d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Vendor import of BIND 9.4.3

Browse Source
This commit is contained in:
dougb 2008-12-23 18:35:21 +00:00
parent e2c9b86ef6
commit 6c8226d7d6
190 changed files with 17970 additions and 8337 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

640
CHANGES
View File

File diff suppressed because it is too large Load Diff

2
COPYRIGHT
View File

@ -13,7 +13,7 @@ LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
$Id: COPYRIGHT,v 1.9.18.4.10.1 2008/07/23 07:28:54 tbox Exp $
$Id: COPYRIGHT,v 1.9.18.5 2008/01/02 23:46:02 tbox Exp $
Portions Copyright (C) 1996-2001 Nominum, Inc.

126
FAQ
View File

@ -1,6 +1,6 @@
Frequently Asked Questions about BIND 9
Copyright © 2004-2007 Internet Systems Consortium, Inc. ("ISC")
Copyright © 2004-2008 Internet Systems Consortium, Inc. ("ISC")
Copyright © 2000-2003 Internet Software Consortium.
@ -205,6 +205,8 @@ A: These indicate a malformed master zone. You can identify the exact
Q: I get error messages like "named.conf:99: unexpected end of input"
where 99 is the last line of named.conf.
A: There are unbalanced quotes in named.conf.
A: Some text editors (notepad and wordpad) fail to put a line title
indication (e.g. CR/LF) on the last line of a text file. This can be
fixed by "adding" a blank line to the end of the file. Named expects to
@ -375,7 +377,60 @@ A: When reloading a zone named my have multiple copies of the zone in
other errors in the master file as it still has an in-core copy of the
old contents.
3. General Questions
Q: I want to use IPv6 locally but I don't have a external IPv6 connection.
External lookups are slow.
A: You can use server clauses to stop named making external lookups over
IPv6.
server fd81:ec6c:bd62::/48 { bogus no; }; // site ULA prefix
server ::/0 { bogus yes; };
3. Operations Questions
Q: How to change the nameservers for a zone?
A: Step 1: Ensure all nameservers, new and old, are serving the same zone
content.
Step 2: Work out the maximum TTL of the NS RRset in the parent and
child zones. This is the time it will take caches to be clear of a
particular version of the NS RRset. If you are just removing
nameservers you can skip to Step 6.
Step 3: Add new nameservers to the NS RRset for the zone and wait until
all the servers for the zone are answering with this new NS RRset.
Step 4: Inform the parent zone of the new NS RRset then wait for all
the parent servers to be answering with the new NS RRset.
Step 5: Wait for cache to be clear of the old NS RRset. See Step 2 for
how long. If you are just adding nameservers you are done.
Step 6: Remove any old nameservers from the zones NS RRset and wait for
all the servers for the zone to be serving the new NS RRset.
Step 7: Inform the parent zone of the new NS RRset then wait for all
the parent servers to be answering with the new NS RRset.
Step 8: Wait for cache to be clear of the old NS RRset. See Step 2 for
how long.
Step 9: Turn off the old nameservers or remove the zone entry from the
configuration of the old nameservers.
Step 10: Increment the serial number and wait for the change to be
visible in all nameservers for the zone. This ensures that zone
transfers are still working after the old servers are decommissioned.
Note: the above procedure is designed to be transparent to dns clients.
Decommissioning the old servers too early will result in some clients
not being able to look up answers in the zone.
Note: while it is possible to run the addition and removal stages
together it is not recommended.
4. General Questions
Q: I keep getting log messages like the following. Why?
@ -396,8 +451,8 @@ A: Someone is trying to update your DNS data using the RFC2136 Dynamic
Update protocol. Windows 2000 machines have a habit of sending dynamic
update requests to DNS servers without being specifically configured to
do so. If the update requests are coming from a Windows 2000 machine,
see http://support.microsoft.com/support/kb/articles/q246/8/04.asp for
information about how to turn them off.
see <http://support.microsoft.com/support/kb/articles/q246/8/04.asp>
for information about how to turn them off.
Q: When I do a "dig . ns", many of the A records for the root servers are
missing. Why?
@ -468,7 +523,7 @@ A: If the IN-ADDR.ARPA name covered refers to a internal address space you
are using then you have failed to follow RFC 1918 usage rules and are
leaking queries to the Internet. You should establish your own zones
for these addresses to prevent you querying the Internet's name servers
for these addresses. Please see http://as112.net/ for details of the
for these addresses. Please see <http://as112.net/> for details of the
problems you are causing and the counter measures that have had to be
deployed.
@ -541,9 +596,16 @@ A: No. The BIND 9 bug database is kept closed for a number of reasons.
that have been fixed post release. That is as close as we can get to
providing a bug database.
4. Operating-System Specific Questions
Q: Why do queries for NSEC3 records fail to return the NSEC3 record?
4.1. HPUX
A: NSEC3 records are strictly meta data and can only be returned in the
authority section. This is done so that signing the zone using NSEC3
records does not bring names into existance that do not exist in the
unsigned version of the zone.
5. Operating-System Specific Questions
5.1. HPUX
Q: I get the following error trying to configure BIND:
@ -559,7 +621,7 @@ A: You have attempted to configure BIND with the bundled C compiler. This
./configure CC=<compiler> ...
4.2. Linux
5.2. Linux
Q: Why do I get the following errors:
@ -569,7 +631,20 @@ Q: Why do I get the following errors:
A: This is the result of a Linux kernel bug.
See: http://marc.theaimsgroup.com/?l=linux-netdev&m=113081708031466&w=2
See: <http://marc.theaimsgroup.com/?l=linux-netdev&m=113081708031466&w=
2>
Q: Why does named lock up when it attempts to connect over IPSEC tunnels?
A: This is due to a kernel bug where the fact that a socket is marked
non-blocking is ignored. It is reported that setting xfrm_larval_drop
to 1 helps but this may have negative side effects. See: <https://
bugzilla.redhat.com/show_bug.cgi?id=427629> and <http://lkml.org/lkml/
2007/12/4/260>.
xfrm_larval_drop can be set to 1 by the following procedure:
echo "1" > proc/sys/net/core/xfrm_larval_drop
Q: Why do I see 5 (or more) copies of named on Linux?
@ -594,7 +669,12 @@ Q: I get the error message "named: capset failed: Operation not permitted"
when starting named.
A: The capability module, part of "Linux Security Modules/LSM", has not
been loaded into the kernel. See insmod(8).
been loaded into the kernel. See insmod(8), modprobe(8).
The relevant modules can be loaded by running:
modprobe commoncap
modprobe capability
Q: I'm running BIND on Red Hat Enterprise Linux or Fedora Core -
@ -608,7 +688,7 @@ Q: I'm running BIND on Red Hat Enterprise Linux or Fedora Core -
A: Red Hat Security Enhanced Linux (SELinux) policy security protections :
Red Hat have adopted the National Security Agency's SELinux security
policy ( see http://www.nsa.gov/selinux ) and recommendations for BIND
policy (see <http://www.nsa.gov/selinux>) and recommendations for BIND
security , which are more secure than running named in a chroot and
make use of the bind-chroot environment unnecessary .
@ -699,7 +779,19 @@ A: Red Hat Security Enhanced Linux (SELinux) policy security protections :
See these man-pages for more information : selinux(8), named_selinux
(8), chcon(1), setsebool(8)
4.3. Windows
Q: Listening on individual IPv6 interfaces does not work.
A: This is usually due to "/proc/net/if_inet6" not being available in the
chroot file system. Mount another instance of "proc" in the chroot file
system.
This can be be made permanent by adding a second instance to /etc/
fstab.
proc /proc proc defaults 0 0
proc /var/named/proc proc defaults 0 0
5.3. Windows
Q: Zone transfers from my BIND 9 master to my Windows 2000 slave fail.
Why?
@ -725,7 +817,7 @@ A: This is the service manager saying that named exited. You need to
Directory "C:\windows\dns\etc";
};
4.4. FreeBSD
5.4. FreeBSD
Q: I have FreeBSD 4.x and "rndc-confgen -a" just sits there.
@ -736,17 +828,17 @@ A: /dev/random is not configured. Use rndcontrol(8) to tell the kernel to
/etc/rc.conf
rand_irqs="3 14 15"
See also http://people.freebsd.org/~dougb/randomness.html
See also <http://people.freebsd.org/~dougb/randomness.html>.
4.5. Solaris
5.5. Solaris
Q: How do I integrate BIND 9 and Solaris SMF
A: Sun has a blog entry describing how to do this.
http://blogs.sun.com/roller/page/anay/Weblog?catname=%2FSolaris
<http://blogs.sun.com/roller/page/anay/Weblog?catname=%2FSolaris>
4.6. Apple Mac OS X
5.6. Apple Mac OS X
Q: How do I run BIND 9 on Apple Mac OS X?

253
FAQ.xml
View File

@ -1,7 +1,7 @@
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" []>
<!--
- Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: FAQ.xml,v 1.4.4.16 2007/10/31 02:14:07 marka Exp $ -->
<!-- $Id: FAQ.xml,v 1.4.4.24 2008/09/10 01:32:25 tbox Exp $ -->
<article class="faq">
<title>Frequently Asked Questions about BIND 9</title>
@ -27,6 +27,7 @@
<year>2005</year>
<year>2006</year>
<year>2007</year>
<year>2008</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@ -390,6 +391,11 @@ named-checkzone example.com tmp</programlisting>
of input</quote> where 99 is the last line of named.conf.
</para>
</question>
<answer>
<para>
There are unbalanced quotes in named.conf.
</para>
</answer>
<answer>
<para>
Some text editors (notepad and wordpad) fail to put a line
@ -660,9 +666,98 @@ zone "list.dsbl.org" {
</para>
</answer>
</qandaentry>
<qandaentry>
<question>
<para>
I want to use IPv6 locally but I don't have a external IPv6
connection. External lookups are slow.
</para>
</question>
<answer>
<para>
You can use server clauses to stop named making external lookups
over IPv6.
</para>
<programlisting>
server fd81:ec6c:bd62::/48 { bogus no; }; // site ULA prefix
server ::/0 { bogus yes; };
</programlisting>
</answer>
</qandaentry>
</qandadiv> <!-- Configuration and Setup Questions -->
<qandadiv><title>Operations Questions</title>
<qandaentry>
<question>
<para>
How to change the nameservers for a zone?
</para>
</question>
<answer>
<para>
Step 1: Ensure all nameservers, new and old, are serving the
same zone content.
</para>
<para>
Step 2: Work out the maximum TTL of the NS RRset in the parent and child
zones. This is the time it will take caches to be clear of a
particular version of the NS RRset.
If you are just removing nameservers you can skip to Step 6.
</para>
<para>
Step 3: Add new nameservers to the NS RRset for the zone and
wait until all the servers for the zone are answering with this
new NS RRset.
</para>
<para>
Step 4: Inform the parent zone of the new NS RRset then wait for all the
parent servers to be answering with the new NS RRset.
</para>
<para>
Step 5: Wait for cache to be clear of the old NS RRset.
See Step 2 for how long.
If you are just adding nameservers you are done.
</para>
<para>
Step 6: Remove any old nameservers from the zones NS RRset and
wait for all the servers for the zone to be serving the new NS RRset.
</para>
<para>
Step 7: Inform the parent zone of the new NS RRset then wait for all the
parent servers to be answering with the new NS RRset.
</para>
<para>
Step 8: Wait for cache to be clear of the old NS RRset.
See Step 2 for how long.
</para>
<para>
Step 9: Turn off the old nameservers or remove the zone entry from
the configuration of the old nameservers.
</para>
<para>
Step 10: Increment the serial number and wait for the change to
be visible in all nameservers for the zone. This ensures that
zone transfers are still working after the old servers are
decommissioned.
</para>
<para>
Note: the above procedure is designed to be transparent
to dns clients. Decommissioning the old servers too early
will result in some clients not being able to look up
answers in the zone.
</para>
<para>
Note: while it is possible to run the addition and removal
stages together it is not recommended.
</para>
</answer>
</qandaentry>
</qandadiv> <!-- Operations Questions -->
<qandadiv><title>General Questions</title>
<qandaentry>
@ -705,8 +800,7 @@ zone "list.dsbl.org" {
requests are coming from a Windows 2000 machine, see
<ulink
url="http://support.microsoft.com/support/kb/articles/q246/8/04.asp">
http://support.microsoft.com/support/kb/articles/q246/8/04.asp
</ulink>
&lt;http://support.microsoft.com/support/kb/articles/q246/8/04.asp&gt;</ulink>
for information about how to turn them off.
</para>
</answer>
@ -856,7 +950,7 @@ serial-query-rate 5; // default 20</programlisting>
usage rules and are leaking queries to the Internet. You
should establish your own zones for these addresses to prevent
you querying the Internet's name servers for these addresses.
Please see <ulink url="http://as112.net/">http://as112.net/</ulink>
Please see <ulink url="http://as112.net/">&lt;http://as112.net/&gt;</ulink>
for details of the problems you are causing and the counter
measures that have had to be deployed.
</para>
@ -962,6 +1056,23 @@ empty:
</answer>
</qandaentry>
<qandaentry>
<question>
<para>
Why do queries for NSEC3 records fail to return the NSEC3 record?
</para>
</question>
<answer>
<para>
NSEC3 records are strictly meta data and can only be
returned in the authority section. This is done so that
signing the zone using NSEC3 records does not bring names
into existance that do not exist in the unsigned version
of the zone.
</para>
</answer>
</qandaentry>
</qandadiv> <!-- General Questions -->
<qandadiv><title>Operating-System Specific Questions</title>
@ -1009,7 +1120,31 @@ client: UDP client handler shutting down due to fatal receive error: unexpected
</para>
<para>
See:
<ulink url="http://marc.theaimsgroup.com/?l=linux-netdev&amp;m=113081708031466&amp;w=2">http://marc.theaimsgroup.com/?l=linux-netdev&amp;m=113081708031466&amp;w=2</ulink>
<ulink url="http://marc.theaimsgroup.com/?l=linux-netdev&amp;m=113081708031466&amp;w=2">&lt;http://marc.theaimsgroup.com/?l=linux-netdev&amp;m=113081708031466&amp;w=2&gt;</ulink>
</para>
</answer>
</qandaentry>
<qandaentry>
<question>
<para>
Why does named lock up when it attempts to connect over IPSEC tunnels?
</para>
</question>
<answer>
<para>
This is due to a kernel bug where the fact that a socket is marked
non-blocking is ignored. It is reported that setting
xfrm_larval_drop to 1 helps but this may have negative side effects.
See:
<ulink url="https://bugzilla.redhat.com/show_bug.cgi?id=427629">&lt;https://bugzilla.redhat.com/show_bug.cgi?id=427629&gt;</ulink>
and
<ulink url="http://lkml.org/lkml/2007/12/4/260">&lt;http://lkml.org/lkml/2007/12/4/260&gt;</ulink>.
</para>
<para>
xfrm_larval_drop can be set to 1 by the following procedure:
<programlisting>
echo "1" &gt; proc/sys/net/core/xfrm_larval_drop</programlisting>
</para>
</answer>
</qandaentry>
@ -1064,7 +1199,13 @@ client: UDP client handler shutting down due to fatal receive error: unexpected
<answer>
<para>
The capability module, part of "Linux Security Modules/LSM",
has not been loaded into the kernel. See insmod(8).
has not been loaded into the kernel. See insmod(8), modprobe(8).
</para>
<para>
The relevant modules can be loaded by running:
<programlisting>
modprobe commoncap
modprobe capability</programlisting>
</para>
</answer>
</qandaentry>
@ -1094,8 +1235,9 @@ client: UDP client handler shutting down due to fatal receive error: unexpected
<para>
Red Hat have adopted the National Security Agency's
SELinux security policy ( see http://www.nsa.gov/selinux
) and recommendations for BIND security , which are more
SELinux security policy (see <ulink
url="http://www.nsa.gov/selinux">&lt;http://www.nsa.gov/selinux&gt;</ulink>)
and recommendations for BIND security , which are more
secure than running named in a chroot and make use of
the bind-chroot environment unnecessary .
</para>
@ -1233,6 +1375,30 @@ named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,d
</para>
</answer>
</qandaentry>
<qandaentry>
<question>
<para>
Listening on individual IPv6 interfaces does not work.
</para>
</question>
<answer>
<para>
This is usually due to "/proc/net/if_inet6" not being available
in the chroot file system. Mount another instance of "proc"
in the chroot file system.
</para>
<para>
This can be be made permanent by adding a second instance to
/etc/fstab.
<informalexample>
<programlisting>
proc /proc proc defaults 0 0
proc /var/named/proc proc defaults 0 0</programlisting>
</informalexample>
</para>
</answer>
</qandaentry>
</qandadiv> <!-- Linux -->
@ -1310,8 +1476,7 @@ rand_irqs="3 14 15"</programlisting>
<para>
See also
<ulink url="http://people.freebsd.org/~dougb/randomness.html">
http://people.freebsd.org/~dougb/randomness.html
</ulink>
&lt;http://people.freebsd.org/~dougb/randomness.html&gt;</ulink>.
</para>
</answer>
</qandaentry>
@ -1333,12 +1498,76 @@ rand_irqs="3 14 15"</programlisting>
<para>
<ulink
url="http://blogs.sun.com/roller/page/anay/Weblog?catname=%2FSolaris">
http://blogs.sun.com/roller/page/anay/Weblog?catname=%2FSolaris
&lt;http://blogs.sun.com/roller/page/anay/Weblog?catname=%2FSolaris&gt;
</ulink>
</para>
</answer>
</qandaentry>
</qandadiv>
<qandadiv><title>Apple Mac OS X</title>
<qandaentry>
<question>
<para>
How do I run BIND 9 on Apple Mac OS X?
</para>
</question>
<answer>
<para>
If you run Tiger(Mac OS 10.4) or later then this is all you need to do:
</para>
<informalexample>
<programlisting>
% sudo rndc-confgen > /etc/rndc.conf</programlisting>
</informalexample>
<para>
Copy the key statement from /etc/rndc.conf into /etc/rndc.key, e.g.:
</para>
<informalexample>
<programlisting>
key "rndc-key" {
algorithm hmac-md5;
secret "uvceheVuqf17ZwIcTydddw==";
};</programlisting>
</informalexample>
<para>
Then start the relevant service:
</para>
<informalexample>
<programlisting>
% sudo service org.isc.named start</programlisting>
</informalexample>
<para>
This is persistent upon a reboot, so you will have to do it only once.
</para>
</answer>
<answer>
<para>
Alternatively you can just generate /etc/rndc.key by running:
</para>
<informalexample>
<programlisting>
% sudo rndc-confgen -a</programlisting>
</informalexample>
<para>
Then start the relevant service:
</para>
<informalexample>
<programlisting>
% sudo service org.isc.named start</programlisting>
</informalexample>
<para>
Named will look for /etc/rndc.key when it starts if it
doesn't have a controls section or the existing controls are
missing keys sub-clauses. This is persistent upon a
reboot, so you will have to do it only once.
</para>
</answer>
</qandaentry>
</qandadiv>
</qandadiv> <!-- Operating-System Specific Questions -->

33
README
View File

@ -42,6 +42,9 @@ BIND 9
Stichting NLnet - NLnet Foundation
Nominum, Inc.
BIND 9.4.3
BIND 9.4.3 is a maintenance release, fixing bugs in 9.4.2.
BIND 9.4.2
@ -355,7 +358,7 @@ BIND 9.2.0
This does not apply to the use of TSIG, which does not
require OpenSSL.
- The source distribution now builds on Windows NT/2000.
- The source distribution now builds on Windows.
See win32utils/readme1.txt and win32utils/win32-build.txt
for details.
@ -404,11 +407,8 @@ BIND 9.2.0
--with-libtool does not work on AIX.
--with-libtool does not work on SunOS 4. configure
requires "printf" which is not available.
A bug in the Windows 2000 DNS server can cause zone transfers
from a BIND 9 server to a W2K server to fail. For details,
A bug in some versions of the Microsoft DNS server can cause zone
transfers from a BIND 9 server to a W2K server to fail. For details,
see the "Zone Transfers" section in doc/misc/migration.
For a detailed list of user-visible changes from
@ -428,7 +428,11 @@ Building
NetBSD 1.5
Slackware Linux 8.1
Solaris 8, 9, 9 (x86)
Windows NT/2000/XP/2003
Windows XP/2003/2008
NOTE: As of BIND 9.5.1, 9.4.3, and 9.3.6, older versions of
Windows, including Windows NT and Windows 2000, are no longer
supported.
Additionally, we have unverified reports of success building
previous versions of BIND 9 from users of the following systems:
@ -482,6 +486,14 @@ Building
-DNS_CLIENT_DROPPORT=0
Disable support for "rrset-order fixed".
-DDNS_RDATASET_FIXED=0
Sibling glue checking in named-checkzone is enabled by default.
To disable the default check set. -DCHECK_SIBLING=0
named-checkzone checks out-of-zone addresses by default.
To disable this default set. -DCHECK_LOCAL=0
Enable workaround for Solaris kernel bug about /dev/poll
-DISC_SOCKET_USE_POLLWATCH=1
The watch timeout is also configurable, e.g.,
-DISC_SOCKET_POLLWATCH_TIMEOUT=20
LDFLAGS
Linker flags. Defaults to empty string.
@ -510,6 +522,10 @@ Building
To build libbind (the BIND 8 resolver library), specify
"--enable-libbind" on the configure command line.
On some platforms it is necessary to explictly request large
file support to handle files bigger than 2GB. This can be
done by "--enable-largefile" on the configure command line.
On some platforms, BIND 9 can be built with multithreading
support, allowing it to take advantage of multiple CPUs.
You can specify whether to build a multithreaded BIND 9
@ -559,6 +575,9 @@ Building
on your system, and some require Perl; see bin/tests/system/README
for details.
SunOS 4 requires "printf" to be installed to make the shared
libraries. sh-utils-1.16 provides a "printf" which compiles
on SunOS 4.
Documentation

