program, isc_commandline_option);
exit(1);
}
}
if (ectx == NULL)
setup_entropy(mctx, NULL, &ectx);
result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
if (result != ISC_R_SUCCESS)
fatal("could not create hash context");
result = dst_lib_init2(mctx, ectx, engine, ISC_ENTROPY_BLOCKING);
if (result != ISC_R_SUCCESS)
fatal("could not initialize dst: %s",
isc_result_totext(result));
isc_stdtime_get(&now);
rdclass = strtoclass(classname);
setup_logging(verbose, mctx, &log);
argc -= isc_commandline_index;
argv += isc_commandline_index;
if (argc < 1)
usage();
file = argv[0];
argc -= 1;
argv += 1;
POST(argc);
POST(argv);
if (origin == NULL)
origin = file;
if (inputformatstr != NULL) {
if (strcasecmp(inputformatstr, "text") == 0)
inputformat = dns_masterformat_text;
else if (strcasecmp(inputformatstr, "raw") == 0)
inputformat = dns_masterformat_raw;
else
fatal("unknown file format: %s\n", inputformatstr);
}
gdb = NULL;
fprintf(stderr, "Loading zone '%s' from file '%s'\n", origin, file);
loadzone(file, origin, rdclass, &gdb);
gorigin = dns_db_origin(gdb);
gclass = dns_db_class(gdb);
gversion = NULL;
result = dns_db_newversion(gdb, &gversion);
check_result(result, "dns_db_newversion()");
verifyzone(gdb, gversion, gorigin, mctx,
ignore_kskflag, keyset_kskonly);
dns_db_closeversion(gdb, &gversion, ISC_FALSE);
dns_db_detach(&gdb);
cleanup_logging(&log);
dst_lib_destroy();
isc_hash_destroy();
cleanup_entropy(&ectx);
dns_name_destroy();
if (verbose > 10)
isc_mem_stats(mctx, stdout);
isc_mem_destroy(&mctx);
(void) isc_app_finish();
return (0);
}

185
bin/dnssec/dnssec-verify.docbook Normal file
View File

@ -0,0 +1,185 @@
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
- THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-verify.docbook,v 1.52 2011/12/22 07:32:40 each Exp $ -->
<refentry id="man.dnssec-verify">
<refentryinfo>
<date>April 12, 2012</date>
</refentryinfo>
<refmeta>
<refentrytitle><application>dnssec-verify</application></refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo>BIND9</refmiscinfo>
</refmeta>
<refnamediv>
<refname><application>dnssec-verify</application></refname>
<refpurpose>DNSSEC zone verification tool</refpurpose>
</refnamediv>
<docinfo>
<copyright>
<year>2012</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
<refsynopsisdiv>
<cmdsynopsis>
<command>dnssec-verify</command>
<arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
<arg><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
<arg><option>-I <replaceable class="parameter">input-format</replaceable></option></arg>
<arg><option>-o <replaceable class="parameter">origin</replaceable></option></arg>
<arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
<arg><option>-x</option></arg>
<arg><option>-z</option></arg>
<arg choice="req">zonefile</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para><command>dnssec-verify</command>
verifies that a zone is fully signed for each algorithm found
in the DNSKEY RRset for the zone, and that the NSEC / NSEC3
chains are complete.
</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>-c <replaceable class="parameter">class</replaceable></term>
<listitem>
<para>
Specifies the DNS class of the zone.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-I <replaceable class="parameter">input-format</replaceable></term>
<listitem>
<para>
The format of the input zone file.
Possible formats are <command>"text"</command> (default)
and <command>"raw"</command>.
This option is primarily intended to be used for dynamic
signed zones so that the dumped zone file in a non-text
format containing updates can be verified independently.
The use of this option does not make much sense for
non-dynamic zones.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-o <replaceable class="parameter">origin</replaceable></term>
<listitem>
<para>
The zone origin. If not specified, the name of the zone file
is assumed to be the origin.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-v <replaceable class="parameter">level</replaceable></term>
<listitem>
<para>
Sets the debugging level.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-x</term>
<listitem>
<para>
Only verify that the DNSKEY RRset is signed with key-signing
keys. Without this flag, it is assumed that the DNSKEY RRset
will be signed by all active keys. When this flag is set,
it will not be an error if the DNSKEY RRset is not signed
by zone-signing keys. This corresponds to the <option>-x</option>
option in <command>dnssec-signzone</command>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-z</term>
<listitem>
<para>
Ignore the KSK flag on the keys when determining whether
the zone if correctly signed. Without this flag it is
assumed that there will be a non-revoked, self-signed
DNSKEY with the KSK flag set for each algorithm and
that RRsets other than DNSKEY RRset will be signed with
a different DNSKEY without the KSK flag set.
</para>
<para>
With this flag set, we only require that for each algorithm,
there will be at least one non-revoked, self-signed DNSKEY,
regardless of the KSK flag state, and that other RRsets
will be signed by a non-revoked key for the same algorithm
that includes the self-signed key; the same key may be used
for both purposes. This corresponds to the <option>-z</option>
option in <command>dnssec-signzone</command>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>zonefile</term>
<listitem>
<para>
The file containing the zone to be signed.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citetitle>BIND 9 Administrator Reference Manual</citetitle>,
<citetitle>RFC 4033</citetitle>.
</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para><corpauthor>Internet Systems Consortium</corpauthor>
</para>
</refsect1>
</refentry><!--
- Local variables:
- mode: sgml
- End:
-->

117
bin/dnssec/dnssec-verify.html Normal file
View File

@ -0,0 +1,117 @@
<!--
- Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
- THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>dnssec-verify</title>
<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
<a name="man.dnssec-verify"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p><span class="application">dnssec-verify</span> &#8212; DNSSEC zone verification tool</p>
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">dnssec-verify</code> [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-x</code>] [<code class="option">-z</code>] {zonefile}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543390"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-verify</strong></span>
verifies that a zone is fully signed for each algorithm found
in the DNSKEY RRset for the zone, and that the NSEC / NSEC3
chains are complete.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543402"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
<dd><p>
Specifies the DNS class of the zone.
</p></dd>
<dt><span class="term">-I <em class="replaceable"><code>input-format</code></em></span></dt>
<dd><p>
The format of the input zone file.
Possible formats are <span><strong class="command">"text"</strong></span> (default)
and <span><strong class="command">"raw"</strong></span>.
This option is primarily intended to be used for dynamic
signed zones so that the dumped zone file in a non-text
format containing updates can be verified independently.
The use of this option does not make much sense for
non-dynamic zones.
</p></dd>
<dt><span class="term">-o <em class="replaceable"><code>origin</code></em></span></dt>
<dd><p>
The zone origin. If not specified, the name of the zone file
is assumed to be the origin.
</p></dd>
<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
<dd><p>
Sets the debugging level.
</p></dd>
<dt><span class="term">-x</span></dt>
<dd><p>
Only verify that the DNSKEY RRset is signed with key-signing
keys. Without this flag, it is assumed that the DNSKEY RRset
will be signed by all active keys. When this flag is set,
it will not be an error if the DNSKEY RRset is not signed
by zone-signing keys. This corresponds to the <code class="option">-x</code>
option in <span><strong class="command">dnssec-signzone</strong></span>.
</p></dd>
<dt><span class="term">-z</span></dt>
<dd>
<p>
Ignore the KSK flag on the keys when determining whether
the zone if correctly signed. Without this flag it is
assumed that there will be a non-revoked, self-signed
DNSKEY with the KSK flag set for each algorithm and
that RRsets other than DNSKEY RRset will be signed with
a different DNSKEY without the KSK flag set.
</p>
<p>
With this flag set, we only require that for each algorithm,
there will be at least one non-revoked, self-signed DNSKEY,
regardless of the KSK flag state, and that other RRsets
will be signed by a non-revoked key for the same algorithm
that includes the self-signed key; the same key may be used
for both purposes. This corresponds to the <code class="option">-z</code>
option in <span><strong class="command">dnssec-signzone</strong></span>.
</p>
</dd>
<dt><span class="term">zonefile</span></dt>
<dd><p>
The file containing the zone to be signed.
</p></dd>
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543543"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 4033</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543637"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
</div></body>
</html>

1336
bin/dnssec/dnssectool.c
View File

File diff suppressed because it is too large Load Diff

17
bin/dnssec/dnssectool.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004, 2007-2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004, 2007-2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssectool.h,v 1.31.162.2 2011/10/20 23:46:27 tbox Exp $ */
/* $Id: dnssectool.h,v 1.33 2011/10/20 23:46:51 tbox Exp $ */
#ifndef DNSSECTOOL_H
#define DNSSECTOOL_H 1
@ -25,6 +25,11 @@
#include <dns/rdatastruct.h>
#include <dst/dst.h>
#define check_dns_dbiterator_current(result) \
check_result((result == DNS_R_NEWORIGIN) ? ISC_R_SUCCESS : result, \
"dns_dbiterator_current()")
typedef void (fatalcallback_t)(void);
ISC_PLATFORM_NORETURN_PRE void
@ -81,4 +86,12 @@ isc_boolean_t
key_collision(dst_key_t *key, dns_name_t *name, const char *dir,
isc_mem_t *mctx, isc_boolean_t *exact);
isc_boolean_t
is_delegation(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *origin,
dns_name_t *name, dns_dbnode_t *node, isc_uint32_t *ttlp);
void
verifyzone(dns_db_t *db, dns_dbversion_t *ver,
dns_name_t *origin, isc_mem_t *mctx,
isc_boolean_t ignore_kskflag, isc_boolean_t keyset_kskonly);
#endif /* DNSSEC_DNSSECTOOL_H */

9
bin/named/Makefile.in
View File

@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: Makefile.in,v 1.114.14.2 2011/03/10 23:47:25 tbox Exp $
# $Id: Makefile.in,v 1.116 2011/03/10 23:47:49 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@ -161,8 +161,11 @@ maintainer-clean::
bind9.xsl.h: bind9.xsl ${srcdir}/convertxsl.pl
${PERL} ${srcdir}/convertxsl.pl < ${srcdir}/bind9.xsl > bind9.xsl.h
depend: bind9.xsl.h
statschannel.@O@: bind9.xsl.h
bind9.ver3.xsl.h: bind9.ver3.xsl ${srcdir}/convertxsl.pl
${PERL} ${srcdir}/convertxsl.pl < ${srcdir}/bind9.ver3.xsl > bind9.ver3.xsl.h
depend: bind9.xsl.h bind9.ver3.xsl.h
statschannel.@O@: bind9.xsl.h bind9.ver3.xsl.h
installdirs:
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}

738
bin/named/bind9.ver3.xsl Normal file
View File

@ -0,0 +1,738 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
- Copyright (C) 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
- THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id$ -->
<!-- %Id: bind9.xsl,v 1.21 2009/01/27 23:47:54 tbox Exp % -->
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://www.w3.org/1999/xhtml" version="1.0">
<xsl:output method="html" indent="yes" version="4.0"/>
<xsl:template match="statistics[@version=&quot;3.0&quot;]">
<html>
<head>
<xsl:if test="system-property('xsl:vendor')!='Transformiix'">
<!-- Non Mozilla specific markup -->
<script type="text/javascript" src="https://www.google.com/jsapi"/>
<script type="text/javascript">
google.load("visualization", "1", {packages:["corechart"]});
google.setOnLoadCallback(loadGraphs);
var graphs=[];
function drawChart(chart_title,target,data) {
var data = google.visualization.arrayToDataTable(data);
var options = {
title: chart_title
};
var chart = new google.visualization.BarChart(document.getElementById(target));
chart.draw(data, options);
}
function loadGraphs(){
//alert("here we are!");
var g;
// Server Incoming query Types
while(g = graphs.shift()){
// alert("going for: " + g.target);
if(g.data.length > 1){
drawChart(g.title,g.target,g.data);
}
}
}
// Server Incoming Queries Types
graphs.push({
'title' : "Server Incoming Query Types",
'target': 'chart_incoming_qtypes',
'data': [['Type','Counter'],<xsl:for-each select="server/counters[@type=&quot;qtype&quot;]/counter">['<xsl:value-of select="@name"/>',<xsl:value-of select="."/>],</xsl:for-each>]
});
// Server Incoming Requests
graphs.push({
'title' : "Server Incoming Requests",
'target': 'chart_incoming_requests',
'data': [['Requests','Counter'],<xsl:for-each select="server/counters[@type=&quot;opcode&quot;]/counter">['<xsl:value-of select="@name"/>',<xsl:value-of select="."/>],</xsl:for-each>]});
</script>
</xsl:if>
<style type="text/css">
body {
font-family: sans-serif;
background-color: #ffffff;
color: #000000;
font-size: 10pt;
}
.odd{
background-color: #f0f0f0;
}
.even{
background-color: #ffffff;
}
p.footer{
font-style:italic;
color: grey;
}
table {
border-collapse: collapse;
border: 1px solid grey;
}
table.counters{
border: 1px solid grey;
width: 500px;
}
table.counters th {
text-align: center;
border: 1px solid grey;
width: 120px;
}
table.counters td{
text-align:center;
}
table.counters tr:hover{
background-color: #99ddff;
}
.totals {
background-color: rgb(1,169,206);
color: #ffffff;
}
td, th {
padding-right: 5px;
padding-left: 5px;
border: 1px solid grey;
}
.header h1 {
color: rgb(1,169,206);
padding: 0px;
}
.content {
background-color: #ffffff;
color: #000000;
padding: 4px;
}
.item {
padding: 4px;
text-align: right;
}
.value {
padding: 4px;
font-weight: bold;
}
h2 {
color: grey;
font-size: 14pt;
width:500px;
text-align:center;
}
h3 {
color: #444444;
font-size: 12pt;
width:500px;
text-align:center;
}
h4 {
color: rgb(1,169,206);
font-size: 10pt;
width:500px;
text-align:center;
}
.pie {
width:500px;
height: 500px;
}
</style>
<title>ISC BIND 9 Statistics</title>
</head>
<body>
<div class="header">
<h1>ISC Bind 9 Configuration and Statistics</h1>
</div>
<hr/>
<h2>Server Times</h2>
<table class="counters">
<tr>
<th>Boot time:</th>
<td>
<xsl:value-of select="server/boot-time"/>
</td>
</tr>
<tr>
<th>Sample time:</th>
<td>
<xsl:value-of select="server/current-time"/>
</td>
</tr>
</table>
<br/>
<h2>Incoming Requests</h2>
<xsl:if test="system-property('xsl:vendor')!='Transformiix'">
<!-- Non Mozilla specific markup -->
<div class="pie" id="chart_incoming_requests">[no incoming requests]</div>
</xsl:if>
<table class="counters">
<xsl:for-each select="server/counters[@type=&quot;opcode&quot;]/counter">
<xsl:sort select="." data-type="number" order="descending"/>
<tr>
<th>
<xsl:value-of select="@name"/>
</th>
<td>
<xsl:value-of select="."/>
</td>
</tr>
</xsl:for-each>
<tr>
<th class="totals">Total:</th>
<td class="totals">
<xsl:value-of select="sum(server/counters[@type=&quot;opcode&quot;]/counter)"/>
</td>
</tr>
</table>
<br/>
<h3>Incoming Queries by Type</h3>
<xsl:if test="system-property('xsl:vendor')!='Transformiix'">
<!-- Non Mozilla specific markup -->
<div class="pie" id="chart_incoming_qtypes">[no incoming queries]</div>
</xsl:if>
<table class="counters">
<xsl:for-each select="server/counters[@type=&quot;qtype&quot;]/counter">
<xsl:sort select="." data-type="number" order="descending"/>
<xsl:variable name="css-class">
<xsl:choose>
<xsl:when test="position() mod 2 = 0">even</xsl:when>
<xsl:otherwise>odd</xsl:otherwise>
</xsl:choose>
</xsl:variable>
<tr class="{$css-class}">
<th>
<xsl:value-of select="@name"/>
</th>
<td>
<xsl:value-of select="."/>
</td>
</tr>
</xsl:for-each>
<tr>
<th class="totals">Total:</th>
<td class="totals">
<xsl:value-of select="sum(server/counters[@type=&quot;qtype&quot;]/counter)"/>
</td>
</tr>
</table>
<br/>
<h2>Outgoing Queries per view</h2>
<xsl:for-each select="views/view[count(counters[@type=&quot;resqtype&quot;]/counter) &gt; 0]">
<h3>View <xsl:value-of select="@name"/></h3>
<xsl:if test="system-property('xsl:vendor')!='Transformiix'">
<!-- Non Mozilla specific markup -->
<script type="text/javascript">
graphs.push({
'title': "Outgoing queries for view: <xsl:value-of select="@name"/>",
'target': 'chart_outgoing_queries_view_<xsl:value-of select="@name"/>',
'data': [['Type','Counter'],<xsl:for-each select="counters[@type=&quot;resqtype&quot;]/counter">['<xsl:value-of select="@name"/>',<xsl:value-of select="."/>],</xsl:for-each>]
});
</script>
<xsl:variable name="target">
<xsl:value-of select="@name"/>
</xsl:variable>
<div class="pie" id="chart_outgoing_queries_view_{$target}"/>
</xsl:if>
<table class="counters">
<xsl:for-each select="counters[@type=&quot;resqtype&quot;]/counter">
<xsl:sort select="." data-type="number" order="descending"/>
<xsl:variable name="css-class1">
<xsl:choose>
<xsl:when test="position() mod 2 = 0">even</xsl:when>
<xsl:otherwise>odd</xsl:otherwise>
</xsl:choose>
</xsl:variable>
<tr class="{$css-class1}">
<th>
<xsl:value-of select="@name"/>
</th>
<td>
<xsl:value-of select="."/>
</td>
</tr>
</xsl:for-each>
</table>
<br/>
</xsl:for-each>
<h2>Server Statistics</h2>
<xsl:if test="system-property('xsl:vendor')!='Transformiix'">
<!-- Non Mozilla specific markup -->
<script type="text/javascript">
graphs.push({
'title' : "Server Counters",
'target': 'chart_server_nsstat_restype',
'data': [['Type','Counter'],<xsl:for-each select="server/counters[@type=&quot;nsstat&quot;]/counter[.&gt;0]">['<xsl:value-of select="@name"/>',<xsl:value-of select="."/>],</xsl:for-each>]
});
</script>
<div class="pie" id="chart_server_nsstat_restype"/>
</xsl:if>
<table class="counters">
<xsl:for-each select="server/counters[@type=&quot;nsstat&quot;]/counter[.&gt;0]">
<xsl:sort select="." data-type="number" order="descending"/>
<xsl:variable name="css-class2">
<xsl:choose>
<xsl:when test="position() mod 2 = 0">even</xsl:when>
<xsl:otherwise>odd</xsl:otherwise>
</xsl:choose>
</xsl:variable>
<tr class="{$css-class2}">
<th>
<xsl:value-of select="@name"/>
</th>
<td>
<xsl:value-of select="."/>
</td>
</tr>
</xsl:for-each>
</table>
<br/>
<h2>Zone Maintenance Statistics</h2>
<xsl:if test="system-property('xsl:vendor')!='Transformiix'">
<script type="text/javascript">
graphs.push({
'title' : "Zone Maintenance Stats",
'target': 'chart_server_zone_maint',
'data': [['Type','Counter'],<xsl:for-each select="server/counters[@type=&quot;zonestat&quot;]/counter">['<xsl:value-of select="@name"/>',<xsl:value-of select="."/>],</xsl:for-each>]
});
</script>
<!-- Non Mozilla specific markup -->
<div class="pie" id="chart_server_zone_maint"/>
</xsl:if>
<table class="counters">
<xsl:for-each select="server/counters[@type=&quot;zonestat&quot;]/counter">
<xsl:sort select="." data-type="number" order="descending"/>
<xsl:variable name="css-class3">
<xsl:choose>
<xsl:when test="position() mod 2 = 0">even</xsl:when>
<xsl:otherwise>odd</xsl:otherwise>
</xsl:choose>
</xsl:variable>
<tr class="{$css-class3}">
<th>
<xsl:value-of select="@name"/>
</th>
<td>
<xsl:value-of select="."/>
</td>
</tr>
</xsl:for-each>
</table>
<h2>Resolver Statistics (Common)</h2>
<table class="counters">
<xsl:for-each select="server/counters[@type=&quot;restat&quot;]/counter">
<xsl:sort select="." data-type="number" order="descending"/>
<xsl:variable name="css-class4">
<xsl:choose>
<xsl:when test="position() mod 2 = 0">even</xsl:when>
<xsl:otherwise>odd</xsl:otherwise>
</xsl:choose>
</xsl:variable>
<tr class="{$css-class4}">
<th>
<xsl:value-of select="@name"/>
</th>
<td>
<xsl:value-of select="."/>
</td>
</tr>
</xsl:for-each>
</table>
<xsl:for-each select="views/view">
<h3>Resolver Statistics for View <xsl:value-of select="@name"/></h3>
<table class="counters">
<xsl:for-each select="counters[@type=&quot;resstats&quot;]/counter[.&gt;0]">
<xsl:sort select="." data-type="number" order="descending"/>
<xsl:variable name="css-class5">
<xsl:choose>
<xsl:when test="position() mod 2 = 0">even</xsl:when>
<xsl:otherwise>odd</xsl:otherwise>
</xsl:choose>
</xsl:variable>
<tr class="{$css-class5}">
<th>
<xsl:value-of select="@name"/>
</th>
<td>
<xsl:value-of select="."/>
</td>
</tr>
</xsl:for-each>
</table>
</xsl:for-each>
<h3>Cache DB RRsets for View <xsl:value-of select="@name"/></h3>
<xsl:for-each select="views/view">
<table class="counters">
<xsl:for-each select="cache/rrset">
<xsl:variable name="css-class6">
<xsl:choose>
<xsl:when test="position() mod 2 = 0">even</xsl:when>
<xsl:otherwise>odd</xsl:otherwise>
</xsl:choose>
</xsl:variable>
<tr class="{$css-class6}">
<th>
<xsl:value-of select="name"/>
</th>
<td>
<xsl:value-of select="counter"/>
</td>
</tr>
</xsl:for-each>
</table>
<br/>
</xsl:for-each>
<h2>Socket I/O Statistics</h2>
<table class="counters">
<xsl:for-each select="server/counters[@type=&quot;sockstat&quot;]/counter[.&gt;0]">
<xsl:variable name="css-class7">
<xsl:choose>
<xsl:when test="position() mod 2 = 0">even</xsl:when>
<xsl:otherwise>odd</xsl:otherwise>
</xsl:choose>
</xsl:variable>
<tr class="{$css-class7}">
<th>
<xsl:value-of select="@name"/>
</th>
<td>
<xsl:value-of select="."/>
</td>
</tr>
</xsl:for-each>
</table>
<br/>
<br/>
<h2>Response Codes per view/zone</h2>
<xsl:for-each select="views/view[zones/zone/counters[@type=&quot;rcode&quot;]/counter &gt;0]">
<h3>View <xsl:value-of select="@name"/></h3>
<xsl:variable name="thisview">
<xsl:value-of select="@name"/>
</xsl:variable>
<xsl:for-each select="zones/zone">
<xsl:if test="counters[@type=&quot;rcode&quot;]/counter[. &gt; 0]">
<h4>Zone <xsl:value-of select="@name"/></h4>
<xsl:if test="system-property('xsl:vendor')!='Transformiix'">
<!-- Non Mozilla specific markup -->
<script type="text/javascript">
graphs.push({
'title': "Response Codes for zone <xsl:value-of select="@name"/>",
'target': 'chart_rescode_<xsl:value-of select="../../@name"/>_<xsl:value-of select="@name"/>',
'data': [['Type','Counter'],<xsl:for-each select="counters[@type=&quot;rcode&quot;]/counter[.&gt;0 and @name != &quot;QryAuthAns&quot;]">['<xsl:value-of select="@name"/>',<xsl:value-of select="."/>],</xsl:for-each>]
});
</script>
<xsl:variable name="target">
<xsl:value-of select="@name"/>
</xsl:variable>
<div class="pie" id="chart_rescode_{$thisview}_{$target}"/>
</xsl:if>
<table class="counters">
<xsl:for-each select="counters[@type=&quot;rcode&quot;]/counter[.&gt;0 and @name != &quot;QryAuthAns&quot;]">
<xsl:sort select="."/>
<xsl:variable name="css-class10">
<xsl:choose>
<xsl:when test="position() mod 2 = 0">even</xsl:when>
<xsl:otherwise>odd</xsl:otherwise>
</xsl:choose>
</xsl:variable>
<tr class="{$css-class10}">
<th>
<xsl:value-of select="@name"/>
</th>
<td>
<xsl:value-of select="."/>
</td>
</tr>
</xsl:for-each>
</table>
</xsl:if>
</xsl:for-each>
</xsl:for-each>
<h2>Received QTYPES per view/zone</h2>
<xsl:for-each select="views/view[zones/zone/counters[@type=&quot;qtype&quot;]/counter &gt;0]">
<h3>View <xsl:value-of select="@name"/></h3>
<xsl:variable name="thisview2">
<xsl:value-of select="@name"/>
</xsl:variable>
<xsl:for-each select="zones/zone">
<xsl:if test="counters[@type=&quot;qtype&quot;]/counter[count(.) &gt; 0]">
<h4>Zone <xsl:value-of select="@name"/></h4>
<xsl:if test="system-property('xsl:vendor')!='Transformiix'">
<!-- Non Mozilla specific markup -->
<script type="text/javascript">
graphs.push({
'title': "Query Types for zone <xsl:value-of select="@name"/>",
'target': 'chart_qtype_<xsl:value-of select="../../@name"/>_<xsl:value-of select="@name"/>',
'data': [['Type','Counter'],<xsl:for-each select="counters[@type=&quot;qtype&quot;]/counter[.&gt;0 and @name != &quot;QryAuthAns&quot;]">['<xsl:value-of select="@name"/>',<xsl:value-of select="."/>],</xsl:for-each>]
});
</script>
<xsl:variable name="target">
<xsl:value-of select="@name"/>
</xsl:variable>
<div class="pie" id="chart_qtype_{$thisview2}_{$target}"/>
</xsl:if>
<table class="counters">
<xsl:for-each select="counters[@type=&quot;qtype&quot;]/counter">
<xsl:sort select="."/>
<xsl:variable name="css-class11">
<xsl:choose>
<xsl:when test="position() mod 2 = 0">even</xsl:when>
<xsl:otherwise>odd</xsl:otherwise>
</xsl:choose>
</xsl:variable>
<tr class="{$css-class11}">
<th>
<xsl:value-of select="@name"/>
</th>
<td>
<xsl:value-of select="."/>
</td>
</tr>
</xsl:for-each>
</table>
</xsl:if>
</xsl:for-each>
</xsl:for-each>
<h2>Network Status</h2>
<table class="counters">
<tr>
<th>ID</th>
<th>Name</th>
<th>Type</th>
<th>References</th>
<th>LocalAddress</th>
<th>PeerAddress</th>
<th>State</th>
</tr>
<xsl:for-each select="socketmgr/sockets/socket">
<xsl:sort select="id"/>
<xsl:variable name="css-class12">
<xsl:choose>
<xsl:when test="position() mod 2 = 0">even</xsl:when>
<xsl:otherwise>odd</xsl:otherwise>
</xsl:choose>
</xsl:variable>
<tr class="{$css-class12}">
<td>
<xsl:value-of select="id"/>
</td>
<td>
<xsl:value-of select="name"/>
</td>
<td>
<xsl:value-of select="type"/>
</td>
<td>
<xsl:value-of select="references"/>
</td>
<td>
<xsl:value-of select="local-address"/>
</td>
<td>
<xsl:value-of select="peer-address"/>
</td>
<td>
<xsl:for-each select="states">
<xsl:value-of select="."/>
</xsl:for-each>
</td>
</tr>
</xsl:for-each>
</table>
<br/>
<h2>Task Manager Configuration</h2>
<table class="counters">
<tr>
<th class="even">Thread-Model</th>
<td>
<xsl:value-of select="taskmgr/thread-model/type"/>
</td>
</tr>
<tr class="odd">
<th>Worker Threads</th>
<td>
<xsl:value-of select="taskmgr/thread-model/worker-threads"/>
</td>
</tr>
<tr class="even">
<th>Default Quantum</th>
<td>
<xsl:value-of select="taskmgr/thread-model/default-quantum"/>
</td>
</tr>
<tr class="odd">
<th>Tasks Running</th>
<td>
<xsl:value-of select="taskmgr/thread-model/tasks-running"/>
</td>
</tr>
</table>
<br/>
<h2>Tasks</h2>
<table class="counters">
<tr>
<th>ID</th>
<th>Name</th>
<th>References</th>
<th>State</th>
<th>Quantum</th>
</tr>
<xsl:for-each select="taskmgr/tasks/task">
<xsl:sort select="name"/>
<xsl:variable name="css-class14">
<xsl:choose>
<xsl:when test="position() mod 2 = 0">even</xsl:when>
<xsl:otherwise>odd</xsl:otherwise>
</xsl:choose>
</xsl:variable>
<tr class="{$css-class14}">
<td>
<xsl:value-of select="id"/>
</td>
<td>
<xsl:value-of select="name"/>
</td>
<td>
<xsl:value-of select="references"/>
</td>
<td>
<xsl:value-of select="state"/>
</td>
<td>
<xsl:value-of select="quantum"/>
</td>
</tr>
</xsl:for-each>
</table>
<br/>
<h2>Memory Usage Summary</h2>
<table class="counters">
<xsl:for-each select="memory/summary/*">
<xsl:variable name="css-class13">
<xsl:choose>
<xsl:when test="position() mod 2 = 0">even</xsl:when>
<xsl:otherwise>odd</xsl:otherwise>
</xsl:choose>
</xsl:variable>
<tr class="{$css-class13}">
<th>
<xsl:value-of select="name()"/>
</th>
<td>
<xsl:value-of select="."/>
</td>
</tr>
</xsl:for-each>
</table>
<br/>
<h2>Memory Contexts</h2>
<table class="counters">
<tr>
<th>ID</th>
<th>Name</th>
<th>References</th>
<th>TotalUse</th>
<th>InUse</th>
<th>MaxUse</th>
<th>BlockSize</th>
<th>Pools</th>
<th>HiWater</th>
<th>LoWater</th>
</tr>
<xsl:for-each select="memory/contexts/context">
<xsl:sort select="total" data-type="number" order="descending"/>
<xsl:variable name="css-class14">
<xsl:choose>
<xsl:when test="position() mod 2 = 0">even</xsl:when>
<xsl:otherwise>odd</xsl:otherwise>
</xsl:choose>
</xsl:variable>
<tr class="{$css-class14}">
<td>
<xsl:value-of select="id"/>
</td>
<td>
<xsl:value-of select="name"/>
</td>
<td>
<xsl:value-of select="references"/>
</td>
<td>
<xsl:value-of select="total"/>
</td>
<td>
<xsl:value-of select="inuse"/>
</td>
<td>
<xsl:value-of select="maxinuse"/>
</td>
<td>
<xsl:value-of select="blocksize"/>
</td>
<td>
<xsl:value-of select="pools"/>
</td>
<td>
<xsl:value-of select="hiwater"/>
</td>
<td>
<xsl:value-of select="lowater"/>
</td>
</tr>
</xsl:for-each>
</table>
<hr/>
<p class="footer">Internet Systems Consortium Inc.<br/><a href="http://www.isc.org">http://www.isc.org</a></p>
</body>
</html>
</xsl:template>
</xsl:stylesheet>