31
bin/check/check-tool.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: check-tool.c,v 1.10.18.18 2007/09/13 05:04:01 each Exp $ */
/* $Id: check-tool.c,v 1.10.18.20 2008/10/24 01:43:17 tbox Exp $ */
/*! \file */
@ -46,6 +46,14 @@
#include <isccfg/log.h>
#ifndef CHECK_SIBLING
#define CHECK_SIBLING 1
#endif
#ifndef CHECK_LOCAL
#define CHECK_LOCAL 1
#endif
#ifdef HAVE_ADDRINFO
#ifdef HAVE_GETADDRINFO
#ifdef HAVE_GAISTRERROR
@ -59,20 +67,29 @@
result = (r); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
} while (0)
static const char *dbtype[] = { "rbt" };
int debug = 0;
isc_boolean_t nomerge = ISC_TRUE;
#if CHECK_LOCAL
isc_boolean_t docheckmx = ISC_TRUE;
isc_boolean_t dochecksrv = ISC_TRUE;
isc_boolean_t docheckns = ISC_TRUE;
unsigned int zone_options = DNS_ZONEOPT_CHECKNS |
#else
isc_boolean_t docheckmx = ISC_FALSE;
isc_boolean_t dochecksrv = ISC_FALSE;
isc_boolean_t docheckns = ISC_FALSE;
#endif
unsigned int zone_options = DNS_ZONEOPT_CHECKNS |
DNS_ZONEOPT_CHECKMX |
DNS_ZONEOPT_MANYERRORS |
DNS_ZONEOPT_CHECKNAMES |
DNS_ZONEOPT_CHECKINTEGRITY |
#if CHECK_SIBLING
DNS_ZONEOPT_CHECKSIBLING |
#endif
DNS_ZONEOPT_CHECKWILDCARD |
DNS_ZONEOPT_WARNMXCNAME |
DNS_ZONEOPT_WARNSRVCNAME;
@ -125,7 +142,7 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
if (dns_name_countlabels(name) > 1U)
strcat(namebuf, ".");
dns_name_format(owner, ownerbuf, sizeof(ownerbuf));
result = getaddrinfo(namebuf, NULL, &hints, &ai);
dns_name_format(name, namebuf, sizeof(namebuf) - 1);
switch (result) {
@ -297,7 +314,7 @@ checkmx(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
if (dns_name_countlabels(name) > 1U)
strcat(namebuf, ".");
dns_name_format(owner, ownerbuf, sizeof(ownerbuf));
result = getaddrinfo(namebuf, NULL, &hints, &ai);
dns_name_format(name, namebuf, sizeof(namebuf) - 1);
switch (result) {
@ -370,7 +387,7 @@ checksrv(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
if (dns_name_countlabels(name) > 1U)
strcat(namebuf, ".");
dns_name_format(owner, ownerbuf, sizeof(ownerbuf));
result = getaddrinfo(namebuf, NULL, &hints, &ai);
dns_name_format(name, namebuf, sizeof(namebuf) - 1);
switch (result) {

9
bin/check/named-checkconf.c
View File

@ -1,8 +1,8 @@
/*
* Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: named-checkconf.c,v 1.28.18.14 2006/02/28 03:10:47 marka Exp $ */
/* $Id: named-checkconf.c,v 1.28.18.16 2007/11/26 23:46:18 tbox Exp $ */
/*! \file */
@ -224,7 +224,8 @@ configure_zone(const char *vclass, const char *view,
zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
else
zone_options &= ~DNS_ZONEOPT_CHECKINTEGRITY;
}
} else
zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
obj = NULL;
if (get_maps(maps, "check-mx-cname", &obj)) {

11
bin/check/named-checkzone.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: named-checkzone.c,v 1.29.18.19 2007/08/28 07:19:55 tbox Exp $ */
/* $Id: named-checkzone.c,v 1.29.18.21 2008/10/24 01:43:17 tbox Exp $ */
/*! \file */
@ -77,8 +77,9 @@ usage(void) {
"[-f inputformat] [-F outputformat] "
"[-t directory] [-w directory] [-k (ignore|warn|fail)] "
"[-n (ignore|warn|fail)] [-m (ignore|warn|fail)] "
"[-i (full|local|none)] [-M (ignore|warn|fail)] "
"[-S (ignore|warn|fail)] [-W (ignore|warn)] "
"[-i (full|full-sibling|local|local-sibling|none)] "
"[-M (ignore|warn|fail)] [-S (ignore|warn|fail)] "
"[-W (ignore|warn)] "
"zonename filename\n", prog_name);
exit(1);
}
@ -227,7 +228,7 @@ main(int argc, char **argv) {
zone_options &= ~DNS_ZONEOPT_FATALNS;
} else if (ARGCMP("fail")) {
zone_options |= DNS_ZONEOPT_CHECKNS|
DNS_ZONEOPT_FATALNS;
DNS_ZONEOPT_FATALNS;
} else {
fprintf(stderr, "invalid argument to -n: %s\n",
isc_commandline_argument);

20
bin/dig/dig.1
View File

@ -1,4 +1,4 @@
.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: dig.1,v 1.23.18.22 2007/05/16 06:11:27 marka Exp $
.\" $Id: dig.1,v 1.23.18.24 2008/10/14 01:30:11 tbox Exp $
.\"
.hy 0
.ad l
@ -33,7 +33,7 @@
dig \- DNS lookup utility
.SH "SYNOPSIS"
.HP 4
\fBdig\fR [@server] [\fB\-b\ \fR\fB\fIaddress\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIfilename\fR\fR] [\fB\-k\ \fR\fB\fIfilename\fR\fR] [\fB\-p\ \fR\fB\fIport#\fR\fR] [\fB\-q\ \fR\fB\fIname\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-x\ \fR\fB\fIaddr\fR\fR] [\fB\-y\ \fR\fB\fI[hmac:]\fR\fIname:key\fR\fR] [\fB\-4\fR] [\fB\-6\fR] [name] [type] [class] [queryopt...]
\fBdig\fR [@server] [\fB\-b\ \fR\fB\fIaddress\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIfilename\fR\fR] [\fB\-k\ \fR\fB\fIfilename\fR\fR] [\fB\-m\fR] [\fB\-p\ \fR\fB\fIport#\fR\fR] [\fB\-q\ \fR\fB\fIname\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-x\ \fR\fB\fIaddr\fR\fR] [\fB\-y\ \fR\fB\fI[hmac:]\fR\fIname:key\fR\fR] [\fB\-4\fR] [\fB\-6\fR] [name] [type] [class] [queryopt...]
.HP 4
\fBdig\fR [\fB\-h\fR]
.HP 4
@ -59,7 +59,9 @@ Unless it is told to query a specific name server,
will try each of the servers listed in
\fI/etc/resolv.conf\fR.
.PP
When no command line arguments or options are given, will perform an NS query for "." (the root).
When no command line arguments or options are given,
\fBdig\fR
will perform an NS query for "." (the root).
.PP
It is possible to set per\-user defaults for
\fBdig\fR
@ -70,9 +72,9 @@ The IN and CH class names overlap with the IN and CH top level domains names. Ei
\fB\-t\fR
and
\fB\-c\fR
options to specify the type and class or use the
options to specify the type and class, use the
\fB\-q\fR
the specify the domain name or use "IN." and "CH." when looking up these top level domains.
the specify the domain name, or use "IN." and "CH." when looking up these top level domains.
.SH "SIMPLE USAGE"
.PP
A typical invocation of
@ -139,6 +141,10 @@ operate in batch mode by reading a list of lookup requests to process from the f
\fBdig\fR
using the command\-line interface.
.PP
The
\fB\-m\fR
option enables memory usage debugging.
.PP
If a non\-standard port number is to be queried, the
\fB\-p\fR
option is used.
@ -551,7 +557,7 @@ RFC1035.
.PP
There are probably too many query options.
.SH "COPYRIGHT"
Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2004\-2008 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000\-2003 Internet Software Consortium.
.br

59
bin/dig/dig.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dig.c,v 1.186.18.29 2007/08/28 07:19:55 tbox Exp $ */
/* $Id: dig.c,v 1.186.18.33 2008/10/15 02:19:18 marka Exp $ */
/*! \file */
@ -50,7 +50,7 @@
#define ADD_STRING(b, s) { \
if (strlen(s) >= isc_buffer_availablelength(b)) \
return (ISC_R_NOSPACE); \
return (ISC_R_NOSPACE); \
else \
isc_buffer_putstr(b, s); \
}
@ -71,7 +71,7 @@ static isc_boolean_t short_form = ISC_FALSE, printcmd = ISC_TRUE,
multiline = ISC_FALSE, nottl = ISC_FALSE, noclass = ISC_FALSE;
/*% opcode text */
static const char *opcodetext[] = {
static const char * const opcodetext[] = {
"QUERY",
"IQUERY",
"STATUS",
@ -91,7 +91,7 @@ static const char *opcodetext[] = {
};
/*% return code text */
static const char *rcodetext[] = {
static const char * const rcodetext[] = {
"NOERROR",
"FORMERR",
"SERVFAIL",
@ -144,8 +144,8 @@ help(void) {
" q-type is one of (a,any,mx,ns,soa,hinfo,axfr,txt,...) [default:a]\n"
" (Use ixfr=version for type ixfr)\n"
" q-opt is one of:\n"
" -x dot-notation (shortcut for in-addr lookups)\n"
" -i (IP6.INT reverse IPv6 lookups)\n"
" -x dot-notation (shortcut for reverse lookups)\n"
" -i (use IP6.INT for IPv6 reverse lookups)\n"
" -f filename (batch mode)\n"
" -b address[#port] (bind to source address/port)\n"
" -p port (specify port number)\n"
@ -156,6 +156,7 @@ help(void) {
" -y [hmac:]name:key (specify named base64 tsig key)\n"
" -4 (use IPv4 query transport only)\n"
" -6 (use IPv6 query transport only)\n"
" -m (enable memory usage debugging)\n"
" d-opt is of the form +keyword[=value], where keyword is:\n"
" +[no]vc (TCP mode)\n"
" +[no]tcp (TCP mode, alternate syntax)\n"
@ -383,7 +384,7 @@ printrdataset(dns_name_t *owner_name, dns_rdataset_t *rdataset,
else if (nottl || noclass)
result = dns_master_stylecreate(&style, styleflags,
24, 24, 32, 40, 80, 8, mctx);
else
else
result = dns_master_stylecreate(&style, styleflags,
24, 32, 40, 48, 80, 8, mctx);
check_result(result, "dns_master_stylecreate");
@ -392,7 +393,7 @@ printrdataset(dns_name_t *owner_name, dns_rdataset_t *rdataset,
if (style != NULL)
dns_master_styledestroy(&style, mctx);
return(result);
}
#endif
@ -429,7 +430,7 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
else if (nottl || noclass)
result = dns_master_stylecreate(&style, styleflags,
24, 24, 32, 40, 80, 8, mctx);
else
else
result = dns_master_stylecreate(&style, styleflags,
24, 32, 40, 48, 80, 8, mctx);
check_result(result, "dns_master_stylecreate");
@ -638,7 +639,7 @@ printgreeting(int argc, char **argv, dig_lookup_t *lookup) {
strncat(lookup->cmdline, append, remaining);
}
if (first) {
snprintf(append, sizeof(append),
snprintf(append, sizeof(append),
";; global options: %s %s\n",
short_form ? "short_form" : "",
printcmd ? "printcmd" : "");
@ -716,7 +717,7 @@ plus_option(char *option, isc_boolean_t is_batchfile,
FULLCHECK2("aaonly", "aaflag");
lookup->aaonly = state;
break;
case 'd':
case 'd':
switch (cmd[2]) {
case 'd': /* additional */
FULLCHECK("additional");
@ -801,13 +802,13 @@ plus_option(char *option, isc_boolean_t is_batchfile,
FULLCHECK("defname");
usesearch = state;
break;
case 'n': /* dnssec */
case 'n': /* dnssec */
FULLCHECK("dnssec");
if (state && lookup->edns == -1)
lookup->edns = 0;
lookup->dnssec = state;
break;
case 'o': /* domain */
case 'o': /* domain */
FULLCHECK("domain");
if (value == NULL)
goto need_value;
@ -881,7 +882,7 @@ plus_option(char *option, isc_boolean_t is_batchfile,
goto invalid_option;
}
break;
case 'q':
case 'q':
switch (cmd[1]) {
case 'r': /* qr */
FULLCHECK("qr");
@ -957,11 +958,11 @@ plus_option(char *option, isc_boolean_t is_batchfile,
break;
#ifdef DIG_SIGCHASE
case 'i': /* sigchase */
FULLCHECK("sigchase");
FULLCHECK("sigchase");
lookup->sigchase = state;
if (lookup->sigchase)
lookup->dnssec = ISC_TRUE;
break;
break;
#endif
case 't': /* stats */
FULLCHECK("stats");
@ -989,7 +990,7 @@ plus_option(char *option, isc_boolean_t is_batchfile,
timeout = 1;
break;
#if DIG_SIGCHASE_TD
case 'o': /* topdown */
case 'o': /* topdown */
FULLCHECK("topdown");
lookup->do_topdown = state;
break;
@ -1024,7 +1025,7 @@ plus_option(char *option, isc_boolean_t is_batchfile,
#ifdef DIG_SIGCHASE
case 'u': /* trusted-key */
FULLCHECK("trusted-key");
if (value == NULL)
if (value == NULL)
goto need_value;
if (!state)
goto invalid_option;
@ -1158,7 +1159,7 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
hash = strchr(value, '#');
if (hash != NULL) {
srcport = (in_port_t)
parse_uint(hash + 1,
parse_uint(hash + 1,
"port number", MAXPORT);
*hash = '\0';
} else
@ -1211,7 +1212,7 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
(*lookup) = clone_lookup(default_lookup,
ISC_TRUE);
*need_clone = ISC_TRUE;
strncpy((*lookup)->textname, value,
strncpy((*lookup)->textname, value,
sizeof((*lookup)->textname));
(*lookup)->textname[sizeof((*lookup)->textname)-1]=0;
(*lookup)->trace_root = ISC_TF((*lookup)->trace ||
@ -1250,7 +1251,7 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
(*lookup)->rdtypeset = ISC_TRUE;
(*lookup)->ixfr_serial =
parse_uint(&value[5], "serial number",
MAXSERIAL);
MAXSERIAL);
(*lookup)->section_question = plusquest;
(*lookup)->comments = pluscomm;
} else {
@ -1276,7 +1277,7 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
if (ptr2 == NULL)
usage();
ptr3 = next_token(&value,":"); /* secret or NULL */
if (ptr3 != NULL) {
if (ptr3 != NULL) {
if (strcasecmp(ptr, "hmac-md5") == 0) {
hmacname = DNS_TSIG_HMACMD5_NAME;
digestbits = 0;
@ -1425,7 +1426,7 @@ getaddresses(dig_lookup_t *lookup, const char *host) {
char tmp[ISC_NETADDR_FORMATSIZE];
result = bind9_getaddresses(host, 0, sockaddrs,
DIG_MAX_ADDRESSES, &count);
DIG_MAX_ADDRESSES, &count);
if (result != ISC_R_SUCCESS)
fatal("couldn't get address for '%s': %s",
host, isc_result_totext(result));
@ -1487,7 +1488,7 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
if (homedir != NULL) {
unsigned int n;
n = snprintf(rcfile, sizeof(rcfile), "%s/.digrc",
homedir);
homedir);
if (n < sizeof(rcfile))
batchfp = fopen(rcfile, "r");
}
@ -1567,7 +1568,7 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
tr.base = rv[0];
tr.length = strlen(rv[0]);
result = dns_rdatatype_fromtext(&rdtype,
(isc_textregion_t *)&tr);
(isc_textregion_t *)&tr);
if (result == ISC_R_SUCCESS &&
rdtype == dns_rdatatype_ixfr) {
result = DNS_R_UNKNOWN;
@ -1588,8 +1589,8 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
lookup->rdtypeset = ISC_TRUE;
lookup->ixfr_serial =
parse_uint(&rv[0][5],
"serial number",
MAXSERIAL);
"serial number",
MAXSERIAL);
lookup->section_question =
plusquest;
lookup->comments = pluscomm;
@ -1624,7 +1625,7 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
lookup = clone_lookup(default_lookup,
ISC_TRUE);
need_clone = ISC_TRUE;
strncpy(lookup->textname, rv[0],
strncpy(lookup->textname, rv[0],
sizeof(lookup->textname));
lookup->textname[sizeof(lookup->textname)-1]=0;
lookup->trace_root = ISC_TF(lookup->trace ||

20
bin/dig/dig.docbook
View File

@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dig.docbook,v 1.17.18.21 2007/08/28 07:19:55 tbox Exp $ -->
<!-- $Id: dig.docbook,v 1.17.18.24 2008/10/14 00:54:40 marka Exp $ -->
<refentry id="man.dig">
<refentryinfo>
@ -42,6 +42,7 @@
<year>2005</year>
<year>2006</year>
<year>2007</year>
<year>2008</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@ -61,6 +62,7 @@
<arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
<arg><option>-f <replaceable class="parameter">filename</replaceable></option></arg>
<arg><option>-k <replaceable class="parameter">filename</replaceable></option></arg>
<arg><option>-m</option></arg>
<arg><option>-p <replaceable class="parameter">port#</replaceable></option></arg>
<arg><option>-q <replaceable class="parameter">name</replaceable></option></arg>
<arg><option>-t <replaceable class="parameter">type</replaceable></option></arg>
@ -118,8 +120,8 @@
</para>
<para>
When no command line arguments or options are given, will perform an
NS query for "." (the root).
When no command line arguments or options are given,
<command>dig</command> will perform an NS query for "." (the root).
</para>
<para>
@ -132,8 +134,8 @@
<para>
The IN and CH class names overlap with the IN and CH top level
domains names. Either use the <option>-t</option> and
<option>-c</option> options to specify the type and class or
use the <option>-q</option> the specify the domain name or
<option>-c</option> options to specify the type and class,
use the <option>-q</option> the specify the domain name, or
use "IN." and "CH." when looking up these top level domains.
</para>
@ -230,6 +232,12 @@
<command>dig</command> using the command-line interface.
</para>
<para>
The <option>-m</option> option enables memory usage debugging.
<!-- It enables ISC_MEM_DEBUGTRACE and ISC_MEM_DEBUGRECORD
documented in include/isc/mem.h -->
</para>
<para>
If a non-standard port number is to be queried, the
<option>-p</option> option is used. <parameter>port#</parameter> is

36
bin/dig/dig.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dig.html,v 1.13.18.28 2007/05/16 06:11:27 marka Exp $ -->
<!-- $Id: dig.html,v 1.13.18.30 2008/10/14 01:30:11 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -29,12 +29,12 @@
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">dig</code> [@server] [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-k <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] [<code class="option">-q <em class="replaceable"><code>name</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]name:key</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [name] [type] [class] [queryopt...]</p></div>
<div class="cmdsynopsis"><p><code class="command">dig</code> [@server] [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-k <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-m</code>] [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] [<code class="option">-q <em class="replaceable"><code>name</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]name:key</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [name] [type] [class] [queryopt...]</p></div>
<div class="cmdsynopsis"><p><code class="command">dig</code> [<code class="option">-h</code>]</p></div>
<div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543508"></a><h2>DESCRIPTION</h2>
<a name="id2543515"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dig</strong></span>
(domain information groper) is a flexible tool
for interrogating DNS name servers. It performs DNS lookups and
@ -62,8 +62,8 @@
<code class="filename">/etc/resolv.conf</code>.
</p>
<p>
When no command line arguments or options are given, will perform an
NS query for "." (the root).
When no command line arguments or options are given,
<span><strong class="command">dig</strong></span> will perform an NS query for "." (the root).
</p>
<p>
It is possible to set per-user defaults for <span><strong class="command">dig</strong></span> via
@ -74,13 +74,13 @@
<p>
The IN and CH class names overlap with the IN and CH top level
domains names. Either use the <code class="option">-t</code> and
<code class="option">-c</code> options to specify the type and class or
use the <code class="option">-q</code> the specify the domain name or
<code class="option">-c</code> options to specify the type and class,
use the <code class="option">-q</code> the specify the domain name, or
use "IN." and "CH." when looking up these top level domains.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543577"></a><h2>SIMPLE USAGE</h2>
<a name="id2543589"></a><h2>SIMPLE USAGE</h2>
<p>
A typical invocation of <span><strong class="command">dig</strong></span> looks like:
</p>
@ -126,7 +126,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543668"></a><h2>OPTIONS</h2>
<a name="id2543680"></a><h2>OPTIONS</h2>
<p>
The <code class="option">-b</code> option sets the source IP address of the query
to <em class="parameter"><code>address</code></em>. This must be a valid
@ -151,6 +151,10 @@
the same way they would be presented as queries to
<span><strong class="command">dig</strong></span> using the command-line interface.
</p>
<p>
The <code class="option">-m</code> option enables memory usage debugging.
</p>
<p>
If a non-standard port number is to be queried, the
<code class="option">-p</code> option is used. <em class="parameter"><code>port#</code></em> is
@ -226,7 +230,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543939"></a><h2>QUERY OPTIONS</h2>
<a name="id2544028"></a><h2>QUERY OPTIONS</h2>
<p><span><strong class="command">dig</strong></span>
provides a number of query options which affect
the way in which lookups are made and the results displayed. Some of
@ -545,7 +549,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2545128"></a><h2>MULTIPLE QUERIES</h2>
<a name="id2545149"></a><h2>MULTIPLE QUERIES</h2>
<p>
The BIND 9 implementation of <span><strong class="command">dig </strong></span>
supports
@ -591,7 +595,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2545258"></a><h2>IDN SUPPORT</h2>
<a name="id2545211"></a><h2>IDN SUPPORT</h2>
<p>
If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
@ -605,14 +609,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2545281"></a><h2>FILES</h2>
<a name="id2545234"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
<p><code class="filename">${HOME}/.digrc</code>
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2545298"></a><h2>SEE ALSO</h2>
<a name="id2545251"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
@ -620,7 +624,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2545335"></a><h2>BUGS</h2>
<a name="id2545356"></a><h2>BUGS</h2>
<p>
There are probably too many query options.
</p>

235
bin/dig/dighost.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dighost.c,v 1.259.18.43.10.3 2008/07/23 23:16:43 marka Exp $ */
/* $Id: dighost.c,v 1.259.18.49 2008/07/23 23:33:02 marka Exp $ */
/*! \file
* \note
@ -277,7 +277,7 @@ dns_name_t chase_name; /* the query name */
/*
* the current name is the parent name when we follow delegation
*/
dns_name_t chase_current_name;
dns_name_t chase_current_name;
/*
* the child name is used for delegation (NS DS responses in AUTHORITY section)
*/
@ -493,6 +493,7 @@ void
fatal(const char *format, ...) {
va_list args;
fflush(stdout);
fprintf(stderr, "%s: ", progname);
va_start(args, format);
vfprintf(stderr, format, args);
@ -510,6 +511,7 @@ debug(const char *format, ...) {
va_list args;
if (debugging) {
fflush(stdout);
va_start(args, format);
vfprintf(stderr, format, args);
va_end(args);
@ -616,13 +618,13 @@ set_nameserver(char *opt) {
return;
result = bind9_getaddresses(opt, 0, sockaddrs,
DIG_MAX_ADDRESSES, &count);
DIG_MAX_ADDRESSES, &count);
if (result != ISC_R_SUCCESS)
fatal("couldn't get address for '%s': %s",
opt, isc_result_totext(result));
flush_server_list();
for (i = 0; i < count; i++) {
isc_netaddr_fromsockaddr(&netaddr, &sockaddrs[i]);
isc_netaddr_format(&netaddr, tmp, sizeof(tmp));
@ -891,7 +893,7 @@ setup_text_key(void) {
result = isc_base64_decodestring(keysecret, &secretbuf);
if (result != ISC_R_SUCCESS)
goto failure;
secretsize = isc_buffer_usedlength(&secretbuf);
result = dns_name_fromtext(&keyname, namebuf,
@ -1025,7 +1027,7 @@ setup_system(void) {
domain = NULL;
}
}
if (ndots == -1) {
ndots = lwconf->ndots;
debug("ndots is %d.", ndots);
@ -1088,7 +1090,7 @@ clear_searchlist(void) {
void
set_search_domain(char *domain) {
dig_searchlist_t *search;
clear_searchlist();
search = make_searchlist_entry(domain);
ISC_LIST_APPEND(search_list, search, link);
@ -1409,7 +1411,7 @@ start_lookup(void) {
current_lookup->qrdtype_sigchase
= current_lookup->qrdtype;
current_lookup->qrdtype = dns_rdatatype_ns;
current_lookup->rdclass_sigchase
= current_lookup->rdclass;
current_lookup->rdclass_sigchaseset
@ -1490,7 +1492,7 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section)
INSIST(!free_now);
debug("following up %s", query->lookup->textname);
for (result = dns_message_firstname(msg, section);
result == ISC_R_SUCCESS;
result = dns_message_nextname(msg, section)) {
@ -1545,7 +1547,8 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section)
dns_rdataset_current(rdataset, &rdata);
query->lookup->nsfound++;
(void)dns_rdata_tostruct(&rdata, &ns, NULL);
result = dns_rdata_tostruct(&rdata, &ns, NULL);
check_result(result, "dns_rdata_tostruct");
dns_name_format(&ns.name, namestr, sizeof(namestr));
dns_rdata_freestruct(&ns);
@ -1845,7 +1848,7 @@ setup_lookup(dig_lookup_t *lookup) {
&lookup->name);
dns_message_puttempname(lookup->sendmsg,
&lookup->oname);
fatal("'%s' is not in legal name syntax (%s)",
fatal("Origin '%s' is not in legal name syntax (%s)",
lookup->origin->origin,
isc_result_totext(result));
}
@ -2089,7 +2092,7 @@ send_done(isc_task_t *_task, isc_event_t *event) {
for (b = ISC_LIST_HEAD(sevent->bufferlist);
b != NULL;
b = ISC_LIST_HEAD(sevent->bufferlist))
b = ISC_LIST_HEAD(sevent->bufferlist))
ISC_LIST_DEQUEUE(sevent->bufferlist, b, link);
query = event->ev_arg;
@ -2169,7 +2172,7 @@ bringup_timer(dig_query_t *query, unsigned int default_timeout) {
&l->interval, global_task, connect_timeout,
l, &l->timer);
check_result(result, "isc_timer_create");
}
}
static void
connect_done(isc_task_t *task, isc_event_t *event);
@ -2191,7 +2194,7 @@ send_tcp_connect(dig_query_t *query) {
query->waiting_connect = ISC_TRUE;
query->lookup->current_query = query;
get_address(query->servname, port, &query->sockaddr);
if (specified_source &&
(isc_sockaddr_pf(&query->sockaddr) !=
isc_sockaddr_pf(&bind_address))) {
@ -2663,7 +2666,8 @@ check_for_more_data(dig_query_t *query, dns_message_t *msg,
goto next_rdata;
/* Now we have an SOA. Work with it. */
debug("got an SOA");
(void)dns_rdata_tostruct(&rdata, &soa, NULL);
result = dns_rdata_tostruct(&rdata, &soa, NULL);
check_result(result, "dns_rdata_tostruct");
serial = soa.serial;
dns_rdata_freestruct(&soa);
if (!query->first_soa_rcvd) {
@ -2826,13 +2830,13 @@ recv_done(isc_task_t *task, isc_event_t *event) {
char buf2[ISC_SOCKADDR_FORMATSIZE];
isc_sockaddr_t any;
if (isc_sockaddr_pf(&query->sockaddr) == AF_INET)
if (isc_sockaddr_pf(&query->sockaddr) == AF_INET)
isc_sockaddr_any(&any);
else
isc_sockaddr_any6(&any);
/*
* We don't expect a match when the packet is
* We don't expect a match when the packet is
* sent to 0.0.0.0, :: or to a multicast addresses.
* XXXMPA broadcast needs to be handled here as well.
*/
@ -2850,7 +2854,7 @@ recv_done(isc_task_t *task, isc_event_t *event) {
}
}
result = dns_message_peekheader(b, &id, &msgflags);
result = dns_message_peekheader(b, &id, &msgflags);
if (result != ISC_R_SUCCESS || l->sendmsg->id != id) {
match = ISC_FALSE;
if (l->tcp_mode) {
@ -2955,7 +2959,7 @@ recv_done(isc_task_t *task, isc_event_t *event) {
return;
}
if ((msg->flags & DNS_MESSAGEFLAG_TC) != 0 &&
!l->ignore && !l->tcp_mode) {
!l->ignore && !l->tcp_mode) {
printf(";; Truncated, retrying in TCP mode.\n");
n = requeue_lookup(l, ISC_TRUE);
n->tcp_mode = ISC_TRUE;
@ -2967,7 +2971,7 @@ recv_done(isc_task_t *task, isc_event_t *event) {
check_next_lookup(l);
UNLOCK_LOOKUP;
return;
}
}
if ((msg->rcode == dns_rcode_servfail && !l->servfail_stops) ||
(check_ra && (msg->flags & DNS_MESSAGEFLAG_RA) == 0 && l->recurse))
{
@ -3093,7 +3097,7 @@ recv_done(isc_task_t *task, isc_event_t *event) {
if (l->trace_root) {
/*
* This is the initial NS query.
* This is the initial NS query.
*/
int n;
@ -3108,7 +3112,7 @@ recv_done(isc_task_t *task, isc_event_t *event) {
if (!do_sigchase)
#endif
printmessage(query, msg, ISC_TRUE);
}
}
#ifdef DIG_SIGCHASE
if (do_sigchase) {
chase_msg = isc_mem_allocate(mctx,
@ -3127,13 +3131,13 @@ recv_done(isc_task_t *task, isc_event_t *event) {
isc_buffer_usedregion(b, &r);
result = isc_buffer_allocate(mctx, &buf, r.length);
check_result(result, "isc_buffer_allocate");
result = isc_buffer_copyregion(buf, &r);
check_result(result, "isc_buffer_copyregion");
result = dns_message_parse(msg_temp, buf, 0);
isc_buffer_free(&buf);
chase_msg->msg = msg_temp;
@ -3149,9 +3153,9 @@ recv_done(isc_task_t *task, isc_event_t *event) {
}
#endif
}
#ifdef DIG_SIGCHASE
if (l->sigchase && ISC_LIST_EMPTY(lookup_list)) {
if (l->sigchase && ISC_LIST_EMPTY(lookup_list)) {
sigchase(msg_temp);
}
#endif
@ -3308,7 +3312,7 @@ cancel_all(void) {
*/
void
destroy_libs(void) {
#ifdef DIG_SIGCHASE
#ifdef DIG_SIGCHASE
void * ptr;
dig_message_t *chase_msg;
#endif
@ -3348,8 +3352,8 @@ destroy_libs(void) {
clear_searchlist();
#ifdef WITH_IDN
result = dns_name_settotextfilter(NULL);
check_result(result, "dns_name_settotextfilter");
result = dns_name_settotextfilter(NULL);
check_result(result, "dns_name_settotextfilter");
#endif
dns_name_destroy();
@ -3421,7 +3425,7 @@ destroy_libs(void) {
#endif
debug("Destroy memory");
#endif
if (memdebugging != 0)
isc_mem_stats(mctx, stderr);
@ -3518,7 +3522,7 @@ append_textname(char *name, const char *origin, size_t namesize) {
(void)strcpy(name + namelen, origin);
return idn_success;
}
static void
idn_check_result(idn_result_t r, const char *msg) {
if (r != idn_success) {
@ -3554,14 +3558,14 @@ void
dump_database_section(dns_message_t *msg, int section)
{
dns_name_t *msg_name=NULL;
dns_rdataset_t *rdataset;
do {
dns_message_currentname(msg, section, &msg_name);
for (rdataset = ISC_LIST_HEAD(msg_name->list); rdataset != NULL;
rdataset = ISC_LIST_NEXT(rdataset, link)) {
rdataset = ISC_LIST_NEXT(rdataset, link)) {
dns_name_print(msg_name, stdout);
printf("\n");
print_rdataset(msg_name, rdataset, mctx);
@ -3578,15 +3582,15 @@ dump_database(void) {
for (msg = ISC_LIST_HEAD(chase_message_list); msg != NULL;
msg = ISC_LIST_NEXT(msg, link)) {
if (dns_message_firstname(msg->msg, DNS_SECTION_ANSWER)
== ISC_R_SUCCESS)
== ISC_R_SUCCESS)
dump_database_section(msg->msg, DNS_SECTION_ANSWER);
if (dns_message_firstname(msg->msg, DNS_SECTION_AUTHORITY)
== ISC_R_SUCCESS)
== ISC_R_SUCCESS)
dump_database_section(msg->msg, DNS_SECTION_AUTHORITY);
if (dns_message_firstname(msg->msg, DNS_SECTION_ADDITIONAL)
== ISC_R_SUCCESS)
== ISC_R_SUCCESS)
dump_database_section(msg->msg, DNS_SECTION_ADDITIONAL);
}
}
@ -3616,7 +3620,7 @@ search_type(dns_name_t *name, dns_rdatatype_t type, dns_rdatatype_t covers) {
if ((siginfo.covered == covers) ||
(covers == dns_rdatatype_any)) {
dns_rdata_reset(&sigrdata);
dns_rdata_freestruct(&siginfo);
dns_rdata_freestruct(&siginfo);
return (rdataset);
}
dns_rdata_reset(&sigrdata);
@ -3654,7 +3658,7 @@ chase_scanname(dns_name_t *name, dns_rdatatype_t type, dns_rdatatype_t covers)
{
dns_rdataset_t *rdataset = NULL;
dig_message_t * msg;
for (msg = ISC_LIST_HEAD(chase_message_list2); msg != NULL;
msg = ISC_LIST_NEXT(msg, link)) {
if (dns_message_firstname(msg->msg, DNS_SECTION_ANSWER)
@ -3747,7 +3751,7 @@ insert_trustedkey(dst_key_t * key)
return;
tk_list.key[tk_list.nb_tk++] = key;
return;
return;
}
void
@ -3770,7 +3774,7 @@ char alphnum[] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
isc_result_t
removetmpkey(isc_mem_t *mctx, const char *file)
removetmpkey(isc_mem_t *mctx, const char *file)
{
char *tempnamekey = NULL;
int tempnamekeylen;
@ -3783,7 +3787,7 @@ removetmpkey(isc_mem_t *mctx, const char *file)
return (ISC_R_NOMEMORY);
memset(tempnamekey, 0, tempnamekeylen);
strcat(tempnamekey, file);
strcat(tempnamekey,".key");
isc_file_remove(tempnamekey);
@ -3823,24 +3827,24 @@ opentmpkey(isc_mem_t *mctx, const char *file, char **tempp, FILE **fp) {
isc_mem_free(mctx, tempname);
return (ISC_R_FAILURE);
}
x = cp--;
while (cp >= tempname && *cp == 'X') {
isc_random_get(&which);
*cp = alphnum[which % (sizeof(alphnum) - 1)];
x = cp--;
}
tempnamekeylen = tempnamelen+5;
tempnamekey = isc_mem_allocate(mctx, tempnamekeylen);
if (tempnamekey == NULL)
return (ISC_R_NOMEMORY);
memset(tempnamekey, 0, tempnamekeylen);
strncpy(tempnamekey, tempname, tempnamelen);
strcat(tempnamekey ,".key");
if (isc_file_exists(tempnamekey)) {
isc_mem_free(mctx, tempnamekey);
isc_mem_free(mctx, tempname);
@ -3861,7 +3865,7 @@ opentmpkey(isc_mem_t *mctx, const char *file, char **tempp, FILE **fp) {
cleanup:
isc_mem_free(mctx, tempname);
return (result);
}
@ -3875,7 +3879,7 @@ get_trusted_key(isc_mem_t *mctx)
char buf[1500];
FILE *fp, *fptemp;
dst_key_t *key = NULL;
result = isc_file_exists(trustedkey);
if (result != ISC_TRUE) {
result = isc_file_exists("/etc/trusted-key.key");
@ -3953,11 +3957,11 @@ nameFromString(const char *str, dns_name_t *p_ret) {
result = dns_name_dup(dns_fixedname_name(&fixedname), mctx, p_ret);
check_result(result, "nameFromString");
}
}
#if DIG_SIGCHASE_TD
isc_result_t
isc_result_t
prepare_lookup(dns_name_t *name)
{
isc_result_t result;
@ -3975,7 +3979,7 @@ prepare_lookup(dns_name_t *name)
lookup->rdtype = lookup->rdtype_sigchase;
lookup->rdtypeset = ISC_TRUE;
lookup->qrdtype = lookup->qrdtype_sigchase;
s = ISC_LIST_HEAD(lookup->my_server_list);
while (s != NULL) {
debug("freeing server %p belonging to %p",
@ -4008,12 +4012,11 @@ prepare_lookup(dns_name_t *name)
dns_rdataset_current(chase_nsrdataset, &rdata);
(void)dns_rdata_tostruct(&rdata, &ns, NULL);
result = dns_rdata_tostruct(&rdata, &ns, NULL);
check_result(result, "dns_rdata_tostruct");
#ifdef __FOLLOW_GLUE__
result = advanced_rrsearch(&rdataset, &ns.name,
dns_rdatatype_aaaa,
dns_rdatatype_any, &true);
@ -4037,12 +4040,12 @@ prepare_lookup(dns_name_t *name)
srv = make_server(namestr, namestr);
ISC_LIST_APPEND(lookup->my_server_list,
srv, link);
}
}
rdataset = NULL;
result = advanced_rrsearch(&rdataset, &ns.name, dns_rdatatype_a,
dns_rdatatype_any, &true);
@ -4064,28 +4067,28 @@ prepare_lookup(dns_name_t *name)
isc_buffer_free(&b);
dns_rdata_reset(&a);
printf("ns name: %s\n", namestr);
srv = make_server(namestr, namestr);
ISC_LIST_APPEND(lookup->my_server_list,
srv, link);
}
}
#else
dns_name_format(&ns.name, namestr, sizeof(namestr));
printf("ns name: ");
dns_name_print(&ns.name, stdout);
printf("\n");
srv = make_server(namestr, namestr);
ISC_LIST_APPEND(lookup->my_server_list, srv, link);
#endif
#endif
dns_rdata_freestruct(&ns);
dns_rdata_reset(&rdata);
}
ISC_LIST_APPEND(lookup_list, lookup, link);
@ -4139,10 +4142,10 @@ grandfather_pb_test(dns_name_t *zone_name, dns_rdataset_t *sigrdataset)
do {
dns_rdataset_current(sigrdataset, &sigrdata);
result = dns_rdata_tostruct(&sigrdata, &siginfo, NULL);
check_result(result, "sigrdata tostruct siginfo");
if (dns_name_compare(&siginfo.signer, zone_name) == 0) {
dns_rdata_freestruct(&siginfo);
dns_rdata_reset(&sigrdata);
@ -4150,7 +4153,7 @@ grandfather_pb_test(dns_name_t *zone_name, dns_rdataset_t *sigrdataset)
}
dns_rdata_freestruct(&siginfo);
} while (dns_rdataset_next(chase_sigkeyrdataset) == ISC_R_SUCCESS);
dns_rdata_reset(&sigrdata);
@ -4180,7 +4183,7 @@ initialization(dns_name_t *name)
return (ISC_R_SUCCESS);
}
#endif
#endif
void
print_rdataset(dns_name_t *name, dns_rdataset_t *rdataset, isc_mem_t *mctx)
@ -4204,10 +4207,10 @@ print_rdataset(dns_name_t *name, dns_rdataset_t *rdataset, isc_mem_t *mctx)
}
void
void
dup_name(dns_name_t *source, dns_name_t *target, isc_mem_t *mctx) {
isc_result_t result;
isc_result_t result;
if (dns_name_dynamic(target))
free_name(target, mctx);
result = dns_name_dup(source, mctx, target);
@ -4226,7 +4229,7 @@ free_name(dns_name_t *name, isc_mem_t *mctx) {
* return ISC_R_SUCCESS if the DNSKEY RRset contains a trusted_key
* and the RRset is valid
* return ISC_R_NOTFOUND if not contains trusted key
or if the RRset isn't valid
or if the RRset isn't valid
* return ISC_R_FAILURE if problem
*
*/
@ -4251,17 +4254,17 @@ contains_trusted_key(dns_name_t *name, dns_rdataset_t *rdataset,
do {
dns_rdataset_current(rdataset, &rdata);
INSIST(rdata.type == dns_rdatatype_dnskey);
result = dns_dnssec_keyfromrdata(name, &rdata,
mctx, &dnsseckey);
check_result(result, "dns_dnssec_keyfromrdata");
for (i = 0; i < tk_list.nb_tk; i++) {
if (dst_key_compare(tk_list.key[i], dnsseckey)
== ISC_TRUE) {
dns_rdata_reset(&rdata);
printf(";; Ok, find a Trusted Key in the "
"DNSKEY RRset: %d\n",
dst_key_id(dnsseckey));
@ -4276,7 +4279,7 @@ contains_trusted_key(dns_name_t *name, dns_rdataset_t *rdataset,
}
}
}
dns_rdata_reset(&rdata);
if (dnsseckey != NULL)
dst_key_free(&dnsseckey);
@ -4306,7 +4309,7 @@ sigchase_verify_sig(dns_name_t *name, dns_rdataset_t *rdataset,
do {
dns_rdataset_current(keyrdataset, &keyrdata);
INSIST(keyrdata.type == dns_rdatatype_dnskey);
result = dns_dnssec_keyfromrdata(name, &keyrdata,
mctx, &dnsseckey);
check_result(result, "dns_dnssec_keyfromrdata");
@ -4338,22 +4341,22 @@ sigchase_verify_sig_key(dns_name_t *name, dns_rdataset_t *rdataset,
result = dns_rdataset_first(sigrdataset);
check_result(result, "empty RRSIG dataset");
dns_rdata_init(&sigrdata);
do {
dns_rdataset_current(sigrdataset, &sigrdata);
result = dns_rdata_tostruct(&sigrdata, &siginfo, NULL);
check_result(result, "sigrdata tostruct siginfo");
/*
* Test if the id of the DNSKEY is
* the id of the DNSKEY signer's
*/
if (siginfo.keyid == dst_key_id(dnsseckey)) {
result = dns_rdataset_first(rdataset);
check_result(result, "empty DS dataset");
result = dns_dnssec_verify(name, rdataset, dnsseckey,
ISC_FALSE, mctx, &sigrdata);
@ -4370,7 +4373,7 @@ sigchase_verify_sig_key(dns_name_t *name, dns_rdataset_t *rdataset,
}
}
dns_rdata_freestruct(&siginfo);
} while (dns_rdataset_next(chase_sigkeyrdataset) == ISC_R_SUCCESS);
dns_rdata_reset(&sigrdata);
@ -4396,18 +4399,18 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset,
dns_rdata_init(&dsrdata);
do {
dns_rdataset_current(dsrdataset, &dsrdata);
result = dns_rdata_tostruct(&dsrdata, &dsinfo, NULL);
check_result(result, "dns_rdata_tostruct for DS");
result = dns_rdataset_first(keyrdataset);
check_result(result, "empty KEY dataset");
dns_rdata_init(&keyrdata);
dns_rdata_init(&keyrdata);
do {
dns_rdataset_current(keyrdataset, &keyrdata);
INSIST(keyrdata.type == dns_rdatatype_dnskey);
result = dns_dnssec_keyfromrdata(name, &keyrdata,
mctx, &dnsseckey);
check_result(result, "dns_dnssec_keyfromrdata");
@ -4422,20 +4425,20 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset,
result = dns_ds_buildrdata(name, &keyrdata,
dsinfo.digest_type,
dsbuf, &newdsrdata);
dns_rdata_freestruct(&dsinfo);
dns_rdata_freestruct(&dsinfo);
if (result != ISC_R_SUCCESS) {
dns_rdata_reset(&keyrdata);
dns_rdata_reset(&newdsrdata);
dns_rdata_reset(&dsrdata);
dst_key_free(&dnsseckey);
dns_rdata_freestruct(&dsinfo);
dns_rdata_freestruct(&dsinfo);
printf("Oops: impossible to build"
" new DS rdata\n");
return (result);
}
if (dns_rdata_compare(&dsrdata,
&newdsrdata) == 0) {
printf(";; OK a DS valids a DNSKEY"
@ -4443,7 +4446,7 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset,
printf(";; Now verify that this"
" DNSKEY validates the "
"DNSKEY RRset\n");
result = sigchase_verify_sig_key(name,
keyrdataset,
dnsseckey,
@ -4454,7 +4457,7 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset,
dns_rdata_reset(&newdsrdata);
dns_rdata_reset(&dsrdata);
dst_key_free(&dnsseckey);
return (result);
}
} else {
@ -4468,12 +4471,12 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset,
dnsseckey = NULL;
} while (dns_rdataset_next(chase_keyrdataset) == ISC_R_SUCCESS);
dns_rdata_reset(&keyrdata);
} while (dns_rdataset_next(chase_dsrdataset) == ISC_R_SUCCESS);
#if 0
dns_rdata_reset(&dsrdata); WARNING
#endif
return (ISC_R_NOTFOUND);
}
@ -4486,13 +4489,13 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset,
* ISC_R_SUCCESS: if we found the rrset
* ISC_R_NOTFOUND: we do not found the rrset in cache
* and we do a query on the net
* ISC_R_FAILURE: rrset not found
* ISC_R_FAILURE: rrset not found
*/
isc_result_t
advanced_rrsearch(dns_rdataset_t **rdataset, dns_name_t *name,
dns_rdatatype_t type, dns_rdatatype_t covers,
isc_boolean_t *lookedup)
{
{
isc_boolean_t tmplookedup;
INSIST(rdataset != NULL);
@ -4567,7 +4570,7 @@ sigchase_td(dns_message_t *msg)
}
}
if (have_answer) {
chase_rdataset
= chase_scanname_section(msg, &chase_name,
@ -4627,7 +4630,7 @@ sigchase_td(dns_message_t *msg)
chase_dsrdataset,
mctx);
}
if (result != ISC_R_SUCCESS) {
printf("\n;; chain of trust can't be validated:"
" FAILED\n\n");
@ -4679,7 +4682,7 @@ sigchase_td(dns_message_t *msg)
chase_sigrdataset = NULL;
have_response = ISC_FALSE;
have_delegation_ns = ISC_FALSE;
dns_name_init(&tmp_name, NULL);
result = child_of_zone(&chase_name, &chase_current_name,
&tmp_name);
@ -4758,10 +4761,10 @@ sigchase_td(dns_message_t *msg)
}
chase_keyrdataset = NULL;
chase_sigkeyrdataset = NULL;
prepare_lookup(&chase_authority_name);
have_response = ISC_FALSE;
have_delegation_ns = ISC_FALSE;
delegation_follow = ISC_TRUE;
@ -4855,7 +4858,7 @@ sigchase_td(dns_message_t *msg)
}
}
#endif
#endif
#if DIG_SIGCHASE_BU
@ -4872,7 +4875,7 @@ getneededrr(dns_message_t *msg)
if ((result = dns_message_firstname(msg, DNS_SECTION_ANSWER))
!= ISC_R_SUCCESS) {
printf(";; NO ANSWERS: %s\n", isc_result_totext(result));
if (chase_name.ndata == NULL)
return (ISC_R_ADDRNOTAVAIL);
} else {
@ -4915,7 +4918,7 @@ getneededrr(dns_message_t *msg)
}
INSIST(chase_sigrdataset != NULL);
/* first find the DNSKEY name */
result = dns_rdataset_first(chase_sigrdataset);
check_result(result, "empty RRSIG dataset");
@ -4926,7 +4929,7 @@ getneededrr(dns_message_t *msg)
dup_name(&siginfo.signer, &chase_signame, mctx);
dns_rdata_freestruct(&siginfo);
dns_rdata_reset(&sigrdata);
/* Do we have a key? */
if (chase_keyrdataset == NULL) {
result = advanced_rrsearch(&chase_keyrdataset,
@ -4995,7 +4998,7 @@ getneededrr(dns_message_t *msg)
print_rdataset(&chase_signame, chase_dsrdataset, mctx);
}
}
if (chase_dsrdataset != NULL) {
/*
* if there is no RRSIG of DS,
@ -5054,7 +5057,7 @@ sigchase_bu(dns_message_t *msg)
dns_name_init(&query_name, NULL);
dns_name_init(&rdata_name, NULL);
nameFromString(current_lookup->textname, &query_name);
result = prove_nx(msg, &query_name, current_lookup->rdclass,
current_lookup->rdtype, &rdata_name,
&rdataset, &sigrdataset);
@ -5076,7 +5079,7 @@ sigchase_bu(dns_message_t *msg)
}
printf(";; An NSEC prove the non-existence of a answers,"
" Now we want validate this NSEC\n");
dup_name(&rdata_name, &chase_name, mctx);
free_name(&rdata_name, mctx);
chase_rdataset = rdataset;
@ -5157,7 +5160,7 @@ sigchase_bu(dns_message_t *msg)
chase_sigdsrdataset = NULL;
chase_siglookedup = chase_keylookedup = ISC_FALSE;
chase_dslookedup = chase_sigdslookedup = ISC_FALSE;
printf(";; Now, we want to validate the DS : recursive call\n");
sigchase(msg);
return;
@ -5250,7 +5253,7 @@ prove_nx_domain(dns_message_t *msg,
" validate the non-existence : FAILED\n");
return (ISC_R_FAILURE);
}
do {
nsecname = NULL;
dns_message_currentname(msg, DNS_SECTION_AUTHORITY, &nsecname);
@ -5328,7 +5331,7 @@ prove_nx_type(dns_message_t *msg, dns_name_t *name, dns_rdataset_t *nsecset,
ret = dns_rdataset_first(nsecset);
check_result(ret,"dns_rdataset_first");
dns_rdataset_current(nsecset, &nsec);
ret = dns_nsec_typepresent(&nsec, type);
@ -5396,6 +5399,6 @@ prove_nx(dns_message_t *msg, dns_name_t *name, dns_rdataclass_t class,
rdataset, sigrdataset);
return (ret);
}
/* Never get here */
/* Never get here */
}
#endif