740
bin/named/bind9.ver3.xsl.h Normal file
View File

@ -0,0 +1,740 @@
/*
* Generated by convertxsl.pl 1.14 2008/07/17 23:43:26 jinmei Exp
* From <!-- %Id: bind9.xsl 1.21 2009/01/27 23:47:54 tbox Exp %
*/
static char xslmsg[] =
"<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"
"<!--\n"
" - Copyright (C) 2006-2009 Internet Systems Consortium, Inc. (\"ISC\")\n"
" -\n"
" - Permission to use, copy, modify, and/or distribute this software for any\n"
" - purpose with or without fee is hereby granted, provided that the above\n"
" - copyright notice and this permission notice appear in all copies.\n"
" -\n"
" - THE SOFTWARE IS PROVIDED \"AS IS\" AND ISC DISCLAIMS ALL WARRANTIES WITH\n"
" - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY\n"
" - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,\n"
" - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM\n"
" - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE\n"
" - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR\n"
" - PERFORMANCE OF THIS SOFTWARE.\n"
"-->\n"
"<!-- \045Id: bind9.xsl,v 1.21 2009/01/27 23:47:54 tbox Exp \045 -->\n"
"<xsl:stylesheet xmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\" xmlns=\"http://www.w3.org/1999/xhtml\" version=\"1.0\">\n"
" <xsl:output method=\"html\" indent=\"yes\" version=\"4.0\"/>\n"
" <xsl:template match=\"statistics[@version=&quot;3.0&quot;]\">\n"
" <html>\n"
" <head>\n"
" <xsl:if test=\"system-property('xsl:vendor')!='Transformiix'\">\n"
" <!-- Non Mozilla specific markup -->\n"
" <script type=\"text/javascript\" src=\"https://www.google.com/jsapi\"/>\n"
" <script type=\"text/javascript\">\n"
" \n"
" google.load(\"visualization\", \"1\", {packages:[\"corechart\"]});\n"
" google.setOnLoadCallback(loadGraphs);\n"
"\n"
" var graphs=[];\n"
" \n"
" function drawChart(chart_title,target,data) {\n"
" var data = google.visualization.arrayToDataTable(data);\n"
"\n"
" var options = {\n"
" title: chart_title\n"
" };\n"
" \n"
" var chart = new google.visualization.BarChart(document.getElementById(target));\n"
" chart.draw(data, options);\n"
" }\n"
" \n"
" function loadGraphs(){\n"
" //alert(\"here we are!\");\n"
" var g;\n"
" \n"
" // Server Incoming query Types\n"
" while(g = graphs.shift()){\n"
" // alert(\"going for: \" + g.target);\n"
" if(g.data.length > 1){\n"
" drawChart(g.title,g.target,g.data);\n"
" }\n"
" }\n"
" }\n"
" \n"
" // Server Incoming Queries Types \n"
" graphs.push({\n"
" 'title' : \"Server Incoming Query Types\",\n"
" 'target': 'chart_incoming_qtypes',\n"
" 'data': [['Type','Counter'],<xsl:for-each select=\"server/counters[@type=&quot;qtype&quot;]/counter\">['<xsl:value-of select=\"@name\"/>',<xsl:value-of select=\".\"/>],</xsl:for-each>]\n"
" });\n"
"\n"
"\n"
" // Server Incoming Requests \n"
" graphs.push({\n"
" 'title' : \"Server Incoming Requests\",\n"
" 'target': 'chart_incoming_requests',\n"
" 'data': [['Requests','Counter'],<xsl:for-each select=\"server/counters[@type=&quot;opcode&quot;]/counter\">['<xsl:value-of select=\"@name\"/>',<xsl:value-of select=\".\"/>],</xsl:for-each>]});\n"
" \n"
" \n"
" \n"
" \n"
" </script>\n"
" </xsl:if>\n"
" <style type=\"text/css\">\n"
" body {\n"
" font-family: sans-serif;\n"
" background-color: #ffffff;\n"
" color: #000000;\n"
" font-size: 10pt;\n"
" }\n"
" \n"
" .odd{\n"
" background-color: #f0f0f0;\n"
" }\n"
" \n"
" .even{\n"
" background-color: #ffffff;\n"
" }\n"
" \n"
" p.footer{\n"
" font-style:italic;\n"
" color: grey;\n"
" }\n"
"\n"
" table {\n"
" border-collapse: collapse;\n"
" border: 1px solid grey;\n"
" }\n"
"\n"
" table.counters{\n"
" border: 1px solid grey;\n"
" width: 500px;\n"
" }\n"
" \n"
" table.counters th {\n"
" text-align: center;\n"
" border: 1px solid grey;\n"
" width: 120px;\n"
" }\n"
" table.counters td{\n"
" text-align:center;\n"
" \n"
" }\n"
" \n"
" table.counters tr:hover{\n"
" background-color: #99ddff;\n"
" }\n"
" \n"
" .totals {\n"
" background-color: rgb(1,169,206);\n"
" color: #ffffff;\n"
" }\n"
"\n"
" td, th {\n"
" padding-right: 5px;\n"
" padding-left: 5px;\n"
" border: 1px solid grey;\n"
" }\n"
"\n"
" .header h1 {\n"
" color: rgb(1,169,206);\n"
" padding: 0px;\n"
" }\n"
"\n"
" .content {\n"
" background-color: #ffffff;\n"
" color: #000000;\n"
" padding: 4px;\n"
" }\n"
"\n"
" .item {\n"
" padding: 4px;\n"
" text-align: right;\n"
" }\n"
"\n"
" .value {\n"
" padding: 4px;\n"
" font-weight: bold;\n"
" }\n"
"\n"
"\n"
" h2 {\n"
" color: grey;\n"
" font-size: 14pt;\n"
" width:500px;\n"
" text-align:center;\n"
" }\n"
" \n"
" h3 {\n"
" color: #444444;\n"
" font-size: 12pt;\n"
" width:500px;\n"
" text-align:center;\n"
" \n"
" }\n"
" h4 {\n"
" color: rgb(1,169,206);\n"
" font-size: 10pt;\n"
" width:500px;\n"
" text-align:center;\n"
" \n"
" }\n"
"\n"
" .pie {\n"
" width:500px;\n"
" height: 500px;\n"
" }\n"
"\n"
" </style>\n"
" <title>ISC BIND 9 Statistics</title>\n"
" </head>\n"
" <body>\n"
" <div class=\"header\">\n"
" <h1>ISC Bind 9 Configuration and Statistics</h1>\n"
" </div>\n"
" <hr/>\n"
" <h2>Server Times</h2>\n"
" <table class=\"counters\">\n"
" <tr>\n"
" <th>Boot time:</th>\n"
" <td>\n"
" <xsl:value-of select=\"server/boot-time\"/>\n"
" </td>\n"
" </tr>\n"
" <tr>\n"
" <th>Sample time:</th>\n"
" <td>\n"
" <xsl:value-of select=\"server/current-time\"/>\n"
" </td>\n"
" </tr>\n"
" </table>\n"
" <br/>\n"
" <h2>Incoming Requests</h2>\n"
" <xsl:if test=\"system-property('xsl:vendor')!='Transformiix'\">\n"
" <!-- Non Mozilla specific markup -->\n"
" <div class=\"pie\" id=\"chart_incoming_requests\">[graph incoming requests]</div>\n"
" </xsl:if>\n"
" <table class=\"counters\">\n"
" <xsl:for-each select=\"server/counters[@type=&quot;opcode&quot;]/counter\">\n"
" <xsl:sort select=\".\" data-type=\"number\" order=\"descending\"/>\n"
" <tr>\n"
" <th>\n"
" <xsl:value-of select=\"@name\"/>\n"
" </th>\n"
" <td>\n"
" <xsl:value-of select=\".\"/>\n"
" </td>\n"
" </tr>\n"
" </xsl:for-each>\n"
" <tr>\n"
" <th class=\"totals\">Total:</th>\n"
" <td class=\"totals\">\n"
" <xsl:value-of select=\"sum(server/counters[@type=&quot;opcode&quot;]/counter)\"/>\n"
" </td>\n"
" </tr>\n"
" </table>\n"
" <br/>\n"
" <h3>Incoming Queries by Type</h3>\n"
" <xsl:if test=\"system-property('xsl:vendor')!='Transformiix'\">\n"
" <!-- Non Mozilla specific markup -->\n"
" <div class=\"pie\" id=\"chart_incoming_qtypes\">[graph incoming qtypes]</div>\n"
" </xsl:if>\n"
" <table class=\"counters\">\n"
" <xsl:for-each select=\"server/counters[@type=&quot;qtype&quot;]/counter\">\n"
" <xsl:sort select=\".\" data-type=\"number\" order=\"descending\"/>\n"
" <xsl:variable name=\"css-class\">\n"
" <xsl:choose>\n"
" <xsl:when test=\"position() mod 2 = 0\">even</xsl:when>\n"
" <xsl:otherwise>odd</xsl:otherwise>\n"
" </xsl:choose>\n"
" </xsl:variable>\n"
" <tr class=\"{$css-class}\">\n"
" <th>\n"
" <xsl:value-of select=\"@name\"/>\n"
" </th>\n"
" <td>\n"
" <xsl:value-of select=\".\"/>\n"
" </td>\n"
" </tr>\n"
" </xsl:for-each>\n"
" <tr>\n"
" <th class=\"totals\">Total:</th>\n"
" <td class=\"totals\">\n"
" <xsl:value-of select=\"sum(server/counters[@type=&quot;qtype&quot;]/counter)\"/>\n"
" </td>\n"
" </tr>\n"
" </table>\n"
" <br/>\n"
" <h2>Outgoing Queries per view</h2>\n"
" <xsl:for-each select=\"views/view[count(counters[@type=&quot;resqtype&quot;]/counter) &gt; 0]\">\n"
" <h3>View <xsl:value-of select=\"@name\"/></h3>\n"
" <xsl:if test=\"system-property('xsl:vendor')!='Transformiix'\">\n"
" <!-- Non Mozilla specific markup -->\n"
" <script type=\"text/javascript\">\n"
" graphs.push({\n"
" 'title': \"Outgoing queries for view: <xsl:value-of select=\"@name\"/>\",\n"
" 'target': 'chart_outgoing_queries_view_<xsl:value-of select=\"@name\"/>',\n"
" 'data': [['Type','Counter'],<xsl:for-each select=\"counters[@type=&quot;resqtype&quot;]/counter\">['<xsl:value-of select=\"@name\"/>',<xsl:value-of select=\".\"/>],</xsl:for-each>]\n"
" });\n"
" \n"
" </script>\n"
" <xsl:variable name=\"target\">\n"
" <xsl:value-of select=\"@name\"/>\n"
" </xsl:variable>\n"
" <div class=\"pie\" id=\"chart_outgoing_queries_view_{$target}\"/>\n"
" </xsl:if>\n"
" <table class=\"counters\">\n"
" <xsl:for-each select=\"counters[@type=&quot;resqtype&quot;]/counter\">\n"
" <xsl:sort select=\".\" data-type=\"number\" order=\"descending\"/>\n"
" <xsl:variable name=\"css-class1\">\n"
" <xsl:choose>\n"
" <xsl:when test=\"position() mod 2 = 0\">even</xsl:when>\n"
" <xsl:otherwise>odd</xsl:otherwise>\n"
" </xsl:choose>\n"
" </xsl:variable>\n"
" <tr class=\"{$css-class1}\">\n"
" <th>\n"
" <xsl:value-of select=\"@name\"/>\n"
" </th>\n"
" <td>\n"
" <xsl:value-of select=\".\"/>\n"
" </td>\n"
" </tr>\n"
" </xsl:for-each>\n"
" </table>\n"
" <br/>\n"
" </xsl:for-each>\n"
" <h2>Server Statistics</h2>\n"
" <xsl:if test=\"system-property('xsl:vendor')!='Transformiix'\">\n"
" <!-- Non Mozilla specific markup -->\n"
" <script type=\"text/javascript\">\n"
" graphs.push({\n"
" 'title' : \"Server Response Types\",\n"
" 'target': 'chart_server_nsstat_restype',\n"
" 'data': [['Type','Counter'],<xsl:for-each select=\"server/counters[@type=&quot;nsstat&quot;]/counter[.&gt;0]\">['<xsl:value-of select=\"@name\"/>',<xsl:value-of select=\".\"/>],</xsl:for-each>]\n"
" });\n"
" \n"
" </script>\n"
" <div class=\"pie\" id=\"chart_server_nsstat_restype\"/>\n"
" </xsl:if>\n"
" <table class=\"counters\">\n"
" <xsl:for-each select=\"server/counters[@type=&quot;nsstat&quot;]/counter[.&gt;0]\">\n"
" <xsl:sort select=\".\" data-type=\"number\" order=\"descending\"/>\n"
" <xsl:variable name=\"css-class2\">\n"
" <xsl:choose>\n"
" <xsl:when test=\"position() mod 2 = 0\">even</xsl:when>\n"
" <xsl:otherwise>odd</xsl:otherwise>\n"
" </xsl:choose>\n"
" </xsl:variable>\n"
" <tr class=\"{$css-class2}\">\n"
" <th>\n"
" <xsl:value-of select=\"@name\"/>\n"
" </th>\n"
" <td>\n"
" <xsl:value-of select=\".\"/>\n"
" </td>\n"
" </tr>\n"
" </xsl:for-each>\n"
" </table>\n"
" <br/>\n"
" <h2>Zone Maintenance Statistics</h2>\n"
" <xsl:if test=\"system-property('xsl:vendor')!='Transformiix'\">\n"
" <script type=\"text/javascript\">\n"
" graphs.push({\n"
" 'title' : \"Zone Maintenance Stats\",\n"
" 'target': 'chart_server_zone_maint',\n"
" 'data': [['Type','Counter'],<xsl:for-each select=\"server/counters[@type=&quot;zonestat&quot;]/counter\">['<xsl:value-of select=\"@name\"/>',<xsl:value-of select=\".\"/>],</xsl:for-each>]\n"
" });\n"
"\n"
" </script>\n"
" <!-- Non Mozilla specific markup -->\n"
" <div class=\"pie\" id=\"chart_server_zone_maint\"/>\n"
" </xsl:if>\n"
" <table class=\"counters\">\n"
" <xsl:for-each select=\"server/counters[@type=&quot;zonestat&quot;]/counter\">\n"
" <xsl:sort select=\".\" data-type=\"number\" order=\"descending\"/>\n"
" <xsl:variable name=\"css-class3\">\n"
" <xsl:choose>\n"
" <xsl:when test=\"position() mod 2 = 0\">even</xsl:when>\n"
" <xsl:otherwise>odd</xsl:otherwise>\n"
" </xsl:choose>\n"
" </xsl:variable>\n"
" <tr class=\"{$css-class3}\">\n"
" <th>\n"
" <xsl:value-of select=\"@name\"/>\n"
" </th>\n"
" <td>\n"
" <xsl:value-of select=\".\"/>\n"
" </td>\n"
" </tr>\n"
" </xsl:for-each>\n"
" </table>\n"
" <h2>Resolver Statistics (Common)</h2>\n"
" <table class=\"counters\">\n"
" <xsl:for-each select=\"server/counters[@type=&quot;restat&quot;]/counter\">\n"
" <xsl:sort select=\".\" data-type=\"number\" order=\"descending\"/>\n"
" <xsl:variable name=\"css-class4\">\n"
" <xsl:choose>\n"
" <xsl:when test=\"position() mod 2 = 0\">even</xsl:when>\n"
" <xsl:otherwise>odd</xsl:otherwise>\n"
" </xsl:choose>\n"
" </xsl:variable>\n"
" <tr class=\"{$css-class4}\">\n"
" <th>\n"
" <xsl:value-of select=\"@name\"/>\n"
" </th>\n"
" <td>\n"
" <xsl:value-of select=\".\"/>\n"
" </td>\n"
" </tr>\n"
" </xsl:for-each>\n"
" </table>\n"
" <xsl:for-each select=\"views/view\">\n"
" <h3>Resolver Statistics for View <xsl:value-of select=\"@name\"/></h3>\n"
" <table class=\"counters\">\n"
" <xsl:for-each select=\"counters[@type=&quot;resstats&quot;]/counter[.&gt;0]\">\n"
" <xsl:sort select=\".\" data-type=\"number\" order=\"descending\"/>\n"
" <xsl:variable name=\"css-class5\">\n"
" <xsl:choose>\n"
" <xsl:when test=\"position() mod 2 = 0\">even</xsl:when>\n"
" <xsl:otherwise>odd</xsl:otherwise>\n"
" </xsl:choose>\n"
" </xsl:variable>\n"
" <tr class=\"{$css-class5}\">\n"
" <th>\n"
" <xsl:value-of select=\"@name\"/>\n"
" </th>\n"
" <td>\n"
" <xsl:value-of select=\".\"/>\n"
" </td>\n"
" </tr>\n"
" </xsl:for-each>\n"
" </table>\n"
" </xsl:for-each>\n"
" <h3>Cache DB RRsets for View <xsl:value-of select=\"@name\"/></h3>\n"
" <xsl:for-each select=\"views/view\">\n"
" <table class=\"counters\">\n"
" <xsl:for-each select=\"cache/rrset\">\n"
" <xsl:variable name=\"css-class6\">\n"
" <xsl:choose>\n"
" <xsl:when test=\"position() mod 2 = 0\">even</xsl:when>\n"
" <xsl:otherwise>odd</xsl:otherwise>\n"
" </xsl:choose>\n"
" </xsl:variable>\n"
" <tr class=\"{$css-class6}\">\n"
" <th>\n"
" <xsl:value-of select=\"name\"/>\n"
" </th>\n"
" <td>\n"
" <xsl:value-of select=\"counter\"/>\n"
" </td>\n"
" </tr>\n"
" </xsl:for-each>\n"
" </table>\n"
" <br/>\n"
" </xsl:for-each>\n"
" <h2>Socket I/O Statistics</h2>\n"
" <table class=\"counters\">\n"
" <xsl:for-each select=\"server/counters[@type=&quot;sockstat&quot;]/counter[.&gt;0]\">\n"
" <xsl:variable name=\"css-class7\">\n"
" <xsl:choose>\n"
" <xsl:when test=\"position() mod 2 = 0\">even</xsl:when>\n"
" <xsl:otherwise>odd</xsl:otherwise>\n"
" </xsl:choose>\n"
" </xsl:variable>\n"
" <tr class=\"{$css-class7}\">\n"
" <th>\n"
" <xsl:value-of select=\"@name\"/>\n"
" </th>\n"
" <td>\n"
" <xsl:value-of select=\".\"/>\n"
" </td>\n"
" </tr>\n"
" </xsl:for-each>\n"
" </table>\n"
" <br/>\n"
" <br/>\n"
" <h2>Response Codes per view/zone</h2>\n"
" <xsl:for-each select=\"views/view[zones/zone/counters[@type=&quot;rcode&quot;]/counter &gt;0]\">\n"
" <h3>View <xsl:value-of select=\"@name\"/></h3>\n"
" <xsl:variable name=\"thisview\">\n"
" <xsl:value-of select=\"@name\"/>\n"
" </xsl:variable>\n"
" <xsl:for-each select=\"zones/zone\">\n"
" <xsl:if test=\"counters[@type=&quot;rcode&quot;]/counter[. &gt; 0]\">\n"
" <h4>Zone <xsl:value-of select=\"@name\"/></h4>\n"
" <xsl:if test=\"system-property('xsl:vendor')!='Transformiix'\">\n"
" <!-- Non Mozilla specific markup -->\n"
" <script type=\"text/javascript\">\n"
" graphs.push({\n"
" 'title': \"Response Codes for zone <xsl:value-of select=\"@name\"/>\",\n"
" 'target': 'chart_rescode_<xsl:value-of select=\"../../@name\"/>_<xsl:value-of select=\"@name\"/>',\n"
" 'data': [['Type','Counter'],<xsl:for-each select=\"counters[@type=&quot;rcode&quot;]/counter[.&gt;0 and @name != &quot;QryAuthAns&quot;]\">['<xsl:value-of select=\"@name\"/>',<xsl:value-of select=\".\"/>],</xsl:for-each>]\n"
" });\n"
"\n"
" </script>\n"
" <xsl:variable name=\"target\">\n"
" <xsl:value-of select=\"@name\"/>\n"
" </xsl:variable>\n"
" <div class=\"pie\" id=\"chart_rescode_{$thisview}_{$target}\"/>\n"
" </xsl:if>\n"
" <table class=\"counters\">\n"
" <xsl:for-each select=\"counters[@type=&quot;rcode&quot;]/counter[.&gt;0 and @name != &quot;QryAuthAns&quot;]\">\n"
" <xsl:sort select=\".\"/>\n"
" <xsl:variable name=\"css-class10\">\n"
" <xsl:choose>\n"
" <xsl:when test=\"position() mod 2 = 0\">even</xsl:when>\n"
" <xsl:otherwise>odd</xsl:otherwise>\n"
" </xsl:choose>\n"
" </xsl:variable>\n"
" <tr class=\"{$css-class10}\">\n"
" <th>\n"
" <xsl:value-of select=\"@name\"/>\n"
" </th>\n"
" <td>\n"
" <xsl:value-of select=\".\"/>\n"
" </td>\n"
" </tr>\n"
" </xsl:for-each>\n"
" </table>\n"
" </xsl:if>\n"
" </xsl:for-each>\n"
" </xsl:for-each>\n"
" <h2>Received QTYPES per view/zone</h2>\n"
" <xsl:for-each select=\"views/view[zones/zone/counters[@type=&quot;qtype&quot;]/counter &gt;0]\">\n"
" <h3>View <xsl:value-of select=\"@name\"/></h3>\n"
" <xsl:variable name=\"thisview2\">\n"
" <xsl:value-of select=\"@name\"/>\n"
" </xsl:variable>\n"
" <xsl:for-each select=\"zones/zone\">\n"
" <xsl:if test=\"counters[@type=&quot;qtype&quot;]/counter[count(.) &gt; 0]\">\n"
" <h4>Zone <xsl:value-of select=\"@name\"/></h4>\n"
" <xsl:if test=\"system-property('xsl:vendor')!='Transformiix'\">\n"
" <!-- Non Mozilla specific markup -->\n"
" <script type=\"text/javascript\">\n"
" graphs.push({\n"
" 'title': \"Query Types for zone <xsl:value-of select=\"@name\"/>\",\n"
" 'target': 'chart_qtype_<xsl:value-of select=\"../../@name\"/>_<xsl:value-of select=\"@name\"/>',\n"
" 'data': [['Type','Counter'],<xsl:for-each select=\"counters[@type=&quot;qtype&quot;]/counter[.&gt;0 and @name != &quot;QryAuthAns&quot;]\">['<xsl:value-of select=\"@name\"/>',<xsl:value-of select=\".\"/>],</xsl:for-each>]\n"
" });\n"
"\n"
" </script>\n"
" <xsl:variable name=\"target\">\n"
" <xsl:value-of select=\"@name\"/>\n"
" </xsl:variable>\n"
" <div class=\"pie\" id=\"chart_qtype_{$thisview2}_{$target}\"/>\n"
" </xsl:if>\n"
" <table class=\"counters\">\n"
" <xsl:for-each select=\"counters[@type=&quot;qtype&quot;]/counter\">\n"
" <xsl:sort select=\".\"/>\n"
" <xsl:variable name=\"css-class11\">\n"
" <xsl:choose>\n"
" <xsl:when test=\"position() mod 2 = 0\">even</xsl:when>\n"
" <xsl:otherwise>odd</xsl:otherwise>\n"
" </xsl:choose>\n"
" </xsl:variable>\n"
" <tr class=\"{$css-class11}\">\n"
" <th>\n"
" <xsl:value-of select=\"@name\"/>\n"
" </th>\n"
" <td>\n"
" <xsl:value-of select=\".\"/>\n"
" </td>\n"
" </tr>\n"
" </xsl:for-each>\n"
" </table>\n"
" </xsl:if>\n"
" </xsl:for-each>\n"
" </xsl:for-each>\n"
" <h2>Network Status</h2>\n"
" <table class=\"counters\">\n"
" <tr>\n"
" <th>ID</th>\n"
" <th>Name</th>\n"
" <th>Type</th>\n"
" <th>References</th>\n"
" <th>LocalAddress</th>\n"
" <th>PeerAddress</th>\n"
" <th>State</th>\n"
" </tr>\n"
" <xsl:for-each select=\"socketmgr/sockets/socket\">\n"
" <xsl:sort select=\"id\"/>\n"
" <xsl:variable name=\"css-class12\">\n"
" <xsl:choose>\n"
" <xsl:when test=\"position() mod 2 = 0\">even</xsl:when>\n"
" <xsl:otherwise>odd</xsl:otherwise>\n"
" </xsl:choose>\n"
" </xsl:variable>\n"
" <tr class=\"{$css-class12}\">\n"
" <td>\n"
" <xsl:value-of select=\"id\"/>\n"
" </td>\n"
" <td>\n"
" <xsl:value-of select=\"name\"/>\n"
" </td>\n"
" <td>\n"
" <xsl:value-of select=\"type\"/>\n"
" </td>\n"
" <td>\n"
" <xsl:value-of select=\"references\"/>\n"
" </td>\n"
" <td>\n"
" <xsl:value-of select=\"local-address\"/>\n"
" </td>\n"
" <td>\n"
" <xsl:value-of select=\"peer-address\"/>\n"
" </td>\n"
" <td>\n"
" <xsl:for-each select=\"states\">\n"
" <xsl:value-of select=\".\"/>\n"
" </xsl:for-each>\n"
" </td>\n"
" </tr>\n"
" </xsl:for-each>\n"
" </table>\n"
" <br/>\n"
" <h2>Task Manager Configuration</h2>\n"
" <table class=\"counters\">\n"
" <tr>\n"
" <th class=\"even\">Thread-Model</th>\n"
" <td>\n"
" <xsl:value-of select=\"taskmgr/thread-model/type\"/>\n"
" </td>\n"
" </tr>\n"
" <tr class=\"odd\">\n"
" <th>Worker Threads</th>\n"
" <td>\n"
" <xsl:value-of select=\"taskmgr/thread-model/worker-threads\"/>\n"
" </td>\n"
" </tr>\n"
" <tr class=\"even\">\n"
" <th>Default Quantum</th>\n"
" <td>\n"
" <xsl:value-of select=\"taskmgr/thread-model/default-quantum\"/>\n"
" </td>\n"
" </tr>\n"
" <tr class=\"odd\">\n"
" <th>Tasks Running</th>\n"
" <td>\n"
" <xsl:value-of select=\"taskmgr/thread-model/tasks-running\"/>\n"
" </td>\n"
" </tr>\n"
" </table>\n"
" <br/>\n"
" <h2>Tasks</h2>\n"
" <table class=\"counters\">\n"
" <tr>\n"
" <th>ID</th>\n"
" <th>Name</th>\n"
" <th>References</th>\n"
" <th>State</th>\n"
" <th>Quantum</th>\n"
" </tr>\n"
" <xsl:for-each select=\"taskmgr/tasks/task\">\n"
" <xsl:sort select=\"name\"/>\n"
" <xsl:variable name=\"css-class14\">\n"
" <xsl:choose>\n"
" <xsl:when test=\"position() mod 2 = 0\">even</xsl:when>\n"
" <xsl:otherwise>odd</xsl:otherwise>\n"
" </xsl:choose>\n"
" </xsl:variable>\n"
" <tr class=\"{$css-class14}\">\n"
" <td>\n"
" <xsl:value-of select=\"id\"/>\n"
" </td>\n"
" <td>\n"
" <xsl:value-of select=\"name\"/>\n"
" </td>\n"
" <td>\n"
" <xsl:value-of select=\"references\"/>\n"
" </td>\n"
" <td>\n"
" <xsl:value-of select=\"state\"/>\n"
" </td>\n"
" <td>\n"
" <xsl:value-of select=\"quantum\"/>\n"
" </td>\n"
" </tr>\n"
" </xsl:for-each>\n"
" </table>\n"
" <br/>\n"
" <h2>Memory Usage Summary</h2>\n"
" <table class=\"counters\">\n"
" <xsl:for-each select=\"memory/summary/*\">\n"
" <xsl:variable name=\"css-class13\">\n"
" <xsl:choose>\n"
" <xsl:when test=\"position() mod 2 = 0\">even</xsl:when>\n"
" <xsl:otherwise>odd</xsl:otherwise>\n"
" </xsl:choose>\n"
" </xsl:variable>\n"
" <tr class=\"{$css-class13}\">\n"
" <th>\n"
" <xsl:value-of select=\"name()\"/>\n"
" </th>\n"
" <td>\n"
" <xsl:value-of select=\".\"/>\n"
" </td>\n"
" </tr>\n"
" </xsl:for-each>\n"
" </table>\n"
" <br/>\n"
" <h2>Memory Contexts</h2>\n"
" <table class=\"counters\">\n"
" <tr>\n"
" <th>ID</th>\n"
" <th>Name</th>\n"
" <th>References</th>\n"
" <th>TotalUse</th>\n"
" <th>InUse</th>\n"
" <th>MaxUse</th>\n"
" <th>BlockSize</th>\n"
" <th>Pools</th>\n"
" <th>HiWater</th>\n"
" <th>LoWater</th>\n"
" </tr>\n"
" <xsl:for-each select=\"memory/contexts/context\">\n"
" <xsl:sort select=\"total\" data-type=\"number\" order=\"descending\"/>\n"
" <xsl:variable name=\"css-class14\">\n"
" <xsl:choose>\n"
" <xsl:when test=\"position() mod 2 = 0\">even</xsl:when>\n"
" <xsl:otherwise>odd</xsl:otherwise>\n"
" </xsl:choose>\n"
" </xsl:variable>\n"
" <tr class=\"{$css-class14}\">\n"
" <td>\n"
" <xsl:value-of select=\"id\"/>\n"
" </td>\n"
" <td>\n"
" <xsl:value-of select=\"name\"/>\n"
" </td>\n"
" <td>\n"
" <xsl:value-of select=\"references\"/>\n"
" </td>\n"
" <td>\n"
" <xsl:value-of select=\"total\"/>\n"
" </td>\n"
" <td>\n"
" <xsl:value-of select=\"inuse\"/>\n"
" </td>\n"
" <td>\n"
" <xsl:value-of select=\"maxinuse\"/>\n"
" </td>\n"
" <td>\n"
" <xsl:value-of select=\"blocksize\"/>\n"
" </td>\n"
" <td>\n"
" <xsl:value-of select=\"pools\"/>\n"
" </td>\n"
" <td>\n"
" <xsl:value-of select=\"hiwater\"/>\n"
" </td>\n"
" <td>\n"
" <xsl:value-of select=\"lowater\"/>\n"
" </td>\n"
" </tr>\n"
" </xsl:for-each>\n"
" </table>\n"
" <hr/>\n"
" <p class=\"footer\">Internet Systems Consortium Inc.<br/><a href=\"http://www.isc.org\">http://www.isc.org</a></p>\n"
" </body>\n"
" </html>\n"
" </xsl:template>\n"
"</xsl:stylesheet>\n";