8
bin/dig/host.1
View File

@ -1,4 +1,4 @@
.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2002 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: host.1,v 1.14.18.14 2007/05/09 03:33:12 marka Exp $
.\" $Id: host.1,v 1.14.18.16 2008/04/06 01:31:04 tbox Exp $
.\"
.hy 0
.ad l
@ -154,7 +154,7 @@ option is used to select the query type.
\fItype\fR
can be any recognized query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified,
\fBhost\fR
automatically selects an appropriate query type. By default it looks for A records, but if the
automatically selects an appropriate query type. By default it looks for A, AAAA, and MX records, but if the
\fB\-C\fR
option was given, queries will be made for SOA records, and if
\fIname\fR
@ -213,7 +213,7 @@ runs.
\fBdig\fR(1),
\fBnamed\fR(8).
.SH "COPYRIGHT"
Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000\-2002 Internet Software Consortium.
.br

7
bin/dig/host.docbook
View File

@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2002 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: host.docbook,v 1.5.18.11 2007/08/28 07:19:55 tbox Exp $ -->
<!-- $Id: host.docbook,v 1.5.18.13 2008/04/05 23:46:04 tbox Exp $ -->
<refentry id="man.host">
<refentryinfo>
@ -41,6 +41,7 @@
<year>2004</year>
<year>2005</year>
<year>2007</year>
<year>2008</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@ -199,7 +200,7 @@
NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified,
<command>host</command> automatically selects an appropriate
query
type. By default it looks for A records, but if the
type. By default it looks for A, AAAA, and MX records, but if the
<option>-C</option> option was given, queries will be made for SOA
records, and if <parameter>name</parameter> is a
dotted-decimal IPv4

14
bin/dig/host.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2002 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: host.html,v 1.7.18.20 2007/05/09 03:33:12 marka Exp $ -->
<!-- $Id: host.html,v 1.7.18.22 2008/04/06 01:31:04 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">host</code> [<code class="option">-aCdlnrsTwv</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>] [<code class="option">-R <em class="replaceable"><code>number</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] {name} [server]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543428"></a><h2>DESCRIPTION</h2>
<a name="id2543431"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">host</strong></span>
is a simple utility for performing DNS lookups.
It is normally used to convert names to IP addresses and vice versa.
@ -148,7 +148,7 @@
NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified,
<span><strong class="command">host</strong></span> automatically selects an appropriate
query
type. By default it looks for A records, but if the
type. By default it looks for A, AAAA, and MX records, but if the
<code class="option">-C</code> option was given, queries will be made for SOA
records, and if <em class="parameter"><code>name</code></em> is a
dotted-decimal IPv4
@ -184,7 +184,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543725"></a><h2>IDN SUPPORT</h2>
<a name="id2543797"></a><h2>IDN SUPPORT</h2>
<p>
If <span><strong class="command">host</strong></span> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
@ -198,12 +198,12 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543748"></a><h2>FILES</h2>
<a name="id2543819"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543828"></a><h2>SEE ALSO</h2>
<a name="id2543831"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
</p>

10
bin/dnssec/dnssec-keygen.8
View File

@ -1,4 +1,4 @@
.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: dnssec-keygen.8,v 1.23.18.14 2007/05/09 03:33:12 marka Exp $
.\" $Id: dnssec-keygen.8,v 1.23.18.16 2008/10/16 01:29:40 tbox Exp $
.\"
.hy 0
.ad l
@ -187,14 +187,14 @@ and
.PP
\fBdnssec\-signzone\fR(8),
BIND 9 Administrator Reference Manual,
RFC 2535,
RFC 2539,
RFC 2845,
RFC 2539.
RFC 4033.
.SH "AUTHOR"
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000\-2003 Internet Software Consortium.
.br

9
bin/dnssec/dnssec-keygen.docbook
View File

@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-keygen.docbook,v 1.7.18.11 2007/08/28 07:20:00 tbox Exp $ -->
<!-- $Id: dnssec-keygen.docbook,v 1.7.18.13 2008/10/15 23:46:06 tbox Exp $ -->
<refentry id="man.dnssec-keygen">
<refentryinfo>
<date>June 30, 2000</date>
@ -40,6 +40,7 @@
<year>2004</year>
<year>2005</year>
<year>2007</year>
<year>2008</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@ -340,9 +341,9 @@
<refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citetitle>BIND 9 Administrator Reference Manual</citetitle>,
<citetitle>RFC 2535</citetitle>,
<citetitle>RFC 2539</citetitle>,
<citetitle>RFC 2845</citetitle>,
<citetitle>RFC 2539</citetitle>.
<citetitle>RFC 4033</citetitle>.
</para>
</refsect1>

20
bin/dnssec/dnssec-keygen.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-keygen.html,v 1.9.18.20 2007/05/09 03:33:12 marka Exp $ -->
<!-- $Id: dnssec-keygen.html,v 1.9.18.22 2008/10/16 01:29:40 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> {-a <em class="replaceable"><code>algorithm</code></em>} {-b <em class="replaceable"><code>keysize</code></em>} {-n <em class="replaceable"><code>nametype</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k</code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543474"></a><h2>DESCRIPTION</h2>
<a name="id2543477"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-keygen</strong></span>
generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
and RFC 4034. It can also generate keys for use with
@ -40,7 +40,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543485"></a><h2>OPTIONS</h2>
<a name="id2543489"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
@ -148,7 +148,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543820"></a><h2>GENERATED KEYS</h2>
<a name="id2543824"></a><h2>GENERATED KEYS</h2>
<p>
When <span><strong class="command">dnssec-keygen</strong></span> completes
successfully,
@ -194,7 +194,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543902"></a><h2>EXAMPLE</h2>
<a name="id2543906"></a><h2>EXAMPLE</h2>
<p>
To generate a 768-bit DSA key for the domain
<strong class="userinput"><code>example.com</code></strong>, the following command would be
@ -215,16 +215,16 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543946"></a><h2>SEE ALSO</h2>
<a name="id2543949"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 2535</em>,
<em class="citetitle">RFC 2539</em>,
<em class="citetitle">RFC 2845</em>,
<em class="citetitle">RFC 2539</em>.
<em class="citetitle">RFC 4033</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544045"></a><h2>AUTHOR</h2>
<a name="id2544049"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

8
bin/dnssec/dnssec-signzone.8
View File

@ -1,4 +1,4 @@
.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: dnssec-signzone.8,v 1.28.18.17 2007/05/09 03:33:12 marka Exp $
.\" $Id: dnssec-signzone.8,v 1.28.18.19 2008/10/16 01:29:40 tbox Exp $
.\"
.hy 0
.ad l
@ -261,12 +261,12 @@ db.example.com.signed
.PP
\fBdnssec\-keygen\fR(8),
BIND 9 Administrator Reference Manual,
RFC 2535.
RFC 4033.
.SH "AUTHOR"
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2004\-2008 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000\-2003 Internet Software Consortium.
.br

49
bin/dnssec/dnssec-signzone.c
View File

@ -1,5 +1,5 @@
/*
* Portions Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 1999-2003 Internet Software Consortium.
* Portions Copyright (C) 1995-2000 by Network Associates, Inc.
*
@ -16,7 +16,7 @@
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-signzone.c,v 1.177.18.24 2007/08/28 07:20:00 tbox Exp $ */
/* $Id: dnssec-signzone.c,v 1.177.18.26 2008/06/02 23:46:01 tbox Exp $ */
/*! \file */
@ -128,7 +128,6 @@ static dns_name_t *gorigin; /* The database origin */
static isc_task_t *master = NULL;
static unsigned int ntasks = 0;
static isc_boolean_t shuttingdown = ISC_FALSE, finished = ISC_FALSE;
static unsigned int assigned = 0, completed = 0;
static isc_boolean_t nokeys = ISC_FALSE;
static isc_boolean_t removefile = ISC_FALSE;
static isc_boolean_t generateds = ISC_FALSE;
@ -969,7 +968,7 @@ active_node(dns_dbnode_t *node) {
fatal("rdataset iteration failed: %s",
isc_result_totext(result));
} else {
/*
/*
* Delete RRSIGs for types that no longer exist.
*/
result = dns_db_allrdatasets(gdb, node, gversion, 0, &rdsiter2);
@ -1194,7 +1193,7 @@ signapex(void) {
dns_fixedname_t fixed;
dns_name_t *name;
isc_result_t result;
dns_fixedname_init(&fixed);
name = dns_fixedname_name(&fixed);
result = dns_dbiterator_current(gdbiter, &node, name);
@ -1224,16 +1223,19 @@ assignwork(isc_task_t *task, isc_task_t *worker) {
dns_rdataset_t nsec;
isc_boolean_t found;
isc_result_t result;
static unsigned int ended = 0; /* Protected by namelock. */
if (shuttingdown)
return;
LOCK(&namelock);
if (finished) {
if (assigned == completed) {
ended++;
if (ended == ntasks) {
isc_task_detach(&task);
isc_app_shutdown();
}
return;
goto unlock;
}
fname = isc_mem_get(mctx, sizeof(dns_fixedname_t));
@ -1243,7 +1245,6 @@ assignwork(isc_task_t *task, isc_task_t *worker) {
name = dns_fixedname_name(fname);
node = NULL;
found = ISC_FALSE;
LOCK(&namelock);
while (!found) {
result = dns_dbiterator_current(gdbiter, &node, name);
if (result != ISC_R_SUCCESS)
@ -1270,14 +1271,14 @@ assignwork(isc_task_t *task, isc_task_t *worker) {
fatal("failure iterating database: %s",
isc_result_totext(result));
}
UNLOCK(&namelock);
if (!found) {
if (assigned == completed) {
ended++;
if (ended == ntasks) {
isc_task_detach(&task);
isc_app_shutdown();
}
isc_mem_put(mctx, fname, sizeof(dns_fixedname_t));
return;
goto unlock;
}
sevent = (sevent_t *)
isc_event_allocate(mctx, task, SIGNER_EVENT_WORK,
@ -1288,7 +1289,8 @@ assignwork(isc_task_t *task, isc_task_t *worker) {
sevent->node = node;
sevent->fname = fname;
isc_task_send(worker, ISC_EVENT_PTR(&sevent));
assigned++;
unlock:
UNLOCK(&namelock);
}
/*%
@ -1311,7 +1313,6 @@ writenode(isc_task_t *task, isc_event_t *event) {
isc_task_t *worker;
sevent_t *sevent = (sevent_t *)event;
completed++;
worker = (isc_task_t *)event->ev_sender;
dumpnode(dns_fixedname_name(sevent->fname), sevent->node);
cleannode(gdb, gversion, sevent->node);
@ -1605,7 +1606,7 @@ writeset(const char *prefix, dns_rdatatype_t type) {
unsigned char dsbuf[DNS_DS_BUFFERSIZE];
unsigned char keybuf[DST_KEY_MAXSIZE];
unsigned int filenamelen;
const dns_master_style_t *style =
const dns_master_style_t *style =
(type == dns_rdatatype_dnskey) ? masterstyle : dsstyle;
isc_buffer_init(&namebuf, namestr, sizeof(namestr));
@ -1818,13 +1819,13 @@ print_stats(isc_time_t *timer_start, isc_time_t *timer_finish) {
printf("Signatures successfully verified: %10d\n", nverified);
printf("Signatures unsuccessfully verified: %10d\n", nverifyfailed);
runtime_ms = runtime_us / 1000;
printf("Runtime in seconds: %7u.%03u\n",
(unsigned int) (runtime_ms / 1000),
printf("Runtime in seconds: %7u.%03u\n",
(unsigned int) (runtime_ms / 1000),
(unsigned int) (runtime_ms % 1000));
if (runtime_us > 0) {
sig_ms = ((isc_uint64_t)nsigned * 1000000000) / runtime_us;
printf("Signatures per second: %7u.%03u\n",
(unsigned int) sig_ms / 1000,
(unsigned int) sig_ms / 1000,
(unsigned int) sig_ms % 1000);
}
}
@ -1914,7 +1915,7 @@ main(int argc, char *argv[]) {
fatal("jitter must be numeric and positive");
break;
case 'l':
case 'l':
dns_fixedname_init(&dlv_fixed);
len = strlen(isc_commandline_argument);
isc_buffer_init(&b, isc_commandline_argument, len);
@ -2080,7 +2081,7 @@ main(int argc, char *argv[]) {
result = dns_master_stylecreate(&dsstyle, DNS_STYLEFLAG_NO_TTL,
0, 24, 0, 0, 0, 8, mctx);
check_result(result, "dns_master_stylecreate");
gdb = NULL;
TIME_NOW(&timer_start);
@ -2102,8 +2103,8 @@ main(int argc, char *argv[]) {
DST_TYPE_PRIVATE,
mctx, &newkey);
if (result != ISC_R_SUCCESS)
fatal("cannot load dnskey %s: %s", argv[i],
isc_result_totext(result));
fatal("cannot load dnskey %s: %s", argv[i],
isc_result_totext(result));
key = ISC_LIST_HEAD(keylist);
while (key != NULL) {
@ -2111,7 +2112,7 @@ main(int argc, char *argv[]) {
if (dst_key_id(dkey) == dst_key_id(newkey) &&
dst_key_alg(dkey) == dst_key_alg(newkey) &&
dns_name_equal(dst_key_name(dkey),
dst_key_name(newkey)))
dst_key_name(newkey)))
{
if (!dst_key_isprivate(dkey))
fatal("cannot sign zone with "
@ -2140,7 +2141,7 @@ main(int argc, char *argv[]) {
mctx, &newkey);
if (result != ISC_R_SUCCESS)
fatal("cannot load dnskey %s: %s", dskeyfile[i],
isc_result_totext(result));
isc_result_totext(result));
key = ISC_LIST_HEAD(keylist);
while (key != NULL) {
@ -2148,7 +2149,7 @@ main(int argc, char *argv[]) {
if (dst_key_id(dkey) == dst_key_id(newkey) &&
dst_key_alg(dkey) == dst_key_alg(newkey) &&
dns_name_equal(dst_key_name(dkey),
dst_key_name(newkey)))
dst_key_name(newkey)))
{
/* Override key flags. */
key->issigningkey = ISC_TRUE;

7
bin/dnssec/dnssec-signzone.docbook
View File

@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-signzone.docbook,v 1.10.18.17 2007/08/28 07:20:00 tbox Exp $ -->
<!-- $Id: dnssec-signzone.docbook,v 1.10.18.19 2008/10/15 23:46:06 tbox Exp $ -->
<refentry id="man.dnssec-signzone">
<refentryinfo>
<date>June 30, 2000</date>
@ -41,6 +41,7 @@
<year>2005</year>
<year>2006</year>
<year>2007</year>
<year>2008</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@ -459,7 +460,7 @@ db.example.com.signed
<refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citetitle>BIND 9 Administrator Reference Manual</citetitle>,
<citetitle>RFC 2535</citetitle>.
<citetitle>RFC 4033</citetitle>.
</para>
</refsect1>

16
bin/dnssec/dnssec-signzone.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-signzone.html,v 1.8.18.23 2007/05/09 03:33:12 marka Exp $ -->
<!-- $Id: dnssec-signzone.html,v 1.8.18.25 2008/10/16 01:29:40 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-p</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-t</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] {zonefile} [key...]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543526"></a><h2>DESCRIPTION</h2>
<a name="id2543529"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-signzone</strong></span>
signs a zone. It generates
NSEC and RRSIG records and produces a signed version of the
@ -43,7 +43,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543541"></a><h2>OPTIONS</h2>
<a name="id2543544"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a</span></dt>
<dd><p>
@ -241,7 +241,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2544327"></a><h2>EXAMPLE</h2>
<a name="id2544330"></a><h2>EXAMPLE</h2>
<p>
The following command signs the <strong class="userinput"><code>example.com</code></strong>
zone with the DSA key generated by <span><strong class="command">dnssec-keygen</strong></span>
@ -270,14 +270,14 @@ db.example.com.signed
%</pre>
</div>
<div class="refsect1" lang="en">
<a name="id2544378"></a><h2>SEE ALSO</h2>
<a name="id2544381"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 2535</em>.
<em class="citetitle">RFC 4033</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544403"></a><h2>AUTHOR</h2>
<a name="id2544406"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

50
bin/named/client.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: client.c,v 1.219.18.28.10.2 2008/07/23 07:28:54 tbox Exp $ */
/* $Id: client.c,v 1.219.18.31 2008/05/22 23:46:03 tbox Exp $ */
#include <config.h>
@ -132,7 +132,7 @@ struct ns_clientmgr {
#define MANAGER_MAGIC ISC_MAGIC('N', 'S', 'C', 'm')
#define VALID_MANAGER(m) ISC_MAGIC_VALID(m, MANAGER_MAGIC)
/*!
/*!
* Client object states. Ordering is significant: higher-numbered
* states are generally "more active", meaning that the client can
* have more dynamically allocated data, outstanding events, etc.
@ -286,7 +286,7 @@ exit_check(ns_client_t *client) {
*
* Keep the view attached until any outstanding updates complete.
*/
if (client->nupdates == 0 &&
if (client->nupdates == 0 &&
client->newstate == NS_CLIENTSTATE_FREED && client->view != NULL)
dns_view_detach(&client->view);
@ -817,7 +817,7 @@ client_sendpkg(ns_client_t *client, isc_buffer_t *buffer) {
isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
if (ns_g_server->blackholeacl != NULL &&
dns_acl_match(&netaddr, NULL,
ns_g_server->blackholeacl,
ns_g_server->blackholeacl,
&ns_g_server->aclenv,
&match, NULL) == ISC_R_SUCCESS &&
match > 0)
@ -834,7 +834,7 @@ client_sendpkg(ns_client_t *client, isc_buffer_t *buffer) {
isc_buffer_usedregion(buffer, &r);
CTRACE("sendto");
result = isc_socket_sendto2(socket, &r, client->task,
address, pktinfo,
client->sendevent, sockflags);
@ -1108,8 +1108,8 @@ ns_client_error(ns_client_t *client, isc_result_t result) {
/*
* FORMERR loop avoidance: If we sent a FORMERR message
* with the same ID to the same client less than two
* seconds ago, assume that we are in an infinite error
* packet dialog with a server for some protocol whose
* seconds ago, assume that we are in an infinite error
* packet dialog with a server for some protocol whose
* error responses look enough like DNS queries to
* elicit a FORMERR response. Drop a packet to break
* the loop.
@ -1534,7 +1534,7 @@ client_request(isc_task_t *task, isc_event_t *event) {
* For IPv6 UDP queries, we get this from the pktinfo structure (if
* supported).
* If all the attempts fail (this can happen due to memory shortage,
* etc), we regard this as an error for safety.
* etc), we regard this as an error for safety.
*/
if ((client->interface->flags & NS_INTERFACEFLAG_ANYADDR) == 0)
isc_netaddr_fromsockaddr(&destaddr, &client->interface->addr);
@ -1595,7 +1595,7 @@ client_request(isc_task_t *task, isc_event_t *event) {
view);
if (sigresult == ISC_R_SUCCESS)
tsig = client->message->tsigname;
if (allowed(&netaddr, tsig, view->matchclients) &&
allowed(&destaddr, tsig, view->matchdestinations) &&
!((client->message->flags & DNS_MESSAGEFLAG_RD)
@ -1726,7 +1726,7 @@ client_request(isc_task_t *task, isc_event_t *event) {
ns_client_log(client, DNS_LOGCATEGORY_SECURITY, NS_LOGMODULE_CLIENT,
ISC_LOG_DEBUG(3), ra ? "recursion available" :
"recursion not available");
"recursion not available");
/*
* Adjust maximum UDP response size for this client.
@ -1820,10 +1820,10 @@ get_clientmctx(ns_clientmgr_t *manager, isc_mem_t **mctxp) {
return (result);
manager->mctxpool[manager->nextmctx] = clientmctx;
manager->nextmctx++;
if (manager->nextmctx == NMCTXS)
manager->nextmctx = 0;
}
manager->nextmctx++;
if (manager->nextmctx == NMCTXS)
manager->nextmctx = 0;
#else
clientmctx = manager->mctx;
#endif
@ -2093,7 +2093,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
if (ns_g_server->blackholeacl != NULL &&
dns_acl_match(&netaddr, NULL,
ns_g_server->blackholeacl,
ns_g_server->blackholeacl,
&ns_g_server->aclenv,
&match, NULL) == ISC_R_SUCCESS &&
match > 0)
@ -2482,7 +2482,7 @@ ns_client_checkacl(ns_client_t *client,
isc_result_t result =
ns_client_checkaclsilent(client, acl, default_allow);
if (result == ISC_R_SUCCESS)
if (result == ISC_R_SUCCESS)
ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
"%s approved", opname);
@ -2538,16 +2538,16 @@ ns_client_log(ns_client_t *client, isc_logcategory_t *category,
void
ns_client_aclmsg(const char *msg, dns_name_t *name, dns_rdatatype_t type,
dns_rdataclass_t rdclass, char *buf, size_t len)
dns_rdataclass_t rdclass, char *buf, size_t len)
{
char namebuf[DNS_NAME_FORMATSIZE];
char typebuf[DNS_RDATATYPE_FORMATSIZE];
char classbuf[DNS_RDATACLASS_FORMATSIZE];
char namebuf[DNS_NAME_FORMATSIZE];
char typebuf[DNS_RDATATYPE_FORMATSIZE];
char classbuf[DNS_RDATACLASS_FORMATSIZE];
dns_name_format(name, namebuf, sizeof(namebuf));
dns_rdatatype_format(type, typebuf, sizeof(typebuf));
dns_rdataclass_format(rdclass, classbuf, sizeof(classbuf));
(void)snprintf(buf, len, "%s '%s/%s/%s'", msg, namebuf, typebuf,
dns_name_format(name, namebuf, sizeof(namebuf));
dns_rdatatype_format(type, typebuf, sizeof(typebuf));
dns_rdataclass_format(rdclass, classbuf, sizeof(classbuf));
(void)snprintf(buf, len, "%s '%s/%s/%s'", msg, namebuf, typebuf,
classbuf);
}
@ -2575,7 +2575,7 @@ ns_client_dumpmessage(ns_client_t *client, const char *reason) {
isc_mem_put(client->mctx, buf, len);
len += 1024;
} else if (result == ISC_R_SUCCESS)
ns_client_log(client, NS_LOGCATEGORY_UNMATCHED,
ns_client_log(client, NS_LOGCATEGORY_UNMATCHED,
NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(1),
"%s\n%.*s", reason,
(int)isc_buffer_usedlength(&buffer),
@ -2595,7 +2595,7 @@ ns_client_dumprecursing(FILE *f, ns_clientmgr_t *manager) {
const char *sep;
REQUIRE(VALID_MANAGER(manager));
LOCK(&manager->lock);
client = ISC_LIST_HEAD(manager->recursing);
while (client != NULL) {

10
bin/named/config.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: config.c,v 1.47.18.32.10.3 2008/07/23 23:48:17 tbox Exp $ */
/* $Id: config.c,v 1.47.18.35 2008/09/04 08:03:07 marka Exp $ */
/*! \file */
@ -403,7 +403,7 @@ ns_config_putiplist(isc_mem_t *mctx, isc_sockaddr_t **addrsp,
static isc_result_t
get_masters_def(const cfg_obj_t *cctx, const char *name,
const cfg_obj_t **ret)
const cfg_obj_t **ret)
{
isc_result_t result;
const cfg_obj_t *masters = NULL;
@ -521,7 +521,7 @@ ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list,
tresult = get_masters_def(config, listname, &list);
if (tresult == ISC_R_NOTFOUND) {
cfg_obj_log(addr, ns_g_lctx, ISC_LOG_ERROR,
"masters \"%s\" not found", listname);
"masters \"%s\" not found", listname);
result = tresult;
goto cleanup;
@ -599,7 +599,7 @@ ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list,
if (keys[i] == NULL)
goto cleanup;
dns_name_init(keys[i], NULL);
keystr = cfg_obj_asstring(key);
isc_buffer_init(&b, keystr, strlen(keystr));
isc_buffer_add(&b, strlen(keystr));
@ -655,7 +655,7 @@ ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list,
isc_mem_put(mctx, lists, listcount * sizeof(*lists));
if (stack != NULL)
isc_mem_put(mctx, stack, stackcount * sizeof(*stack));
INSIST(keycount == addrcount);
*addrsp = addrs;

88
bin/named/controlconf.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: controlconf.c,v 1.40.18.10.40.3 2008/07/23 23:16:43 marka Exp $ */
/* $Id: controlconf.c,v 1.40.18.14 2008/07/23 23:33:02 marka Exp $ */
/*! \file */
@ -345,9 +345,9 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
listener = conn->listener;
secret.rstart = NULL;
/* Is the server shutting down? */
if (listener->controls->shuttingdown)
goto cleanup;
/* Is the server shutting down? */
if (listener->controls->shuttingdown)
goto cleanup;
if (conn->ccmsg.result != ISC_R_SUCCESS) {
if (conn->ccmsg.result != ISC_R_CANCELED &&
@ -364,9 +364,6 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
{
ccregion.rstart = isc_buffer_base(&conn->ccmsg.buffer);
ccregion.rend = isc_buffer_used(&conn->ccmsg.buffer);
if (secret.rstart != NULL)
isc_mem_put(listener->mctx, secret.rstart,
REGION_SIZE(secret));
secret.rstart = isc_mem_get(listener->mctx, key->secret.length);
if (secret.rstart == NULL)
goto cleanup;
@ -375,7 +372,8 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
result = isccc_cc_fromwire(&ccregion, &request, &secret);
if (result == ISC_R_SUCCESS)
break;
else if (result == ISCCC_R_BADAUTH) {
isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret));
if (result == ISCCC_R_BADAUTH) {
/*
* For some reason, request is non-NULL when
* isccc_cc_fromwire returns ISCCC_R_BADAUTH.
@ -396,7 +394,7 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
/* We shouldn't be getting a reply. */
if (isccc_cc_isreply(request)) {
log_invalid(&conn->ccmsg, ISC_R_FAILURE);
goto cleanup;
goto cleanup_request;
}
isc_stdtime_get(&now);
@ -407,17 +405,17 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
_ctrl = isccc_alist_lookup(request, "_ctrl");
if (_ctrl == NULL) {
log_invalid(&conn->ccmsg, ISC_R_FAILURE);
goto cleanup;
goto cleanup_request;
}
if (isccc_cc_lookupuint32(_ctrl, "_tim", &sent) == ISC_R_SUCCESS) {
if ((sent + CLOCKSKEW) < now || (sent - CLOCKSKEW) > now) {
log_invalid(&conn->ccmsg, ISCCC_R_CLOCKSKEW);
goto cleanup;
goto cleanup_request;
}
} else {
log_invalid(&conn->ccmsg, ISC_R_FAILURE);
goto cleanup;
goto cleanup_request;
}
/*
@ -426,7 +424,7 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
if (isccc_cc_lookupuint32(_ctrl, "_exp", &exp) == ISC_R_SUCCESS &&
now > exp) {
log_invalid(&conn->ccmsg, ISCCC_R_EXPIRED);
goto cleanup;
goto cleanup_request;
}
/*
@ -436,16 +434,16 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
result = isccc_cc_checkdup(listener->controls->symtab, request, now);
if (result != ISC_R_SUCCESS) {
if (result == ISC_R_EXISTS)
result = ISCCC_R_DUPLICATE;
result = ISCCC_R_DUPLICATE;
log_invalid(&conn->ccmsg, result);
goto cleanup;
goto cleanup_request;
}
if (conn->nonce != 0 &&
(isccc_cc_lookupuint32(_ctrl, "_nonce", &nonce) != ISC_R_SUCCESS ||
conn->nonce != nonce)) {
log_invalid(&conn->ccmsg, ISCCC_R_BADAUTH);
goto cleanup;
goto cleanup_request;
}
/*
@ -459,7 +457,7 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
result = isccc_cc_createresponse(request, now, now + 60, &response);
if (result != ISC_R_SUCCESS)
goto cleanup;
goto cleanup_request;
if (eresult != ISC_R_SUCCESS) {
isccc_sexpr_t *data;
@ -467,7 +465,7 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
if (data != NULL) {
const char *estr = isc_result_totext(eresult);
if (isccc_cc_definestring(data, "err", estr) == NULL)
goto cleanup;
goto cleanup_response;
}
}
@ -478,20 +476,20 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
if (data != NULL) {
char *str = (char *)isc_buffer_base(&text);
if (isccc_cc_definestring(data, "text", str) == NULL)
goto cleanup;
goto cleanup_response;
}
}
_ctrl = isccc_alist_lookup(response, "_ctrl");
if (_ctrl == NULL ||
isccc_cc_defineuint32(_ctrl, "_nonce", conn->nonce) == NULL)
goto cleanup;
goto cleanup_response;
ccregion.rstart = conn->buffer + 4;
ccregion.rend = conn->buffer + sizeof(conn->buffer);
result = isccc_cc_towire(response, &ccregion, &secret);
if (result != ISC_R_SUCCESS)
goto cleanup;
goto cleanup_response;
isc_buffer_init(&b, conn->buffer, 4);
len = sizeof(conn->buffer) - REGION_SIZE(ccregion);
isc_buffer_putuint32(&b, len - 4);
@ -500,31 +498,27 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
result = isc_socket_send(conn->sock, &r, task, control_senddone, conn);
if (result != ISC_R_SUCCESS)
goto cleanup;
goto cleanup_response;
conn->sending = ISC_TRUE;
if (secret.rstart != NULL)
isc_mem_put(listener->mctx, secret.rstart,
REGION_SIZE(secret));
if (request != NULL)
isccc_sexpr_free(&request);
if (response != NULL)
isccc_sexpr_free(&response);
isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret));
isccc_sexpr_free(&request);
isccc_sexpr_free(&response);
return;
cleanup_response:
isccc_sexpr_free(&response);
cleanup_request:
isccc_sexpr_free(&request);
isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret));
cleanup:
if (secret.rstart != NULL)
isc_mem_put(listener->mctx, secret.rstart,
REGION_SIZE(secret));
isc_socket_detach(&conn->sock);
isccc_ccmsg_invalidate(&conn->ccmsg);
conn->ccmsg_valid = ISC_FALSE;
maybe_free_connection(conn);
maybe_free_listener(listener);
if (request != NULL)
isccc_sexpr_free(&request);
if (response != NULL)
isccc_sexpr_free(&response);
}
static void
@ -548,7 +542,7 @@ newconnection(controllistener_t *listener, isc_socket_t *sock) {
conn = isc_mem_get(listener->mctx, sizeof(*conn));
if (conn == NULL)
return (ISC_R_NOMEMORY);
conn->sock = sock;
isccc_ccmsg_init(listener->mctx, sock, &conn->ccmsg);
conn->ccmsg_valid = ISC_TRUE;
@ -660,7 +654,7 @@ ns_controls_shutdown(ns_controls_t *controls) {
static isc_result_t
cfgkeylist_find(const cfg_obj_t *keylist, const char *keyname,
const cfg_obj_t **objp)
const cfg_obj_t **objp)
{
const cfg_listelt_t *element;
const char *str;
@ -808,7 +802,7 @@ register_keys(const cfg_obj_t *control, const cfg_obj_t *keylist,
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
static isc_result_t
get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) {
isc_result_t result;
@ -828,14 +822,14 @@ get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) {
CHECK(cfg_map_get(config, "key", &key));
keyid = isc_mem_get(mctx, sizeof(*keyid));
if (keyid == NULL)
if (keyid == NULL)
CHECK(ISC_R_NOMEMORY);
keyid->keyname = isc_mem_strdup(mctx,
cfg_obj_asstring(cfg_map_getname(key)));
keyid->secret.base = NULL;
keyid->secret.length = 0;
ISC_LINK_INIT(keyid, link);
if (keyid->keyname == NULL)
if (keyid->keyname == NULL)
CHECK(ISC_R_NOMEMORY);
CHECK(bind9_check_key(key, ns_g_lctx));
@ -891,7 +885,7 @@ get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) {
cfg_parser_destroy(&pctx);
return (result);
}
/*
* Ensures that both '*global_keylistp' and '*control_keylistp' are
* valid or both are NULL.
@ -925,7 +919,7 @@ static void
update_listener(ns_controls_t *cp, controllistener_t **listenerp,
const cfg_obj_t *control, const cfg_obj_t *config,
isc_sockaddr_t *addr, cfg_aclconfctx_t *aclconfctx,
const char *socktext, isc_sockettype_t type)
const char *socktext, isc_sockettype_t type)
{
controllistener_t *listener;
const cfg_obj_t *allow;
@ -945,7 +939,7 @@ update_listener(ns_controls_t *cp, controllistener_t **listenerp,
*listenerp = NULL;
return;
}
/*
* There is already a listener for this sockaddr.
* Update the access list and key information.
@ -1339,7 +1333,7 @@ ns_controls_configure(ns_controls_t *cp, const cfg_obj_t *config,
update_listener(cp, &listener, control, config,
&addr, aclconfctx,
cfg_obj_asstring(path),
cfg_obj_asstring(path),
isc_sockettype_unix);
if (listener != NULL)
@ -1385,10 +1379,10 @@ ns_controls_configure(ns_controls_t *cp, const cfg_obj_t *config,
isc_sockaddr_setport(&addr, NS_CONTROL_PORT);
isc_sockaddr_format(&addr, socktext, sizeof(socktext));
update_listener(cp, &listener, NULL, NULL,
&addr, NULL, socktext,
isc_sockettype_tcp);
isc_sockettype_tcp);
if (listener != NULL)
/*

7
bin/named/include/named/globals.h
View File

@ -1,8 +1,8 @@
/*
* Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2006, 2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: globals.h,v 1.64.18.4 2006/03/02 00:37:21 marka Exp $ */
/* $Id: globals.h,v 1.64.18.6 2008/10/24 01:43:17 tbox Exp $ */
#ifndef NAMED_GLOBALS_H
#define NAMED_GLOBALS_H 1
@ -48,6 +48,7 @@ EXTERN isc_taskmgr_t * ns_g_taskmgr INIT(NULL);
EXTERN dns_dispatchmgr_t * ns_g_dispatchmgr INIT(NULL);
EXTERN isc_entropy_t * ns_g_entropy INIT(NULL);
EXTERN isc_entropy_t * ns_g_fallbackentropy INIT(NULL);
EXTERN unsigned int ns_g_cpus_detected INIT(1);
/*
* XXXRTH We're going to want multiple timer managers eventually. One

18
bin/named/interfacemgr.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: interfacemgr.c,v 1.76.18.8.44.3 2008/07/23 23:16:43 marka Exp $ */
/* $Id: interfacemgr.c,v 1.76.18.11 2008/07/23 23:33:02 marka Exp $ */
/*! \file */
@ -90,7 +90,7 @@ ns_interfacemgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr,
mgr->generation = 1;
mgr->listenon4 = NULL;
mgr->listenon6 = NULL;
ISC_LIST_INIT(mgr->interfaces);
ISC_LIST_INIT(mgr->listenon);
@ -323,7 +323,7 @@ ns_interface_accepttcp(ns_interface_t *ifp) {
goto tcp_listen_failure;
}
/*
/*
* If/when there a multiple filters listen to the
* result.
*/
@ -510,7 +510,7 @@ setup_locals(ns_interfacemgr_t *mgr, isc_interface_t *interface) {
unsigned int prefixlen;
family = interface->address.family;
elt.type = dns_aclelementtype_ipprefix;
elt.negative = ISC_FALSE;
elt.u.ip_prefix.address = interface->address;
@ -550,7 +550,7 @@ setup_locals(ns_interfacemgr_t *mgr, isc_interface_t *interface) {
static void
setup_listenon(ns_interfacemgr_t *mgr, isc_interface_t *interface,
in_port_t port)
{
{
isc_sockaddr_t *addr;
isc_sockaddr_t *old;
@ -564,7 +564,7 @@ setup_listenon(ns_interfacemgr_t *mgr, isc_interface_t *interface,
old != NULL;
old = ISC_LIST_NEXT(old, link))
if (isc_sockaddr_equal(addr, old))
break;
break;
if (old != NULL)
isc_mem_put(mgr->mctx, addr, sizeof(*addr));
@ -700,7 +700,7 @@ do_scan(ns_interfacemgr_t *mgr, ns_listenlist_t *ext_listen,
{
isc_interface_t interface;
ns_listenlist_t *ll;
unsigned int family;
unsigned int family;
result = isc_interfaceiter_current(iter, &interface);
if (result != ISC_R_SUCCESS)
@ -882,7 +882,7 @@ do_scan(ns_interfacemgr_t *mgr, ns_listenlist_t *ext_listen,
UNEXPECTED_ERROR(__FILE__, __LINE__,
"interface iteration failed: %s",
isc_result_totext(result));
else
else
result = ISC_R_SUCCESS;
cleanup_iter:
isc_interfaceiter_destroy(&iter);
@ -913,7 +913,7 @@ ns_interfacemgr_scan0(ns_interfacemgr_t *mgr, ns_listenlist_t *ext_listen,
/*
* Warn if we are not listening on any interface, unless
* we're in lwresd-only mode, in which case that is to
* we're in lwresd-only mode, in which case that is to
* be expected.
*/
if (ext_listen == NULL &&

8
bin/named/lwaddr.c
View File

@ -1,8 +1,8 @@
/*
* Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004, 2005, 2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: lwaddr.c,v 1.4.18.2 2005/04/29 00:15:23 marka Exp $ */
/* $Id: lwaddr.c,v 1.4.18.4 2008/01/11 23:45:59 tbox Exp $ */
/*! \file */
@ -81,7 +81,7 @@ lwaddr_lwresaddr_fromnetaddr(lwres_addr_t *la, isc_netaddr_t *na) {
} else {
la->family = LWRES_ADDRTYPE_V6;
la->length = 16;
memcpy(la->address, &na->type.in, 16);
memcpy(la->address, &na->type.in6, 16);
}
return (ISC_R_SUCCESS);
}

8
bin/named/lwdgnba.c
View File

@ -1,8 +1,8 @@
/*
* Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004, 2005, 2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: lwdgnba.c,v 1.16.18.2 2005/04/29 00:15:24 marka Exp $ */
/* $Id: lwdgnba.c,v 1.16.18.4 2008/01/14 23:45:59 tbox Exp $ */
/*! \file */
@ -220,8 +220,6 @@ ns_lwdclient_processgnba(ns_lwdclient_t *client, lwres_buffer_t *b) {
b, &client->pkt, &req);
if (result != LWRES_R_SUCCESS)
goto out;
if (req->addr.address == NULL)
goto out;
client->options = 0;
if (req->addr.family == LWRES_ADDRTYPE_V4) {

23
bin/named/lwdnoop.c
View File

@ -1,8 +1,8 @@
/*
* Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004, 2005, 2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: lwdnoop.c,v 1.7.18.2 2005/04/29 00:15:25 marka Exp $ */
/* $Id: lwdnoop.c,v 1.7.18.4 2008/01/22 23:27:05 tbox Exp $ */
/*! \file */
@ -44,7 +44,7 @@ ns_lwdclient_processnoop(ns_lwdclient_t *client, lwres_buffer_t *b) {
result = lwres_nooprequest_parse(client->clientmgr->lwctx,
b, &client->pkt, &req);
if (result != LWRES_R_SUCCESS)
goto out;
goto send_error;
client->pkt.recvlength = LWRES_RECVLENGTH;
client->pkt.authtype = 0; /* XXXMLG */
@ -57,7 +57,7 @@ ns_lwdclient_processnoop(ns_lwdclient_t *client, lwres_buffer_t *b) {
lwres = lwres_noopresponse_render(client->clientmgr->lwctx, &resp,
&client->pkt, &lwb);
if (lwres != LWRES_R_SUCCESS)
goto out;
goto cleanup_req;
r.base = lwb.base;
r.length = lwb.used;
@ -65,7 +65,7 @@ ns_lwdclient_processnoop(ns_lwdclient_t *client, lwres_buffer_t *b) {
client->sendlength = r.length;
result = ns_lwdclient_sendreply(client, &r);
if (result != ISC_R_SUCCESS)
goto out;
goto cleanup_lwb;
/*
* We can now destroy request.
@ -76,13 +76,12 @@ ns_lwdclient_processnoop(ns_lwdclient_t *client, lwres_buffer_t *b) {
return;
out:
if (req != NULL)
lwres_nooprequest_free(client->clientmgr->lwctx, &req);
cleanup_lwb:
lwres_context_freemem(client->clientmgr->lwctx, lwb.base, lwb.length);
if (lwb.base != NULL)
lwres_context_freemem(client->clientmgr->lwctx,
lwb.base, lwb.length);
cleanup_req:
lwres_nooprequest_free(client->clientmgr->lwctx, &req);
send_error:
ns_lwdclient_errorpktsend(client, LWRES_R_FAILURE);
}

14
bin/named/lwresd.8
View File

@ -1,4 +1,4 @@
.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: lwresd.8,v 1.15.18.12 2007/05/16 06:11:27 marka Exp $
.\" $Id: lwresd.8,v 1.15.18.13 2008/10/17 01:29:23 tbox Exp $
.\"
.hy 0
.ad l
@ -85,9 +85,9 @@ Use
\fIconfig\-file\fR
as the configuration file instead of the default,
\fI/etc/lwresd.conf\fR.
<term>\-c</term>
\fB\-c\fR
can not be used with
<term>\-C</term>.
\fB\-C\fR.
.RE
.PP
\-C \fIconfig\-file\fR
@ -96,9 +96,9 @@ Use
\fIconfig\-file\fR
as the configuration file instead of the default,
\fI/etc/resolv.conf\fR.
<term>\-C</term>
\fB\-C\fR
can not be used with
<term>\-c</term>.
\fB\-c\fR.
.RE
.PP
\-d \fIdebug\-level\fR
@ -217,7 +217,7 @@ The default process\-id file.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001 Internet Software Consortium.
.br

6
bin/named/lwresd.c
View File

@ -15,9 +15,9 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: lwresd.c,v 1.46.18.7.52.3 2008/07/23 23:16:43 marka Exp $ */
/* $Id: lwresd.c,v 1.46.18.10 2008/07/23 23:33:02 marka Exp $ */
/*! \file
/*! \file
* \brief
* Main program for the Lightweight Resolver Daemon.
*
@ -224,7 +224,7 @@ ns_lwresd_parseeresolvconf(isc_mem_t *mctx, cfg_parser_t *pctx,
for (i = 0; i < lwc->searchnxt; i++) {
CHECK(buffer_putstr(&b, "\t\t\""));
CHECK(buffer_putstr(&b, lwc->search[i]));
CHECK(buffer_putstr(&b, "\";\n"));
CHECK(buffer_putstr(&b, "\";\n"));
}
CHECK(buffer_putstr(&b, "\t};\n"));
}

9
bin/named/lwresd.docbook
View File

@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: lwresd.docbook,v 1.7.18.8 2007/08/28 07:20:01 tbox Exp $ -->
<!-- $Id: lwresd.docbook,v 1.7.18.10 2008/10/16 23:46:00 tbox Exp $ -->
<refentry>
<refentryinfo>
<date>June 30, 2000</date>
@ -40,6 +40,7 @@
<year>2004</year>
<year>2005</year>
<year>2007</year>
<year>2008</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@ -145,7 +146,7 @@
configuration file instead of the default,
<filename>/etc/lwresd.conf</filename>.
<!-- Should this be an absolute path name? -->
<term>-c</term> can not be used with <term>-C</term>.
<option>-c</option> can not be used with <option>-C</option>.
</para>
</listitem>
</varlistentry>
@ -157,7 +158,7 @@
Use <replaceable class="parameter">config-file</replaceable> as the
configuration file instead of the default,
<filename>/etc/resolv.conf</filename>.
<term>-C</term> can not be used with <term>-c</term>.
<option>-C</option> can not be used with <option>-c</option>.
</para>
</listitem>
</varlistentry>