15
bin/named/builtin.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: builtin.c,v 1.20.14.3 2012/01/11 20:19:40 ckb Exp $ */
/* $Id: builtin.c,v 1.26 2012/01/21 19:44:18 each Exp $ */
/*! \file
* \brief
@ -281,11 +281,14 @@ dns64_cname(const dns_name_t *zone, const dns_name_t *name,
static isc_result_t
builtin_lookup(const char *zone, const char *name, void *dbdata,
dns_sdblookup_t *lookup)
dns_sdblookup_t *lookup, dns_clientinfomethods_t *methods,
dns_clientinfo_t *clientinfo)
{
builtin_t *b = (builtin_t *) dbdata;
UNUSED(zone);
UNUSED(methods);
UNUSED(clientinfo);
if (strcmp(name, "@") == 0)
return (b->do_lookup(lookup));
@ -295,10 +298,14 @@ builtin_lookup(const char *zone, const char *name, void *dbdata,
static isc_result_t
dns64_lookup(const dns_name_t *zone, const dns_name_t *name, void *dbdata,
dns_sdblookup_t *lookup)
dns_sdblookup_t *lookup, dns_clientinfomethods_t *methods,
dns_clientinfo_t *clientinfo)
{
builtin_t *b = (builtin_t *) dbdata;
UNUSED(methods);
UNUSED(clientinfo);
if (name->labels == 0 && name->length == 0)
return (b->do_lookup(lookup));
else
@ -353,6 +360,8 @@ do_authors_lookup(dns_sdblookup_t *lookup) {
"Curtis Blackburn",
"James Brister",
"Ben Cottrell",
"John H. DuBois III",
"Francis Dupont",
"Michael Graff",
"Andreas Gustafsson",
"Bob Halley",

510
bin/named/client.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: client.c,v 1.271.10.4 2012/01/31 23:46:39 tbox Exp $ */
/* $Id$ */
#include <config.h>
@ -24,6 +24,7 @@
#include <isc/once.h>
#include <isc/platform.h>
#include <isc/print.h>
#include <isc/queue.h>
#include <isc/stats.h>
#include <isc/stdio.h>
#include <isc/string.h>
@ -116,15 +117,26 @@
struct ns_clientmgr {
/* Unlocked. */
unsigned int magic;
/* The queue object has its own locks */
client_queue_t inactive; /*%< To be recycled */
isc_mem_t * mctx;
isc_taskmgr_t * taskmgr;
isc_timermgr_t * timermgr;
/* Lock covers manager state. */
isc_mutex_t lock;
/* Locked by lock. */
isc_boolean_t exiting;
client_list_t active; /*%< Active clients */
client_list_t recursing; /*%< Recursing clients */
client_list_t inactive; /*%< To be recycled */
/* Lock covers the clients list */
isc_mutex_t listlock;
client_list_t clients; /*%< All active clients */
/* Lock covers the recursing list */
isc_mutex_t reclock;
client_list_t recursing; /*%< Recursing clients */
#if NMCTXS > 0
/*%< mctx pool for clients. */
unsigned int nextmctx;
@ -188,6 +200,12 @@ struct ns_clientmgr {
* recursion quota, and an outstanding write request.
*/
#define NS_CLIENTSTATE_RECURSING 5
/*%<
* The client object is recursing. It will be on the 'recursing'
* list.
*/
#define NS_CLIENTSTATE_MAX 9
/*%<
* Sentinel value used to indicate "no state". When client->newstate
@ -210,20 +228,21 @@ static void client_udprecv(ns_client_t *client);
static void clientmgr_destroy(ns_clientmgr_t *manager);
static isc_boolean_t exit_check(ns_client_t *client);
static void ns_client_endrequest(ns_client_t *client);
static void ns_client_checkactive(ns_client_t *client);
static void client_start(isc_task_t *task, isc_event_t *event);
static void client_request(isc_task_t *task, isc_event_t *event);
static void ns_client_dumpmessage(ns_client_t *client, const char *reason);
static isc_result_t get_client(ns_clientmgr_t *manager, ns_interface_t *ifp,
dns_dispatch_t *disp, isc_boolean_t tcp);
void
ns_client_recursing(ns_client_t *client) {
REQUIRE(NS_CLIENT_VALID(client));
REQUIRE(client->state == NS_CLIENTSTATE_WORKING);
LOCK(&client->manager->lock);
ISC_LIST_UNLINK(*client->list, client, link);
ISC_LIST_APPEND(client->manager->recursing, client, link);
client->list = &client->manager->recursing;
UNLOCK(&client->manager->lock);
LOCK(&client->manager->reclock);
client->newstate = client->state = NS_CLIENTSTATE_RECURSING;
ISC_LIST_APPEND(client->manager->recursing, client, rlink);
UNLOCK(&client->manager->reclock);
}
void
@ -231,15 +250,14 @@ ns_client_killoldestquery(ns_client_t *client) {
ns_client_t *oldest;
REQUIRE(NS_CLIENT_VALID(client));
LOCK(&client->manager->lock);
LOCK(&client->manager->reclock);
oldest = ISC_LIST_HEAD(client->manager->recursing);
if (oldest != NULL) {
ISC_LIST_UNLINK(client->manager->recursing, oldest, rlink);
UNLOCK(&client->manager->reclock);
ns_query_cancel(oldest);
ISC_LIST_UNLINK(*oldest->list, oldest, link);
ISC_LIST_APPEND(client->manager->active, oldest, link);
oldest->list = &client->manager->active;
}
UNLOCK(&client->manager->lock);
} else
UNLOCK(&client->manager->reclock);
}
void
@ -268,15 +286,16 @@ ns_client_settimeout(ns_client_t *client, unsigned int seconds) {
*/
static isc_boolean_t
exit_check(ns_client_t *client) {
ns_clientmgr_t *locked_manager = NULL;
ns_clientmgr_t *destroy_manager = NULL;
isc_boolean_t destroy_manager = ISC_FALSE;
ns_clientmgr_t *manager = NULL;
REQUIRE(NS_CLIENT_VALID(client));
manager = client->manager;
if (client->state <= client->newstate)
return (ISC_FALSE); /* Business as usual. */
INSIST(client->newstate < NS_CLIENTSTATE_WORKING);
INSIST(client->newstate < NS_CLIENTSTATE_RECURSING);
/*
* We need to detach from the view early when shutting down
@ -293,13 +312,16 @@ exit_check(ns_client_t *client) {
client->newstate == NS_CLIENTSTATE_FREED && client->view != NULL)
dns_view_detach(&client->view);
if (client->state == NS_CLIENTSTATE_WORKING) {
if (client->state == NS_CLIENTSTATE_WORKING ||
client->state == NS_CLIENTSTATE_RECURSING)
{
INSIST(client->newstate <= NS_CLIENTSTATE_READING);
/*
* Let the update processing complete.
*/
if (client->nupdates > 0)
return (ISC_TRUE);
/*
* We are trying to abort request processing.
*/
@ -322,23 +344,28 @@ exit_check(ns_client_t *client) {
*/
return (ISC_TRUE);
}
/*
* I/O cancel is complete. Burn down all state
* related to the current request. Ensure that
* the client is on the active list and not the
* recursing list.
* the client is no longer on the recursing list.
*
* We need to check whether the client is still linked,
* because it may already have been removed from the
* recursing list by ns_client_killoldestquery()
*/
LOCK(&client->manager->lock);
if (client->list == &client->manager->recursing) {
ISC_LIST_UNLINK(*client->list, client, link);
ISC_LIST_APPEND(client->manager->active, client, link);
client->list = &client->manager->active;
if (client->state == NS_CLIENTSTATE_RECURSING) {
LOCK(&manager->reclock);
if (ISC_LINK_LINKED(client, rlink))
ISC_LIST_UNLINK(manager->recursing,
client, rlink);
UNLOCK(&manager->reclock);
}
UNLOCK(&client->manager->lock);
ns_client_endrequest(client);
client->state = NS_CLIENTSTATE_READING;
INSIST(client->recursionquota == NULL);
if (NS_CLIENTSTATE_READING == client->newstate) {
client_read(client);
client->newstate = NS_CLIENTSTATE_MAX;
@ -389,8 +416,27 @@ exit_check(ns_client_t *client) {
* or UDP request, but we may have enough clients doing
* that already. Check whether this client needs to remain
* active and force it to go inactive if not.
*
* UDP clients go inactive at this point, but TCP clients
* may remain active if we have fewer active TCP client
* objects than desired due to an earlier quota exhaustion.
*/
ns_client_checkactive(client);
if (client->mortal && TCP_CLIENT(client) && !ns_g_clienttest) {
LOCK(&client->interface->lock);
if (client->interface->ntcpcurrent <
client->interface->ntcptarget)
client->mortal = ISC_FALSE;
UNLOCK(&client->interface->lock);
}
/*
* We don't need the client; send it to the inactive
* queue for recycling.
*/
if (client->mortal) {
if (client->newstate > NS_CLIENTSTATE_INACTIVE)
client->newstate = NS_CLIENTSTATE_INACTIVE;
}
if (NS_CLIENTSTATE_READY == client->newstate) {
if (TCP_CLIENT(client)) {
@ -404,6 +450,7 @@ exit_check(ns_client_t *client) {
if (client->state == NS_CLIENTSTATE_READY) {
INSIST(client->newstate <= NS_CLIENTSTATE_INACTIVE);
/*
* We are trying to enter the inactive state.
*/
@ -411,25 +458,22 @@ exit_check(ns_client_t *client) {
isc_socket_cancel(client->tcplistener, client->task,
ISC_SOCKCANCEL_ACCEPT);
if (! (client->naccepts == 0)) {
/* Still waiting for accept cancel completion. */
/* Still waiting for accept cancel completion. */
if (! (client->naccepts == 0))
return (ISC_TRUE);
}
/* Accept cancel is complete. */
/* Accept cancel is complete. */
if (client->nrecvs > 0)
isc_socket_cancel(client->udpsocket, client->task,
ISC_SOCKCANCEL_RECV);
if (! (client->nrecvs == 0)) {
/* Still waiting for recv cancel completion. */
return (ISC_TRUE);
}
/* Recv cancel is complete. */
if (client->nctls > 0) {
/* Still waiting for control event to be delivered */
/* Still waiting for recv cancel completion. */
if (! (client->nrecvs == 0))
return (ISC_TRUE);
/* Still waiting for control event to be delivered */
if (client->nctls > 0)
return (ISC_TRUE);
}
/* Deactivate the client. */
if (client->interface)
@ -449,7 +493,6 @@ exit_check(ns_client_t *client) {
client->attributes = 0;
client->mortal = ISC_FALSE;
LOCK(&client->manager->lock);
/*
* Put the client on the inactive list. If we are aiming for
* the "freed" state, it will be removed from the inactive
@ -457,18 +500,18 @@ exit_check(ns_client_t *client) {
* that has been done, lest the manager decide to reactivate
* the dying client inbetween.
*/
locked_manager = client->manager;
ISC_LIST_UNLINK(*client->list, client, link);
ISC_LIST_APPEND(client->manager->inactive, client, link);
client->list = &client->manager->inactive;
client->state = NS_CLIENTSTATE_INACTIVE;
INSIST(client->recursionquota == NULL);
if (client->state == client->newstate) {
client->newstate = NS_CLIENTSTATE_MAX;
if (!ns_g_clienttest && manager != NULL &&
!manager->exiting)
ISC_QUEUE_PUSH(manager->inactive, client,
ilink);
if (client->needshutdown)
isc_task_shutdown(client->task);
goto unlock;
return (ISC_TRUE);
}
}
@ -485,6 +528,7 @@ exit_check(ns_client_t *client) {
REQUIRE(client->state == NS_CLIENTSTATE_INACTIVE);
INSIST(client->recursionquota == NULL);
INSIST(!ISC_QLINK_LINKED(client, ilink));
ns_query_free(client);
isc_mem_put(client->mctx, client->recvbuf, RECV_BUFFER_SIZE);
@ -493,27 +537,27 @@ exit_check(ns_client_t *client) {
isc_timer_detach(&client->timer);
if (client->tcpbuf != NULL)
isc_mem_put(client->mctx, client->tcpbuf, TCP_BUFFER_SIZE);
isc_mem_put(client->mctx, client->tcpbuf,
TCP_BUFFER_SIZE);
if (client->opt != NULL) {
INSIST(dns_rdataset_isassociated(client->opt));
dns_rdataset_disassociate(client->opt);
dns_message_puttemprdataset(client->message, &client->opt);
dns_message_puttemprdataset(client->message,
&client->opt);
}
dns_message_destroy(&client->message);
if (client->manager != NULL) {
ns_clientmgr_t *manager = client->manager;
if (locked_manager == NULL) {
LOCK(&manager->lock);
locked_manager = manager;
}
ISC_LIST_UNLINK(*client->list, client, link);
client->list = NULL;
if (manager != NULL) {
LOCK(&manager->listlock);
ISC_LIST_UNLINK(manager->clients, client, link);
LOCK(&manager->lock);
if (manager->exiting &&
ISC_LIST_EMPTY(manager->active) &&
ISC_LIST_EMPTY(manager->inactive) &&
ISC_LIST_EMPTY(manager->recursing))
destroy_manager = manager;
ISC_LIST_EMPTY(manager->clients))
destroy_manager = ISC_TRUE;
UNLOCK(&manager->lock);
UNLOCK(&manager->listlock);
}
/*
* Detaching the task must be done after unlinking from
* the manager's lists because the manager accesses
@ -524,6 +568,7 @@ exit_check(ns_client_t *client) {
CTRACE("free");
client->magic = 0;
/*
* Check that there are no other external references to
* the memory context.
@ -533,22 +578,10 @@ exit_check(ns_client_t *client) {
INSIST(0);
}
isc_mem_putanddetach(&client->mctx, client, sizeof(*client));
goto unlock;
}
unlock:
if (locked_manager != NULL) {
UNLOCK(&locked_manager->lock);
locked_manager = NULL;
}
/*
* Only now is it safe to destroy the client manager (if needed),
* because we have accessed its lock for the last time.
*/
if (destroy_manager != NULL)
clientmgr_destroy(destroy_manager);
if (destroy_manager && manager != NULL)
clientmgr_destroy(manager);
return (ISC_TRUE);
}
@ -604,6 +637,9 @@ client_shutdown(isc_task_t *task, isc_event_t *event) {
client->shutdown_arg = NULL;
}
if (ISC_QLINK_LINKED(client, ilink))
ISC_QUEUE_UNLINK(client->manager->inactive, client, ilink);
client->newstate = NS_CLIENTSTATE_FREED;
client->needshutdown = ISC_FALSE;
(void)exit_check(client);
@ -616,7 +652,8 @@ ns_client_endrequest(ns_client_t *client) {
INSIST(client->nsends == 0);
INSIST(client->nrecvs == 0);
INSIST(client->nupdates == 0);
INSIST(client->state == NS_CLIENTSTATE_WORKING);
INSIST(client->state == NS_CLIENTSTATE_WORKING ||
client->state == NS_CLIENTSTATE_RECURSING);
CTRACE("endrequest");
@ -649,46 +686,13 @@ ns_client_endrequest(ns_client_t *client) {
client->attributes &= NS_CLIENTATTR_TCP;
}
static void
ns_client_checkactive(ns_client_t *client) {
if (client->mortal) {
/*
* This client object should normally go inactive
* at this point, but if we have fewer active client
* objects than desired due to earlier quota exhaustion,
* keep it active to make up for the shortage.
*/
isc_boolean_t need_another_client = ISC_FALSE;
if (TCP_CLIENT(client) && !ns_g_clienttest) {
LOCK(&client->interface->lock);
if (client->interface->ntcpcurrent <
client->interface->ntcptarget)
need_another_client = ISC_TRUE;
UNLOCK(&client->interface->lock);
} else {
/*
* The UDP client quota is enforced by making
* requests fail rather than by not listening
* for new ones. Therefore, there is always a
* full set of UDP clients listening.
*/
}
if (! need_another_client) {
/*
* We don't need this client object. Recycle it.
*/
if (client->newstate >= NS_CLIENTSTATE_INACTIVE)
client->newstate = NS_CLIENTSTATE_INACTIVE;
}
}
}
void
ns_client_next(ns_client_t *client, isc_result_t result) {
int newstate;
REQUIRE(NS_CLIENT_VALID(client));
REQUIRE(client->state == NS_CLIENTSTATE_WORKING ||
client->state == NS_CLIENTSTATE_RECURSING ||
client->state == NS_CLIENTSTATE_READING);
CTRACE("next");
@ -745,9 +749,6 @@ client_senddone(isc_task_t *task, isc_event_t *event) {
client->tcpbuf = NULL;
}
if (exit_check(client))
return;
ns_client_next(client, ISC_R_SUCCESS);
}
@ -1974,6 +1975,11 @@ static isc_result_t
get_clientmctx(ns_clientmgr_t *manager, isc_mem_t **mctxp) {
isc_mem_t *clientmctx;
isc_result_t result;
#if NMCTXS > 0
unsigned int nextmctx;
#endif
MTRACE("clientmctx");
/*
* Caller must be holding the manager lock.
@ -1985,19 +1991,21 @@ get_clientmctx(ns_clientmgr_t *manager, isc_mem_t **mctxp) {
return (result);
}
#if NMCTXS > 0
INSIST(manager->nextmctx < NMCTXS);
clientmctx = manager->mctxpool[manager->nextmctx];
nextmctx = manager->nextmctx++;
if (manager->nextmctx == NMCTXS)
manager->nextmctx = 0;
INSIST(nextmctx < NMCTXS);
clientmctx = manager->mctxpool[nextmctx];
if (clientmctx == NULL) {
result = isc_mem_create(0, 0, &clientmctx);
if (result != ISC_R_SUCCESS)
return (result);
isc_mem_setname(clientmctx, "client", NULL);
manager->mctxpool[manager->nextmctx] = clientmctx;
manager->mctxpool[nextmctx] = clientmctx;
}
manager->nextmctx++;
if (manager->nextmctx == NMCTXS)
manager->nextmctx = 0;
#else
clientmctx = manager->mctx;
#endif
@ -2118,6 +2126,8 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
#ifdef ALLOW_FILTER_AAAA_ON_V4
client->filter_aaaa = dns_v4_aaaa_ok;
#endif
client->needshutdown = ns_g_clienttest;
ISC_EVENT_INIT(&client->ctlevent, sizeof(client->ctlevent), 0, NULL,
NS_EVENT_CLIENTCONTROL, client_start, client, client,
NULL, NULL);
@ -2129,7 +2139,8 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
client->formerrcache.time = 0;
client->formerrcache.id = 0;
ISC_LINK_INIT(client, link);
client->list = NULL;
ISC_LINK_INIT(client, rlink);
ISC_QLINK_INIT(client, ilink);
/*
* We call the init routines for the various kinds of client here,
@ -2144,8 +2155,6 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
if (result != ISC_R_SUCCESS)
goto cleanup_query;
client->needshutdown = ns_g_clienttest;
CTRACE("create");
*clientp = client;
@ -2410,10 +2419,8 @@ ns_client_replace(ns_client_t *client) {
REQUIRE(client != NULL);
REQUIRE(client->manager != NULL);
result = ns_clientmgr_createclients(client->manager,
1, client->interface,
(TCP_CLIENT(client) ?
ISC_TRUE : ISC_FALSE));
result = get_client(client->manager, client->interface,
client->dispatch, TCP_CLIENT(client));
if (result != ISC_R_SUCCESS)
return (result);
@ -2437,9 +2444,7 @@ clientmgr_destroy(ns_clientmgr_t *manager) {
int i;
#endif
REQUIRE(ISC_LIST_EMPTY(manager->active));
REQUIRE(ISC_LIST_EMPTY(manager->inactive));
REQUIRE(ISC_LIST_EMPTY(manager->recursing));
REQUIRE(ISC_LIST_EMPTY(manager->clients));
MTRACE("clientmgr_destroy");
@ -2450,7 +2455,10 @@ clientmgr_destroy(ns_clientmgr_t *manager) {
}
#endif
ISC_QUEUE_DESTROY(manager->inactive);
DESTROYLOCK(&manager->lock);
DESTROYLOCK(&manager->listlock);
DESTROYLOCK(&manager->reclock);
manager->magic = 0;
isc_mem_put(manager->mctx, manager, sizeof(*manager));
}
@ -2473,13 +2481,21 @@ ns_clientmgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr,
if (result != ISC_R_SUCCESS)
goto cleanup_manager;
result = isc_mutex_init(&manager->listlock);
if (result != ISC_R_SUCCESS)
goto cleanup_lock;
result = isc_mutex_init(&manager->reclock);
if (result != ISC_R_SUCCESS)
goto cleanup_listlock;
manager->mctx = mctx;
manager->taskmgr = taskmgr;
manager->timermgr = timermgr;
manager->exiting = ISC_FALSE;
ISC_LIST_INIT(manager->active);
ISC_LIST_INIT(manager->inactive);
ISC_LIST_INIT(manager->clients);
ISC_LIST_INIT(manager->recursing);
ISC_QUEUE_INIT(manager->inactive, ilink);
#if NMCTXS > 0
manager->nextmctx = 0;
for (i = 0; i < NMCTXS; i++)
@ -2493,6 +2509,12 @@ ns_clientmgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr,
return (ISC_R_SUCCESS);
cleanup_listlock:
(void) isc_mutex_destroy(&manager->listlock);
cleanup_lock:
(void) isc_mutex_destroy(&manager->lock);
cleanup_manager:
isc_mem_put(manager->mctx, manager, sizeof(*manager));
@ -2501,9 +2523,10 @@ ns_clientmgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr,
void
ns_clientmgr_destroy(ns_clientmgr_t **managerp) {
isc_result_t result;
ns_clientmgr_t *manager;
ns_client_t *client;
isc_boolean_t need_destroy = ISC_FALSE;
isc_boolean_t need_destroy = ISC_FALSE, unlock = ISC_FALSE;
REQUIRE(managerp != NULL);
manager = *managerp;
@ -2511,31 +2534,27 @@ ns_clientmgr_destroy(ns_clientmgr_t **managerp) {
MTRACE("destroy");
LOCK(&manager->lock);
/*
* Check for success because we may already be task-exclusive
* at this point. Only if we succeed at obtaining an exclusive
* lock now will we need to relinquish it later.
*/
result = isc_task_beginexclusive(ns_g_server->task);
if (result == ISC_R_SUCCESS)
unlock = ISC_TRUE;
manager->exiting = ISC_TRUE;
for (client = ISC_LIST_HEAD(manager->recursing);
for (client = ISC_LIST_HEAD(manager->clients);
client != NULL;
client = ISC_LIST_NEXT(client, link))
isc_task_shutdown(client->task);
for (client = ISC_LIST_HEAD(manager->active);
client != NULL;
client = ISC_LIST_NEXT(client, link))
isc_task_shutdown(client->task);
for (client = ISC_LIST_HEAD(manager->inactive);
client != NULL;
client = ISC_LIST_NEXT(client, link))
isc_task_shutdown(client->task);
if (ISC_LIST_EMPTY(manager->active) &&
ISC_LIST_EMPTY(manager->inactive) &&
ISC_LIST_EMPTY(manager->recursing))
if (ISC_LIST_EMPTY(manager->clients))
need_destroy = ISC_TRUE;
UNLOCK(&manager->lock);
if (unlock)
isc_task_endexclusive(ns_g_server->task);
if (need_destroy)
clientmgr_destroy(manager);
@ -2543,81 +2562,86 @@ ns_clientmgr_destroy(ns_clientmgr_t **managerp) {
*managerp = NULL;
}
static isc_result_t
get_client(ns_clientmgr_t *manager, ns_interface_t *ifp,
dns_dispatch_t *disp, isc_boolean_t tcp)
{
isc_result_t result = ISC_R_SUCCESS;
isc_event_t *ev;
ns_client_t *client;
MTRACE("get client");
REQUIRE(manager != NULL);
if (manager->exiting)
return (ISC_R_SHUTTINGDOWN);
/*
* Allocate a client. First try to get a recycled one;
* if that fails, make a new one.
*/
client = NULL;
if (!ns_g_clienttest)
ISC_QUEUE_POP(manager->inactive, ilink, client);
if (client != NULL)
MTRACE("recycle");
else {
MTRACE("create new");
LOCK(&manager->lock);
result = client_create(manager, &client);
UNLOCK(&manager->lock);
if (result != ISC_R_SUCCESS)
return (result);
LOCK(&manager->listlock);
ISC_LIST_APPEND(manager->clients, client, link);
UNLOCK(&manager->listlock);
}
client->manager = manager;
ns_interface_attach(ifp, &client->interface);
client->state = NS_CLIENTSTATE_READY;
INSIST(client->recursionquota == NULL);
if (tcp) {
client->attributes |= NS_CLIENTATTR_TCP;
isc_socket_attach(ifp->tcpsocket,
&client->tcplistener);
} else {
isc_socket_t *sock;
dns_dispatch_attach(disp, &client->dispatch);
sock = dns_dispatch_getsocket(client->dispatch);
isc_socket_attach(sock, &client->udpsocket);
}
INSIST(client->nctls == 0);
client->nctls++;
ev = &client->ctlevent;
isc_task_send(client->task, &ev);
return (ISC_R_SUCCESS);
}
isc_result_t
ns_clientmgr_createclients(ns_clientmgr_t *manager, unsigned int n,
ns_interface_t *ifp, isc_boolean_t tcp)
{
isc_result_t result = ISC_R_SUCCESS;
unsigned int i;
ns_client_t *client;
unsigned int disp;
REQUIRE(VALID_MANAGER(manager));
REQUIRE(n > 0);
MTRACE("createclients");
/*
* We MUST lock the manager lock for the entire client creation
* process. If we didn't do this, then a client could get a
* shutdown event and disappear out from under us.
*/
LOCK(&manager->lock);
for (i = 0; i < n; i++) {
isc_event_t *ev;
/*
* Allocate a client. First try to get a recycled one;
* if that fails, make a new one.
*/
client = NULL;
if (!ns_g_clienttest)
client = ISC_LIST_HEAD(manager->inactive);
if (client != NULL) {
MTRACE("recycle");
ISC_LIST_UNLINK(manager->inactive, client, link);
client->list = NULL;
} else {
MTRACE("create new");
result = client_create(manager, &client);
if (result != ISC_R_SUCCESS)
break;
}
ns_interface_attach(ifp, &client->interface);
client->state = NS_CLIENTSTATE_READY;
INSIST(client->recursionquota == NULL);
if (tcp) {
client->attributes |= NS_CLIENTATTR_TCP;
isc_socket_attach(ifp->tcpsocket,
&client->tcplistener);
} else {
isc_socket_t *sock;
dns_dispatch_attach(ifp->udpdispatch,
&client->dispatch);
sock = dns_dispatch_getsocket(client->dispatch);
isc_socket_attach(sock, &client->udpsocket);
}
client->manager = manager;
ISC_LIST_APPEND(manager->active, client, link);
client->list = &manager->active;
INSIST(client->nctls == 0);
client->nctls++;
ev = &client->ctlevent;
isc_task_send(client->task, &ev);
for (disp = 0; disp < n; disp++) {
result = get_client(manager, ifp, ifp->udpdispatch[disp], tcp);
if (result != ISC_R_SUCCESS)
break;
}
if (i != 0) {
/*
* We managed to create at least one client, so we
* declare victory.
*/
result = ISC_R_SUCCESS;
}
UNLOCK(&manager->lock);
return (result);
}
@ -2702,19 +2726,41 @@ ns_client_logv(ns_client_t *client, isc_logcategory_t *category,
{
char msgbuf[2048];
char peerbuf[ISC_SOCKADDR_FORMATSIZE];
const char *name = "";
const char *sep = "";
char signerbuf[DNS_NAME_FORMATSIZE], qnamebuf[DNS_NAME_FORMATSIZE];
const char *viewname = "";
const char *sep1 = "", *sep2 = "", *sep3 = "", *sep4 = "";
const char *signer = "", *qname = "";
dns_name_t *q = NULL;
vsnprintf(msgbuf, sizeof(msgbuf), fmt, ap);
ns_client_name(client, peerbuf, sizeof(peerbuf));
if (client->signer != NULL) {
dns_name_format(client->signer, signerbuf, sizeof(signerbuf));
sep1 = "/key ";
signer = signerbuf;
}
q = client->query.origqname != NULL
? client->query.origqname : client->query.qname;
if (q != NULL) {
dns_name_format(q, qnamebuf, sizeof(qnamebuf));
sep2 = " (";
sep3 = ")";
qname = qnamebuf;
}
if (client->view != NULL && strcmp(client->view->name, "_bind") != 0 &&
strcmp(client->view->name, "_default") != 0) {
name = client->view->name;
sep = ": view ";
sep4 = ": view ";
viewname = client->view->name;
}
isc_log_write(ns_g_lctx, category, module, level,
"client %s%s%s: %s", peerbuf, sep, name, msgbuf);
"client %s%s%s%s%s%s%s%s: %s",
peerbuf, sep1, signer, sep2, qname, sep3,
sep4, viewname, msgbuf);
}
void
@ -2796,9 +2842,11 @@ ns_client_dumprecursing(FILE *f, ns_clientmgr_t *manager) {
REQUIRE(VALID_MANAGER(manager));
LOCK(&manager->lock);
LOCK(&manager->reclock);
client = ISC_LIST_HEAD(manager->recursing);
while (client != NULL) {
INSIST(client->state == NS_CLIENTSTATE_RECURSING);
ns_client_name(client, peerbuf, sizeof(peerbuf));
if (client->view != NULL &&
strcmp(client->view->name, "_bind") != 0 &&
@ -2809,6 +2857,9 @@ ns_client_dumprecursing(FILE *f, ns_clientmgr_t *manager) {
name = "";
sep = "";
}
LOCK(&client->query.fetchlock);
INSIST(client->query.qname != NULL);
dns_name_format(client->query.qname, namebuf, sizeof(namebuf));
if (client->query.qname != client->query.origqname &&
client->query.origqname != NULL) {
@ -2831,20 +2882,19 @@ ns_client_dumprecursing(FILE *f, ns_clientmgr_t *manager) {
strcpy(typebuf, "-");
strcpy(classbuf, "-");
}
UNLOCK(&client->query.fetchlock);
fprintf(f, "; client %s%s%s: id %u '%s/%s/%s'%s%s "
"requesttime %d\n", peerbuf, sep, name,
client->message->id, namebuf, typebuf, classbuf,
origfor, original, client->requesttime);
client = ISC_LIST_NEXT(client, link);
client = ISC_LIST_NEXT(client, rlink);
}
UNLOCK(&manager->lock);
UNLOCK(&manager->reclock);
}
void
ns_client_qnamereplace(ns_client_t *client, dns_name_t *name) {
if (client->manager != NULL)
LOCK(&client->manager->lock);
LOCK(&client->query.fetchlock);
if (client->query.restarts > 0) {
/*
* client->query.qname was dynamically allocated.
@ -2853,6 +2903,16 @@ ns_client_qnamereplace(ns_client_t *client, dns_name_t *name) {
&client->query.qname);
}
client->query.qname = name;
if (client->manager != NULL)
UNLOCK(&client->manager->lock);
UNLOCK(&client->query.fetchlock);
}
isc_result_t
ns_client_sourceip(dns_clientinfo_t *ci, isc_sockaddr_t **addrp) {
ns_client_t *client = (ns_client_t *) ci->data;
REQUIRE(NS_CLIENT_VALID(client));
REQUIRE(addrp != NULL);
*addrp = &client->peeraddr;
return (ISC_R_SUCCESS);
}