18
bin/named/lwresd.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: lwresd.html,v 1.5.18.18 2007/05/16 06:11:27 marka Exp $ -->
<!-- $Id: lwresd.html,v 1.5.18.19 2008/10/17 01:29:23 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">lwresd</code> [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-C <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-i <em class="replaceable"><code>pid-file</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-P <em class="replaceable"><code>port</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-4</code>] [<code class="option">-6</code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543461"></a><h2>DESCRIPTION</h2>
<a name="id2543464"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">lwresd</strong></span>
is the daemon providing name lookup
services to clients that use the BIND 9 lightweight resolver
@ -67,7 +67,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543508"></a><h2>OPTIONS</h2>
<a name="id2543511"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-4</span></dt>
<dd><p>
@ -87,14 +87,14 @@
configuration file instead of the default,
<code class="filename">/etc/lwresd.conf</code>.
<font color="red">&lt;term&gt;-c&lt;/term&gt;</font> can not be used with <font color="red">&lt;term&gt;-C&lt;/term&gt;</font>.
<code class="option">-c</code> can not be used with <code class="option">-C</code>.
</p></dd>
<dt><span class="term">-C <em class="replaceable"><code>config-file</code></em></span></dt>
<dd><p>
Use <em class="replaceable"><code>config-file</code></em> as the
configuration file instead of the default,
<code class="filename">/etc/resolv.conf</code>.
<font color="red">&lt;term&gt;-C&lt;/term&gt;</font> can not be used with <font color="red">&lt;term&gt;-c&lt;/term&gt;</font>.
<code class="option">-C</code> can not be used with <code class="option">-c</code>.
</p></dd>
<dt><span class="term">-d <em class="replaceable"><code>debug-level</code></em></span></dt>
<dd><p>
@ -197,7 +197,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543925"></a><h2>FILES</h2>
<a name="id2543928"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="filename">/etc/resolv.conf</code></span></dt>
<dd><p>
@ -210,14 +210,14 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543964"></a><h2>SEE ALSO</h2>
<a name="id2543968"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">lwres</span>(3)</span>,
<span class="citerefentry"><span class="refentrytitle">resolver</span>(5)</span>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543998"></a><h2>AUTHOR</h2>
<a name="id2544002"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

61
bin/named/main.c
View File

@ -1,8 +1,8 @@
/*
* Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2006, 2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: main.c,v 1.136.18.17 2006/11/10 18:51:14 marka Exp $ */
/* $Id: main.c,v 1.136.18.21 2008/10/24 01:28:08 marka Exp $ */
/*! \file */
@ -33,6 +33,7 @@
#include <isc/hash.h>
#include <isc/os.h>
#include <isc/platform.h>
#include <isc/print.h>
#include <isc/resource.h>
#include <isc/stdio.h>
#include <isc/string.h>
@ -85,6 +86,7 @@ static char program_name[ISC_DIR_NAMEMAX] = "named";
static char absolute_conffile[ISC_DIR_PATHMAX];
static char saved_command_line[512];
static char version[512];
static unsigned int maxsocks = 0;
void
ns_main_earlywarning(const char *format, ...) {
@ -356,7 +358,8 @@ parse_command_line(int argc, char *argv[]) {
isc_commandline_errprint = ISC_FALSE;
while ((ch = isc_commandline_parse(argc, argv,
"46c:C:d:fgi:lm:n:N:p:P:st:u:vx:")) != -1) {
"46c:C:d:fgi:lm:n:N:p:P:"
"sS:t:u:vx:")) != -1) {
switch (ch) {
case '4':
if (disable4)
@ -435,6 +438,10 @@ parse_command_line(int argc, char *argv[]) {
/* XXXRTH temporary syntax */
want_stats = ISC_TRUE;
break;
case 'S':
maxsocks = parse_int(isc_commandline_argument,
"max number of sockets");
break;
case 't':
/* XXXJAB should we make a copy? */
ns_g_chrootdir = isc_commandline_argument;
@ -466,17 +473,14 @@ parse_command_line(int argc, char *argv[]) {
static isc_result_t
create_managers(void) {
isc_result_t result;
#ifdef ISC_PLATFORM_USETHREADS
unsigned int cpus_detected;
#endif
unsigned int socks;
#ifdef ISC_PLATFORM_USETHREADS
cpus_detected = isc_os_ncpus();
if (ns_g_cpus == 0)
ns_g_cpus = cpus_detected;
ns_g_cpus = ns_g_cpus_detected;
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
ISC_LOG_INFO, "found %u CPU%s, using %u worker thread%s",
cpus_detected, cpus_detected == 1 ? "" : "s",
ns_g_cpus_detected, ns_g_cpus_detected == 1 ? "" : "s",
ns_g_cpus, ns_g_cpus == 1 ? "" : "s");
#else
ns_g_cpus = 1;
@ -497,13 +501,19 @@ create_managers(void) {
return (ISC_R_UNEXPECTED);
}
result = isc_socketmgr_create(ns_g_mctx, &ns_g_socketmgr);
result = isc_socketmgr_create2(ns_g_mctx, &ns_g_socketmgr, maxsocks);
if (result != ISC_R_SUCCESS) {
UNEXPECTED_ERROR(__FILE__, __LINE__,
"isc_socketmgr_create() failed: %s",
isc_result_totext(result));
return (ISC_R_UNEXPECTED);
}
result = isc_socketmgr_getmaxsockets(ns_g_socketmgr, &socks);
if (result == ISC_R_SUCCESS) {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER,
ISC_LOG_INFO, "using up to %u sockets", socks);
}
result = isc_entropy_create(ns_g_mctx, &ns_g_entropy);
if (result != ISC_R_SUCCESS) {
@ -550,6 +560,7 @@ destroy_managers(void) {
static void
setup(void) {
isc_result_t result;
isc_resourcevalue_t old_openfiles;
#ifdef HAVE_LIBSCF
char *instance = NULL;
#endif
@ -603,6 +614,13 @@ setup(void) {
}
#endif
#ifdef ISC_PLATFORM_USETHREADS
/*
* Check for the number of cpu's before ns_os_chroot().
*/
ns_g_cpus_detected = isc_os_ncpus();
#endif
ns_os_chroot(ns_g_chrootdir);
/*
@ -655,6 +673,23 @@ setup(void) {
(void)isc_resource_getlimit(isc_resource_openfiles,
&ns_g_initopenfiles);
/*
* System resources cannot effectively be tuned on some systems.
* Raise the limit in such cases for safety.
*/
old_openfiles = ns_g_initopenfiles;
ns_os_adjustnofile();
(void)isc_resource_getlimit(isc_resource_openfiles,
&ns_g_initopenfiles);
if (old_openfiles != ns_g_initopenfiles) {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_MAIN, ISC_LOG_NOTICE,
"adjusted limit on open files from "
"%" ISC_PRINT_QUADFORMAT "u to "
"%" ISC_PRINT_QUADFORMAT "u",
old_openfiles, ns_g_initopenfiles);
}
/*
* If the named configuration filename is relative, prepend the current
* directory's name before possibly changing to another directory.
@ -665,7 +700,7 @@ setup(void) {
sizeof(absolute_conffile));
if (result != ISC_R_SUCCESS)
ns_main_earlyfatal("could not construct absolute path of "
"configuration file: %s",
"configuration file: %s",
isc_result_totext(result));
ns_g_conffile = absolute_conffile;
}
@ -757,7 +792,7 @@ ns_smf_get_instance(char **ins_name, int debug, isc_mem_t *mctx) {
if (debug)
UNEXPECTED_ERROR(__FILE__, __LINE__,
"scf_handle_create() failed: %s",
scf_strerror(scf_error()));
scf_strerror(scf_error()));
return (ISC_R_FAILURE);
}

23
bin/named/named.8
View File

@ -1,4 +1,4 @@
.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: named.8,v 1.20.18.15 2007/06/20 02:26:58 marka Exp $
.\" $Id: named.8,v 1.20.18.16 2008/09/01 02:29:00 tbox Exp $
.\"
.hy 0
.ad l
@ -33,7 +33,7 @@
named \- Internet domain name server
.SH "SYNOPSIS"
.HP 6
\fBnamed\fR [\fB\-4\fR] [\fB\-6\fR] [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] [\fB\-x\ \fR\fB\fIcache\-file\fR\fR]
\fBnamed\fR [\fB\-4\fR] [\fB\-6\fR] [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-S\ \fR\fB\fI#max\-socks\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] [\fB\-x\ \fR\fB\fIcache\-file\fR\fR]
.SH "DESCRIPTION"
.PP
\fBnamed\fR
@ -131,6 +131,21 @@ This option is mainly of interest to BIND 9 developers and may be removed or cha
.RE
.RE
.PP
\-S \fI#max\-socks\fR
.RS 4
Allow
\fBnamed\fR
to use up to
\fI#max\-socks\fR
sockets.
.RS
.B "Warning:"
This option should be unnecessary for the vast majority of users. The use of this option could even be harmful because the specified value may exceed the limitation of the underlying system API. It is therefore set only when the default configuration causes exhaustion of file descriptors and the operational environment is known to support the specified number of sockets. Note also that the actual maximum number is normally a little fewer than the specified value because
\fBnamed\fR
reserves some file descriptors for its internal use.
.RE
.RE
.PP
\-t \fIdirectory\fR
.RS 4
Chroot to
@ -230,7 +245,7 @@ BIND 9 Administrator Reference Manual.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2004\-2008 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001, 2003 Internet Software Consortium.
.br

7
bin/named/named.conf.5
View File

@ -1,4 +1,4 @@
.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@ -12,7 +12,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: named.conf.5,v 1.1.2.26 2007/08/19 23:26:13 marka Exp $
.\" $Id: named.conf.5,v 1.1.2.27 2008/09/05 01:32:08 tbox Exp $
.\"
.hy 0
.ad l
@ -174,6 +174,7 @@ options {
port \fIinteger\fR;
querylog \fIboolean\fR;
recursing\-file \fIquoted_string\fR;
reserved\-sockets \fIinteger\fR;
random\-device \fIquoted_string\fR;
recursive\-clients \fIinteger\fR;
serial\-query\-rate \fIinteger\fR;
@ -516,5 +517,5 @@ zone \fIstring\fR \fIoptional_class\fR {
\fBrndc\fR(8),
BIND 9 Administrator Reference Manual.
.SH "COPYRIGHT"
Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2004\-2008 Internet Systems Consortium, Inc. ("ISC")
.br

2
bin/named/named.conf.docbook
View File

@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: named.conf.docbook,v 1.1.2.29.12.2 2008/07/23 23:48:17 tbox Exp $ -->
<!-- $Id: named.conf.docbook,v 1.1.2.31 2008/09/04 23:46:08 tbox Exp $ -->
<refentry>
<refentryinfo>
<date>Aug 13, 2004</date>

33
bin/named/named.conf.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@ -13,7 +13,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: named.conf.html,v 1.1.2.35 2007/08/19 23:26:13 marka Exp $ -->
<!-- $Id: named.conf.html,v 1.1.2.36 2008/09/05 01:32:08 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -31,7 +31,7 @@
<div class="cmdsynopsis"><p><code class="command">named.conf</code> </p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2542042"></a><h2>DESCRIPTION</h2>
<a name="id2543342"></a><h2>DESCRIPTION</h2>
<p><code class="filename">named.conf</code> is the configuration file
for
<span><strong class="command">named</strong></span>. Statements are enclosed
@ -50,14 +50,14 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543367"></a><h2>ACL</h2>
<a name="id2543370"></a><h2>ACL</h2>
<div class="literallayout"><p><br>
acl <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
<br>
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543383"></a><h2>KEY</h2>
<a name="id2543386"></a><h2>KEY</h2>
<div class="literallayout"><p><br>
key <em class="replaceable"><code>domain_name</code></em> {<br>
algorithm <em class="replaceable"><code>string</code></em>;<br>
@ -66,7 +66,7 @@ key
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543402"></a><h2>MASTERS</h2>
<a name="id2543405"></a><h2>MASTERS</h2>
<div class="literallayout"><p><br>
masters <em class="replaceable"><code>string</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
@ -75,7 +75,7 @@ masters
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543448"></a><h2>SERVER</h2>
<a name="id2543451"></a><h2>SERVER</h2>
<div class="literallayout"><p><br>
server ( <em class="replaceable"><code>ipv4_address[<span class="optional">/prefixlen</span>]</code></em> | <em class="replaceable"><code>ipv6_address[<span class="optional">/prefixlen</span>]</code></em> ) {<br>
bogus <em class="replaceable"><code>boolean</code></em>;<br>
@ -97,7 +97,7 @@ server
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543516"></a><h2>TRUSTED-KEYS</h2>
<a name="id2543520"></a><h2>TRUSTED-KEYS</h2>
<div class="literallayout"><p><br>
trusted-keys {<br>
<em class="replaceable"><code>domain_name</code></em> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ... <br>
@ -105,7 +105,7 @@ trusted-keys
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543542"></a><h2>CONTROLS</h2>
<a name="id2543545"></a><h2>CONTROLS</h2>
<div class="literallayout"><p><br>
controls {<br>
inet ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
@ -117,7 +117,7 @@ controls
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543577"></a><h2>LOGGING</h2>
<a name="id2543580"></a><h2>LOGGING</h2>
<div class="literallayout"><p><br>
logging {<br>
channel <em class="replaceable"><code>string</code></em> {<br>
@ -135,7 +135,7 @@ logging
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543616"></a><h2>LWRES</h2>
<a name="id2543619"></a><h2>LWRES</h2>
<div class="literallayout"><p><br>
lwres {<br>
listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
@ -148,7 +148,7 @@ lwres
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543657"></a><h2>OPTIONS</h2>
<a name="id2543660"></a><h2>OPTIONS</h2>
<div class="literallayout"><p><br>
options {<br>
avoid-v4-udp-ports { <em class="replaceable"><code>port</code></em>; ... };<br>
@ -172,6 +172,7 @@ options
port <em class="replaceable"><code>integer</code></em>;<br>
querylog <em class="replaceable"><code>boolean</code></em>;<br>
recursing-file <em class="replaceable"><code>quoted_string</code></em>;<br>
reserved-sockets <em class="replaceable"><code>integer</code></em>;<br>
random-device <em class="replaceable"><code>quoted_string</code></em>;<br>
recursive-clients <em class="replaceable"><code>integer</code></em>;<br>
serial-query-rate <em class="replaceable"><code>integer</code></em>;<br>
@ -313,7 +314,7 @@ options
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2544401"></a><h2>VIEW</h2>
<a name="id2544407"></a><h2>VIEW</h2>
<div class="literallayout"><p><br>
view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
match-clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
@ -453,7 +454,7 @@ view
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2544966"></a><h2>ZONE</h2>
<a name="id2544972"></a><h2>ZONE</h2>
<div class="literallayout"><p><br>
zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
type ( master | slave | stub | hint |<br>
@ -538,12 +539,12 @@ zone
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2545319"></a><h2>FILES</h2>
<a name="id2545325"></a><h2>FILES</h2>
<p><code class="filename">/etc/named.conf</code>
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2545331"></a><h2>SEE ALSO</h2>
<a name="id2545337"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,

33
bin/named/named.docbook
View File

@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: named.docbook,v 1.7.18.12 2007/08/28 07:20:01 tbox Exp $ -->
<!-- $Id: named.docbook,v 1.7.18.14 2008/08/21 23:46:01 tbox Exp $ -->
<refentry id="man.named">
<refentryinfo>
<date>June 30, 2000</date>
@ -41,6 +41,7 @@
<year>2005</year>
<year>2006</year>
<year>2007</year>
<year>2008</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@ -64,6 +65,7 @@
<arg><option>-n <replaceable class="parameter">#cpus</replaceable></option></arg>
<arg><option>-p <replaceable class="parameter">port</replaceable></option></arg>
<arg><option>-s</option></arg>
<arg><option>-S <replaceable class="parameter">#max-socks</replaceable></option></arg>
<arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
<arg><option>-u <replaceable class="parameter">user</replaceable></option></arg>
<arg><option>-v</option></arg>
@ -214,6 +216,33 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-S <replaceable class="parameter">#max-socks</replaceable></term>
<listitem>
<para>
Allow <command>named</command> to use up to
<replaceable class="parameter">#max-socks</replaceable> sockets.
</para>
<warning>
<para>
This option should be unnecessary for the vast majority
of users.
The use of this option could even be harmful because the
specified value may exceed the limitation of the
underlying system API.
It is therefore set only when the default configuration
causes exhaustion of file descriptors and the
operational environment is known to support the
specified number of sockets.
Note also that the actual maximum number is normally a little
fewer than the specified value because
<command>named</command> reserves some file descriptors
for its internal use.
</para>
</warning>
</listitem>
</varlistentry>
<varlistentry>
<term>-t <replaceable class="parameter">directory</replaceable></term>
<listitem>

45
bin/named/named.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: named.html,v 1.6.18.21 2007/06/20 02:26:58 marka Exp $ -->
<!-- $Id: named.html,v 1.6.18.22 2008/09/01 02:29:00 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -29,10 +29,10 @@
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div>
<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-S <em class="replaceable"><code>#max-socks</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543452"></a><h2>DESCRIPTION</h2>
<a name="id2543464"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named</strong></span>
is a Domain Name System (DNS) server,
part of the BIND 9 distribution from ISC. For more
@ -47,7 +47,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543477"></a><h2>OPTIONS</h2>
<a name="id2543489"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-4</span></dt>
<dd><p>
@ -126,6 +126,31 @@
</p>
</div>
</dd>
<dt><span class="term">-S <em class="replaceable"><code>#max-socks</code></em></span></dt>
<dd>
<p>
Allow <span><strong class="command">named</strong></span> to use up to
<em class="replaceable"><code>#max-socks</code></em> sockets.
</p>
<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Warning</h3>
<p>
This option should be unnecessary for the vast majority
of users.
The use of this option could even be harmful because the
specified value may exceed the limitation of the
underlying system API.
It is therefore set only when the default configuration
causes exhaustion of file descriptors and the
operational environment is known to support the
specified number of sockets.
Note also that the actual maximum number is normally a little
fewer than the specified value because
<span><strong class="command">named</strong></span> reserves some file descriptors
for its internal use.
</p>
</div>
</dd>
<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
<dd>
<p>Chroot
@ -191,7 +216,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543864"></a><h2>SIGNALS</h2>
<a name="id2543911"></a><h2>SIGNALS</h2>
<p>
In routine operation, signals should not be used to control
the nameserver; <span><strong class="command">rndc</strong></span> should be used
@ -212,7 +237,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543912"></a><h2>CONFIGURATION</h2>
<a name="id2543959"></a><h2>CONFIGURATION</h2>
<p>
The <span><strong class="command">named</strong></span> configuration file is too complex
to describe in detail here. A complete description is provided
@ -221,7 +246,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543929"></a><h2>FILES</h2>
<a name="id2543976"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="filename">/etc/named.conf</code></span></dt>
<dd><p>
@ -234,7 +259,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543969"></a><h2>SEE ALSO</h2>
<a name="id2544016"></a><h2>SEE ALSO</h2>
<p><em class="citetitle">RFC 1033</em>,
<em class="citetitle">RFC 1034</em>,
<em class="citetitle">RFC 1035</em>,
@ -247,7 +272,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544039"></a><h2>AUTHOR</h2>
<a name="id2544086"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

70
bin/named/query.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: query.c,v 1.257.18.40 2007/09/26 03:08:14 each Exp $ */
/* $Id: query.c,v 1.257.18.46 2008/10/15 22:33:01 marka Exp $ */
/*! \file */
@ -2298,7 +2298,7 @@ mark_secure(ns_client_t *client, dns_db_t *db, dns_name_t *name,
static isc_boolean_t
get_key(ns_client_t *client, dns_db_t *db, dns_rdata_rrsig_t *rrsig,
dns_rdataset_t *keyrdataset, dst_key_t **keyp)
{
{
isc_result_t result;
dns_dbnode_t *node = NULL;
isc_boolean_t secure = ISC_FALSE;
@ -2331,12 +2331,12 @@ get_key(ns_client_t *client, dns_db_t *db, dns_rdata_rrsig_t *rrsig,
isc_buffer_init(&b, rdata.data, rdata.length);
isc_buffer_add(&b, rdata.length);
result = dst_key_fromdns(&rrsig->signer, rdata.rdclass, &b,
client->mctx, keyp);
client->mctx, keyp);
if (result != ISC_R_SUCCESS)
continue;
if (rrsig->algorithm == (dns_secalg_t)dst_key_alg(*keyp) &&
rrsig->keyid == (dns_keytag_t)dst_key_id(*keyp) &&
dst_key_iszonekey(*keyp)) {
rrsig->keyid == (dns_keytag_t)dst_key_id(*keyp) &&
dst_key_iszonekey(*keyp)) {
secure = ISC_TRUE;
break;
}
@ -2354,7 +2354,7 @@ verify(dst_key_t *key, dns_name_t *name, dns_rdataset_t *rdataset,
isc_boolean_t ignore = ISC_FALSE;
dns_fixedname_init(&fixed);
again:
result = dns_dnssec_verify2(name, rdataset, key, ignore, mctx,
rdata, NULL);
@ -2382,7 +2382,7 @@ validate(ns_client_t *client, dns_db_t *db, dns_name_t *name,
if (sigrdataset == NULL || !dns_rdataset_isassociated(sigrdataset))
return (ISC_FALSE);
for (result = dns_rdataset_first(sigrdataset);
result == ISC_R_SUCCESS;
result = dns_rdataset_next(sigrdataset)) {
@ -2757,6 +2757,13 @@ query_addwildcardproof(ns_client_t *client, dns_db_t *db,
&olabels);
(void)dns_name_fullcompare(name, &nsec.next, &order,
&nlabels);
/*
* Check for a pathological condition created when
* serving some malformed signed zones and bail out.
*/
if (dns_name_countlabels(name) == nlabels)
goto cleanup;
if (olabels > nlabels)
dns_name_split(name, olabels, NULL, wname);
else
@ -2924,13 +2931,14 @@ query_resume(isc_task_t *task, isc_event_t *event) {
static isc_result_t
query_recurse(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qdomain,
dns_rdataset_t *nameservers)
dns_rdataset_t *nameservers, isc_boolean_t resuming)
{
isc_result_t result;
dns_rdataset_t *rdataset, *sigrdataset;
isc_sockaddr_t *peeraddr;
inc_stats(client, dns_statscounter_recursion);
if (!resuming)
inc_stats(client, dns_statscounter_recursion);
/*
* We are about to recurse, which means that this client will
@ -3162,11 +3170,11 @@ query_addnoqnameproof(ns_client_t *client, dns_rdataset_t *rdataset) {
cleanup:
if (nsec != NULL)
query_putrdataset(client, &nsec);
if (nsecsig != NULL)
query_putrdataset(client, &nsecsig);
if (fname != NULL)
query_releasename(client, &fname);
query_putrdataset(client, &nsec);
if (nsecsig != NULL)
query_putrdataset(client, &nsecsig);
if (fname != NULL)
query_releasename(client, &fname);
}
static inline void
@ -3269,12 +3277,12 @@ warn_rfc1918(ns_client_t *client, dns_name_t *fname, dns_rdataset_t *rdataset) {
dns_rdata_soa_t soa;
dns_rdataset_t found;
isc_result_t result;
for (i = 0; i < (sizeof(rfc1918names)/sizeof(*rfc1918names)); i++) {
if (dns_name_issubdomain(fname, &rfc1918names[i])) {
dns_rdataset_init(&found);
result = dns_ncache_getrdataset(rdataset,
&rfc1918names[i],
&rfc1918names[i],
dns_rdatatype_soa,
&found);
if (result != ISC_R_SUCCESS)
@ -3335,6 +3343,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
unsigned int options;
isc_boolean_t empty_wild;
dns_rdataset_t *noqname;
isc_boolean_t resuming;
CTRACE("query_find");
@ -3360,6 +3369,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
need_wildcardproof = ISC_FALSE;
empty_wild = ISC_FALSE;
options = 0;
resuming = ISC_FALSE;
is_zone = ISC_FALSE;
if (event != NULL) {
/*
@ -3369,7 +3380,6 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
want_restart = ISC_FALSE;
authoritative = ISC_FALSE;
is_zone = ISC_FALSE;
qtype = event->qtype;
if (qtype == dns_rdatatype_rrsig || qtype == dns_rdatatype_sig)
@ -3402,6 +3412,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
}
result = event->result;
resuming = ISC_TRUE;
goto resume;
}
@ -3602,7 +3613,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
*/
if (RECURSIONOK(client)) {
result = query_recurse(client, qtype,
NULL, NULL);
NULL, NULL, resuming);
if (result == ISC_R_SUCCESS)
client->query.attributes |=
NS_QUERYATTR_RECURSING;
@ -3773,10 +3784,12 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
*/
if (dns_rdatatype_atparent(type))
result = query_recurse(client, qtype,
NULL, NULL);
NULL, NULL,
resuming);
else
result = query_recurse(client, qtype,
fname, rdataset);
fname, rdataset,
resuming);
if (result == ISC_R_SUCCESS)
client->query.attributes |=
NS_QUERYATTR_RECURSING;
@ -4220,7 +4233,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
result = query_recurse(client,
qtype,
NULL,
NULL);
NULL,
resuming);
if (result == ISC_R_SUCCESS)
client->query.attributes |=
NS_QUERYATTR_RECURSING;
@ -4437,6 +4451,7 @@ ns_query_start(ns_client_t *client) {
dns_rdataset_t *rdataset;
ns_client_t *qclient;
dns_rdatatype_t qtype;
isc_boolean_t want_ad;
CTRACE("ns_query_start");
@ -4575,6 +4590,15 @@ ns_query_start(ns_client_t *client) {
if (message->flags & DNS_MESSAGEFLAG_CD)
client->query.attributes &= ~NS_QUERYATTR_SECURE;
/*
* Set 'want_ad' if the client has set AD in the query.
* This allows AD to be returned on queries without DO set.
*/
if ((message->flags & DNS_MESSAGEFLAG_AD) != 0)
want_ad = ISC_TRUE;
else
want_ad = ISC_FALSE;
/*
* This is an ordinary query.
*/
@ -4594,7 +4618,7 @@ ns_query_start(ns_client_t *client) {
* Set AD. We must clear it if we add non-validated data to a
* response.
*/
if (WANTDNSSEC(client))
if (WANTDNSSEC(client) || want_ad)
message->flags |= DNS_MESSAGEFLAG_AD;
qclient = NULL;

338
bin/named/server.c
View File

@ -15,13 +15,14 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: server.c,v 1.419.18.57.10.3 2008/07/23 12:04:32 marka Exp $ */
/* $Id: server.c,v 1.419.18.68 2008/09/04 23:46:08 tbox Exp $ */
/*! \file */
#include <config.h>
#include <stdlib.h>
#include <unistd.h>
#include <isc/app.h>
#include <isc/base64.h>
@ -31,8 +32,10 @@
#include <isc/hash.h>
#include <isc/lex.h>
#include <isc/parseint.h>
#include <isc/portset.h>
#include <isc/print.h>
#include <isc/resource.h>
#include <isc/socket.h>
#include <isc/stdio.h>
#include <isc/string.h>
#include <isc/task.h>
@ -197,6 +200,7 @@ static const struct {
#endif
/* RFC 3330 */
{ "0.IN-ADDR.ARPA", ISC_FALSE }, /* THIS NETWORK */
{ "127.IN-ADDR.ARPA", ISC_FALSE }, /* LOOPBACK */
{ "254.169.IN-ADDR.ARPA", ISC_FALSE }, /* LINK LOCAL */
{ "2.0.192.IN-ADDR.ARPA", ISC_FALSE }, /* TEST NET */
@ -438,7 +442,7 @@ configure_view_dnsseckeys(const cfg_obj_t *vconfig, const cfg_obj_t *config,
*target = keytable; /* Transfer ownership. */
keytable = NULL;
result = ISC_R_SUCCESS;
cleanup:
return (result);
}
@ -454,7 +458,7 @@ mustbesecure(const cfg_obj_t *mbs, dns_resolver_t *resolver)
isc_boolean_t value;
isc_result_t result;
isc_buffer_t b;
dns_fixedname_init(&fixed);
name = dns_fixedname_name(&fixed);
for (element = cfg_list_first(mbs);
@ -472,7 +476,7 @@ mustbesecure(const cfg_obj_t *mbs, dns_resolver_t *resolver)
}
result = ISC_R_SUCCESS;
cleanup:
return (result);
}
@ -482,13 +486,15 @@ mustbesecure(const cfg_obj_t *mbs, dns_resolver_t *resolver)
*/
static isc_result_t
get_view_querysource_dispatch(const cfg_obj_t **maps,
int af, dns_dispatch_t **dispatchp)
int af, dns_dispatch_t **dispatchp,
isc_boolean_t is_firstview)
{
isc_result_t result;
dns_dispatch_t *disp;
isc_sockaddr_t sa;
unsigned int attrs, attrmask;
const cfg_obj_t *obj = NULL;
unsigned int maxdispatchbuffers;
/*
* Make compiler happy.
@ -540,12 +546,18 @@ get_view_querysource_dispatch(const cfg_obj_t **maps,
attrs |= DNS_DISPATCHATTR_IPV6;
break;
}
if (isc_sockaddr_getport(&sa) != 0) {
if (isc_sockaddr_getport(&sa) == 0) {
attrs |= DNS_DISPATCHATTR_EXCLUSIVE;
maxdispatchbuffers = 4096;
} else {
INSIST(obj != NULL);
cfg_obj_log(obj, ns_g_lctx, ISC_LOG_INFO,
"using specific query-source port suppresses port "
"randomization and can be insecure.");
if (is_firstview) {
cfg_obj_log(obj, ns_g_lctx, ISC_LOG_INFO,
"using specific query-source port "
"suppresses port randomization and can be "
"insecure.");
}
maxdispatchbuffers = 1000;
}
attrmask = 0;
@ -557,7 +569,7 @@ get_view_querysource_dispatch(const cfg_obj_t **maps,
disp = NULL;
result = dns_dispatch_getudp(ns_g_dispatchmgr, ns_g_socketmgr,
ns_g_taskmgr, &sa, 4096,
1024, 32768, 16411, 16433,
maxdispatchbuffers, 32768, 16411, 16433,
attrs, attrmask, &disp);
if (result != ISC_R_SUCCESS) {
isc_sockaddr_t any;
@ -609,7 +621,7 @@ configure_order(dns_order_t *order, const cfg_obj_t *ent) {
return (result);
obj = cfg_tuple_get(ent, "name");
if (cfg_obj_isstring(obj))
if (cfg_obj_isstring(obj))
str = cfg_obj_asstring(obj);
else
str = "*";
@ -662,7 +674,7 @@ configure_peer(const cfg_obj_t *cpeer, isc_mem_t *mctx, dns_peer_t **peerp) {
cfg_obj_asnetprefix(cfg_map_getname(cpeer), &na, &prefixlen);
peer = NULL;
result = dns_peer_new(mctx, &na, &peer);
result = dns_peer_newprefix(mctx, &na, prefixlen, &peer);
if (result != ISC_R_SUCCESS)
return (result);
@ -840,7 +852,7 @@ on_disable_list(const cfg_obj_t *disablelist, dns_name_t *zonename) {
dns_fixedname_init(&fixed);
name = dns_fixedname_name(&fixed);
for (element = cfg_list_first(disablelist);
element != NULL;
element = cfg_list_next(element))
@ -911,9 +923,9 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,
const cfg_obj_t *alternates;
const cfg_obj_t *zonelist;
#ifdef DLZ
const cfg_obj_t *dlz;
unsigned int dlzargc;
char **dlzargv;
const cfg_obj_t *dlz;
unsigned int dlzargc;
char **dlzargv;
#endif
const cfg_obj_t *disabled;
const cfg_obj_t *obj;
@ -1064,7 +1076,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,
result = ISC_R_NOMEMORY;
goto cleanup;
}
result = dns_dlzstrtoargv(mctx, s, &dlzargc, &dlzargv);
if (result != ISC_R_SUCCESS) {
isc_mem_free(mctx, s);
@ -1183,8 +1195,12 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,
*
* XXXRTH Hardwired number of tasks.
*/
CHECK(get_view_querysource_dispatch(maps, AF_INET, &dispatch4));
CHECK(get_view_querysource_dispatch(maps, AF_INET6, &dispatch6));
CHECK(get_view_querysource_dispatch(maps, AF_INET, &dispatch4,
ISC_TF(ISC_LIST_PREV(view, link)
== NULL)));
CHECK(get_view_querysource_dispatch(maps, AF_INET6, &dispatch6,
ISC_TF(ISC_LIST_PREV(view, link)
== NULL)));
if (dispatch4 == NULL && dispatch6 == NULL) {
UNEXPECTED_ERROR(__FILE__, __LINE__,
"unable to obtain neither an IPv4 nor"
@ -1223,7 +1239,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,
result = ns_config_get(maps, "zero-no-soa-ttl-cache", &obj);
INSIST(result == ISC_R_SUCCESS);
dns_resolver_setzeronosoattl(view->resolver, cfg_obj_asboolean(obj));
/*
* Set the resolver's EDNS UDP size.
*/
@ -1236,7 +1252,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,
if (udpsize > 4096)
udpsize = 4096;
dns_resolver_setudpsize(view->resolver, (isc_uint16_t)udpsize);
/*
* Set the maximum UDP response size.
*/
@ -1273,7 +1289,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,
(void)ns_config_get(maps, "forward", &forwardtype);
(void)ns_config_get(maps, "forwarders", &forwarders);
if (forwarders != NULL)
CHECK(configure_forward(config, view, dns_rootname,
CHECK(configure_forward(config, view, dns_rootname,
forwarders, forwardtype));
/*
@ -1293,7 +1309,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,
/*
* If we still have no hints, this is a non-IN view with no
* "hints zone" configured. Issue a warning, except if this
* is a root server. Root servers never need to consult
* is a root server. Root servers never need to consult
* their hints, so it's no point requiring users to configure
* them.
*/
@ -1416,7 +1432,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,
view->transfer_format = dns_one_answer;
else
INSIST(0);
/*
* Set sources where additional data and CNAME/DNAME
* targets for authoritative answers may be found.
@ -1516,7 +1532,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,
dns_resolver_setclientsperquery(view->resolver,
cfg_obj_asuint32(obj),
max_clients_per_query);
obj = NULL;
result = ns_config_get(maps, "dnssec-enable", &obj);
INSIST(result == ISC_R_SUCCESS);
@ -1745,14 +1761,14 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,
if (result == ISC_R_SUCCESS &&
forwarders->fwdpolicy == dns_fwdpolicy_only)
continue;
if (!rfc1918 && empty_zones[empty_zone].rfc1918) {
if (logit) {
isc_log_write(ns_g_lctx,
NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER,
ISC_LOG_WARNING,
"Warning%s%s: "
"Warning%s%s: "
"'empty-zones-enable/"
"disable-empty-zone' "
"not set: disabling "
@ -1794,7 +1810,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,
dns_zone_setclass(zone, view->rdclass);
dns_zone_settype(zone, dns_zone_master);
CHECK(dns_zone_setdbtype(zone, empty_dbtypec,
empty_dbtype));
empty_dbtype));
if (view->queryacl != NULL)
dns_zone_setqueryacl(zone, view->queryacl);
dns_zone_setdialup(zone, dns_dialuptype_no);
@ -1809,7 +1825,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,
dns_zone_detach(&zone);
}
}
result = ISC_R_SUCCESS;
cleanup:
@ -2125,7 +2141,7 @@ configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig,
"name"));
else
vname = "<default view>";
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
"zone '%s': wrong class for view '%s'",
@ -2499,7 +2515,7 @@ adjust_interfaces(ns_server_t *server, isc_mem_t *mctx) {
}
ns_interfacemgr_adjust(server->interfacemgr, list, ISC_TRUE);
clean:
ns_listenlist_detach(&list);
return;
@ -2588,7 +2604,7 @@ setstring(ns_server_t *server, char **field, const char *value) {
*field = copy;
return (ISC_R_SUCCESS);
}
}
/*
* Replace the current value of '*field', a dynamically allocated
@ -2630,7 +2646,7 @@ set_limit(const cfg_obj_t **maps, const char *configname,
result = isc_resource_setlimit(resourceid, value);
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
result == ISC_R_SUCCESS ?
ISC_LOG_DEBUG(3) : ISC_LOG_WARNING,
ISC_LOG_DEBUG(3) : ISC_LOG_WARNING,
"set maximum %s to %" ISC_PRINT_QUADFORMAT "d: %s",
description, value, isc_result_totext(result));
}
@ -2647,31 +2663,48 @@ set_limits(const cfg_obj_t **maps) {
SETLIMIT("files", openfiles, "open files");
}
static isc_result_t
portlist_fromconf(dns_portlist_t *portlist, unsigned int family,
const cfg_obj_t *ports)
static void
portset_fromconf(isc_portset_t *portset, const cfg_obj_t *ports,
isc_boolean_t positive)
{
const cfg_listelt_t *element;
isc_result_t result = ISC_R_SUCCESS;
for (element = cfg_list_first(ports);
element != NULL;
element = cfg_list_next(element)) {
const cfg_obj_t *obj = cfg_listelt_value(element);
in_port_t port = (in_port_t)cfg_obj_asuint32(obj);
result = dns_portlist_add(portlist, family, port);
if (result != ISC_R_SUCCESS)
break;
if (cfg_obj_isuint32(obj)) {
in_port_t port = (in_port_t)cfg_obj_asuint32(obj);
if (positive)
isc_portset_add(portset, port);
else
isc_portset_remove(portset, port);
} else {
const cfg_obj_t *obj_loport, *obj_hiport;
in_port_t loport, hiport;
obj_loport = cfg_tuple_get(obj, "loport");
loport = (in_port_t)cfg_obj_asuint32(obj_loport);
obj_hiport = cfg_tuple_get(obj, "hiport");
hiport = (in_port_t)cfg_obj_asuint32(obj_hiport);
if (positive)
isc_portset_addrange(portset, loport, hiport);
else {
isc_portset_removerange(portset, loport,
hiport);
}
}
}
return (result);
}
static isc_result_t
removed(dns_zone_t *zone, void *uap) {
const char *type;
if (dns_zone_getview(zone) != uap)
if (dns_zone_getview(zone) != uap)
return (ISC_R_SUCCESS);
switch (dns_zone_gettype(zone)) {
@ -2704,28 +2737,31 @@ load_configuration(const char *filename, ns_server_t *server,
const cfg_obj_t *maps[3];
const cfg_obj_t *obj;
const cfg_obj_t *options;
const cfg_obj_t *v4ports, *v6ports;
const cfg_obj_t *usev4ports, *avoidv4ports, *usev6ports, *avoidv6ports;
const cfg_obj_t *views;
dns_view_t *view = NULL;
dns_view_t *view_next;
dns_viewlist_t tmpviewlist;
dns_viewlist_t viewlist;
in_port_t listen_port;
in_port_t listen_port, udpport_low, udpport_high;
int i;
isc_interval_t interval;
isc_resourcevalue_t files;
isc_portset_t *v4portset = NULL;
isc_portset_t *v6portset = NULL;
isc_resourcevalue_t nfiles;
isc_result_t result;
isc_uint32_t heartbeat_interval;
isc_uint32_t interface_interval;
isc_uint32_t reserved;
isc_uint32_t udpsize;
unsigned int maxsocks;
cfg_aclconfctx_init(&aclconfctx);
ISC_LIST_INIT(viewlist);
/* Ensure exclusive access to configuration data. */
result = isc_task_beginexclusive(server->task);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
/*
* Parse the global default pseudo-config file.
@ -2799,20 +2835,22 @@ load_configuration(const char *filename, ns_server_t *server,
set_limits(maps);
/*
* Sanity check on "files" limit.
* Check if max number of open sockets that the system allows is
* sufficiently large. Failing this condition is not necessarily fatal,
* but may cause subsequent runtime failures for a busy recursive
* server.
*/
result = isc_resource_curlimit(isc_resource_openfiles, &files);
if (result == ISC_R_SUCCESS && files < FD_SETSIZE) {
result = isc_socketmgr_getmaxsockets(ns_g_socketmgr, &maxsocks);
if (result != ISC_R_SUCCESS)
maxsocks = 0;
result = isc_resource_getcurlimit(isc_resource_openfiles, &nfiles);
if (result == ISC_R_SUCCESS && (isc_resourcevalue_t)maxsocks > nfiles) {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
"the 'files' limit (%" ISC_PRINT_QUADFORMAT "u) "
"is less than FD_SETSIZE (%d), increase "
"'files' in named.conf or recompile with a "
"smaller FD_SETSIZE.", files, FD_SETSIZE);
if (files > FD_SETSIZE)
files = FD_SETSIZE;
} else
files = FD_SETSIZE;
"max open files (%" ISC_PRINT_QUADFORMAT "u)"
" is smaller than max sockets (%u)",
nfiles, maxsocks);
}
/*
* Set the number of socket reserved for TCP, stdio etc.
@ -2821,20 +2859,23 @@ load_configuration(const char *filename, ns_server_t *server,
result = ns_config_get(maps, "reserved-sockets", &obj);
INSIST(result == ISC_R_SUCCESS);
reserved = cfg_obj_asuint32(obj);
if (files < 128U) /* Prevent underflow. */
reserved = 0;
else if (reserved > files - 128U) /* Mimimum UDP space. */
reserved = files - 128;
if (reserved < 128U) /* Mimimum TCP/stdio space. */
if (maxsocks != 0) {
if (maxsocks < 128U) /* Prevent underflow. */
reserved = 0;
else if (reserved > maxsocks - 128U) /* Minimum UDP space. */
reserved = maxsocks - 128;
}
/* Minimum TCP/stdio space. */
if (reserved < 128U)
reserved = 128;
if (reserved + 128U > files) {
if (reserved + 128U > maxsocks && maxsocks != 0) {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
"less than 128 UDP sockets available after "
"applying 'reserved-sockets' and 'files'");
"applying 'reserved-sockets' and 'maxsockets'");
}
isc__socketmgr_setreserved(ns_g_socketmgr, reserved);
/*
* Configure various server options.
*/
@ -2859,24 +2900,64 @@ load_configuration(const char *filename, ns_server_t *server,
INSIST(result == ISC_R_SUCCESS);
server->aclenv.match_mapped = cfg_obj_asboolean(obj);
v4ports = NULL;
v6ports = NULL;
(void)ns_config_get(maps, "avoid-v4-udp-ports", &v4ports);
(void)ns_config_get(maps, "avoid-v6-udp-ports", &v6ports);
if (v4ports != NULL || v6ports != NULL) {
dns_portlist_t *portlist = NULL;
result = dns_portlist_create(ns_g_mctx, &portlist);
if (result == ISC_R_SUCCESS && v4ports != NULL)
result = portlist_fromconf(portlist, AF_INET, v4ports);
if (result == ISC_R_SUCCESS && v6ports != NULL)
portlist_fromconf(portlist, AF_INET6, v6ports);
if (result == ISC_R_SUCCESS)
dns_dispatchmgr_setblackportlist(ns_g_dispatchmgr, portlist);
if (portlist != NULL)
dns_portlist_detach(&portlist);
CHECK(result);
} else
dns_dispatchmgr_setblackportlist(ns_g_dispatchmgr, NULL);
/*
* Configure sets of UDP query source ports.
*/
CHECKM(isc_portset_create(ns_g_mctx, &v4portset),
"creating UDP port set");
CHECKM(isc_portset_create(ns_g_mctx, &v6portset),
"creating UDP port set");
usev4ports = NULL;
usev6ports = NULL;
avoidv4ports = NULL;
avoidv6ports = NULL;
(void)ns_config_get(maps, "use-v4-udp-ports", &usev4ports);
if (usev4ports != NULL)
portset_fromconf(v4portset, usev4ports, ISC_TRUE);
else {
CHECKM(isc_net_getudpportrange(AF_INET, &udpport_low,
&udpport_high),
"get the default UDP/IPv4 port range");
if (udpport_low == udpport_high)
isc_portset_add(v4portset, udpport_low);
else {
isc_portset_addrange(v4portset, udpport_low,
udpport_high);
}
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"using default UDP/IPv4 port range: [%d, %d]",
udpport_low, udpport_high);
}
(void)ns_config_get(maps, "avoid-v4-udp-ports", &avoidv4ports);
if (avoidv4ports != NULL)
portset_fromconf(v4portset, avoidv4ports, ISC_FALSE);
(void)ns_config_get(maps, "use-v6-udp-ports", &usev6ports);
if (usev6ports != NULL)
portset_fromconf(v6portset, usev6ports, ISC_TRUE);
else {
CHECKM(isc_net_getudpportrange(AF_INET6, &udpport_low,
&udpport_high),
"get the default UDP/IPv6 port range");
if (udpport_low == udpport_high)
isc_portset_add(v6portset, udpport_low);
else {
isc_portset_addrange(v6portset, udpport_low,
udpport_high);
}
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"using default UDP/IPv6 port range: [%d, %d]",
udpport_low, udpport_high);
}
(void)ns_config_get(maps, "avoid-v6-udp-ports", &avoidv6ports);
if (avoidv6ports != NULL)
portset_fromconf(v6portset, avoidv6ports, ISC_FALSE);
dns_dispatchmgr_setavailports(ns_g_dispatchmgr, v4portset, v6portset);
/*
* Set the EDNS UDP size when we don't match a view.
@ -3037,7 +3118,7 @@ load_configuration(const char *filename, ns_server_t *server,
NULL, &interval, ISC_FALSE));
}
server->heartbeat_interval = heartbeat_interval;
isc_interval_set(&interval, 1200, 0);
CHECK(isc_timer_reset(server->pps_timer, isc_timertype_ticker, NULL,
&interval, ISC_FALSE));
@ -3184,6 +3265,15 @@ load_configuration(const char *filename, ns_server_t *server,
if (first_time)
ns_os_changeuser();
/*
* Check that the working directory is writable.
*/
if (access(".", W_OK) != 0) {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
"the working directory is not writable");
}
/*
* Configure the logging system.
*
@ -3277,7 +3367,7 @@ load_configuration(const char *filename, ns_server_t *server,
ns_os_writepidfile(lwresd_g_defaultpidfile, first_time);
else
ns_os_writepidfile(ns_g_defaultpidfile, first_time);
obj = NULL;
if (options != NULL &&
cfg_map_get(options, "memstatistics-file", &obj) == ISC_R_SUCCESS)
@ -3344,6 +3434,12 @@ load_configuration(const char *filename, ns_server_t *server,
result = ISC_R_SUCCESS;
cleanup:
if (v4portset != NULL)
isc_portset_destroy(ns_g_mctx, &v4portset);
if (v6portset != NULL)
isc_portset_destroy(ns_g_mctx, &v6portset);
cfg_aclconfctx_destroy(&aclconfctx);
if (parser != NULL) {
@ -3414,7 +3510,7 @@ load_zones(ns_server_t *server, isc_boolean_t stop) {
*/
CHECK(dns_zonemgr_forcemaint(server->zonemgr));
cleanup:
isc_task_endexclusive(server->task);
isc_task_endexclusive(server->task);
return (result);
}
@ -3442,7 +3538,7 @@ load_new_zones(ns_server_t *server, isc_boolean_t stop) {
*/
dns_zonemgr_resumexfrs(server->zonemgr);
cleanup:
isc_task_endexclusive(server->task);
isc_task_endexclusive(server->task);
return (result);
}
@ -3501,7 +3597,7 @@ run_server(isc_task_t *task, isc_event_t *event) {
ISC_LOG_NOTICE, "running");
}
void
void
ns_server_flushonshutdown(ns_server_t *server, isc_boolean_t flush) {
REQUIRE(NS_SERVER_VALID(server));
@ -3635,7 +3731,7 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
server->interface_timer = NULL;
server->heartbeat_timer = NULL;
server->pps_timer = NULL;
server->interface_interval = 0;
server->heartbeat_interval = 0;
@ -3658,7 +3754,7 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
server->hostname_set = ISC_FALSE;
server->hostname = NULL;
server->version_set = ISC_FALSE;
server->version_set = ISC_FALSE;
server->version = NULL;
server->server_usehostname = ISC_FALSE;
server->server_id = NULL;
@ -3814,7 +3910,7 @@ ns_add_reserved_dispatch(ns_server_t *server, const isc_sockaddr_t *addr) {
result = dns_dispatch_getudp(ns_g_dispatchmgr, ns_g_socketmgr,
ns_g_taskmgr, &dispatch->addr, 4096,
1000, 32768, 16411, 16433,
attrs, attrmask, &dispatch->dispatch);
attrs, attrmask, &dispatch->dispatch);
if (result != ISC_R_SUCCESS)
goto cleanup;
@ -3917,7 +4013,7 @@ next_token(char **stringp, const char *delim) {
break;
} while (*res == '\0');
return (res);
}
}
/*
* Find the zone specified in the control channel command 'args',
@ -3975,14 +4071,14 @@ zone_from_args(ns_server_t *server, char *args, dns_zone_t **zonep) {
} else {
rdclass = dns_rdataclass_in;
}
if (viewtxt == NULL)
viewtxt = "_default";
result = dns_viewlist_find(&server->viewlist, viewtxt,
rdclass, &view);
if (result != ISC_R_SUCCESS)
goto fail1;
result = dns_zt_find(view->zonetable, dns_fixedname_name(&name),
0, NULL, zonep);
/* Partial match? */
@ -4001,7 +4097,7 @@ ns_server_retransfercommand(ns_server_t *server, char *args) {
isc_result_t result;
dns_zone_t *zone = NULL;
dns_zonetype_t type;
result = zone_from_args(server, args, &zone);
if (result != ISC_R_SUCCESS)
return (result);
@ -4014,7 +4110,7 @@ ns_server_retransfercommand(ns_server_t *server, char *args) {
result = ISC_R_NOTFOUND;
dns_zone_detach(&zone);
return (result);
}
}
/*
* Act on a "reload" command from the command channel.
@ -4025,7 +4121,7 @@ ns_server_reloadcommand(ns_server_t *server, char *args, isc_buffer_t *text) {
dns_zone_t *zone = NULL;
dns_zonetype_t type;
const char *msg = NULL;
result = zone_from_args(server, args, &zone);
if (result != ISC_R_SUCCESS)
return (result);
@ -4042,7 +4138,7 @@ ns_server_reloadcommand(ns_server_t *server, char *args, isc_buffer_t *text) {
} else {
result = dns_zone_load(zone);
dns_zone_detach(&zone);
switch (result) {
switch (result) {
case ISC_R_SUCCESS:
msg = "zone reload successful";
break;
@ -4064,7 +4160,7 @@ ns_server_reloadcommand(ns_server_t *server, char *args, isc_buffer_t *text) {
isc_buffer_putmem(text, (const unsigned char *)msg,
strlen(msg) + 1);
return (result);
}
}
/*
* Act on a "reconfig" command from the command channel.
@ -4091,14 +4187,14 @@ ns_server_notifycommand(ns_server_t *server, char *args, isc_buffer_t *text) {
return (result);
if (zone == NULL)
return (ISC_R_UNEXPECTEDEND);
dns_zone_notify(zone);
dns_zone_detach(&zone);
if (sizeof(msg) <= isc_buffer_availablelength(text))
isc_buffer_putmem(text, msg, sizeof(msg));
return (ISC_R_SUCCESS);
}
}
/*
* Act on a "refresh" command from the command channel.
@ -4125,17 +4221,17 @@ ns_server_refreshcommand(ns_server_t *server, char *args, isc_buffer_t *text) {
isc_buffer_putmem(text, msg1, sizeof(msg1));
return (ISC_R_SUCCESS);
}
dns_zone_detach(&zone);
if (sizeof(msg2) <= isc_buffer_availablelength(text))
isc_buffer_putmem(text, msg2, sizeof(msg2));
return (ISC_R_FAILURE);
}
}
isc_result_t
ns_server_togglequerylog(ns_server_t *server) {
server->log_queries = server->log_queries ? ISC_FALSE : ISC_TRUE;
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"query logging is now %s",
@ -4239,15 +4335,15 @@ ns_server_dumpstats(ns_server_t *server) {
CHECKMF(isc_stdio_open(server->statsfile, "a", &fp),
"could not open statistics dump file", server->statsfile);
ncounters = DNS_STATS_NCOUNTERS;
fprintf(fp, "+++ Statistics Dump +++ (%lu)\n", (unsigned long)now);
for (i = 0; i < ncounters; i++)
fprintf(fp, "%s %" ISC_PRINT_QUADFORMAT "u\n",
dns_statscounter_names[i],
server->querystats[i]);
zone = NULL;
for (result = dns_zone_first(server->zonemgr, &zone);
result == ISC_R_SUCCESS;
@ -4258,7 +4354,7 @@ ns_server_dumpstats(ns_server_t *server) {
char zonename[DNS_NAME_FORMATSIZE];
dns_view_t *view;
char *viewname;
dns_name_format(dns_zone_getorigin(zone),
zonename, sizeof(zonename));
view = dns_zone_getview(zone);
@ -4278,7 +4374,7 @@ ns_server_dumpstats(ns_server_t *server) {
if (result == ISC_R_NOMORE)
result = ISC_R_SUCCESS;
CHECK(result);
fprintf(fp, "--- Statistics Dump --- (%lu)\n", (unsigned long)now);
cleanup:
@ -4306,7 +4402,7 @@ static isc_result_t
add_view_tolist(struct dumpcontext *dctx, dns_view_t *view) {
struct viewlistentry *vle;
isc_result_t result = ISC_R_SUCCESS;
/*
* Prevent duplicate views.
*/
@ -4369,7 +4465,7 @@ dumpdone(void *arg, isc_result_t result) {
struct dumpcontext *dctx = arg;
char buf[1024+32];
const dns_master_style_t *style;
if (result != ISC_R_SUCCESS)
goto cleanup;
if (dctx->mdctx != NULL)
@ -4526,7 +4622,7 @@ ns_server_dumpdb(ns_server_t *server, char *args) {
dctx->dumpzones = ISC_TRUE;
dctx->dumpcache = ISC_FALSE;
ptr = next_token(&args, " \t");
}
}
nextview:
for (view = ISC_LIST_HEAD(server->viewlist);
@ -4646,7 +4742,7 @@ ns_server_validation(ns_server_t *server, char *args) {
else
result = ISC_R_FAILURE;
out:
isc_task_endexclusive(server->task);
isc_task_endexclusive(server->task);
return (result);
}
@ -4689,7 +4785,7 @@ ns_server_flushcache(ns_server_t *server, char *args) {
else
result = ISC_R_FAILURE;
}
isc_task_endexclusive(server->task);
isc_task_endexclusive(server->task);
return (result);
}
@ -4746,7 +4842,7 @@ ns_server_flushname(ns_server_t *server, char *args) {
result = ISC_R_NOTFOUND;
else
result = ISC_R_FAILURE;
isc_task_endexclusive(server->task);
isc_task_endexclusive(server->task);
return (result);
}
@ -4798,7 +4894,7 @@ ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args) {
char *journal;
const char *vname, *sep;
isc_boolean_t frozen;
result = zone_from_args(server, args, &zone);
if (result != ISC_R_SUCCESS)
return (result);
@ -4806,7 +4902,7 @@ ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args) {
result = isc_task_beginexclusive(server->task);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
tresult = ISC_R_SUCCESS;
for (view = ISC_LIST_HEAD(server->viewlist);
for (view = ISC_LIST_HEAD(server->viewlist);
view != NULL;
view = ISC_LIST_NEXT(view, link)) {
result = dns_view_freezezones(view, freeze);