19
bin/named/config.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: config.c,v 1.113.16.2 2011/02/28 01:19:58 tbox Exp $ */
/* $Id: config.c,v 1.123 2012/01/06 23:46:41 tbox Exp $ */
/*! \file */
@ -73,6 +73,7 @@ options {\n\
listen-on {any;};\n\
listen-on-v6 {none;};\n\
match-mapped-addresses no;\n\
max-rsa-exponent-size 0; /* no limit */\n\
memstatistics-file \"named.memstats\";\n\
multiple-cnames no;\n\
# named-xfer <obsolete>;\n\
@ -90,7 +91,7 @@ options {\n\
"\
recursive-clients 1000;\n\
resolver-query-timeout 10;\n\
rrset-order {type NS order random; order cyclic; };\n\
rrset-order { order random; };\n\
serial-queries 20;\n\
serial-query-rate 20;\n\
server-id none;\n\
@ -200,7 +201,8 @@ options {\n\
sig-signing-nodes 100;\n\
sig-signing-signatures 10;\n\
sig-signing-type 65534;\n\
zone-statistics false;\n\
inline-signing no;\n\
zone-statistics terse;\n\
max-journal-size unlimited;\n\
ixfr-from-differences false;\n\
check-wildcard yes;\n\
@ -210,7 +212,10 @@ options {\n\
check-srv-cname warn;\n\
zero-no-soa-ttl yes;\n\
update-check-ksk yes;\n\
serial-update-method increment;\n\
dnssec-update-mode maintain;\n\
dnssec-dnskey-kskonly no;\n\
dnssec-loadkeys-interval 60;\n\
try-tcp-refresh yes; /* BIND 8 compat */\n\
};\n\
"
@ -292,7 +297,8 @@ ns_checknames_get(const cfg_obj_t **maps, const char *which,
if (maps[i] == NULL)
return (ISC_R_NOTFOUND);
checknames = NULL;
if (cfg_map_get(maps[i], "check-names", &checknames) == ISC_R_SUCCESS) {
if (cfg_map_get(maps[i], "check-names",
&checknames) == ISC_R_SUCCESS) {
/*
* Zone map entry is not a list.
*/
@ -305,7 +311,8 @@ ns_checknames_get(const cfg_obj_t **maps, const char *which,
element = cfg_list_next(element)) {
value = cfg_listelt_value(element);
type = cfg_tuple_get(value, "type");
if (strcasecmp(cfg_obj_asstring(type), which) == 0) {
if (strcasecmp(cfg_obj_asstring(type),
which) == 0) {
*obj = cfg_tuple_get(value, "mode");
return (ISC_R_SUCCESS);
}
@ -378,6 +385,8 @@ ns_config_getzonetype(const cfg_obj_t *zonetypeobj) {
ztype = dns_zone_stub;
else if (strcasecmp(str, "static-stub") == 0)
ztype = dns_zone_staticstub;
else if (strcasecmp(str, "redirect") == 0)
ztype = dns_zone_redirect;
else
INSIST(0);
return (ztype);

14
bin/named/control.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2007, 2009, 2010, 2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2007, 2009-2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: control.c,v 1.41 2010/12/03 22:05:19 each Exp $ */
/* $Id$ */
/*! \file */
@ -154,7 +154,7 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
} else if (command_compare(command, NS_COMMAND_DUMPSTATS)) {
result = ns_server_dumpstats(ns_g_server);
} else if (command_compare(command, NS_COMMAND_QUERYLOG)) {
result = ns_server_togglequerylog(ns_g_server);
result = ns_server_togglequerylog(ns_g_server, command);
} else if (command_compare(command, NS_COMMAND_DUMPDB)) {
ns_server_dumpdb(ns_g_server, command);
result = ISC_R_SUCCESS;
@ -169,7 +169,9 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
} else if (command_compare(command, NS_COMMAND_FLUSH)) {
result = ns_server_flushcache(ns_g_server, command);
} else if (command_compare(command, NS_COMMAND_FLUSHNAME)) {
result = ns_server_flushname(ns_g_server, command);
result = ns_server_flushnode(ns_g_server, command, ISC_FALSE);
} else if (command_compare(command, NS_COMMAND_FLUSHTREE)) {
result = ns_server_flushnode(ns_g_server, command, ISC_TRUE);
} else if (command_compare(command, NS_COMMAND_STATUS)) {
result = ns_server_status(ns_g_server, text);
} else if (command_compare(command, NS_COMMAND_TSIGLIST)) {
@ -183,6 +185,8 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
command_compare(command, NS_COMMAND_THAW)) {
result = ns_server_freeze(ns_g_server, ISC_FALSE, command,
text);
} else if (command_compare(command, NS_COMMAND_SYNC)) {
result = ns_server_sync(ns_g_server, command, text);
} else if (command_compare(command, NS_COMMAND_RECURSING)) {
result = ns_server_dumprecursing(ns_g_server);
} else if (command_compare(command, NS_COMMAND_TIMERPOKE)) {
@ -201,6 +205,8 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
result = ns_server_add_zone(ns_g_server, command);
} else if (command_compare(command, NS_COMMAND_DELZONE)) {
result = ns_server_del_zone(ns_g_server, command);
} else if (command_compare(command, NS_COMMAND_SIGNING)) {
result = ns_server_signing(ns_g_server, command, text);
} else {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_CONTROL, ISC_LOG_WARNING,

2
bin/named/controlconf.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: controlconf.c,v 1.60.544.3 2011/12/22 08:10:09 marka Exp $ */
/* $Id: controlconf.c,v 1.63 2011/12/22 08:07:48 marka Exp $ */
/*! \file */

2
bin/named/include/dlz/dlz_dlopen_driver.h
View File

@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dlz_dlopen_driver.h,v 1.1.4.4 2011/03/17 09:41:06 fdupont Exp $ */
/* $Id: dlz_dlopen_driver.h,v 1.4 2011/03/17 09:25:53 fdupont Exp $ */
#ifndef DLZ_DLOPEN_DRIVER_H
#define DLZ_DLOPEN_DRIVER_H

21
bin/named/include/named/client.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2009, 2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: client.h,v 1.91.278.2 2012/01/31 23:46:39 tbox Exp $ */
/* $Id$ */
#ifndef NAMED_CLIENT_H
#define NAMED_CLIENT_H 1
@ -66,7 +66,9 @@
#include <isc/magic.h>
#include <isc/stdtime.h>
#include <isc/quota.h>
#include <isc/queue.h>
#include <dns/db.h>
#include <dns/fixedname.h>
#include <dns/name.h>
#include <dns/rdataclass.h>
@ -81,8 +83,6 @@
*** Types
***/
typedef ISC_LIST(ns_client_t) client_list_t;
/*% nameserver client structure */
struct ns_client {
unsigned int magic;
@ -155,13 +155,15 @@ struct ns_client {
isc_stdtime_t time;
dns_messageid_t id;
} formerrcache;
ISC_LINK(ns_client_t) link;
/*%
* The list 'link' is part of, or NULL if not on any list.
*/
client_list_t *list;
ISC_LINK(ns_client_t) rlink;
ISC_QLINK(ns_client_t) ilink;
};
typedef ISC_QUEUE(ns_client_t) client_queue_t;
typedef ISC_LIST(ns_client_t) client_list_t;
#define NS_CLIENT_MAGIC ISC_MAGIC('N','S','C','c')
#define NS_CLIENT_VALID(c) ISC_MAGIC_VALID(c, NS_CLIENT_MAGIC)
@ -379,4 +381,7 @@ ns_client_isself(dns_view_t *myview, dns_tsigkey_t *mykey,
* Isself callback.
*/
isc_result_t
ns_client_sourceip(dns_clientinfo_t *ci, isc_sockaddr_t **addrp);
#endif /* NAMED_CLIENT_H */

7
bin/named/include/named/control.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2007, 2009-2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: control.h,v 1.31 2010/08/16 22:21:06 marka Exp $ */
/* $Id$ */
#ifndef NAMED_CONTROL_H
#define NAMED_CONTROL_H 1
@ -47,6 +47,7 @@
#define NS_COMMAND_NOTRACE "notrace"
#define NS_COMMAND_FLUSH "flush"
#define NS_COMMAND_FLUSHNAME "flushname"
#define NS_COMMAND_FLUSHTREE "flushtree"
#define NS_COMMAND_STATUS "status"
#define NS_COMMAND_TSIGLIST "tsig-list"
#define NS_COMMAND_TSIGDELETE "tsig-delete"
@ -62,6 +63,8 @@
#define NS_COMMAND_LOADKEYS "loadkeys"
#define NS_COMMAND_ADDZONE "addzone"
#define NS_COMMAND_DELZONE "delzone"
#define NS_COMMAND_SYNC "sync"
#define NS_COMMAND_SIGNING "signing"
isc_result_t
ns_controls_create(ns_server_t *server, ns_controls_t **ctrlsp);

3
bin/named/include/named/globals.h
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: globals.h,v 1.89.54.2 2011/06/17 23:47:10 tbox Exp $ */
/* $Id: globals.h,v 1.92 2011/11/09 18:44:04 each Exp $ */
#ifndef NAMED_GLOBALS_H
#define NAMED_GLOBALS_H 1
@ -51,6 +51,7 @@
EXTERN isc_mem_t * ns_g_mctx INIT(NULL);
EXTERN unsigned int ns_g_cpus INIT(0);
EXTERN unsigned int ns_g_udpdisp INIT(0);
EXTERN isc_taskmgr_t * ns_g_taskmgr INIT(NULL);
EXTERN dns_dispatchmgr_t * ns_g_dispatchmgr INIT(NULL);
EXTERN isc_entropy_t * ns_g_entropy INIT(NULL);

11
bin/named/include/named/interfacemgr.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004, 2005, 2007, 2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: interfacemgr.h,v 1.33 2007/06/19 23:46:59 tbox Exp $ */
/* $Id: interfacemgr.h,v 1.35 2011/07/28 23:47:58 tbox Exp $ */
#ifndef NAMED_INTERFACEMGR_H
#define NAMED_INTERFACEMGR_H 1
@ -65,7 +65,8 @@
#define NS_INTERFACE_VALID(t) ISC_MAGIC_VALID(t, IFACE_MAGIC)
#define NS_INTERFACEFLAG_ANYADDR 0x01U /*%< bound to "any" address */
#define MAX_UDP_DISPATCH 128 /*%< Maximum number of UDP dispatchers
to start per interface */
/*% The nameserver interface structure */
struct ns_interface {
unsigned int magic; /*%< Magic number. */
@ -76,11 +77,13 @@ struct ns_interface {
isc_sockaddr_t addr; /*%< Address and port. */
unsigned int flags; /*%< Interface characteristics */
char name[32]; /*%< Null terminated. */
dns_dispatch_t * udpdispatch; /*%< UDP dispatcher. */
dns_dispatch_t * udpdispatch[MAX_UDP_DISPATCH];
/*%< UDP dispatchers. */
isc_socket_t * tcpsocket; /*%< TCP socket. */
int ntcptarget; /*%< Desired number of concurrent
TCP accepts */
int ntcpcurrent; /*%< Current ditto, locked */
int nudpdispatch; /*%< Number of UDP dispatches */
ns_clientmgr_t * clientmgr; /*%< Client manager. */
ISC_LINK(ns_interface_t) link;
};

26
bin/named/include/named/server.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2010, 2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: server.h,v 1.110 2010/08/16 23:46:52 tbox Exp $ */
/* $Id$ */
#ifndef NAMED_SERVER_H
#define NAMED_SERVER_H 1
@ -230,9 +230,10 @@ ns_server_retransfercommand(ns_server_t *server, char *args);
*/
isc_result_t
ns_server_togglequerylog(ns_server_t *server);
ns_server_togglequerylog(ns_server_t *server, char *args);
/*%<
* Toggle logging of queries, as in BIND 8.
* Enable/disable logging of queries. (Takes "yes" or "no" argument,
* but can also be used as a toggle for backward comptibility.)
*/
/*%
@ -266,10 +267,12 @@ isc_result_t
ns_server_flushcache(ns_server_t *server, char *args);
/*%
* Flush a particular name from the server's cache(s)
* Flush a particular name from the server's cache. If 'tree' is false,
* also flush the name from the ADB and badcache. If 'tree' is true, also
* flush all the names under the specified name.
*/
isc_result_t
ns_server_flushname(ns_server_t *server, char *args);
ns_server_flushnode(ns_server_t *server, char *args, isc_boolean_t tree);
/*%
* Report the server's status.
@ -296,6 +299,12 @@ isc_result_t
ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args,
isc_buffer_t *text);
/*%
* Dump zone updates to disk, optionally removing the journal file
*/
isc_result_t
ns_server_sync(ns_server_t *server, char *args, isc_buffer_t *text);
/*%
* Update a zone's DNSKEY set from the key repository. If
* the command that triggered the call to this function was "sign",
@ -336,4 +345,9 @@ ns_server_add_zone(ns_server_t *server, char *args);
isc_result_t
ns_server_del_zone(ns_server_t *server, char *args);
/*%
* Lists the status of the signing records for a given zone.
*/
isc_result_t
ns_server_signing(ns_server_t *server, char *args, isc_buffer_t *text);
#endif /* NAMED_SERVER_H */

6
bin/named/include/named/zoneconf.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2007, 2010 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2007, 2010, 2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: zoneconf.h,v 1.28 2010/12/20 23:47:20 tbox Exp $ */
/* $Id: zoneconf.h,v 1.30 2011/08/30 23:46:51 tbox Exp $ */
#ifndef NS_ZONECONF_H
#define NS_ZONECONF_H 1
@ -33,7 +33,7 @@ ISC_LANG_BEGINDECLS
isc_result_t
ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
const cfg_obj_t *zconfig, cfg_aclconfctx_t *ac,
dns_zone_t *zone);
dns_zone_t *zone, dns_zone_t *raw);
/*%<
* Configure or reconfigure a zone according to the named.conf
* data in 'cctx' and 'czone'.

70
bin/named/interfacemgr.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2009, 2011, 2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2009, 2011-2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,13 +15,14 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: interfacemgr.c,v 1.95.426.2 2011/03/12 04:59:14 tbox Exp $ */
/* $Id: interfacemgr.c,v 1.101 2011/11/09 18:44:03 each Exp $ */
/*! \file */
#include <config.h>
#include <isc/interfaceiter.h>
#include <isc/os.h>
#include <isc/string.h>
#include <isc/task.h>
#include <isc/util.h>
@ -185,11 +186,14 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr,
{
ns_interface_t *ifp;
isc_result_t result;
int disp;
REQUIRE(NS_INTERFACEMGR_VALID(mgr));
ifp = isc_mem_get(mgr->mctx, sizeof(*ifp));
if (ifp == NULL)
return (ISC_R_NOMEMORY);
ifp->mgr = NULL;
ifp->generation = mgr->generation;
ifp->addr = *addr;
@ -212,9 +216,11 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr,
goto clientmgr_create_failure;
}
ifp->udpdispatch = NULL;
for (disp = 0; disp < MAX_UDP_DISPATCH; disp++)
ifp->udpdispatch[disp] = NULL;
ifp->tcpsocket = NULL;
/*
* Create a single TCP client object. It will replace itself
* with a new one as soon as it gets a connection, so the actual
@ -223,6 +229,7 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr,
*/
ifp->ntcptarget = 1;
ifp->ntcpcurrent = 0;
ifp->nudpdispatch = 0;
ISC_LINK_INIT(ifp, link);
@ -237,6 +244,7 @@ ns_interface_create(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr,
clientmgr_create_failure:
DESTROYLOCK(&ifp->lock);
lock_create_failure:
ifp->magic = 0;
isc_mem_put(mgr->mctx, ifp, sizeof(*ifp));
@ -249,6 +257,7 @@ ns_interface_listenudp(ns_interface_t *ifp) {
isc_result_t result;
unsigned int attrs;
unsigned int attrmask;
int disp, i;
attrs = 0;
attrs |= DNS_DISPATCHATTR_UDP;
@ -260,18 +269,28 @@ ns_interface_listenudp(ns_interface_t *ifp) {
attrmask = 0;
attrmask |= DNS_DISPATCHATTR_UDP | DNS_DISPATCHATTR_TCP;
attrmask |= DNS_DISPATCHATTR_IPV4 | DNS_DISPATCHATTR_IPV6;
result = dns_dispatch_getudp(ifp->mgr->dispatchmgr, ns_g_socketmgr,
ns_g_taskmgr, &ifp->addr,
4096, 1000, 32768, 8219, 8237,
attrs, attrmask, &ifp->udpdispatch);
if (result != ISC_R_SUCCESS) {
isc_log_write(IFMGR_COMMON_LOGARGS, ISC_LOG_ERROR,
"could not listen on UDP socket: %s",
isc_result_totext(result));
goto udp_dispatch_failure;
ifp->nudpdispatch = ISC_MIN(ns_g_udpdisp, MAX_UDP_DISPATCH);
for (disp = 0; disp < ifp->nudpdispatch; disp++) {
result = dns_dispatch_getudp_dup(ifp->mgr->dispatchmgr,
ns_g_socketmgr,
ns_g_taskmgr, &ifp->addr,
4096, 1000, 32768, 8219, 8237,
attrs, attrmask,
&ifp->udpdispatch[disp],
disp == 0
? NULL
: ifp->udpdispatch[0]);
if (result != ISC_R_SUCCESS) {
isc_log_write(IFMGR_COMMON_LOGARGS, ISC_LOG_ERROR,
"could not listen on UDP socket: %s",
isc_result_totext(result));
goto udp_dispatch_failure;
}
}
result = ns_clientmgr_createclients(ifp->clientmgr, ns_g_cpus,
result = ns_clientmgr_createclients(ifp->clientmgr, ifp->nudpdispatch,
ifp, ISC_FALSE);
if (result != ISC_R_SUCCESS) {
UNEXPECTED_ERROR(__FILE__, __LINE__,
@ -279,12 +298,17 @@ ns_interface_listenudp(ns_interface_t *ifp) {
isc_result_totext(result));
goto addtodispatch_failure;
}
return (ISC_R_SUCCESS);
addtodispatch_failure:
dns_dispatch_changeattributes(ifp->udpdispatch, 0,
DNS_DISPATCHATTR_NOLISTEN);
dns_dispatch_detach(&ifp->udpdispatch);
for (i = disp - 1; i <= 0; i--) {
dns_dispatch_changeattributes(ifp->udpdispatch[i], 0,
DNS_DISPATCHATTR_NOLISTEN);
dns_dispatch_detach(&(ifp->udpdispatch[i]));
}
ifp->nudpdispatch = 0;
udp_dispatch_failure:
return (result);
}
@ -398,15 +422,19 @@ ns_interface_shutdown(ns_interface_t *ifp) {
static void
ns_interface_destroy(ns_interface_t *ifp) {
isc_mem_t *mctx = ifp->mgr->mctx;
int disp;
REQUIRE(NS_INTERFACE_VALID(ifp));
ns_interface_shutdown(ifp);
if (ifp->udpdispatch != NULL) {
dns_dispatch_changeattributes(ifp->udpdispatch, 0,
DNS_DISPATCHATTR_NOLISTEN);
dns_dispatch_detach(&ifp->udpdispatch);
}
for (disp = 0; disp < ifp->nudpdispatch; disp++)
if (ifp->udpdispatch[disp] != NULL) {
dns_dispatch_changeattributes(ifp->udpdispatch[disp], 0,
DNS_DISPATCHATTR_NOLISTEN);
dns_dispatch_detach(&(ifp->udpdispatch[disp]));
}
if (ifp->tcpsocket != NULL)
isc_socket_detach(&ifp->tcpsocket);

2
bin/named/logconf.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: logconf.c,v 1.42.816.3 2011/03/05 23:52:06 tbox Exp $ */
/* $Id: logconf.c,v 1.45 2011/03/05 23:52:29 tbox Exp $ */
/*! \file */

21
bin/named/main.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: main.c,v 1.180.14.4 2011/11/05 00:45:52 each Exp $ */
/* $Id$ */
/*! \file */
@ -418,7 +418,7 @@ parse_command_line(int argc, char *argv[]) {
isc_commandline_errprint = ISC_FALSE;
while ((ch = isc_commandline_parse(argc, argv,
"46c:C:d:E:fFgi:lm:n:N:p:P:"
"sS:t:T:u:vVx:")) != -1) {
"sS:t:T:U:u:vVx:")) != -1) {
switch (ch) {
case '4':
if (disable4)
@ -531,6 +531,11 @@ parse_command_line(int argc, char *argv[]) {
fprintf(stderr, "unknown -T flag '%s\n",
isc_commandline_argument);
break;
case 'U':
ns_g_udpdisp = parse_int(isc_commandline_argument,
"number of UDP listeners "
"per interface");
break;
case 'u':
ns_g_username = isc_commandline_argument;
break;
@ -595,6 +600,18 @@ create_managers(void) {
#else
ns_g_cpus = 1;
#endif
#ifdef WIN32
ns_g_udpdisp = 1;
#else
if (ns_g_udpdisp == 0)
ns_g_udpdisp = ns_g_cpus_detected;
if (ns_g_udpdisp > ns_g_cpus)
ns_g_udpdisp = ns_g_cpus;
#endif
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
ISC_LOG_INFO, "using %u UDP listener%s per interface",
ns_g_udpdisp, ns_g_udpdisp == 1 ? "" : "s");
result = isc_taskmgr_create(ns_g_mctx, ns_g_cpus, 0, &ns_g_taskmgr);
if (result != ISC_R_SUCCESS) {
UNEXPECTED_ERROR(__FILE__, __LINE__,

19
bin/named/named.8
View File

@ -1,4 +1,4 @@
.\" Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2004-2009, 2011, 2013 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@ -33,7 +33,7 @@
named \- Internet domain name server
.SH "SYNOPSIS"
.HP 6
\fBnamed\fR [\fB\-4\fR] [\fB\-6\fR] [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-E\ \fR\fB\fIengine\-name\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-S\ \fR\fB\fI#max\-socks\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] [\fB\-V\fR] [\fB\-x\ \fR\fB\fIcache\-file\fR\fR]
\fBnamed\fR [\fB\-4\fR] [\fB\-6\fR] [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-E\ \fR\fB\fIengine\-name\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-S\ \fR\fB\fI#max\-socks\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-U\ \fR\fB\fI#listeners\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] [\fB\-V\fR] [\fB\-x\ \fR\fB\fIcache\-file\fR\fR]
.SH "DESCRIPTION"
.PP
\fBnamed\fR
@ -168,6 +168,19 @@ is defined allows a process with root privileges to escape a chroot jail.
.RE
.RE
.PP
\-U \fI#listeners\fR
.RS 4
Use
\fI#listeners\fR
worker threads to listen for incoming UDP packets on each address. If not specified,
\fBnamed\fR
will use the number of detected CPUs. If
\fB\-n\fR
has been set to a higher value than the number of CPUs, then
\fB\-U\fR
may be increased as high as that value, but no higher.
.RE
.PP
\-u \fIuser\fR
.RS 4
Setuid to
@ -267,7 +280,7 @@ BIND 9 Administrator Reference Manual.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
Copyright \(co 2004\-2009 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2004\-2009, 2011, 2013 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001, 2003 Internet Software Consortium.
.br

12
bin/named/named.conf.5
View File

@ -289,7 +289,8 @@ options {
notify\-delay \fIseconds\fR;
notify\-to\-soa \fIboolean\fR;
also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
[ port \fIinteger\fR ]; ... };
[ port \fIinteger\fR ]; ...
[ key \fIkeyname\fR ] ... };
allow\-notify { \fIaddress_match_element\fR; ... };
forward ( first | only );
forwarders [ port \fIinteger\fR ] {
@ -458,7 +459,8 @@ view \fIstring\fR \fIoptional_class\fR {
notify\-delay \fIseconds\fR;
notify\-to\-soa \fIboolean\fR;
also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
[ port \fIinteger\fR ]; ... };
[ port \fIinteger\fR ]; ...
[ key \fIkeyname\fR ] ... };
allow\-notify { \fIaddress_match_element\fR; ... };
forward ( first | only );
forwarders [ port \fIinteger\fR ] {
@ -502,7 +504,7 @@ view \fIstring\fR \fIoptional_class\fR {
.RS 4
.nf
zone \fIstring\fR \fIoptional_class\fR {
type ( master | slave | stub | hint |
type ( master | slave | stub | hint | redirect |
forward | delegation\-only );
file \fIquoted_string\fR;
masters [ port \fIinteger\fR ] {
@ -544,7 +546,8 @@ zone \fIstring\fR \fIoptional_class\fR {
notify\-delay \fIseconds\fR;
notify\-to\-soa \fIboolean\fR;
also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
[ port \fIinteger\fR ]; ... };
[ port \fIinteger\fR ]; ...
[ key \fIkeyname\fR ] ... };
allow\-notify { \fIaddress_match_element\fR; ... };
forward ( first | only );
forwarders [ port \fIinteger\fR ] {
@ -560,6 +563,7 @@ zone \fIstring\fR \fIoptional_class\fR {
max\-refresh\-time \fIinteger\fR;
min\-refresh\-time \fIinteger\fR;
multi\-master \fIboolean\fR;
request\-ixfr \fIboolean\fR;
sig\-validity\-interval \fIinteger\fR;
transfer\-source ( \fIipv4_address\fR | * )
[ port ( \fIinteger\fR | * ) ];

14
bin/named/named.conf.docbook
View File

@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: named.conf.docbook,v 1.49.14.2 2011/11/07 00:31:47 marka Exp $ -->
<!-- $Id: named.conf.docbook,v 1.55 2011/11/07 00:25:53 each Exp $ -->
<refentry>
<refentryinfo>
<date>Aug 13, 2004</date>
@ -326,7 +326,8 @@ options {
notify-delay <replaceable>seconds</replaceable>;
notify-to-soa <replaceable>boolean</replaceable>;
also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
<optional> port <replaceable>integer</replaceable> </optional>; ... };
<optional> port <replaceable>integer</replaceable> </optional>; ...
<optional> key <replaceable>keyname</replaceable> </optional> ... };
allow-notify { <replaceable>address_match_element</replaceable>; ... };
forward ( first | only );
@ -513,7 +514,8 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
notify-delay <replaceable>seconds</replaceable>;
notify-to-soa <replaceable>boolean</replaceable>;
also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
<optional> port <replaceable>integer</replaceable> </optional>; ... };
<optional> port <replaceable>integer</replaceable> </optional>; ...
<optional> key <replaceable>keyname</replaceable> </optional> ... };
allow-notify { <replaceable>address_match_element</replaceable>; ... };
forward ( first | only );
@ -563,7 +565,7 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
<title>ZONE</title>
<literallayout>
zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
type ( master | slave | stub | hint |
type ( master | slave | stub | hint | redirect |
forward | delegation-only );
file <replaceable>quoted_string</replaceable>;
@ -609,7 +611,8 @@ zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
notify-delay <replaceable>seconds</replaceable>;
notify-to-soa <replaceable>boolean</replaceable>;
also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
<optional> port <replaceable>integer</replaceable> </optional>; ... };
<optional> port <replaceable>integer</replaceable> </optional>; ...
<optional> key <replaceable>keyname</replaceable> </optional> ... };
allow-notify { <replaceable>address_match_element</replaceable>; ... };
forward ( first | only );
@ -627,6 +630,7 @@ zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
max-refresh-time <replaceable>integer</replaceable>;
min-refresh-time <replaceable>integer</replaceable>;
multi-master <replaceable>boolean</replaceable>;
request-ixfr <replaceable>boolean</replaceable>;
sig-validity-interval <replaceable>integer</replaceable>;
transfer-source ( <replaceable>ipv4_address</replaceable> | * )

44
bin/named/named.conf.html
View File

@ -21,7 +21,7 @@
<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
<a name="id2476275"></a><div class="titlepage"></div>
<a name="id2476274"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p><code class="filename">named.conf</code> &#8212; configuration file for named</p>
@ -31,7 +31,7 @@
<div class="cmdsynopsis"><p><code class="command">named.conf</code> </p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543356"></a><h2>DESCRIPTION</h2>
<a name="id2543357"></a><h2>DESCRIPTION</h2>
<p><code class="filename">named.conf</code> is the configuration file
for
<span><strong class="command">named</strong></span>. Statements are enclosed
@ -50,14 +50,14 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543384"></a><h2>ACL</h2>
<a name="id2543385"></a><h2>ACL</h2>
<div class="literallayout"><p><br>
acl <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
<br>
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543400"></a><h2>KEY</h2>
<a name="id2543401"></a><h2>KEY</h2>
<div class="literallayout"><p><br>
key <em class="replaceable"><code>domain_name</code></em> {<br>
algorithm <em class="replaceable"><code>string</code></em>;<br>
@ -66,7 +66,7 @@ key
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543419"></a><h2>MASTERS</h2>
<a name="id2543420"></a><h2>MASTERS</h2>
<div class="literallayout"><p><br>
masters <em class="replaceable"><code>string</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
@ -75,7 +75,7 @@ masters
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543465"></a><h2>SERVER</h2>
<a name="id2543466"></a><h2>SERVER</h2>
<div class="literallayout"><p><br>
server ( <em class="replaceable"><code>ipv4_address[<span class="optional">/prefixlen</span>]</code></em> | <em class="replaceable"><code>ipv6_address[<span class="optional">/prefixlen</span>]</code></em> ) {<br>
bogus <em class="replaceable"><code>boolean</code></em>;<br>
@ -97,7 +97,7 @@ server
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543533"></a><h2>TRUSTED-KEYS</h2>
<a name="id2543534"></a><h2>TRUSTED-KEYS</h2>
<div class="literallayout"><p><br>
trusted-keys {<br>
<em class="replaceable"><code>domain_name</code></em> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ... <br>
@ -105,7 +105,7 @@ trusted-keys
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543559"></a><h2>MANAGED-KEYS</h2>
<a name="id2543560"></a><h2>MANAGED-KEYS</h2>
<div class="literallayout"><p><br>
managed-keys {<br>
<em class="replaceable"><code>domain_name</code></em> <code class="constant">initial-key</code> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ... <br>
@ -113,7 +113,7 @@ managed-keys
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543588"></a><h2>CONTROLS</h2>
<a name="id2543589"></a><h2>CONTROLS</h2>
<div class="literallayout"><p><br>
controls {<br>
inet ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
@ -125,7 +125,7 @@ controls
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543623"></a><h2>LOGGING</h2>
<a name="id2543624"></a><h2>LOGGING</h2>
<div class="literallayout"><p><br>
logging {<br>
channel <em class="replaceable"><code>string</code></em> {<br>
@ -143,7 +143,7 @@ logging
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543661"></a><h2>LWRES</h2>
<a name="id2543662"></a><h2>LWRES</h2>
<div class="literallayout"><p><br>
lwres {<br>
listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
@ -156,7 +156,7 @@ lwres
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543703"></a><h2>OPTIONS</h2>
<a name="id2543704"></a><h2>OPTIONS</h2>
<div class="literallayout"><p><br>
options {<br>
avoid-v4-udp-ports { <em class="replaceable"><code>port</code></em>; ... };<br>
@ -291,7 +291,8 @@ options
notify-delay <em class="replaceable"><code>seconds</code></em>;<br>
notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br>
[<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ... };<br>
[<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
[<span class="optional"> key <em class="replaceable"><code>keyname</code></em> </span>] ... };<br>
allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
<br>
forward ( first | only );<br>
@ -360,7 +361,7 @@ options
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2544578"></a><h2>VIEW</h2>
<a name="id2544585"></a><h2>VIEW</h2>
<div class="literallayout"><p><br>
view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
match-clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
@ -477,7 +478,8 @@ view
notify-delay <em class="replaceable"><code>seconds</code></em>;<br>
notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br>
[<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ... };<br>
[<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
[<span class="optional"> key <em class="replaceable"><code>keyname</code></em> </span>] ... };<br>
allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
<br>
forward ( first | only );<br>
@ -523,10 +525,10 @@ view
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2545287"></a><h2>ZONE</h2>
<a name="id2545301"></a><h2>ZONE</h2>
<div class="literallayout"><p><br>
zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
type ( master | slave | stub | hint |<br>
type ( master | slave | stub | hint | redirect |<br>
forward | delegation-only );<br>
file <em class="replaceable"><code>quoted_string</code></em>;<br>
<br>
@ -572,7 +574,8 @@ zone
notify-delay <em class="replaceable"><code>seconds</code></em>;<br>
notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br>
[<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ... };<br>
[<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
[<span class="optional"> key <em class="replaceable"><code>keyname</code></em> </span>] ... };<br>
allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
<br>
forward ( first | only );<br>
@ -590,6 +593,7 @@ zone
max-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
multi-master <em class="replaceable"><code>boolean</code></em>;<br>
request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
sig-validity-interval <em class="replaceable"><code>integer</code></em>;<br>
<br>
transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
@ -618,12 +622,12 @@ zone
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2545667"></a><h2>FILES</h2>
<a name="id2545690"></a><h2>FILES</h2>
<p><code class="filename">/etc/named.conf</code>
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2545678"></a><h2>SEE ALSO</h2>
<a name="id2545702"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,

22
bin/named/named.docbook
View File

@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2009, 2011, 2013 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: named.docbook,v 1.26 2009/10/05 17:30:49 fdupont Exp $ -->
<!-- $Id: named.docbook,v 1.28 2011/11/09 23:46:23 tbox Exp $ -->
<refentry id="man.named">
<refentryinfo>
<date>May 21, 2009</date>
@ -43,6 +43,8 @@
<year>2007</year>
<year>2008</year>
<year>2009</year>
<year>2011</year>
<year>2013</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@ -69,6 +71,7 @@
<arg><option>-s</option></arg>
<arg><option>-S <replaceable class="parameter">#max-socks</replaceable></option></arg>
<arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
<arg><option>-U <replaceable class="parameter">#listeners</replaceable></option></arg>
<arg><option>-u <replaceable class="parameter">user</replaceable></option></arg>
<arg><option>-v</option></arg>
<arg><option>-V</option></arg>
@ -281,6 +284,21 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-U <replaceable class="parameter">#listeners</replaceable></term>
<listitem>
<para>
Use <replaceable class="parameter">#listeners</replaceable>
worker threads to listen for incoming UDP packets on each
address. If not specified, <command>named</command> will
use the number of detected CPUs. If <option>-n</option>
has been set to a higher value than the number of CPUs,
then <option>-U</option> may be increased as high as that
value, but no higher.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-u <replaceable class="parameter">user</replaceable></term>
<listitem>

28
bin/named/named.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2009, 2011, 2013 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@ -29,10 +29,10 @@
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine-name</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-S <em class="replaceable"><code>#max-socks</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-V</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div>
<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine-name</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-S <em class="replaceable"><code>#max-socks</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-U <em class="replaceable"><code>#listeners</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-V</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543482"></a><h2>DESCRIPTION</h2>
<a name="id2543497"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named</strong></span>
is a Domain Name System (DNS) server,
part of the BIND 9 distribution from ISC. For more
@ -47,7 +47,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543507"></a><h2>OPTIONS</h2>
<a name="id2543522"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-4</span></dt>
<dd><p>
@ -178,6 +178,16 @@
</p>
</div>
</dd>
<dt><span class="term">-U <em class="replaceable"><code>#listeners</code></em></span></dt>
<dd><p>
Use <em class="replaceable"><code>#listeners</code></em>
worker threads to listen for incoming UDP packets on each
address. If not specified, <span><strong class="command">named</strong></span> will
use the number of detected CPUs. If <code class="option">-n</code>
has been set to a higher value than the number of CPUs,
then <code class="option">-U</code> may be increased as high as that
value, but no higher.
</p></dd>
<dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt>
<dd>
<p>Setuid
@ -228,7 +238,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543964"></a><h2>SIGNALS</h2>
<a name="id2544012"></a><h2>SIGNALS</h2>
<p>
In routine operation, signals should not be used to control
the nameserver; <span><strong class="command">rndc</strong></span> should be used
@ -249,7 +259,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544012"></a><h2>CONFIGURATION</h2>
<a name="id2544060"></a><h2>CONFIGURATION</h2>
<p>
The <span><strong class="command">named</strong></span> configuration file is too complex
to describe in detail here. A complete description is provided
@ -266,7 +276,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544049"></a><h2>FILES</h2>
<a name="id2544233"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="filename">/etc/named.conf</code></span></dt>
<dd><p>
@ -279,7 +289,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2544088"></a><h2>SEE ALSO</h2>
<a name="id2544273"></a><h2>SEE ALSO</h2>
<p><em class="citetitle">RFC 1033</em>,
<em class="citetitle">RFC 1034</em>,
<em class="citetitle">RFC 1035</em>,
@ -292,7 +302,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544295"></a><h2>AUTHOR</h2>
<a name="id2544343"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

401
bin/named/query.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: query.c,v 1.353.8.24 2012/02/07 01:14:39 marka Exp $ */
/* $Id$ */
/*! \file */
@ -172,39 +172,66 @@ rpz_st_clear(ns_client_t *client);
static inline void
inc_stats(ns_client_t *client, isc_statscounter_t counter) {
dns_zone_t *zone = client->query.authzone;
isc_stats_t *zonestats;
#ifdef NEWSTATS
dns_rdatatype_t qtype;
dns_rdataset_t *rdataset;
dns_stats_t *querystats = NULL;
#endif
isc_stats_increment(ns_g_server->nsstats, counter);
if (zone != NULL) {
isc_stats_t *zonestats = dns_zone_getrequeststats(zone);
if (zonestats != NULL)
isc_stats_increment(zonestats, counter);
if (zone == NULL)
return;
/* Do regular response type stats */
zonestats = dns_zone_getrequeststats(zone);
if (zonestats != NULL)
isc_stats_increment(zonestats, counter);
#ifdef NEWSTATS
/* Do query type statistics
*
* We only increment per-type if we're using the authoriative
* answer counter, preventing double-counting.
*/
if (counter == dns_nsstatscounter_authans) {
querystats = dns_zone_getrcvquerystats(zone);
if (querystats != NULL) {
rdataset = ISC_LIST_HEAD(client->query.qname->list);
if (rdataset != NULL) {
qtype = rdataset->type;
dns_rdatatypestats_increment(querystats, qtype);
}
}
}
#endif
}
static void
query_send(ns_client_t *client) {
isc_statscounter_t counter;
if ((client->message->flags & DNS_MESSAGEFLAG_AA) == 0)
inc_stats(client, dns_nsstatscounter_nonauthans);
else
inc_stats(client, dns_nsstatscounter_authans);
if (client->message->rcode == dns_rcode_noerror) {
if (ISC_LIST_EMPTY(client->message->sections[DNS_SECTION_ANSWER])) {
if (client->query.isreferral) {
dns_section_t answer = DNS_SECTION_ANSWER;
if (ISC_LIST_EMPTY(client->message->sections[answer])) {
if (client->query.isreferral)
counter = dns_nsstatscounter_referral;
} else {
else
counter = dns_nsstatscounter_nxrrset;
}
} else {
} else
counter = dns_nsstatscounter_success;
}
} else if (client->message->rcode == dns_rcode_nxdomain) {
} else if (client->message->rcode == dns_rcode_nxdomain)
counter = dns_nsstatscounter_nxdomain;
} else {
/* We end up here in case of YXDOMAIN, and maybe others */
else /* We end up here in case of YXDOMAIN, and maybe others */
counter = dns_nsstatscounter_failure;
}
inc_stats(client, counter);
ns_client_send(client);
}
@ -1180,6 +1207,8 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
isc_boolean_t added_something, need_addname;
dns_zone_t *zone;
dns_rdatatype_t type;
dns_clientinfomethods_t cm;
dns_clientinfo_t ci;
REQUIRE(NS_CLIENT_VALID(client));
REQUIRE(qtype != dns_rdatatype_any);
@ -1204,6 +1233,9 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
need_addname = ISC_FALSE;
zone = NULL;
dns_clientinfomethods_init(&cm, ns_client_sourceip);
dns_clientinfo_init(&ci, client);
/*
* We treat type A additional section processing as if it
* were "any address type" additional section processing.
@ -1248,9 +1280,10 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
* necessarily in the same database.
*/
node = NULL;
result = dns_db_find(db, name, version, type, client->query.dboptions,
client->now, &node, fname, rdataset,
sigrdataset);
result = dns_db_findext(db, name, version, type,
client->query.dboptions,
client->now, &node, fname, &cm, &ci,
rdataset, sigrdataset);
if (result == ISC_R_SUCCESS) {
if (sigrdataset != NULL && !dns_db_issecure(db) &&
dns_rdataset_isassociated(sigrdataset))
@ -1286,11 +1319,11 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
if (sigrdataset == NULL)
goto cleanup;
}
result = dns_db_find(db, name, version, type,
client->query.dboptions |
DNS_DBFIND_GLUEOK | DNS_DBFIND_ADDITIONALOK,
client->now, &node, fname, rdataset,
sigrdataset);
result = dns_db_findext(db, name, version, type,
client->query.dboptions |
DNS_DBFIND_GLUEOK | DNS_DBFIND_ADDITIONALOK,
client->now, &node, fname, &cm, &ci,
rdataset, sigrdataset);
if (result == DNS_R_GLUE &&
validate(client, db, fname, rdataset, sigrdataset))
result = ISC_R_SUCCESS;
@ -1333,10 +1366,10 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
goto cleanup;
dns_db_attach(client->query.gluedb, &db);
result = dns_db_find(db, name, version, type,
client->query.dboptions | DNS_DBFIND_GLUEOK,
client->now, &node, fname, rdataset,
sigrdataset);
result = dns_db_findext(db, name, version, type,
client->query.dboptions | DNS_DBFIND_GLUEOK,
client->now, &node, fname, &cm, &ci,
rdataset, sigrdataset);
if (!(result == ISC_R_SUCCESS ||
result == DNS_R_ZONECUT ||
result == DNS_R_GLUE))
@ -1410,8 +1443,8 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
goto aaaa_lookup;
result = dns_db_findrdataset(db, node, version,
dns_rdatatype_a, 0,
client->now, rdataset,
sigrdataset);
client->now,
rdataset, sigrdataset);
if (result == DNS_R_NCACHENXDOMAIN)
goto addname;
if (result == DNS_R_NCACHENXRRSET) {
@ -1461,8 +1494,8 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
goto addname;
result = dns_db_findrdataset(db, node, version,
dns_rdatatype_aaaa, 0,
client->now, rdataset,
sigrdataset);
client->now,
rdataset, sigrdataset);
if (result == DNS_R_NCACHENXDOMAIN)
goto addname;
if (result == DNS_R_NCACHENXRRSET) {
@ -1636,6 +1669,8 @@ query_addadditional2(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
dns_zone_t *zone;
dns_rdatatype_t type;
dns_rdatasetadditional_t additionaltype;
dns_clientinfomethods_t cm;
dns_clientinfo_t ci;
/*
* If we don't have an additional cache call query_addadditional.
@ -1674,6 +1709,8 @@ query_addadditional2(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
POST(needadditionalcache);
additionaltype = dns_rdatasetadditional_fromauth;
dns_name_init(&cfname, NULL);
dns_clientinfomethods_init(&cm, ns_client_sourceip);
dns_clientinfo_init(&ci, client);
CTRACE("query_addadditional2");
@ -1776,8 +1813,10 @@ query_addadditional2(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
* necessarily in the same database.
*/
node = NULL;
result = dns_db_find(db, name, version, type, client->query.dboptions,
client->now, &node, fname, NULL, NULL);
result = dns_db_findext(db, name, version, type,
client->query.dboptions,
client->now, &node, fname, &cm, &ci,
NULL, NULL);
if (result == ISC_R_SUCCESS)
goto found;
@ -1804,10 +1843,11 @@ query_addadditional2(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
*/
goto try_glue;
result = dns_db_find(db, name, version, type,
client->query.dboptions |
DNS_DBFIND_GLUEOK | DNS_DBFIND_ADDITIONALOK,
client->now, &node, fname, NULL, NULL);
result = dns_db_findext(db, name, version, type,
client->query.dboptions |
DNS_DBFIND_GLUEOK | DNS_DBFIND_ADDITIONALOK,
client->now, &node, fname, &cm, &ci,
NULL, NULL);
if (result == ISC_R_SUCCESS)
goto found;
@ -1876,9 +1916,10 @@ query_addadditional2(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
findglue:
dns_db_attach(client->query.gluedb, &db);
result = dns_db_find(db, name, version, type,
client->query.dboptions | DNS_DBFIND_GLUEOK,
client->now, &node, fname, NULL, NULL);
result = dns_db_findext(db, name, version, type,
client->query.dboptions | DNS_DBFIND_GLUEOK,
client->now, &node, fname, &cm, &ci,
NULL, NULL);
if (!(result == ISC_R_SUCCESS ||
result == DNS_R_ZONECUT ||
result == DNS_R_GLUE)) {
@ -2528,6 +2569,8 @@ query_addsoa(ns_client_t *client, dns_db_t *db, dns_dbversion_t *version,
isc_result_t result, eresult;
dns_rdataset_t *rdataset = NULL, *sigrdataset = NULL;
dns_rdataset_t **sigrdatasetp = NULL;
dns_clientinfomethods_t cm;
dns_clientinfo_t ci;
CTRACE("query_addsoa");
/*
@ -2538,6 +2581,9 @@ query_addsoa(ns_client_t *client, dns_db_t *db, dns_dbversion_t *version,
rdataset = NULL;
node = NULL;
dns_clientinfomethods_init(&cm, ns_client_sourceip);
dns_clientinfo_init(&ci, client);
/*
* Don't add the SOA record for test which set "-T nosoa".
*/
@ -2571,9 +2617,8 @@ query_addsoa(ns_client_t *client, dns_db_t *db, dns_dbversion_t *version,
result = dns_db_getoriginnode(db, &node);
if (result == ISC_R_SUCCESS) {
result = dns_db_findrdataset(db, node, version,
dns_rdatatype_soa,
0, client->now, rdataset,
sigrdataset);
dns_rdatatype_soa, 0, client->now,
rdataset, sigrdataset);
} else {
dns_fixedname_t foundname;
dns_name_t *fname;
@ -2581,9 +2626,9 @@ query_addsoa(ns_client_t *client, dns_db_t *db, dns_dbversion_t *version,
dns_fixedname_init(&foundname);
fname = dns_fixedname_name(&foundname);
result = dns_db_find(db, name, version, dns_rdatatype_soa,
client->query.dboptions, 0, &node,
fname, rdataset, sigrdataset);
result = dns_db_findext(db, name, version, dns_rdatatype_soa,
client->query.dboptions, 0, &node,
fname, &cm, &ci, rdataset, sigrdataset);
}
if (result != ISC_R_SUCCESS) {
/*
@ -2648,6 +2693,8 @@ query_addns(ns_client_t *client, dns_db_t *db, dns_dbversion_t *version) {
dns_fixedname_t foundname;
dns_rdataset_t *rdataset = NULL, *sigrdataset = NULL;
dns_rdataset_t **sigrdatasetp = NULL;
dns_clientinfomethods_t cm;
dns_clientinfo_t ci;
CTRACE("query_addns");
/*
@ -2659,6 +2706,8 @@ query_addns(ns_client_t *client, dns_db_t *db, dns_dbversion_t *version) {
node = NULL;
dns_fixedname_init(&foundname);
fname = dns_fixedname_name(&foundname);
dns_clientinfomethods_init(&cm, ns_client_sourceip);
dns_clientinfo_init(&ci, client);
/*
* Get resources and make 'name' be the database origin.
@ -2691,14 +2740,13 @@ query_addns(ns_client_t *client, dns_db_t *db, dns_dbversion_t *version) {
result = dns_db_getoriginnode(db, &node);
if (result == ISC_R_SUCCESS) {
result = dns_db_findrdataset(db, node, version,
dns_rdatatype_ns,
0, client->now, rdataset,
sigrdataset);
dns_rdatatype_ns, 0, client->now,
rdataset, sigrdataset);
} else {
CTRACE("query_addns: calling dns_db_find");
result = dns_db_find(db, name, NULL, dns_rdatatype_ns,
client->query.dboptions, 0, &node,
fname, rdataset, sigrdataset);
result = dns_db_findext(db, name, NULL, dns_rdatatype_ns,
client->query.dboptions, 0, &node,
fname, &cm, &ci, rdataset, sigrdataset);
CTRACE("query_addns: dns_db_find complete");
}
if (result != ISC_R_SUCCESS) {
@ -2820,15 +2868,19 @@ mark_secure(ns_client_t *client, dns_db_t *db, dns_name_t *name,
{
isc_result_t result;
dns_dbnode_t *node = NULL;
dns_clientinfomethods_t cm;
dns_clientinfo_t ci;
isc_stdtime_t now;
rdataset->trust = dns_trust_secure;
sigrdataset->trust = dns_trust_secure;
dns_clientinfomethods_init(&cm, ns_client_sourceip);
dns_clientinfo_init(&ci, client);
/*
* Save the updated secure state. Ignore failures.
*/
result = dns_db_findnode(db, name, ISC_TRUE, &node);
result = dns_db_findnodeext(db, name, ISC_TRUE, &cm, &ci, &node);
if (result != ISC_R_SUCCESS)
return;
@ -2856,9 +2908,15 @@ get_key(ns_client_t *client, dns_db_t *db, dns_rdata_rrsig_t *rrsig,
isc_result_t result;
dns_dbnode_t *node = NULL;
isc_boolean_t secure = ISC_FALSE;
dns_clientinfomethods_t cm;
dns_clientinfo_t ci;
dns_clientinfomethods_init(&cm, ns_client_sourceip);
dns_clientinfo_init(&ci, client);
if (!dns_rdataset_isassociated(keyrdataset)) {
result = dns_db_findnode(db, &rrsig->signer, ISC_FALSE, &node);
result = dns_db_findnodeext(db, &rrsig->signer, ISC_FALSE,
&cm, &ci, &node);
if (result != ISC_R_SUCCESS)
return (ISC_FALSE);
@ -2901,7 +2959,7 @@ get_key(ns_client_t *client, dns_db_t *db, dns_rdata_rrsig_t *rrsig,
static isc_boolean_t
verify(dst_key_t *key, dns_name_t *name, dns_rdataset_t *rdataset,
dns_rdata_t *rdata, isc_mem_t *mctx, isc_boolean_t acceptexpired)
dns_rdata_t *rdata, ns_client_t *client)
{
isc_result_t result;
dns_fixedname_t fixed;
@ -2910,9 +2968,10 @@ verify(dst_key_t *key, dns_name_t *name, dns_rdataset_t *rdataset,
dns_fixedname_init(&fixed);
again:
result = dns_dnssec_verify2(name, rdataset, key, ignore, mctx,
result = dns_dnssec_verify3(name, rdataset, key, ignore,
client->view->maxbits, client->mctx,
rdata, NULL);
if (result == DNS_R_SIGEXPIRED && acceptexpired) {
if (result == DNS_R_SIGEXPIRED && client->view->acceptexpired) {
ignore = ISC_TRUE;
goto again;
}
@ -2955,8 +3014,7 @@ validate(ns_client_t *client, dns_db_t *db, dns_name_t *name,
do {
if (!get_key(client, db, &rrsig, &keyrdataset, &key))
break;
if (verify(key, name, rdataset, &rdata, client->mctx,
client->view->acceptexpired)) {
if (verify(key, name, rdataset, &rdata, client)) {
dst_key_free(&key);
dns_rdataset_disassociate(&keyrdataset);
mark_secure(client, db, name, &rrsig,
@ -2983,6 +3041,8 @@ query_addbestns(ns_client_t *client) {
dns_dbversion_t *version;
dns_zone_t *zone;
isc_buffer_t b;
dns_clientinfomethods_t cm;
dns_clientinfo_t ci;
CTRACE("query_addbestns");
fname = NULL;
@ -2999,6 +3059,9 @@ query_addbestns(ns_client_t *client) {
is_zone = ISC_FALSE;
use_zone = ISC_FALSE;
dns_clientinfomethods_init(&cm, ns_client_sourceip);
dns_clientinfo_init(&ci, client);
/*
* Find the right database.
*/
@ -3032,10 +3095,11 @@ query_addbestns(ns_client_t *client) {
* Now look for the zonecut.
*/
if (is_zone) {
result = dns_db_find(db, client->query.qname, version,
dns_rdatatype_ns, client->query.dboptions,
client->now, &node, fname,
rdataset, sigrdataset);
result = dns_db_findext(db, client->query.qname, version,
dns_rdatatype_ns,
client->query.dboptions,
client->now, &node, fname,
&cm, &ci, rdataset, sigrdataset);
if (result != DNS_R_DELEGATION)
goto cleanup;
if (USECACHE(client)) {
@ -3312,6 +3376,8 @@ query_addwildcardproof(ns_client_t *client, dns_db_t *db,
int order;
dns_fixedname_t cfixed;
dns_name_t *cname;
dns_clientinfomethods_t cm;
dns_clientinfo_t ci;
CTRACE("query_addwildcardproof");
fname = NULL;
@ -3319,6 +3385,9 @@ query_addwildcardproof(ns_client_t *client, dns_db_t *db,
sigrdataset = NULL;
node = NULL;
dns_clientinfomethods_init(&cm, ns_client_sourceip);
dns_clientinfo_init(&ci, client);
/*
* Get the NOQNAME proof then if !ispositive
* get the NOWILDCARD proof.
@ -3378,8 +3447,9 @@ query_addwildcardproof(ns_client_t *client, dns_db_t *db,
if (fname == NULL || rdataset == NULL || sigrdataset == NULL)
goto cleanup;
result = dns_db_find(db, name, version, dns_rdatatype_nsec, options,
0, &node, fname, rdataset, sigrdataset);
result = dns_db_findext(db, name, version, dns_rdatatype_nsec,
options, 0, &node, fname, &cm, &ci,
rdataset, sigrdataset);
if (node != NULL)
dns_db_detachnode(db, &node);
@ -3401,10 +3471,10 @@ query_addwildcardproof(ns_client_t *client, dns_db_t *db,
if (labels == 0U)
goto cleanup;
dns_name_split(cname, labels, NULL, cname);
result = dns_db_find(db, cname, version,
dns_rdatatype_nsec,
options, 0, NULL, fname,
NULL, NULL);
result = dns_db_findext(db, cname, version,
dns_rdatatype_nsec,
options, 0, NULL, fname,
&cm, &ci, NULL, NULL);
}
/*
* Add closest (provable) encloser NSEC3.
@ -3904,6 +3974,11 @@ rpz_rrset_find(ns_client_t *client, dns_rpz_type_t rpz_type,
dns_fixedname_t fixed;
dns_name_t *found;
isc_result_t result;
dns_clientinfomethods_t cm;
dns_clientinfo_t ci;
dns_clientinfomethods_init(&cm, ns_client_sourceip);
dns_clientinfo_init(&ci, client);
st = client->query.rpz_st;
if ((st->state & DNS_RPZ_RECURSING) != 0) {
@ -3959,8 +4034,9 @@ rpz_rrset_find(ns_client_t *client, dns_rpz_type_t rpz_type,
node = NULL;
dns_fixedname_init(&fixed);
found = dns_fixedname_name(&fixed);
result = dns_db_find(*dbp, name, version, type, DNS_DBFIND_GLUEOK,
client->now, &node, found, *rdatasetp, NULL);
result = dns_db_findext(*dbp, name, version, type, DNS_DBFIND_GLUEOK,
client->now, &node, found,
&cm, &ci, *rdatasetp, NULL);
if (result == DNS_R_DELEGATION && is_zone && USECACHE(client)) {
/*
* Try the cache if we're authoritative for an
@ -3969,9 +4045,9 @@ rpz_rrset_find(ns_client_t *client, dns_rpz_type_t rpz_type,
rpz_clean(NULL, dbp, &node, rdatasetp);
version = NULL;
dns_db_attach(client->view->cachedb, dbp);
result = dns_db_find(*dbp, name, version, dns_rdatatype_ns,
0, client->now, &node, found,
*rdatasetp, NULL);
result = dns_db_findext(*dbp, name, version, dns_rdatatype_ns,
0, client->now, &node, found,
&cm, &ci, *rdatasetp, NULL);
}
rpz_clean(NULL, dbp, &node, NULL);
if (result == DNS_R_DELEGATION) {
@ -4169,9 +4245,14 @@ rpz_find(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qnamef,
dns_fixedname_t fixed;
dns_name_t *found;
isc_result_t result;
dns_clientinfomethods_t cm;
dns_clientinfo_t ci;
REQUIRE(nodep != NULL);
dns_clientinfomethods_init(&cm, ns_client_sourceip);
dns_clientinfo_init(&ci, client);
result = rpz_ready(client, zonep, dbp, nodep, rdatasetp);
if (result != ISC_R_SUCCESS) {
*policyp = DNS_RPZ_POLICY_ERROR;
@ -4191,8 +4272,9 @@ rpz_find(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qnamef,
dns_fixedname_init(&fixed);
found = dns_fixedname_name(&fixed);
result = dns_db_find(*dbp, qnamef, *versionp, dns_rdatatype_any, 0,
client->now, nodep, found, *rdatasetp, NULL);
result = dns_db_findext(*dbp, qnamef, *versionp, dns_rdatatype_any, 0,
client->now, nodep, found, &cm, &ci,
*rdatasetp, NULL);
if (result == ISC_R_SUCCESS) {
dns_rdatasetiter_t *rdsiter;
@ -4236,10 +4318,10 @@ rpz_find(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qnamef,
qtype == dns_rdatatype_sig)
result = DNS_R_NXRRSET;
else
result = dns_db_find(*dbp, qnamef, *versionp,
qtype, 0, client->now,
nodep, found, *rdatasetp,
NULL);
result = dns_db_findext(*dbp, qnamef, *versionp,
qtype, 0, client->now,
nodep, found, &cm, &ci,
*rdatasetp, NULL);
}
}
switch (result) {
@ -5183,6 +5265,8 @@ query_findclosestnsec3(dns_name_t *qname, dns_db_t *db,
dns_rdata_nsec3_t nsec3;
dns_rdata_t rdata = DNS_RDATA_INIT;
isc_boolean_t optout;
dns_clientinfomethods_t cm;
dns_clientinfo_t ci;
salt_length = sizeof(salt);
result = dns_db_getnsec3parameters(db, version, &hash, NULL,
@ -5192,6 +5276,8 @@ query_findclosestnsec3(dns_name_t *qname, dns_db_t *db,
dns_name_init(&name, NULL);
dns_name_clone(qname, &name);
dns_clientinfomethods_init(&cm, ns_client_sourceip);
dns_clientinfo_init(&ci, client);
/*
* Map unknown algorithm to known value.
@ -5208,9 +5294,9 @@ query_findclosestnsec3(dns_name_t *qname, dns_db_t *db,
return;
dboptions = client->query.dboptions | DNS_DBFIND_FORCENSEC3;
result = dns_db_find(db, dns_fixedname_name(&fixed), version,
dns_rdatatype_nsec3, dboptions, client->now,
NULL, fname, rdataset, sigrdataset);
result = dns_db_findext(db, dns_fixedname_name(&fixed), version,
dns_rdatatype_nsec3, dboptions, client->now,
NULL, fname, &cm, &ci, rdataset, sigrdataset);
if (result == DNS_R_NXDOMAIN) {
if (!dns_rdataset_isassociated(rdataset)) {
@ -5349,6 +5435,121 @@ dns64_aaaaok(ns_client_t *client, dns_rdataset_t *rdataset,
return (ISC_FALSE);
}
/*
* Look for the name and type in the redirection zone. If found update
* the arguments as appropriate. Return ISC_TRUE if a update was
* performed.
*
* Only perform the update if the client is in the allow query acl and
* returning the update would not cause a DNSSEC validation failure.
*/
static isc_boolean_t
redirect(ns_client_t *client, dns_name_t *name, dns_rdataset_t *rdataset,
dns_dbnode_t **nodep, dns_db_t **dbp, dns_dbversion_t **versionp,
dns_rdatatype_t qtype)
{
dns_db_t *db = NULL;
dns_dbnode_t *node = NULL;
dns_fixedname_t fixed;
dns_name_t *found;
dns_rdataset_t trdataset;
isc_result_t result;
dns_rdatatype_t type;
dns_clientinfomethods_t cm;
dns_clientinfo_t ci;
ns_dbversion_t *dbversion;
CTRACE("redirect");
if (client->view->redirect == NULL)
return (ISC_FALSE);
dns_fixedname_init(&fixed);
found = dns_fixedname_name(&fixed);
dns_rdataset_init(&trdataset);
dns_clientinfomethods_init(&cm, ns_client_sourceip);
dns_clientinfo_init(&ci, client);
if (WANTDNSSEC(client) && dns_db_iszone(*dbp) && dns_db_issecure(*dbp))
return (ISC_FALSE);
if (WANTDNSSEC(client) && dns_rdataset_isassociated(rdataset)) {
if (rdataset->trust == dns_trust_secure)
return (ISC_FALSE);
if (rdataset->trust == dns_trust_ultimate &&
(rdataset->type == dns_rdatatype_nsec ||
rdataset->type == dns_rdatatype_nsec3))
return (ISC_FALSE);
if ((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) {
for (result = dns_rdataset_first(rdataset);
result == ISC_R_SUCCESS;
result = dns_rdataset_next(rdataset)) {
dns_ncache_current(rdataset, found, &trdataset);
type = trdataset.type;
dns_rdataset_disassociate(&trdataset);
if (type == dns_rdatatype_nsec ||
type == dns_rdatatype_nsec3 ||
type == dns_rdatatype_rrsig)
return (ISC_FALSE);
}
}
}
result = ns_client_checkaclsilent(client, NULL,
dns_zone_getqueryacl(client->view->redirect),
ISC_TRUE);
if (result != ISC_R_SUCCESS)
return (ISC_FALSE);
result = dns_zone_getdb(client->view->redirect, &db);
if (result != ISC_R_SUCCESS)
return (ISC_FALSE);
dbversion = query_findversion(client, db);
if (dbversion == NULL) {
dns_db_detach(&db);
return (ISC_FALSE);
}
/*
* Lookup the requested data in the redirect zone.
*/
result = dns_db_findext(db, client->query.qname, dbversion->version,
qtype, 0, client->now, &node, found, &cm, &ci,
&trdataset, NULL);
if (result != ISC_R_SUCCESS) {
if (dns_rdataset_isassociated(&trdataset))
dns_rdataset_disassociate(&trdataset);
if (node != NULL)
dns_db_detachnode(db, &node);
dns_db_detach(&db);
return (ISC_FALSE);
}
CTRACE("redirect: found data: done");
dns_name_copy(found, name, NULL);
if (dns_rdataset_isassociated(rdataset))
dns_rdataset_disassociate(rdataset);
if (dns_rdataset_isassociated(&trdataset)) {
dns_rdataset_clone(&trdataset, rdataset);
dns_rdataset_disassociate(&trdataset);
}
if (*nodep != NULL)
dns_db_detachnode(*dbp, nodep);
dns_db_detach(dbp);
dns_db_attachnode(db, node, nodep);
dns_db_attach(db, dbp);
dns_db_detachnode(db, &node);
dns_db_detach(&db);
*versionp = dbversion->version;
client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY |
NS_QUERYATTR_NOADDITIONAL);
return (ISC_TRUE);
}
/*
* Do the bulk of query processing for the current query of 'client'.
* If 'event' is non-NULL, we are returning from recursion and 'qtype'
@ -5387,6 +5588,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
isc_boolean_t resuming;
int line = -1;
isc_boolean_t dns64_exclude, dns64;
dns_clientinfomethods_t cm;
dns_clientinfo_t ci;
CTRACE("query_find");
@ -5418,6 +5621,9 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
is_zone = ISC_FALSE;
is_staticstub_zone = ISC_FALSE;
dns_clientinfomethods_init(&cm, ns_client_sourceip);
dns_clientinfo_init(&ci, client);
if (event != NULL) {
/*
* We're returning from recursion. Restore the query context
@ -5652,9 +5858,9 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
/*
* Now look for an answer in the database.
*/
result = dns_db_find(db, client->query.qname, version, type,
client->query.dboptions, client->now,
&node, fname, rdataset, sigrdataset);
result = dns_db_findext(db, client->query.qname, version, type,
client->query.dboptions, client->now,
&node, fname, &cm, &ci, rdataset, sigrdataset);
resume:
CTRACE("query_find: resume");
@ -5828,10 +6034,11 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
result = ISC_R_FAILURE;
} else {
dns_db_attach(client->view->hints, &db);
result = dns_db_find(db, dns_rootname,
NULL, dns_rdatatype_ns,
0, client->now, &node, fname,
rdataset, sigrdataset);
result = dns_db_findext(db, dns_rootname,
NULL, dns_rdatatype_ns,
0, client->now, &node,
fname, &cm, &ci,
rdataset, sigrdataset);
}
if (result != ISC_R_SUCCESS) {
/*
@ -6301,6 +6508,10 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
case DNS_R_NXDOMAIN:
INSIST(is_zone);
if (!empty_wild &&
redirect(client, fname, rdataset, &node, &db, &version,
type))
break;
if (dns_rdataset_isassociated(rdataset)) {
/*
* If we've got a NSEC record, we need to save the
@ -6360,6 +6571,9 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
goto cleanup;
case DNS_R_NCACHENXDOMAIN:
if (redirect(client, fname, rdataset, &node, &db, &version,
type))
break;
case DNS_R_NCACHENXRRSET:
ncache_nxrrset:
INSIST(!is_zone);
@ -6862,9 +7076,9 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
if (qtype == dns_rdatatype_aaaa) {
trdataset = query_newrdataset(client);
result = dns_db_findrdataset(db, node, version,
dns_rdatatype_a, 0,
client->now,
trdataset, NULL);
dns_rdatatype_a, 0,
client->now,
trdataset, NULL);
if (dns_rdataset_isassociated(trdataset))
dns_rdataset_disassociate(trdataset);
query_putrdataset(client, &trdataset);
@ -7340,6 +7554,7 @@ ns_query_start(ns_client_t *client) {
INSIST(rdataset != NULL);
qtype = rdataset->type;
dns_rdatatypestats_increment(ns_g_server->rcvquerystats, qtype);
if (dns_rdatatype_ismeta(qtype)) {
switch (qtype) {
case dns_rdatatype_any:

920
bin/named/server.c
View File

File diff suppressed because it is too large Load Diff

507
bin/named/statschannel.c
View File

@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: statschannel.c,v 1.26.150.2 2011/03/12 04:59:14 tbox Exp $ */
/* $Id: statschannel.c,v 1.28 2011/03/12 04:59:46 tbox Exp $ */
/*! \file */
@ -43,7 +43,11 @@
#include <named/server.h>
#include <named/statschannel.h>
#include "bind9.xsl.h"
#ifdef NEWSTATS
#include "bind9.ver3.xsl.h"
#else /* OLDSTATS */
#include "bind9.xsl.h"
#endif /* NEWSTATS */
struct ns_statschannel {
/* Unlocked */
@ -187,7 +191,7 @@ init_desc(void) {
SET_NSSTATDESC(servfail, "queries resulted in SERVFAIL", "QrySERVFAIL");
SET_NSSTATDESC(formerr, "queries resulted in FORMERR", "QryFORMERR");
SET_NSSTATDESC(nxdomain, "queries resulted in NXDOMAIN", "QryNXDOMAIN");
SET_NSSTATDESC(recursion, "queries caused recursion","QryRecursion");
SET_NSSTATDESC(recursion, "queries caused recursion", "QryRecursion");
SET_NSSTATDESC(duplicate, "duplicate queries received", "QryDuplicate");
SET_NSSTATDESC(dropped, "queries dropped", "QryDropped");
SET_NSSTATDESC(failure, "other query failures", "QryFailure");
@ -304,7 +308,8 @@ init_desc(void) {
SET_ZONESTATDESC(axfrreqv6, "IPv6 AXFR requested", "AXFRReqv6");
SET_ZONESTATDESC(ixfrreqv4, "IPv4 IXFR requested", "IXFRReqv4");
SET_ZONESTATDESC(ixfrreqv6, "IPv6 IXFR requested", "IXFRReqv6");
SET_ZONESTATDESC(xfrsuccess, "transfer requests succeeded","XfrSuccess");
SET_ZONESTATDESC(xfrsuccess, "transfer requests succeeded",
"XfrSuccess");
SET_ZONESTATDESC(xfrfail, "transfer requests failed", "XfrFail");
INSIST(i == dns_zonestatscounter_max);
@ -427,7 +432,7 @@ init_desc(void) {
do { \
set_desc(dns_dnssecstats_ ## counterid, \
dns_dnssecstats_max, \
desc, dnssecstats_desc,\
desc, dnssecstats_desc, \
xmldesc, dnssecstats_xmldesc); \
dnssecstats_index[i++] = dns_dnssecstats_ ## counterid; \
} while (0)
@ -519,6 +524,51 @@ dump_counters(isc_stats_t *stats, statsformat_t type, void *arg,
break;
case statsformat_xml:
#ifdef HAVE_LIBXML2
#ifdef NEWSTATS
writer = arg;
if (category != NULL) {
/* <NameOfCategory> */
TRY0(xmlTextWriterStartElement(writer,
ISC_XMLCHAR
category));
/* <name> inside category */
TRY0(xmlTextWriterStartElement(writer,
ISC_XMLCHAR
"name"));
TRY0(xmlTextWriterWriteString(writer,
ISC_XMLCHAR
desc[index]));
TRY0(xmlTextWriterEndElement(writer));
/* </name> */
/* <counter> */
TRY0(xmlTextWriterStartElement(writer,
ISC_XMLCHAR
"counter"));
TRY0(xmlTextWriterWriteFormatString(writer,
"%" ISC_PRINT_QUADFORMAT "u", value));
TRY0(xmlTextWriterEndElement(writer));
/* </counter> */
TRY0(xmlTextWriterEndElement(writer));
/* </NameOfCategory> */
} else {
TRY0(xmlTextWriterStartElement(writer,
ISC_XMLCHAR
"counter"));
TRY0(xmlTextWriterWriteAttribute(writer,
ISC_XMLCHAR
"name",
ISC_XMLCHAR
desc[index]));
TRY0(xmlTextWriterWriteFormatString(writer,
"%" ISC_PRINT_QUADFORMAT "u", value));
TRY0(xmlTextWriterEndElement(writer));
/* counter */
}
#else /* !NEWSTATS */
writer = arg;
if (category != NULL) {
@ -548,17 +598,73 @@ dump_counters(isc_stats_t *stats, statsformat_t type, void *arg,
TRY0(xmlTextWriterEndElement(writer)); /* counter */
if (category != NULL)
TRY0(xmlTextWriterEndElement(writer)); /* category */
#endif
#endif /* NEWSTATS */
#endif /* LIBXML2 */
break;
}
}
return (ISC_R_SUCCESS);
#ifdef HAVE_LIBXML2
error:
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
ISC_LOG_ERROR, "failed at dump_counters()");
return (ISC_R_FAILURE);
#endif
}
#ifdef NEWSTATS
static void
rdtypestat_dump(dns_rdatastatstype_t type, isc_uint64_t val, void *arg) {
char typebuf[64];
const char *typestr;
stats_dumparg_t *dumparg = arg;
FILE *fp;
#ifdef HAVE_LIBXML2
xmlTextWriterPtr writer;
int xmlrc;
#endif
if ((DNS_RDATASTATSTYPE_ATTR(type) & DNS_RDATASTATSTYPE_ATTR_OTHERTYPE)
== 0) {
dns_rdatatype_format(DNS_RDATASTATSTYPE_BASE(type), typebuf,
sizeof(typebuf));
typestr = typebuf;
} else
typestr = "Others";
switch (dumparg->type) {
case statsformat_file:
fp = dumparg->arg;
fprintf(fp, "%20" ISC_PRINT_QUADFORMAT "u %s\n", val, typestr);
break;
case statsformat_xml:
#ifdef HAVE_LIBXML2
writer = dumparg->arg;
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "counter"));
TRY0(xmlTextWriterWriteAttribute(writer, ISC_XMLCHAR "name",
ISC_XMLCHAR typestr));
TRY0(xmlTextWriterWriteFormatString(writer,
"%" ISC_PRINT_QUADFORMAT "u",
val));
TRY0(xmlTextWriterEndElement(writer)); /* type */
#endif
break;
}
return;
#ifdef HAVE_LIBXML2
error:
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
ISC_LOG_ERROR, "failed at rdtypestat_dump()");
dumparg->result = ISC_R_FAILURE;
return;
#endif
}
#else /* NEWSTATS */
static void
rdtypestat_dump(dns_rdatastatstype_t type, isc_uint64_t val, void *arg) {
char typebuf[64];
@ -610,6 +716,7 @@ rdtypestat_dump(dns_rdatastatstype_t type, isc_uint64_t val, void *arg) {
return;
#endif
}
#endif /* NEWSTATS */
static void
rdatasetstats_dump(dns_rdatastatstype_t type, isc_uint64_t val, void *arg) {
@ -668,11 +775,58 @@ rdatasetstats_dump(dns_rdatastatstype_t type, isc_uint64_t val, void *arg) {
return;
#ifdef HAVE_LIBXML2
error:
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
ISC_LOG_ERROR, "failed at rdatasetstats_dump()");
dumparg->result = ISC_R_FAILURE;
#endif
}
#ifdef NEWSTATS
static void
opcodestat_dump(dns_opcode_t code, isc_uint64_t val, void *arg) {
FILE *fp;
isc_buffer_t b;
char codebuf[64];
stats_dumparg_t *dumparg = arg;
#ifdef HAVE_LIBXML2
xmlTextWriterPtr writer;
int xmlrc;
#endif
isc_buffer_init(&b, codebuf, sizeof(codebuf) - 1);
dns_opcode_totext(code, &b);
codebuf[isc_buffer_usedlength(&b)] = '\0';
switch (dumparg->type) {
case statsformat_file:
fp = dumparg->arg;
fprintf(fp, "%20" ISC_PRINT_QUADFORMAT "u %s\n", val, codebuf);
break;
case statsformat_xml:
#ifdef HAVE_LIBXML2
writer = dumparg->arg;
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "counter"));
TRY0(xmlTextWriterWriteAttribute(writer, ISC_XMLCHAR "name",
ISC_XMLCHAR codebuf ));
TRY0(xmlTextWriterWriteFormatString(writer,
"%" ISC_PRINT_QUADFORMAT "u",
val));
TRY0(xmlTextWriterEndElement(writer)); /* counter */
#endif
break;
}
return;
#ifdef HAVE_LIBXML2
error:
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
ISC_LOG_ERROR, "failed at opcodestat_dump()");
dumparg->result = ISC_R_FAILURE;
return;
#endif
}
#else /* NEWSTATS */
static void
opcodestat_dump(dns_opcode_t code, isc_uint64_t val, void *arg) {
FILE *fp;
@ -721,12 +875,96 @@ opcodestat_dump(dns_opcode_t code, isc_uint64_t val, void *arg) {
return;
#endif
}
#endif /* NEWSTATS */
#ifdef HAVE_LIBXML2
/* XXXMLG below here sucks. */
/* XXXMLG below here sucks. (not so much) */
#ifdef NEWSTATS
static isc_result_t
zone_xmlrender(dns_zone_t *zone, void *arg) {
isc_result_t result;
char buf[1024 + 32]; /* sufficiently large for zone name and class */
char *zone_name_only = NULL;
dns_rdataclass_t rdclass;
isc_uint32_t serial;
xmlTextWriterPtr writer = arg;
isc_stats_t *zonestats;
dns_stats_t *rcvquerystats;
dns_zonestat_level_t statlevel;
isc_uint64_t nsstat_values[dns_nsstatscounter_max];
int xmlrc;
stats_dumparg_t dumparg;
statlevel = dns_zone_getstatlevel(zone);
if (statlevel == dns_zonestat_none)
return (ISC_R_SUCCESS);
dumparg.type = statsformat_xml;
dumparg.arg = writer;
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "zone"));
dns_zone_name(zone, buf, sizeof(buf));
zone_name_only = strtok(buf, "/");
if(zone_name_only == NULL)
zone_name_only = buf;
TRY0(xmlTextWriterWriteAttribute(writer, ISC_XMLCHAR "name",
ISC_XMLCHAR zone_name_only));
rdclass = dns_zone_getclass(zone);
dns_rdataclass_format(rdclass, buf, sizeof(buf));
TRY0(xmlTextWriterWriteAttribute(writer, ISC_XMLCHAR "rdataclass",
ISC_XMLCHAR buf));
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "serial"));
if (dns_zone_getserial2(zone, &serial) == ISC_R_SUCCESS)
TRY0(xmlTextWriterWriteFormatString(writer, "%u", serial));
else
TRY0(xmlTextWriterWriteString(writer, ISC_XMLCHAR "-"));
TRY0(xmlTextWriterEndElement(writer)); /* serial */
zonestats = dns_zone_getrequeststats(zone);
rcvquerystats = dns_zone_getrcvquerystats(zone);
if (statlevel == dns_zonestat_full && zonestats != NULL) {
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "counters"));
TRY0(xmlTextWriterWriteAttribute(writer, ISC_XMLCHAR "type",
ISC_XMLCHAR "rcode"));
result = dump_counters(zonestats, statsformat_xml, writer,
NULL, nsstats_xmldesc,
dns_nsstatscounter_max, nsstats_index,
nsstat_values, ISC_STATSDUMP_VERBOSE);
if (result != ISC_R_SUCCESS)
goto error;
/* counters type="rcode"*/
TRY0(xmlTextWriterEndElement(writer));
}
if (statlevel == dns_zonestat_full && rcvquerystats != NULL) {
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "counters"));
TRY0(xmlTextWriterWriteAttribute(writer, ISC_XMLCHAR "type",
ISC_XMLCHAR "qtype"));
dumparg.result = ISC_R_SUCCESS;
dns_rdatatypestats_dump(rcvquerystats, rdtypestat_dump,
&dumparg, 0);
if(dumparg.result != ISC_R_SUCCESS)
goto error;
/* counters type="qtype"*/
TRY0(xmlTextWriterEndElement(writer));
}
TRY0(xmlTextWriterEndElement(writer)); /* zone */
return (ISC_R_SUCCESS);
error:
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
ISC_LOG_ERROR, "Failed at zone_xmlrender()");
return (ISC_R_FAILURE);
}
#else /* NEWSTATS */
static isc_result_t
zone_xmlrender(dns_zone_t *zone, void *arg) {
char buf[1024 + 32]; /* sufficiently large for zone name and class */
@ -776,7 +1014,237 @@ zone_xmlrender(dns_zone_t *zone, void *arg) {
error:
return (ISC_R_FAILURE);
}
#endif /* NEWSTATS */
#ifdef NEWSTATS
static isc_result_t
generatexml(ns_server_t *server, int *buflen, xmlChar **buf) {
char boottime[sizeof "yyyy-mm-ddThh:mm:ssZ"];
char nowstr[sizeof "yyyy-mm-ddThh:mm:ssZ"];
isc_time_t now;
xmlTextWriterPtr writer = NULL;
xmlDocPtr doc = NULL;
int xmlrc;
dns_view_t *view;
stats_dumparg_t dumparg;
dns_stats_t *cacherrstats;
isc_uint64_t nsstat_values[dns_nsstatscounter_max];
isc_uint64_t resstat_values[dns_resstatscounter_max];
isc_uint64_t zonestat_values[dns_zonestatscounter_max];
isc_uint64_t sockstat_values[isc_sockstatscounter_max];
isc_result_t result;
isc_time_now(&now);
isc_time_formatISO8601(&ns_g_boottime, boottime, sizeof boottime);
isc_time_formatISO8601(&now, nowstr, sizeof nowstr);
writer = xmlNewTextWriterDoc(&doc, 0);
if (writer == NULL)
goto error;
TRY0(xmlTextWriterStartDocument(writer, NULL, "UTF-8", NULL));
TRY0(xmlTextWriterWritePI(writer, ISC_XMLCHAR "xml-stylesheet",
ISC_XMLCHAR "type=\"text/xsl\" href=\"/bind9.ver3.xsl\""));
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "statistics"));
TRY0(xmlTextWriterWriteAttribute(writer, ISC_XMLCHAR "version",
ISC_XMLCHAR "3.0"));
/* Set common fields for statistics dump */
dumparg.type = statsformat_xml;
dumparg.arg = writer;
/*
* Start by rendering the views we know of here. For each view we
* know of, call its rendering function.
*/
view = ISC_LIST_HEAD(server->viewlist);
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "views"));
while (view != NULL) {
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "view"));
TRY0(xmlTextWriterWriteAttribute(writer, ISC_XMLCHAR "name",
ISC_XMLCHAR view->name));
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "zones"));
result = dns_zt_apply(view->zonetable, ISC_TRUE, zone_xmlrender,
writer);
if (result != ISC_R_SUCCESS)
goto error;
TRY0(xmlTextWriterEndElement(writer)); /* zones */
TRY0(xmlTextWriterStartElement(writer,
ISC_XMLCHAR "counters"));
TRY0(xmlTextWriterWriteAttribute(writer, ISC_XMLCHAR "type",
ISC_XMLCHAR "resqtype"));
if (view->resquerystats != NULL) {
dumparg.result = ISC_R_SUCCESS;
dns_rdatatypestats_dump(view->resquerystats,
rdtypestat_dump, &dumparg, 0);
if (dumparg.result != ISC_R_SUCCESS)
goto error;
}
TRY0(xmlTextWriterEndElement(writer));
/* <resstats> */
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "counters"));
TRY0(xmlTextWriterWriteAttribute(writer, ISC_XMLCHAR "type",
ISC_XMLCHAR "resstats"));
if (view->resstats != NULL) {
result = dump_counters(view->resstats,
statsformat_xml, writer,
NULL, resstats_xmldesc,
dns_resstatscounter_max,
resstats_index, resstat_values,
ISC_STATSDUMP_VERBOSE);
if (result != ISC_R_SUCCESS)
goto error;
}
TRY0(xmlTextWriterEndElement(writer)); /* </resstats> */
cacherrstats = dns_db_getrrsetstats(view->cachedb);
if (cacherrstats != NULL) {
TRY0(xmlTextWriterStartElement(writer,
ISC_XMLCHAR "cache"));
TRY0(xmlTextWriterWriteAttribute(writer,
ISC_XMLCHAR "name",
ISC_XMLCHAR
dns_cache_getname(view->cache)));
dumparg.result = ISC_R_SUCCESS;
dns_rdatasetstats_dump(cacherrstats, rdatasetstats_dump,
&dumparg, 0);
if (dumparg.result != ISC_R_SUCCESS)
goto error;
TRY0(xmlTextWriterEndElement(writer)); /* cache */
}
TRY0(xmlTextWriterEndElement(writer)); /* view */
view = ISC_LIST_NEXT(view, link);
}
TRY0(xmlTextWriterEndElement(writer)); /* views */
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "socketmgr"));
isc_socketmgr_renderxml(ns_g_socketmgr, writer);
TRY0(xmlTextWriterEndElement(writer)); /* socketmgr */
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "taskmgr"));
isc_taskmgr_renderxml(ns_g_taskmgr, writer);
TRY0(xmlTextWriterEndElement(writer)); /* taskmgr */
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "server"));
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "boot-time"));
TRY0(xmlTextWriterWriteString(writer, ISC_XMLCHAR boottime));
TRY0(xmlTextWriterEndElement(writer)); /* boot-time */
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "current-time"));
TRY0(xmlTextWriterWriteString(writer, ISC_XMLCHAR nowstr));
TRY0(xmlTextWriterEndElement(writer)); /* current-time */
dumparg.result = ISC_R_SUCCESS;
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "counters"));
TRY0(xmlTextWriterWriteAttribute(writer, ISC_XMLCHAR "type",
ISC_XMLCHAR "opcode"));
dns_opcodestats_dump(server->opcodestats, opcodestat_dump, &dumparg,
0);
if (dumparg.result != ISC_R_SUCCESS)
goto error;
TRY0(xmlTextWriterEndElement(writer)); /* counters type=opcode */
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "counters"));
TRY0(xmlTextWriterWriteAttribute(writer, ISC_XMLCHAR "type",
ISC_XMLCHAR "qtype"));
dumparg.result = ISC_R_SUCCESS;
dns_rdatatypestats_dump(server->rcvquerystats, rdtypestat_dump,
&dumparg, 0);
if (dumparg.result != ISC_R_SUCCESS)
goto error;
TRY0(xmlTextWriterEndElement(writer)); /* counters */
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "counters"));
TRY0(xmlTextWriterWriteAttribute(writer, ISC_XMLCHAR "type",
ISC_XMLCHAR "nsstat"));
result = dump_counters(server->nsstats, statsformat_xml,
writer, NULL, nsstats_xmldesc,
dns_nsstatscounter_max,
nsstats_index, nsstat_values,
ISC_STATSDUMP_VERBOSE);
if (result != ISC_R_SUCCESS)
goto error;
TRY0(xmlTextWriterEndElement(writer)); /* counters type=nsstat */
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "counters"));
TRY0(xmlTextWriterWriteAttribute(writer, ISC_XMLCHAR "type",
ISC_XMLCHAR "zonestat"));
result = dump_counters(server->zonestats, statsformat_xml, writer,
NULL, zonestats_xmldesc,
dns_zonestatscounter_max, zonestats_index,
zonestat_values, ISC_STATSDUMP_VERBOSE);
if (result != ISC_R_SUCCESS)
goto error;
TRY0(xmlTextWriterEndElement(writer)); /* counters type=zonestat */
/*
* Most of the common resolver statistics entries are 0, so we don't
* use the verbose dump here.
*/
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "counters"));
TRY0(xmlTextWriterWriteAttribute(writer, ISC_XMLCHAR "type",
ISC_XMLCHAR "resstat"));
result = dump_counters(server->resolverstats, statsformat_xml,
writer, NULL, resstats_xmldesc,
dns_resstatscounter_max, resstats_index,
resstat_values, 0);
if (result != ISC_R_SUCCESS)
goto error;
TRY0(xmlTextWriterEndElement(writer)); /* counters type=resstat */
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "counters"));
TRY0(xmlTextWriterWriteAttribute(writer, ISC_XMLCHAR "type",
ISC_XMLCHAR "sockstat"));
result = dump_counters(server->sockstats, statsformat_xml,
writer, NULL, sockstats_xmldesc,
isc_sockstatscounter_max, sockstats_index,
sockstat_values, ISC_STATSDUMP_VERBOSE);
if (result != ISC_R_SUCCESS)
goto error;
TRY0(xmlTextWriterEndElement(writer)); /* counters type=sockstat */
TRY0(xmlTextWriterEndElement(writer)); /* server */
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "memory"));
isc_mem_renderxml(writer);
TRY0(xmlTextWriterEndElement(writer)); /* memory */
TRY0(xmlTextWriterEndElement(writer)); /* statistics */
TRY0(xmlTextWriterEndDocument(writer));
xmlFreeTextWriter(writer);
xmlDocDumpFormatMemoryEnc(doc, buf, buflen, "UTF-8", 0);
xmlFreeDoc(doc);
return (ISC_R_SUCCESS);
error:
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
ISC_LOG_ERROR, "failed generating XML response");
if (writer != NULL)
xmlFreeTextWriter(writer);
if (doc != NULL)
xmlFreeDoc(doc);
return (ISC_R_FAILURE);
}
#else /* OLDSTATS */
static isc_result_t
generatexml(ns_server_t *server, int *buflen, xmlChar **buf) {
char boottime[sizeof "yyyy-mm-ddThh:mm:ssZ"];
@ -968,6 +1436,7 @@ generatexml(ns_server_t *server, int *buflen, xmlChar **buf) {
xmlFreeDoc(doc);
return (ISC_R_FAILURE);
}
#endif /* NEWSTATS */
static void
wrap_xmlfree(isc_buffer_t *buffer, void *arg) {
@ -1000,7 +1469,10 @@ render_index(const char *url, const char *querystring, void *arg,
isc_buffer_add(b, msglen);
*freecb = wrap_xmlfree;
*freecb_args = NULL;
}
} else
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
"failed at rendering XML()");
return (result);
}
@ -1032,7 +1504,7 @@ static void
shutdown_listener(ns_statschannel_t *listener) {
char socktext[ISC_SOCKADDR_FORMATSIZE];
isc_sockaddr_format(&listener->address, socktext, sizeof(socktext));
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,NS_LOGMODULE_SERVER,
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
ISC_LOG_NOTICE, "stopping statistics channel on %s",
socktext);
@ -1150,10 +1622,22 @@ add_listener(ns_server_t *server, ns_statschannel_t **listenerp,
#ifdef HAVE_LIBXML2
isc_httpdmgr_addurl(listener->httpdmgr, "/", render_index, server);
isc_httpdmgr_addurl(listener->httpdmgr, "/xml", render_index, server);
#ifdef NEWSTATS
isc_httpdmgr_addurl(listener->httpdmgr, "/xml/v3", render_index,
server);
#else /* OLDSTATS */
isc_httpdmgr_addurl(listener->httpdmgr, "/xml/v2", render_index,
server);
#endif /* NEWSTATS */
#endif
#ifdef NEWSTATS
isc_httpdmgr_addurl(listener->httpdmgr, "/bind9.ver3.xsl", render_xsl,
server);
#else /* OLDSTATS */
isc_httpdmgr_addurl(listener->httpdmgr, "/bind9.xsl", render_xsl,
server);
#endif /* NEWSTATS */
*listenerp = listener;
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_NOTICE,
@ -1285,7 +1769,8 @@ ns_statschannels_configure(ns_server_t *server, const cfg_obj_t *config,
obj = cfg_tuple_get(listen_params, "address");
addr = *cfg_obj_assockaddr(obj);
if (isc_sockaddr_getport(&addr) == 0)
isc_sockaddr_setport(&addr, NS_STATSCHANNEL_HTTPPORT);
isc_sockaddr_setport(&addr,
NS_STATSCHANNEL_HTTPPORT);
isc_sockaddr_format(&addr, socktext,
sizeof(socktext));

2
bin/named/unix/Makefile.in
View File

@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: Makefile.in,v 1.13.244.2 2011/03/10 23:47:26 tbox Exp $
# $Id: Makefile.in,v 1.15 2011/03/10 23:47:49 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@

11
bin/named/unix/dlz_dlopen_driver.c
View File

@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dlz_dlopen_driver.c,v 1.1.4.6 2012/02/22 23:46:35 tbox Exp $ */
/* $Id$ */
#include <config.h>
@ -143,7 +143,7 @@ dlopen_dlz_allowzonexfr(void *driverarg, void *dbdata, const char *name,
static isc_result_t
dlopen_dlz_authority(const char *zone, void *driverarg, void *dbdata,
dns_sdlzlookup_t *lookup)
dns_sdlzlookup_t *lookup)
{
dlopen_data_t *cd = (dlopen_data_t *) dbdata;
isc_result_t result;
@ -177,7 +177,9 @@ dlopen_dlz_findzonedb(void *driverarg, void *dbdata, const char *name)
static isc_result_t
dlopen_dlz_lookup(const char *zone, const char *name, void *driverarg,
void *dbdata, dns_sdlzlookup_t *lookup)
void *dbdata, dns_sdlzlookup_t *lookup,
dns_clientinfomethods_t *methods,
dns_clientinfo_t *clientinfo)
{
dlopen_data_t *cd = (dlopen_data_t *) dbdata;
isc_result_t result;
@ -185,7 +187,8 @@ dlopen_dlz_lookup(const char *zone, const char *name, void *driverarg,
UNUSED(driverarg);
MAYBE_LOCK(cd);
result = cd->dlz_lookup(zone, name, cd->dbdata, lookup);
result = cd->dlz_lookup(zone, name, cd->dbdata, lookup,
methods, clientinfo);
MAYBE_UNLOCK(cd);
return (result);
}

2
bin/named/unix/os.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: os.c,v 1.104.38.3 2011/03/02 00:04:01 marka Exp $ */
/* $Id: os.c,v 1.107 2011/03/02 00:02:54 marka Exp $ */
/*! \file */

1261
bin/named/update.c
View File

File diff suppressed because it is too large Load Diff

26
bin/named/xfrout.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: xfrout.c,v 1.139.16.4 2011/12/01 01:00:50 marka Exp $ */
/* $Id$ */
#include <config.h>
@ -247,12 +247,13 @@ ixfr_rrstream_create(isc_mem_t *mctx,
s = isc_mem_get(mctx, sizeof(*s));
if (s == NULL)
return (ISC_R_NOMEMORY);
s->common.mctx = mctx;
s->common.mctx = NULL;
isc_mem_attach(mctx, &s->common.mctx);
s->common.methods = &ixfr_rrstream_methods;
s->journal = NULL;
CHECK(dns_journal_open(mctx, journal_filename,
ISC_FALSE, &s->journal));
DNS_JOURNAL_READ, &s->journal));
CHECK(dns_journal_iter_init(s->journal, begin_serial, end_serial));
*sp = (rrstream_t *) s;
@ -289,7 +290,7 @@ ixfr_rrstream_destroy(rrstream_t **rsp) {
ixfr_rrstream_t *s = (ixfr_rrstream_t *) *rsp;
if (s->journal != 0)
dns_journal_destroy(&s->journal);
isc_mem_put(s->common.mctx, s, sizeof(*s));
isc_mem_putanddetach(&s->common.mctx, s, sizeof(*s));
}
static rrstream_methods_t ixfr_rrstream_methods = {
@ -335,7 +336,8 @@ axfr_rrstream_create(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *ver,
s = isc_mem_get(mctx, sizeof(*s));
if (s == NULL)
return (ISC_R_NOMEMORY);
s->common.mctx = mctx;
s->common.mctx = NULL;
isc_mem_attach(mctx, &s->common.mctx);
s->common.methods = &axfr_rrstream_methods;
s->it_valid = ISC_FALSE;
@ -413,7 +415,7 @@ axfr_rrstream_destroy(rrstream_t **rsp) {
axfr_rrstream_t *s = (axfr_rrstream_t *) *rsp;
if (s->it_valid)
dns_rriterator_destroy(&s->it);
isc_mem_put(s->common.mctx, s, sizeof(*s));
isc_mem_putanddetach(&s->common.mctx, s, sizeof(*s));
}
static rrstream_methods_t axfr_rrstream_methods = {
@ -455,7 +457,8 @@ soa_rrstream_create(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *ver,
s = isc_mem_get(mctx, sizeof(*s));
if (s == NULL)
return (ISC_R_NOMEMORY);
s->common.mctx = mctx;
s->common.mctx = NULL;
isc_mem_attach(mctx, &s->common.mctx);
s->common.methods = &soa_rrstream_methods;
s->soa_tuple = NULL;
@ -497,7 +500,7 @@ soa_rrstream_destroy(rrstream_t **rsp) {
soa_rrstream_t *s = (soa_rrstream_t *) *rsp;
if (s->soa_tuple != NULL)
dns_difftuple_free(&s->soa_tuple);
isc_mem_put(s->common.mctx, s, sizeof(*s));
isc_mem_putanddetach(&s->common.mctx, s, sizeof(*s));
}
static rrstream_methods_t soa_rrstream_methods = {
@ -561,7 +564,8 @@ compound_rrstream_create(isc_mem_t *mctx, rrstream_t **soa_stream,
s = isc_mem_get(mctx, sizeof(*s));
if (s == NULL)
return (ISC_R_NOMEMORY);
s->common.mctx = mctx;
s->common.mctx = NULL;
isc_mem_attach(mctx, &s->common.mctx);
s->common.methods = &compound_rrstream_methods;
s->components[0] = *soa_stream;
s->components[1] = *data_stream;
@ -634,7 +638,7 @@ compound_rrstream_destroy(rrstream_t **rsp) {
s->components[0]->methods->destroy(&s->components[0]);
s->components[1]->methods->destroy(&s->components[1]);
s->components[2] = NULL; /* Copy of components[0]. */
isc_mem_put(s->common.mctx, s, sizeof(*s));
isc_mem_putanddetach(&s->common.mctx, s, sizeof(*s));
}
static rrstream_methods_t compound_rrstream_methods = {

490
bin/named/zoneconf.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: zoneconf.c,v 1.170.14.7 2012/01/31 23:46:39 tbox Exp $ */
/* $Id$ */
/*% */
@ -792,7 +792,7 @@ checknames(dns_zonetype_t ztype, const cfg_obj_t **maps,
isc_result_t
ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
const cfg_obj_t *zconfig, cfg_aclconfctx_t *ac,
dns_zone_t *zone)
dns_zone_t *zone, dns_zone_t *raw)
{
isc_result_t result;
const char *zname;
@ -824,8 +824,12 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
isc_boolean_t ixfrdiff;
dns_masterformat_t masterformat;
isc_stats_t *zoneqrystats;
isc_boolean_t zonestats_on;
#ifdef NEWSTATS
dns_stats_t *rcvquerystats;
#endif
dns_zonestat_level_t statlevel;
int seconds;
dns_zone_t *mayberaw = (raw != NULL) ? raw : zone;
i = 0;
if (zconfig != NULL) {
@ -857,9 +861,16 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
RETERR(ns_config_getclass(cfg_tuple_get(zconfig, "class"),
vclass, &zclass));
dns_zone_setclass(zone, zclass);
if (raw != NULL)
dns_zone_setclass(raw, zclass);
ztype = zonetype_fromconfig(zoptions);
dns_zone_settype(zone, ztype);
if (raw != NULL) {
dns_zone_settype(raw, ztype);
dns_zone_settype(zone, dns_zone_master);
} else
dns_zone_settype(zone, ztype);
obj = NULL;
result = cfg_map_get(zoptions, "database", &obj);
@ -907,7 +918,10 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
return (ISC_R_FAILURE);
}
masterformat = dns_masterformat_text;
if (ztype == dns_zone_slave)
masterformat = dns_masterformat_raw;
else
masterformat = dns_masterformat_text;
obj = NULL;
result= ns_config_get(maps, "masterfile-format", &obj);
if (result == ISC_R_SUCCESS) {
@ -920,18 +934,40 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
else
INSIST(0);
}
RETERR(dns_zone_setfile2(zone, filename, masterformat));
if (raw != NULL && filename != NULL) {
#define SIGNED ".signed"
size_t signedlen = strlen(filename) + sizeof(SIGNED);
char *signedname;
RETERR(dns_zone_setfile2(raw, filename, masterformat));
signedname = isc_mem_get(mctx, signedlen);
if (signedname == NULL)
return (ISC_R_NOMEMORY);
(void)snprintf(signedname, signedlen, "%s" SIGNED, filename);
result = dns_zone_setfile2(zone, signedname,
dns_masterformat_raw);
isc_mem_put(mctx, signedname, signedlen);
if (result != ISC_R_SUCCESS)
return (result);
} else
RETERR(dns_zone_setfile2(zone, filename, masterformat));
obj = NULL;
result = cfg_map_get(zoptions, "journal", &obj);
if (result == ISC_R_SUCCESS)
RETERR(dns_zone_setjournal(zone, cfg_obj_asstring(obj)));
RETERR(dns_zone_setjournal(mayberaw, cfg_obj_asstring(obj)));
/*
* Notify messages are processed by the raw zone if it exists.
*/
if (ztype == dns_zone_slave)
RETERR(configure_zone_acl(zconfig, vconfig, config,
allow_notify, ac, zone,
allow_notify, ac, mayberaw,
dns_zone_setnotifyacl,
dns_zone_clearnotifyacl));
/*
* XXXAG This probably does not make sense for stubs.
*/
@ -966,27 +1002,63 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
else
INSIST(0);
}
if (raw != NULL)
dns_zone_setdialup(raw, dialup);
dns_zone_setdialup(zone, dialup);
obj = NULL;
result = ns_config_get(maps, "zone-statistics", &obj);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
zonestats_on = cfg_obj_asboolean(obj);
zoneqrystats = NULL;
if (zonestats_on) {
if (cfg_obj_isboolean(obj)) {
if (cfg_obj_asboolean(obj))
statlevel = dns_zonestat_full;
else
statlevel = dns_zonestat_terse; /* XXX */
} else {
const char *levelstr = cfg_obj_asstring(obj);
if (strcasecmp(levelstr, "full") == 0)
statlevel = dns_zonestat_full;
else if (strcasecmp(levelstr, "terse") == 0)
statlevel = dns_zonestat_terse;
else if (strcasecmp(levelstr, "none") == 0)
statlevel = dns_zonestat_none;
else
INSIST(0);
}
dns_zone_setstatlevel(zone, statlevel);
zoneqrystats = NULL;
#ifdef NEWSTATS
rcvquerystats = NULL;
#endif
if (statlevel == dns_zonestat_full) {
RETERR(isc_stats_create(mctx, &zoneqrystats,
dns_nsstatscounter_max));
#ifdef NEWSTATS
RETERR(dns_rdatatypestats_create(mctx,
&rcvquerystats));
#endif
}
dns_zone_setrequeststats(zone, zoneqrystats);
dns_zone_setrequeststats(zone, zoneqrystats );
#ifdef NEWSTATS
dns_zone_setrcvquerystats(zone, rcvquerystats);
#endif
if (zoneqrystats != NULL)
isc_stats_detach(&zoneqrystats);
#ifdef NEWSTATS
if(rcvquerystats != NULL)
dns_stats_detach(&rcvquerystats);
#endif
/*
* Configure master functionality. This applies
* to primary masters (type "master") and slaves
* acting as masters (type "slave"), but not to stubs.
*/
if (ztype != dns_zone_stub && ztype != dns_zone_staticstub) {
if (ztype != dns_zone_stub && ztype != dns_zone_staticstub &&
ztype != dns_zone_redirect) {
obj = NULL;
result = ns_config_get(maps, "notify", &obj);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
@ -1004,22 +1076,28 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
else
INSIST(0);
}
if (raw != NULL)
dns_zone_setnotifytype(raw, dns_notifytype_no);
dns_zone_setnotifytype(zone, notifytype);
obj = NULL;
result = ns_config_get(maps, "also-notify", &obj);
if (result == ISC_R_SUCCESS) {
isc_sockaddr_t *addrs = NULL;
isc_uint32_t addrcount;
result = ns_config_getiplist(config, obj, 0, mctx,
&addrs, &addrcount);
if (result != ISC_R_SUCCESS)
return (result);
result = dns_zone_setalsonotify(zone, addrs,
addrcount);
ns_config_putiplist(mctx, &addrs, addrcount);
if (result != ISC_R_SUCCESS)
return (result);
addrs = NULL;
keynames = NULL;
RETERR(ns_config_getipandkeylist(config, obj, mctx,
&addrs, &keynames,
&addrcount));
result = dns_zone_setalsonotifywithkeys(zone, addrs,
keynames,
addrcount);
if (addrcount != 0)
ns_config_putipandkeylist(mctx, &addrs,
&keynames, addrcount);
else
INSIST(addrs == NULL && keynames == NULL);
RETERR(result);
} else
RETERR(dns_zone_setalsonotify(zone, NULL, 0));
@ -1059,8 +1137,10 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
dns_zone_setidleout(zone, cfg_obj_asuint32(obj) * 60);
obj = NULL;
result = ns_config_get(maps, "max-journal-size", &obj);
result = ns_config_get(maps, "max-journal-size", &obj);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
if (raw != NULL)
dns_zone_setjournalsize(raw, -1);
dns_zone_setjournalsize(zone, -1);
if (cfg_obj_isstring(obj)) {
const char *str = cfg_obj_asstring(obj);
@ -1080,6 +1160,8 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
}
journal_size = (isc_uint32_t)value;
}
if (raw != NULL)
dns_zone_setjournalsize(raw, journal_size);
dns_zone_setjournalsize(zone, journal_size);
obj = NULL;
@ -1095,7 +1177,19 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
ixfrdiff = ISC_TRUE;
else
ixfrdiff = ISC_FALSE;
dns_zone_setoption(zone, DNS_ZONEOPT_IXFRFROMDIFFS, ixfrdiff);
if (raw != NULL) {
dns_zone_setoption(raw, DNS_ZONEOPT_IXFRFROMDIFFS,
ISC_TRUE);
dns_zone_setoption(zone, DNS_ZONEOPT_IXFRFROMDIFFS,
ISC_TRUE);
} else
dns_zone_setoption(zone, DNS_ZONEOPT_IXFRFROMDIFFS,
ixfrdiff);
obj = NULL;
result = ns_config_get(maps, "request-ixfr", &obj);
INSIST(result == ISC_R_SUCCESS);
dns_zone_setrequestixfr(zone, cfg_obj_asboolean(obj));
checknames(ztype, maps, &obj);
INSIST(obj != NULL);
@ -1108,8 +1202,21 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
fail = check = ISC_FALSE;
} else
INSIST(0);
dns_zone_setoption(zone, DNS_ZONEOPT_CHECKNAMES, check);
dns_zone_setoption(zone, DNS_ZONEOPT_CHECKNAMESFAIL, fail);
if (raw != NULL) {
dns_zone_setoption(raw, DNS_ZONEOPT_CHECKNAMES,
check);
dns_zone_setoption(raw, DNS_ZONEOPT_CHECKNAMESFAIL,
fail);
dns_zone_setoption(zone, DNS_ZONEOPT_CHECKNAMES,
ISC_FALSE);
dns_zone_setoption(zone, DNS_ZONEOPT_CHECKNAMESFAIL,
ISC_FALSE);
} else {
dns_zone_setoption(zone, DNS_ZONEOPT_CHECKNAMES,
check);
dns_zone_setoption(zone, DNS_ZONEOPT_CHECKNAMESFAIL,
fail);
}
obj = NULL;
result = ns_config_get(maps, "notify-delay", &obj);
@ -1143,6 +1250,32 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setoption(zone, DNS_ZONEOPT_NSEC3TESTZONE,
cfg_obj_asboolean(obj));
} else if (ztype == dns_zone_redirect) {
dns_zone_setnotifytype(zone, dns_notifytype_no);
obj = NULL;
result = ns_config_get(maps, "max-journal-size", &obj);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setjournalsize(zone, -1);
if (cfg_obj_isstring(obj)) {
const char *str = cfg_obj_asstring(obj);
INSIST(strcasecmp(str, "unlimited") == 0);
journal_size = ISC_UINT32_MAX / 2;
} else {
isc_resourcevalue_t value;
value = cfg_obj_asuint64(obj);
if (value > ISC_UINT32_MAX / 2) {
cfg_obj_log(obj, ns_g_lctx,
ISC_LOG_ERROR,
"'max-journal-size "
"%" ISC_PRINT_QUADFORMAT "d' "
"is too large",
value);
RETERR(ISC_R_RANGE);
}
journal_size = (isc_uint32_t)value;
}
dns_zone_setjournalsize(zone, journal_size);
}
/*
@ -1153,11 +1286,11 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
dns_acl_t *updateacl;
RETERR(configure_zone_acl(zconfig, vconfig, config,
allow_update, ac, zone,
allow_update, ac, mayberaw,
dns_zone_setupdateacl,
dns_zone_clearupdateacl));
updateacl = dns_zone_getupdateacl(zone);
updateacl = dns_zone_getupdateacl(mayberaw);
if (updateacl != NULL && dns_acl_isinsecure(updateacl))
isc_log_write(ns_g_lctx, DNS_LOGCATEGORY_SECURITY,
NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
@ -1165,7 +1298,11 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
"address, which is insecure",
zname);
RETERR(configure_zone_ssutable(zoptions, zone, zname));
RETERR(configure_zone_ssutable(zoptions, mayberaw, zname));
}
if (ztype == dns_zone_master || raw != NULL) {
isc_boolean_t allow = ISC_FALSE, maint = ISC_FALSE;
obj = NULL;
result = ns_config_get(maps, "sig-validity-interval", &obj);
@ -1224,98 +1361,12 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setoption(zone, DNS_ZONEOPT_DNSKEYKSKONLY,
cfg_obj_asboolean(obj));
} else if (ztype == dns_zone_slave) {
RETERR(configure_zone_acl(zconfig, vconfig, config,
allow_update_forwarding, ac, zone,
dns_zone_setforwardacl,
dns_zone_clearforwardacl));
}
/*%
* Primary master functionality.
*/
if (ztype == dns_zone_master) {
isc_boolean_t allow = ISC_FALSE, maint = ISC_FALSE;
obj = NULL;
result = ns_config_get(maps, "check-wildcard", &obj);
if (result == ISC_R_SUCCESS)
check = cfg_obj_asboolean(obj);
else
check = ISC_FALSE;
dns_zone_setoption(zone, DNS_ZONEOPT_CHECKWILDCARD, check);
obj = NULL;
result = ns_config_get(maps, "check-dup-records", &obj);
result = ns_config_get(maps, "dnssec-loadkeys-interval", &obj);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
fail = ISC_FALSE;
check = ISC_TRUE;
} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
fail = check = ISC_TRUE;
} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
fail = check = ISC_FALSE;
} else
INSIST(0);
dns_zone_setoption(zone, DNS_ZONEOPT_CHECKDUPRR, check);
dns_zone_setoption(zone, DNS_ZONEOPT_CHECKDUPRRFAIL, fail);
obj = NULL;
result = ns_config_get(maps, "check-mx", &obj);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
fail = ISC_FALSE;
check = ISC_TRUE;
} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
fail = check = ISC_TRUE;
} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
fail = check = ISC_FALSE;
} else
INSIST(0);
dns_zone_setoption(zone, DNS_ZONEOPT_CHECKMX, check);
dns_zone_setoption(zone, DNS_ZONEOPT_CHECKMXFAIL, fail);
obj = NULL;
result = ns_config_get(maps, "check-integrity", &obj);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setoption(zone, DNS_ZONEOPT_CHECKINTEGRITY,
cfg_obj_asboolean(obj));
obj = NULL;
result = ns_config_get(maps, "check-mx-cname", &obj);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
warn = ISC_TRUE;
ignore = ISC_FALSE;
} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
warn = ignore = ISC_FALSE;
} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
warn = ignore = ISC_TRUE;
} else
INSIST(0);
dns_zone_setoption(zone, DNS_ZONEOPT_WARNMXCNAME, warn);
dns_zone_setoption(zone, DNS_ZONEOPT_IGNOREMXCNAME, ignore);
obj = NULL;
result = ns_config_get(maps, "check-srv-cname", &obj);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
warn = ISC_TRUE;
ignore = ISC_FALSE;
} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
warn = ignore = ISC_FALSE;
} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
warn = ignore = ISC_TRUE;
} else
INSIST(0);
dns_zone_setoption(zone, DNS_ZONEOPT_WARNSRVCNAME, warn);
dns_zone_setoption(zone, DNS_ZONEOPT_IGNORESRVCNAME, ignore);
obj = NULL;
result = ns_config_get(maps, "dnssec-secure-to-insecure", &obj);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setoption(zone, DNS_ZONEOPT_SECURETOINSECURE,
cfg_obj_asboolean(obj));
RETERR(dns_zone_setrefreshkeyinterval(zone,
cfg_obj_asuint32(obj)));
obj = NULL;
result = cfg_map_get(zoptions, "auto-dnssec", &obj);
@ -1334,12 +1385,129 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
}
}
if (ztype == dns_zone_slave) {
RETERR(configure_zone_acl(zconfig, vconfig, config,
allow_update_forwarding, ac,
mayberaw, dns_zone_setforwardacl,
dns_zone_clearforwardacl));
}
/*%
* Primary master functionality.
*/
if (ztype == dns_zone_master) {
obj = NULL;
result = ns_config_get(maps, "check-wildcard", &obj);
if (result == ISC_R_SUCCESS)
check = cfg_obj_asboolean(obj);
else
check = ISC_FALSE;
dns_zone_setoption(mayberaw, DNS_ZONEOPT_CHECKWILDCARD, check);
obj = NULL;
result = ns_config_get(maps, "check-dup-records", &obj);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
fail = ISC_FALSE;
check = ISC_TRUE;
} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
fail = check = ISC_TRUE;
} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
fail = check = ISC_FALSE;
} else
INSIST(0);
dns_zone_setoption(mayberaw, DNS_ZONEOPT_CHECKDUPRR, check);
dns_zone_setoption(mayberaw, DNS_ZONEOPT_CHECKDUPRRFAIL, fail);
obj = NULL;
result = ns_config_get(maps, "check-mx", &obj);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
fail = ISC_FALSE;
check = ISC_TRUE;
} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
fail = check = ISC_TRUE;
} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
fail = check = ISC_FALSE;
} else
INSIST(0);
dns_zone_setoption(mayberaw, DNS_ZONEOPT_CHECKMX, check);
dns_zone_setoption(mayberaw, DNS_ZONEOPT_CHECKMXFAIL, fail);
obj = NULL;
result = ns_config_get(maps, "check-integrity", &obj);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setoption(mayberaw, DNS_ZONEOPT_CHECKINTEGRITY,
cfg_obj_asboolean(obj));
obj = NULL;
result = ns_config_get(maps, "check-mx-cname", &obj);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
warn = ISC_TRUE;
ignore = ISC_FALSE;
} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
warn = ignore = ISC_FALSE;
} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
warn = ignore = ISC_TRUE;
} else
INSIST(0);
dns_zone_setoption(mayberaw, DNS_ZONEOPT_WARNMXCNAME, warn);
dns_zone_setoption(mayberaw, DNS_ZONEOPT_IGNOREMXCNAME, ignore);
obj = NULL;
result = ns_config_get(maps, "check-srv-cname", &obj);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
warn = ISC_TRUE;
ignore = ISC_FALSE;
} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
warn = ignore = ISC_FALSE;
} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
warn = ignore = ISC_TRUE;
} else
INSIST(0);
dns_zone_setoption(mayberaw, DNS_ZONEOPT_WARNSRVCNAME, warn);
dns_zone_setoption(mayberaw, DNS_ZONEOPT_IGNORESRVCNAME,
ignore);
obj = NULL;
result = ns_config_get(maps, "dnssec-secure-to-insecure", &obj);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setoption(mayberaw, DNS_ZONEOPT_SECURETOINSECURE,
cfg_obj_asboolean(obj));
obj = NULL;
result = cfg_map_get(zoptions, "dnssec-update-mode", &obj);
if (result == ISC_R_SUCCESS) {
const char *arg = cfg_obj_asstring(obj);
if (strcasecmp(arg, "no-resign") == 0)
dns_zone_setkeyopt(zone, DNS_ZONEKEY_NORESIGN,
ISC_TRUE);
else if (strcasecmp(arg, "maintain") == 0)
;
else
INSIST(0);
}
obj = NULL;
result = ns_config_get(maps, "serial-update-method", &obj);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
if (strcasecmp(cfg_obj_asstring(obj), "unixtime") == 0)
dns_zone_setserialupdatemethod(zone,
dns_updatemethod_unixtime);
else
dns_zone_setserialupdatemethod(zone,
dns_updatemethod_increment);
}
/*
* Configure slave functionality.
*/
switch (ztype) {
case dns_zone_slave:
case dns_zone_stub:
case dns_zone_redirect:
count = 0;
obj = NULL;
(void)cfg_map_get(zoptions, "masters", &obj);
@ -1349,7 +1517,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
RETERR(ns_config_getipandkeylist(config, obj, mctx,
&addrs, &keynames,
&count));
result = dns_zone_setmasterswithkeys(zone, addrs,
result = dns_zone_setmasterswithkeys(mayberaw, addrs,
keynames, count);
if (count != 0)
ns_config_putipandkeylist(mctx, &addrs,
@ -1357,7 +1525,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
else
INSIST(addrs == NULL && keynames == NULL);
} else
result = dns_zone_setmasters(zone, NULL, 0);
result = dns_zone_setmasters(mayberaw, NULL, 0);
RETERR(result);
multi = ISC_FALSE;
@ -1367,59 +1535,63 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
INSIST(result == ISC_R_SUCCESS && obj != NULL);
multi = cfg_obj_asboolean(obj);
}
dns_zone_setoption(zone, DNS_ZONEOPT_MULTIMASTER, multi);
dns_zone_setoption(mayberaw, DNS_ZONEOPT_MULTIMASTER, multi);
obj = NULL;
result = ns_config_get(maps, "max-transfer-time-in", &obj);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setmaxxfrin(zone, cfg_obj_asuint32(obj) * 60);
dns_zone_setmaxxfrin(mayberaw, cfg_obj_asuint32(obj) * 60);
obj = NULL;
result = ns_config_get(maps, "max-transfer-idle-in", &obj);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setidlein(zone, cfg_obj_asuint32(obj) * 60);
dns_zone_setidlein(mayberaw, cfg_obj_asuint32(obj) * 60);
obj = NULL;
result = ns_config_get(maps, "max-refresh-time", &obj);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setmaxrefreshtime(zone, cfg_obj_asuint32(obj));
dns_zone_setmaxrefreshtime(mayberaw, cfg_obj_asuint32(obj));
obj = NULL;
result = ns_config_get(maps, "min-refresh-time", &obj);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setminrefreshtime(zone, cfg_obj_asuint32(obj));
dns_zone_setminrefreshtime(mayberaw, cfg_obj_asuint32(obj));
obj = NULL;
result = ns_config_get(maps, "max-retry-time", &obj);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setmaxretrytime(zone, cfg_obj_asuint32(obj));
dns_zone_setmaxretrytime(mayberaw, cfg_obj_asuint32(obj));
obj = NULL;
result = ns_config_get(maps, "min-retry-time", &obj);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setminretrytime(zone, cfg_obj_asuint32(obj));
dns_zone_setminretrytime(mayberaw, cfg_obj_asuint32(obj));
obj = NULL;
result = ns_config_get(maps, "transfer-source", &obj);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
RETERR(dns_zone_setxfrsource4(zone, cfg_obj_assockaddr(obj)));
RETERR(dns_zone_setxfrsource4(mayberaw,
cfg_obj_assockaddr(obj)));
ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj));
obj = NULL;
result = ns_config_get(maps, "transfer-source-v6", &obj);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
RETERR(dns_zone_setxfrsource6(zone, cfg_obj_assockaddr(obj)));
RETERR(dns_zone_setxfrsource6(mayberaw,
cfg_obj_assockaddr(obj)));
ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj));
obj = NULL;
result = ns_config_get(maps, "alt-transfer-source", &obj);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
RETERR(dns_zone_setaltxfrsource4(zone, cfg_obj_assockaddr(obj)));
RETERR(dns_zone_setaltxfrsource4(mayberaw,
cfg_obj_assockaddr(obj)));
obj = NULL;
result = ns_config_get(maps, "alt-transfer-source-v6", &obj);
INSIST(result == ISC_R_SUCCESS && obj != NULL);
RETERR(dns_zone_setaltxfrsource6(zone, cfg_obj_assockaddr(obj)));
RETERR(dns_zone_setaltxfrsource6(mayberaw,
cfg_obj_assockaddr(obj)));
obj = NULL;
(void)ns_config_get(maps, "use-alt-transfer-source", &obj);
@ -1435,11 +1607,11 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
alt = ISC_FALSE;
} else
alt = cfg_obj_asboolean(obj);
dns_zone_setoption(zone, DNS_ZONEOPT_USEALTXFRSRC, alt);
dns_zone_setoption(mayberaw, DNS_ZONEOPT_USEALTXFRSRC, alt);
obj = NULL;
(void)ns_config_get(maps, "try-tcp-refresh", &obj);
dns_zone_setoption(zone, DNS_ZONEOPT_TRYTCPREFRESH,
dns_zone_setoption(mayberaw, DNS_ZONEOPT_TRYTCPREFRESH,
cfg_obj_asboolean(obj));
break;
@ -1472,10 +1644,10 @@ ns_zone_configure_writeable_dlz(dns_dlzdb_t *dlzdatabase, dns_zone_t *zone,
dns_zone_settype(zone, dns_zone_dlz);
result = dns_sdlz_setdb(dlzdatabase, rdclass, name, &db);
if (result != ISC_R_SUCCESS)
return result;
return (result);
result = dns_zone_dlzpostload(zone, db);
dns_db_detach(&db);
return result;
return (result);
}
isc_boolean_t
@ -1484,15 +1656,12 @@ ns_zone_reusable(dns_zone_t *zone, const cfg_obj_t *zconfig) {
const cfg_obj_t *obj = NULL;
const char *cfilename;
const char *zfilename;
dns_zone_t *raw = NULL;
isc_boolean_t has_raw;
dns_zonetype_t ztype;
zoptions = cfg_tuple_get(zconfig, "options");
if (zonetype_fromconfig(zoptions) != dns_zone_gettype(zone)) {
dns_zone_log(zone, ISC_LOG_DEBUG(1),
"not reusable: type mismatch");
return (ISC_FALSE);
}
/*
* We always reconfigure a static-stub zone for simplicity, assuming
* the amount of data to be loaded is small.
@ -1503,18 +1672,49 @@ ns_zone_reusable(dns_zone_t *zone, const cfg_obj_t *zconfig) {
return (ISC_FALSE);
}
/* If there's a raw zone, use that for filename and type comparison */
dns_zone_getraw(zone, &raw);
if (raw != NULL) {
zfilename = dns_zone_getfile(raw);
ztype = dns_zone_gettype(raw);
dns_zone_detach(&raw);
has_raw = ISC_TRUE;
} else {
zfilename = dns_zone_getfile(zone);
ztype = dns_zone_gettype(zone);
has_raw = ISC_FALSE;
}
obj = NULL;
(void)cfg_map_get(zoptions, "inline-signing", &obj);
if ((obj == NULL || !cfg_obj_asboolean(obj)) && has_raw) {
dns_zone_log(zone, ISC_LOG_DEBUG(1),
"not reusable: old zone was inline-signing");
return (ISC_FALSE);
} else if ((obj != NULL && cfg_obj_asboolean(obj)) && !has_raw) {
dns_zone_log(zone, ISC_LOG_DEBUG(1),
"not reusable: old zone was not inline-signing");
return (ISC_FALSE);
}
if (zonetype_fromconfig(zoptions) != ztype) {
dns_zone_log(zone, ISC_LOG_DEBUG(1),
"not reusable: type mismatch");
return (ISC_FALSE);
}
obj = NULL;
(void)cfg_map_get(zoptions, "file", &obj);
if (obj != NULL)
cfilename = cfg_obj_asstring(obj);
else
cfilename = NULL;
zfilename = dns_zone_getfile(zone);
if (!((cfilename == NULL && zfilename == NULL) ||
(cfilename != NULL && zfilename != NULL &&
strcmp(cfilename, zfilename) == 0))) {
strcmp(cfilename, zfilename) == 0)))
{
dns_zone_log(zone, ISC_LOG_DEBUG(1),
"not reusable: filename mismatch");
"not reusable: filename mismatch");
return (ISC_FALSE);
}

6
bin/nsupdate/Makefile.in
View File

@ -1,4 +1,4 @@
# Copyright (C) 2004, 2006-2009, 2012 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2004, 2006-2009, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2000-2002 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@ -23,6 +23,8 @@ top_srcdir = @top_srcdir@
@BIND9_MAKE_INCLUDES@
READLINE_LIB = @READLINE_LIB@
CINCLUDES = ${LWRES_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES} \
${ISC_INCLUDES} ${ISCCFG_INCLUDES} @DST_GSSAPI_INC@
@ -72,7 +74,7 @@ nsupdate.@O@: nsupdate.c
-c ${srcdir}/nsupdate.c
nsupdate@EXEEXT@: nsupdate.@O@ ${UOBJS} ${DEPLIBS}
export BASEOBJS="nsupdate.@O@ ${UOBJS}"; \
export BASEOBJS="nsupdate.@O@ ${READLINE_LIB} ${UOBJS}"; \
${FINALBUILDCMD}
doc man:: ${MANOBJS}

18
bin/nsupdate/nsupdate.1
View File

@ -1,4 +1,4 @@
.\" Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@ -263,20 +263,20 @@ rather than the default realm in
\fIkrb5.conf\fR. If no realm is specified the saved realm is cleared.
.RE
.PP
\fBprereq nxdomain\fR {domain\-name}
\fB[prereq]\fR\fB nxdomain\fR {domain\-name}
.RS 4
Requires that no resource record of any type exists with name
\fIdomain\-name\fR.
.RE
.PP
\fBprereq yxdomain\fR {domain\-name}
\fB[prereq]\fR\fB yxdomain\fR {domain\-name}
.RS 4
Requires that
\fIdomain\-name\fR
exists (has as at least one resource record, of any type).
.RE
.PP
\fBprereq nxrrset\fR {domain\-name} [class] {type}
\fB[prereq]\fR\fB nxrrset\fR {domain\-name} [class] {type}
.RS 4
Requires that no resource record exists of the specified
\fItype\fR,
@ -287,7 +287,7 @@ and
is omitted, IN (internet) is assumed.
.RE
.PP
\fBprereq yxrrset\fR {domain\-name} [class] {type}
\fB[prereq]\fR\fB yxrrset\fR {domain\-name} [class] {type}
.RS 4
This requires that a resource record of the specified
\fItype\fR,
@ -299,7 +299,7 @@ must exist. If
is omitted, IN (internet) is assumed.
.RE
.PP
\fBprereq yxrrset\fR {domain\-name} [class] {type} {data...}
\fB[prereq]\fR\fB yxrrset\fR {domain\-name} [class] {type} {data...}
.RS 4
The
\fIdata\fR
@ -315,7 +315,7 @@ are combined to form a set of RRs. This set of RRs must exactly match the set of
are written in the standard text representation of the resource record's RDATA.
.RE
.PP
\fBupdate delete\fR {domain\-name} [ttl] [class] [type\ [data...]]
\fB[update]\fR\fB del\fR\fB[ete]\fR {domain\-name} [ttl] [class] [type\ [data...]]
.RS 4
Deletes any resource records named
\fIdomain\-name\fR. If
@ -329,7 +329,7 @@ is not supplied. The
is ignored, and is only allowed for compatibility.
.RE
.PP
\fBupdate add\fR {domain\-name} {ttl} [class] {type} {data...}
\fB[update]\fR\fB add\fR {domain\-name} {ttl} [class] {type} {data...}
.RS 4
Adds a new resource record with the specified
\fIttl\fR,
@ -435,7 +435,7 @@ RFC 2931,
.PP
The TSIG key is redundantly stored in two separate files. This is a consequence of nsupdate using the DST library for its cryptographic operations, and may change in future releases.
.SH "COPYRIGHT"
Copyright \(co 2004\-2010 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2004\-2012 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000\-2003 Internet Software Consortium.
.br

97
bin/nsupdate/nsupdate.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: nsupdate.c,v 1.193.12.4 2011/11/03 04:30:09 each Exp $ */
/* $Id$ */
/*! \file */
@ -85,6 +85,10 @@
#endif
#include <bind9/getaddresses.h>
#if defined(HAVE_READLINE)
#include <readline/readline.h>
#include <readline/history.h>
#endif
#ifdef HAVE_ADDRINFO
#ifdef HAVE_GETADDRINFO
@ -1805,6 +1809,8 @@ evaluate_update(char *cmdline) {
}
if (strcasecmp(word, "delete") == 0)
isdelete = ISC_TRUE;
else if (strcasecmp(word, "del") == 0)
isdelete = ISC_TRUE;
else if (strcasecmp(word, "add") == 0)
isdelete = ISC_FALSE;
else {
@ -1883,35 +1889,13 @@ show_message(FILE *stream, dns_message_t *msg, const char *description) {
isc_buffer_free(&buf);
}
static isc_uint16_t
get_next_command(void) {
char cmdlinebuf[MAXCMD];
char *cmdline;
do_next_command(char *cmdline) {
char *word;
char *tmp;
ddebug("get_next_command()");
if (interactive) {
fprintf(stdout, "> ");
fflush(stdout);
}
isc_app_block();
cmdline = fgets(cmdlinebuf, MAXCMD, input);
isc_app_unblock();
if (cmdline == NULL)
return (STATUS_QUIT);
/*
* Normalize input by removing any eol.
*/
tmp = cmdline;
(void)nsu_strsep(&tmp, "\r\n");
ddebug("do_next_command()");
word = nsu_strsep(&cmdline, " \t\r\n");
if (feof(input))
return (STATUS_QUIT);
if (word == NULL || *word == 0)
return (STATUS_SEND);
if (word[0] == ';')
@ -1920,8 +1904,22 @@ get_next_command(void) {
return (STATUS_QUIT);
if (strcasecmp(word, "prereq") == 0)
return (evaluate_prereq(cmdline));
if (strcasecmp(word, "nxdomain") == 0)
return (make_prereq(cmdline, ISC_FALSE, ISC_FALSE));
if (strcasecmp(word, "yxdomain") == 0)
return (make_prereq(cmdline, ISC_TRUE, ISC_FALSE));
if (strcasecmp(word, "nxrrset") == 0)
return (make_prereq(cmdline, ISC_FALSE, ISC_TRUE));
if (strcasecmp(word, "yxrrset") == 0)
return (make_prereq(cmdline, ISC_TRUE, ISC_TRUE));
if (strcasecmp(word, "update") == 0)
return (evaluate_update(cmdline));
if (strcasecmp(word, "delete") == 0)
return (update_addordelete(cmdline, ISC_TRUE));
if (strcasecmp(word, "del") == 0)
return (update_addordelete(cmdline, ISC_TRUE));
if (strcasecmp(word, "add") == 0)
return (update_addordelete(cmdline, ISC_FALSE));
if (strcasecmp(word, "server") == 0)
return (evaluate_server(cmdline));
if (strcasecmp(word, "local") == 0)
@ -1988,18 +1986,55 @@ get_next_command(void) {
"oldgsstsig (use Microsoft's GSS_TSIG to sign the request)\n"
"zone name (set the zone to be updated)\n"
"class CLASS (set the zone's DNS class, e.g. IN (default), CH)\n"
"prereq nxdomain name (does this name not exist)\n"
"prereq yxdomain name (does this name exist)\n"
"prereq nxrrset .... (does this RRset exist)\n"
"prereq yxrrset .... (does this RRset not exist)\n"
"update add .... (add the given record to the zone)\n"
"update delete .... (remove the given record(s) from the zone)\n");
"[prereq] nxdomain name (does this name not exist)\n"
"[prereq] yxdomain name (does this name exist)\n"
"[prereq] nxrrset .... (does this RRset exist)\n"
"[prereq] yxrrset .... (does this RRset not exist)\n"
"[update] add .... (add the given record to the zone)\n"
"[update] del[ete] .... (remove the given record(s) from the zone)\n");
return (STATUS_MORE);
}
fprintf(stderr, "incorrect section name: %s\n", word);
return (STATUS_SYNTAX);
}
static isc_uint16_t
get_next_command(void) {
isc_uint16_t result = STATUS_QUIT;
char cmdlinebuf[MAXCMD];
char *cmdline;
isc_app_block();
if (interactive) {
#ifdef HAVE_READLINE
cmdline = readline("> ");
add_history(cmdline);
#else
fprintf(stdout, "> ");
fflush(stdout);
cmdline = fgets(cmdlinebuf, MAXCMD, input);
#endif
} else
cmdline = fgets(cmdlinebuf, MAXCMD, input);
isc_app_unblock();
if (cmdline != NULL) {
char *tmp = cmdline;
/*
* Normalize input by removing any eol as readline()
* removes eol but fgets doesn't.
*/
(void)nsu_strsep(&tmp, "\r\n");
result = do_next_command(cmdline);
}
#ifdef HAVE_READLINE
if (interactive)
free(cmdline);
#endif
return (result);
}
static isc_boolean_t
user_interaction(void) {
isc_uint16_t result = STATUS_MORE;

20
bin/nsupdate/nsupdate.docbook
View File

@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: nsupdate.docbook,v 1.44 2010/07/09 23:46:51 tbox Exp $ -->
<!-- $Id$ -->
<refentry id="man.nsupdate">
<refentryinfo>
<date>Aug 25, 2009</date>
@ -42,6 +42,8 @@
<year>2008</year>
<year>2009</year>
<year>2010</year>
<year>2011</year>
<year>2012</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@ -424,7 +426,7 @@
<varlistentry>
<term>
<command>prereq nxdomain</command>
<command><optional>prereq</optional> nxdomain</command>
<arg choice="req">domain-name</arg>
</term>
<listitem>
@ -438,7 +440,7 @@
<varlistentry>
<term>
<command>prereq yxdomain</command>
<command><optional>prereq</optional> yxdomain</command>
<arg choice="req">domain-name</arg>
</term>
<listitem>
@ -452,7 +454,7 @@
<varlistentry>
<term>
<command>prereq nxrrset</command>
<command><optional>prereq</optional> nxrrset</command>
<arg choice="req">domain-name</arg>
<arg choice="opt">class</arg>
<arg choice="req">type</arg>
@ -474,7 +476,7 @@
<varlistentry>
<term>
<command>prereq yxrrset</command>
<command><optional>prereq</optional> yxrrset</command>
<arg choice="req">domain-name</arg>
<arg choice="opt">class</arg>
<arg choice="req">type</arg>
@ -496,7 +498,7 @@
<varlistentry>
<term>
<command>prereq yxrrset</command>
<command><optional>prereq</optional> yxrrset</command>
<arg choice="req">domain-name</arg>
<arg choice="opt">class</arg>
<arg choice="req">type</arg>
@ -530,7 +532,7 @@
<varlistentry>
<term>
<command>update delete</command>
<command><optional>update</optional> del<optional>ete</optional></command>
<arg choice="req">domain-name</arg>
<arg choice="opt">ttl</arg>
<arg choice="opt">class</arg>
@ -556,7 +558,7 @@
<varlistentry>
<term>
<command>update add</command>
<command><optional>update</optional> add</command>
<arg choice="req">domain-name</arg>
<arg choice="req">ttl</arg>
<arg choice="opt">class</arg>

28
bin/nsupdate/nsupdate.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">nsupdate</code> [<code class="option">-d</code>] [<code class="option">-D</code>] [[<code class="option">-g</code>] | [<code class="option">-o</code>] | [<code class="option">-l</code>] | [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] | [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v</code>] [filename]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543459"></a><h2>DESCRIPTION</h2>
<a name="id2543464"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">nsupdate</strong></span>
is used to submit Dynamic DNS Update requests as defined in RFC 2136
to a name server.
@ -192,7 +192,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543790"></a><h2>INPUT FORMAT</h2>
<a name="id2543796"></a><h2>INPUT FORMAT</h2>
<p><span><strong class="command">nsupdate</strong></span>
reads input from
<em class="parameter"><code>filename</code></em>
@ -331,7 +331,7 @@
realm is specified the saved realm is cleared.
</p></dd>
<dt><span class="term">
<span><strong class="command">prereq nxdomain</strong></span>
<span><strong class="command">[<span class="optional">prereq</span>] nxdomain</strong></span>
{domain-name}
</span></dt>
<dd><p>
@ -339,7 +339,7 @@
<em class="parameter"><code>domain-name</code></em>.
</p></dd>
<dt><span class="term">
<span><strong class="command">prereq yxdomain</strong></span>
<span><strong class="command">[<span class="optional">prereq</span>] yxdomain</strong></span>
{domain-name}
</span></dt>
<dd><p>
@ -348,7 +348,7 @@
exists (has as at least one resource record, of any type).
</p></dd>
<dt><span class="term">
<span><strong class="command">prereq nxrrset</strong></span>
<span><strong class="command">[<span class="optional">prereq</span>] nxrrset</strong></span>
{domain-name}
[class]
{type}
@ -364,7 +364,7 @@
is omitted, IN (internet) is assumed.
</p></dd>
<dt><span class="term">
<span><strong class="command">prereq yxrrset</strong></span>
<span><strong class="command">[<span class="optional">prereq</span>] yxrrset</strong></span>
{domain-name}
[class]
{type}
@ -381,7 +381,7 @@
is omitted, IN (internet) is assumed.
</p></dd>
<dt><span class="term">
<span><strong class="command">prereq yxrrset</strong></span>
<span><strong class="command">[<span class="optional">prereq</span>] yxrrset</strong></span>
{domain-name}
[class]
{type}
@ -410,7 +410,7 @@
RDATA.
</p></dd>
<dt><span class="term">
<span><strong class="command">update delete</strong></span>
<span><strong class="command">[<span class="optional">update</span>] del[<span class="optional">ete</span>]</strong></span>
{domain-name}
[ttl]
[class]
@ -431,7 +431,7 @@
is ignored, and is only allowed for compatibility.
</p></dd>
<dt><span class="term">
<span><strong class="command">update add</strong></span>
<span><strong class="command">[<span class="optional">update</span>] add</strong></span>
{domain-name}
{ttl}
[class]
@ -480,7 +480,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544702"></a><h2>EXAMPLES</h2>
<a name="id2544725"></a><h2>EXAMPLES</h2>
<p>
The examples below show how
<span><strong class="command">nsupdate</strong></span>
@ -534,7 +534,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544746"></a><h2>FILES</h2>
<a name="id2544769"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt>
<dd><p>
@ -557,7 +557,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2544829"></a><h2>SEE ALSO</h2>
<a name="id2542121"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">RFC 2136</em>,
<em class="citetitle">RFC 3007</em>,
@ -572,7 +572,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2542156"></a><h2>BUGS</h2>
<a name="id2542179"></a><h2>BUGS</h2>
<p>
The TSIG key is redundantly stored in two separate files.
This is a consequence of nsupdate using the DST library

26
bin/rndc/rndc.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: rndc.c,v 1.131.20.3 2011/11/03 22:06:31 each Exp $ */
/* $Id$ */
/*! \file */
@ -114,6 +114,11 @@ command is one of the following:\n\
thaw Enable updates to all dynamic zones and reload them.\n\
thaw zone [class [view]]\n\
Enable updates to a frozen dynamic zone and reload it.\n\
sync [-clean] Dump changes to all dynamic zones to disk, and optionally\n\
remove their journal files.\n\
sync [-clean] zone [class [view]]\n\
Dump a single zone's changes to disk, and optionally\n\
remove its journal file.\n\
notify zone [class [view]]\n\
Resend NOTIFY messages for the zone.\n\
reconfig Reload configuration file and new zones only.\n\
@ -122,7 +127,8 @@ command is one of the following:\n\
loadkeys zone [class [view]]\n\
Update keys without signing immediately.\n\
stats Write server statistics to the statistics file.\n\
querylog Toggle query logging.\n\
querylog newstate\n\
Enable / disable query logging.\n\
dumpdb [-all|-cache|-zones] [view ...]\n\
Dump cache(s) to the dump file (named_dump.db).\n\
secroots [view ...]\n\
@ -140,6 +146,8 @@ command is one of the following:\n\
flush [view] Flushes the server's cache for a view.\n\
flushname name [view]\n\
Flush the given name from the server's cache(s)\n\
flushtree name [view]\n\
Flush all names under the given name from the server's cache(s)\n\
status Display status of the server.\n\
recursing Dump the queries that are currently recursing (named.recursing)\n\
tsig-list List all currently active TSIG keys, including both statically\n\
@ -152,6 +160,20 @@ command is one of the following:\n\
Add zone to given view. Requires new-zone-file option.\n\
delzone [\"file\"] zone [class [view]]\n\
Removes zone from given view. Requires new-zone-file option.\n\
signing -list zone [class [view]]\n\
List the private records showing the state of DNSSEC\n\
signing in the given zone.\n\
signing -clear <keyid>/<algorithm> zone [class [view]]\n\
Remove the private record that indicating the given key\n\
has finished signing the given zone.\n\
signing -clear all zone [class [view]]\n\
Remove the private records for all keys that have\n\
finished signing the given zone.\n\
signing -nsec3param none zone [class [view]]\n\
Remove NSEC3 chains from zone.\n\
signing -nsec3param hash flags iterations salt zone [class [view]]\n\
Add NSEC3 chain to zone if already signed.\n\
Prime zone with NSEC3 chain if not yet signed.\n\
*restart Restart the server.\n\
\n\
* == not yet implemented\n\

4
bin/tools/genrandom.8
View File

@ -1,4 +1,4 @@
.\" Copyright (C) 2009-2012 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@ -65,5 +65,5 @@ The file name into which random data should be written.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
Copyright \(co 2009\-2012 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2009\-2011 Internet Systems Consortium, Inc. ("ISC")
.br

5
bin/tools/genrandom.docbook
View File

@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2009-2012 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id$ -->
<!-- $Id: genrandom.docbook,v 1.8 2011/08/08 23:46:41 tbox Exp $ -->
<refentry id="man.genrandom">
<refentryinfo>
<date>Feb 19, 2009</date>
@ -39,7 +39,6 @@
<year>2009</year>
<year>2010</year>
<year>2011</year>
<year>2012</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>

10
bin/tools/genrandom.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2009-2012 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@ -31,7 +31,7 @@
<div class="cmdsynopsis"><p><code class="command">genrandom</code> [<code class="option">-n <em class="replaceable"><code>number</code></em></code>] {<em class="replaceable"><code>size</code></em>} {<em class="replaceable"><code>filename</code></em>}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543370"></a><h2>DESCRIPTION</h2>
<a name="id2543368"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">genrandom</strong></span>
generates a file or a set of files containing a specified quantity
@ -40,7 +40,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543383"></a><h2>ARGUMENTS</h2>
<a name="id2543381"></a><h2>ARGUMENTS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-n <em class="replaceable"><code>number</code></em></span></dt>
<dd><p>
@ -58,14 +58,14 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543444"></a><h2>SEE ALSO</h2>
<a name="id2543442"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">rand</span>(3)</span>,
<span class="citerefentry"><span class="refentrytitle">arc4random</span>(3)</span>
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543470"></a><h2>AUTHOR</h2>
<a name="id2543468"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

4
bin/tools/nsec3hash.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2006, 2008, 2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2006, 2008, 2009, 2011 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id$ */
/* $Id: nsec3hash.c,v 1.8 2011/11/02 23:46:24 tbox Exp $ */
#include <config.h>

9
config.h.in
View File

@ -289,6 +289,9 @@ int sigwait(const unsigned int *set, int *sig);
/* Define if your OpenSSL version supports GOST. */
#undef HAVE_OPENSSL_GOST
/* Define to 1 if you have the `readline' function. */
#undef HAVE_READLINE
/* Define to 1 if you have the <regex.h> header file. */
#undef HAVE_REGEX_H
@ -361,6 +364,9 @@ int sigwait(const unsigned int *set, int *sig);
/* Define to 1 if you have the <unistd.h> header file. */
#undef HAVE_UNISTD_H
/* Define to 1 if you have the `usleep' function. */
#undef HAVE_USLEEP
/* return type of gai_strerror */
#undef IRS_GAISTRERROR_RETURN_T
@ -384,6 +390,9 @@ int sigwait(const unsigned int *set, int *sig);
*/
#undef NEED_SECURE_DIRECTORY
/* Use the new XML schema for statistics */
#undef NEWSTATS
/* Define to the address where bug reports for this package should be sent. */
#undef PACKAGE_BUGREPORT

11
config.threads.in
View File

@ -43,8 +43,13 @@ case $host in
# OpenBSD users have reported that named dumps core on
# startup when built with threads.
use_threads=false ;;
*-freebsd*)
[*-freebsd[1234567].*])
# Threads are broken at least up to FreeBSD 4.11.
# FreeBSD 5, 6 and 7 we have never officially supported threads
# on. YMMV
use_threads=false ;;
*-freebsd*)
use_threads=true ;;
[*-bsdi[234]*])
# Thread signals do not work reliably on some versions of BSD/OS.
use_threads=false ;;
@ -55,6 +60,10 @@ case $host in
# Linux kernels produce unusable core dumps from multithreaded
# programs, and because of limitations in setuid().
use_threads=false ;;
*-darwin[[123456789]].*)
use_threads=false ;;
*-darwin*.*)
use_threads=true ;;
*)
use_threads=false ;;
esac

Some files were not shown because too many files have changed in this diff Show More