10
bin/named/unix/include/named/os.h
View File

@ -1,8 +1,8 @@
/*
* Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004, 2005, 2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: os.h,v 1.22.18.3 2005/04/29 00:15:39 marka Exp $ */
/* $Id: os.h,v 1.22.18.5 2008/10/24 01:43:17 tbox Exp $ */
#ifndef NS_OS_H
#define NS_OS_H 1
@ -45,12 +45,14 @@ ns_os_inituserinfo(const char *username);
void
ns_os_changeuser(void);
void
ns_os_adjustnofile(void);
void
ns_os_minprivs(void);
void
ns_os_writepidfile(const char *filename, isc_boolean_t first_time);
void
ns_os_shutdown(void);

64
bin/named/unix/os.c
View File

@ -1,8 +1,8 @@
/*
* Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2006, 2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: os.c,v 1.66.18.11 2006/02/03 23:51:38 marka Exp $ */
/* $Id: os.c,v 1.66.18.17 2008/10/24 01:43:17 tbox Exp $ */
/*! \file */
@ -42,6 +42,7 @@
#include <isc/buffer.h>
#include <isc/file.h>
#include <isc/print.h>
#include <isc/resource.h>
#include <isc/result.h>
#include <isc/strerror.h>
#include <isc/string.h>
@ -116,6 +117,16 @@ static int dfd[2] = { -1, -1 };
static isc_boolean_t non_root = ISC_FALSE;
static isc_boolean_t non_root_caps = ISC_FALSE;
#if defined(HAVE_CAPSET)
#undef _POSIX_SOURCE
#ifdef HAVE_SYS_CAPABILITY_H
#include <sys/capability.h>
#else
#include <linux/capability.h>
int capset(cap_user_header_t hdrp, const cap_user_data_t datap);
#endif
#include <sys/prctl.h>
#else
/*%
* We define _LINUX_FS_H to prevent it from being included. We don't need
* anything from it, and the files it includes cause warnings with 2.2
@ -148,6 +159,7 @@ static isc_boolean_t non_root_caps = ISC_FALSE;
#endif
#define SYS_capset __NR_capset
#endif
#endif
static void
linux_setcaps(unsigned int caps) {
@ -165,13 +177,23 @@ linux_setcaps(unsigned int caps) {
cap.effective = caps;
cap.permitted = caps;
cap.inheritable = 0;
if (syscall(SYS_capset, &caphead, &cap) < 0) {
#ifdef HAVE_CAPSET
if (capset(&caphead, &cap) < 0 ) {
isc__strerror(errno, strbuf, sizeof(strbuf));
ns_main_earlyfatal("capset failed: %s:"
" please ensure that the capset kernel"
" module is loaded. see insmod(8)",
strbuf);
}
#else
if (syscall(SYS_capset, &caphead, &cap) < 0) {
isc__strerror(errno, strbuf, sizeof(strbuf));
ns_main_earlyfatal("syscall(capset) failed: %s:"
" please ensure that the capset kernel"
" module is loaded. see insmod(8)",
strbuf);
}
#endif
}
static void
@ -326,7 +348,7 @@ ns_os_daemonize(void) {
/*
* Wait for the child to finish loading for the first time.
* This would be so much simpler if fork() worked once we
* were multi-threaded.
* were multi-threaded.
*/
(void)close(dfd[1]);
do {
@ -496,15 +518,37 @@ ns_os_changeuser(void) {
ns_main_earlyfatal("setuid(): %s", strbuf);
}
#if defined(HAVE_LINUX_CAPABILITY_H) && !defined(HAVE_LINUXTHREADS)
linux_minprivs();
#endif
#if defined(HAVE_SYS_PRCTL_H) && defined(PR_SET_DUMPABLE)
/*
* Restore the ability of named to drop core after the setuid()
* call has disabled it.
*/
prctl(PR_SET_DUMPABLE,1,0,0,0);
if (prctl(PR_SET_DUMPABLE,1,0,0,0) < 0) {
isc__strerror(errno, strbuf, sizeof(strbuf));
ns_main_earlywarning("prctl(PR_SET_DUMPABLE) failed: %s",
strbuf);
}
#endif
#if defined(HAVE_LINUX_CAPABILITY_H) && !defined(HAVE_LINUXTHREADS)
linux_minprivs();
#endif
}
void
ns_os_adjustnofile() {
#ifdef HAVE_LINUXTHREADS
isc_result_t result;
isc_resourcevalue_t newvalue;
/*
* Linux: max number of open files specified by one thread doesn't seem
* to apply to other threads on Linux.
*/
newvalue = ISC_RESOURCE_UNLIMITED;
result = isc_resource_setlimit(isc_resource_openfiles, newvalue);
if (result != ISC_R_SUCCESS)
ns_main_earlywarning("couldn't adjust limit on open files");
#endif
}
@ -665,7 +709,7 @@ ns_os_shutdownmsg(char *command, isc_buffer_t *text) {
ptr = next_token(&input, " \t");
if (ptr == NULL)
return;
if (strcmp(ptr, "-p") != 0)
return;

66
bin/named/update.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: update.c,v 1.109.18.23 2007/08/28 07:20:01 tbox Exp $ */
/* $Id: update.c,v 1.109.18.27 2008/02/07 03:16:08 marka Exp $ */
#include <config.h>
@ -114,7 +114,7 @@
} \
update_log(client, zone, LOGLEVEL_PROTOCOL, \
"update %s: %s (%s)", _what, \
msg, isc_result_totext(result)); \
msg, isc_result_totext(result)); \
if (result != ISC_R_SUCCESS) goto failure; \
} while (0)
@ -403,7 +403,7 @@ foreach_node_rr_action(void *data, dns_rdataset_t *rdataset) {
result = dns_rdataset_next(rdataset))
{
rr_t rr = { 0, DNS_RDATA_INIT };
dns_rdataset_current(rdataset, &rr.rdata);
rr.ttl = rdataset->ttl;
result = (*ctx->rr_action)(ctx->rr_action_data, &rr);
@ -843,10 +843,14 @@ temp_check(isc_mem_t *mctx, dns_diff_t *temp, dns_db_t *db,
/* A new unique name begins here. */
node = NULL;
result = dns_db_findnode(db, name, ISC_FALSE, &node);
if (result == ISC_R_NOTFOUND)
if (result == ISC_R_NOTFOUND) {
dns_diff_clear(&trash);
return (DNS_R_NXRRSET);
if (result != ISC_R_SUCCESS)
}
if (result != ISC_R_SUCCESS) {
dns_diff_clear(&trash);
return (result);
}
/* A new unique type begins here. */
while (t != NULL && dns_name_equal(&t->name, name)) {
@ -854,7 +858,7 @@ temp_check(isc_mem_t *mctx, dns_diff_t *temp, dns_db_t *db,
dns_rdataset_t rdataset;
dns_diff_t d_rrs; /* Database RRs with
this name and type */
dns_diff_t u_rrs; /* Update RRs with
dns_diff_t u_rrs; /* Update RRs with
this name and type */
*typep = type = t->rdata.type;
@ -874,6 +878,7 @@ temp_check(isc_mem_t *mctx, dns_diff_t *temp, dns_db_t *db,
&rdataset, NULL);
if (result != ISC_R_SUCCESS) {
dns_db_detachnode(db, &node);
dns_diff_clear(&trash);
return (DNS_R_NXRRSET);
}
@ -1119,7 +1124,7 @@ typedef struct {
static isc_result_t
add_rr_prepare_action(void *data, rr_t *rr) {
isc_result_t result = ISC_R_SUCCESS;
isc_result_t result = ISC_R_SUCCESS;
add_rr_prepare_ctx_t *ctx = data;
dns_difftuple_t *tuple = NULL;
isc_boolean_t equal;
@ -1647,10 +1652,11 @@ ksk_sanity(dns_db_t *db, dns_dbversion_t *ver) {
* Add RRSIG records for an RRset, recording the change in "diff".
*/
static isc_result_t
add_sigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
dns_rdatatype_t type, dns_diff_t *diff, dst_key_t **keys,
unsigned int nkeys, isc_mem_t *mctx, isc_stdtime_t inception,
isc_stdtime_t expire, isc_boolean_t check_ksk)
add_sigs(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
dns_dbversion_t *ver, dns_name_t *name, dns_rdatatype_t type,
dns_diff_t *diff, dst_key_t **keys, unsigned int nkeys,
isc_mem_t *mctx, isc_stdtime_t inception, isc_stdtime_t expire,
isc_boolean_t check_ksk)
{
isc_result_t result;
dns_dbnode_t *node = NULL;
@ -1659,6 +1665,7 @@ add_sigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
isc_buffer_t buffer;
unsigned char data[1024]; /* XXX */
unsigned int i;
isc_boolean_t added_sig = ISC_FALSE;
dns_rdataset_init(&rdataset);
isc_buffer_init(&buffer, data, sizeof(data));
@ -1671,14 +1678,14 @@ add_sigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
dns_db_detachnode(db, &node);
for (i = 0; i < nkeys; i++) {
if (check_ksk && type != dns_rdatatype_dnskey &&
(dst_key_flags(keys[i]) & DNS_KEYFLAG_KSK) != 0)
continue;
if (!dst_key_isprivate(keys[i]))
continue;
/* Calculate the signature, creating a RRSIG RDATA. */
CHECK(dns_dnssec_sign(name, &rdataset, keys[i],
&inception, &expire,
@ -1689,6 +1696,13 @@ add_sigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
CHECK(update_one_rr(db, ver, diff, DNS_DIFFOP_ADD, name,
rdataset.ttl, &sig_rdata));
dns_rdata_reset(&sig_rdata);
added_sig = ISC_TRUE;
}
if (!added_sig) {
update_log(client, zone, ISC_LOG_ERROR,
"found no private keys, "
"unable to generate any signatures");
result = ISC_R_NOTFOUND;
}
failure:
@ -1770,7 +1784,7 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
CHECK(dns_db_findnode(db, dns_db_origin(db), ISC_FALSE, &node));
dns_rdataset_init(&rdataset);
CHECK(dns_db_findrdataset(db, node, newver, dns_rdatatype_soa, 0,
(isc_stdtime_t) 0, &rdataset, NULL));
(isc_stdtime_t) 0, &rdataset, NULL));
CHECK(dns_rdataset_first(&rdataset));
dns_rdataset_current(&rdataset, &rdata);
CHECK(dns_rdata_tostruct(&rdata, &soa, NULL));
@ -1820,9 +1834,9 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
*/
CHECK(rrset_exists(db, newver, name, type, 0, &flag));
if (flag) {
CHECK(add_sigs(db, newver, name, type,
&sig_diff, zone_keys, nkeys,
client->mctx, inception,
CHECK(add_sigs(client, zone, db, newver, name,
type, &sig_diff, zone_keys,
nkeys, client->mctx, inception,
expire, check_ksk));
}
skip:
@ -2006,10 +2020,10 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
dns_rdatatype_rrsig, dns_rdatatype_nsec,
NULL, &sig_diff));
} else if (t->op == DNS_DIFFOP_ADD) {
CHECK(add_sigs(db, newver, &t->name, dns_rdatatype_nsec,
&sig_diff, zone_keys, nkeys,
client->mctx, inception, expire,
check_ksk));
CHECK(add_sigs(client, zone, db, newver, &t->name,
dns_rdatatype_nsec, &sig_diff,
zone_keys, nkeys, client->mctx,
inception, expire, check_ksk));
} else {
INSIST(0);
}
@ -2274,7 +2288,7 @@ check_mx(ns_client_t *client, dns_zone_t *zone,
ownerbuf, namebuf,
dns_result_totext(DNS_R_MXISADDRESS));
}
/*
* Check zone integrity checks.
*/
@ -2474,7 +2488,7 @@ update_action(isc_task_t *task, isc_event_t *event) {
else if (client->signer == NULL)
CHECK(checkupdateacl(client, NULL, "update", zonename,
ISC_FALSE));
if (dns_zone_getupdatedisabled(zone))
FAILC(DNS_R_REFUSED, "dynamic update temporarily disabled");
@ -2881,7 +2895,7 @@ update_action(isc_task_t *task, isc_event_t *event) {
* The reason for failure should have been logged at this point.
*/
if (ver != NULL) {
update_log(client, zone, LOGLEVEL_DEBUG,
update_log(client, zone, LOGLEVEL_DEBUG,
"rolling back");
dns_db_closeversion(db, &ver, ISC_FALSE);
}
@ -2933,7 +2947,7 @@ updatedone_action(isc_task_t *task, isc_event_t *event) {
static void
forward_fail(isc_task_t *task, isc_event_t *event) {
ns_client_t *client = (ns_client_t *)event->ev_arg;
ns_client_t *client = (ns_client_t *)event->ev_arg;
UNUSED(task);

12
bin/nsupdate/Makefile.in
View File

@ -1,7 +1,7 @@
# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2004, 2008 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2000-2002 Internet Software Consortium.
#
# Permission to use, copy, modify, and distribute this software for any
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: Makefile.in,v 1.22.18.1 2004/07/20 07:03:20 marka Exp $
# $Id: Makefile.in,v 1.22.18.3 2008/08/29 23:46:16 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@ -55,7 +55,7 @@ UOBJS =
SRCS = nsupdate.c
MANPAGES = nsupdate.8
MANPAGES = nsupdate.1
HTMLPAGES = nsupdate.html
@ -76,8 +76,8 @@ clean distclean::
installdirs:
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir}
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man1
install:: nsupdate@EXEEXT@ installdirs
${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} nsupdate@EXEEXT@ ${DESTDIR}${bindir}
${INSTALL_DATA} ${srcdir}/nsupdate.8 ${DESTDIR}${mandir}/man8
${INSTALL_DATA} ${srcdir}/nsupdate.1 ${DESTDIR}${mandir}/man1

8
bin/nsupdate/nsupdate.8 → bin/nsupdate/nsupdate.1
View File

@ -1,4 +1,4 @@
.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: nsupdate.8,v 1.30.18.14 2007/05/09 03:33:13 marka Exp $
.\" $Id: nsupdate.1,v 1.1.4.2 2008/09/01 02:29:00 tbox Exp $
.\"
.hy 0
.ad l
@ -24,7 +24,7 @@
.\" Manual: BIND9
.\" Source: BIND9
.\"
.TH "NSUPDATE" "8" "Jun 30, 2000" "BIND9" "BIND9"
.TH "NSUPDATE" "1" "Jun 30, 2000" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@ -342,7 +342,7 @@ base\-64 encoding of HMAC\-MD5 key created by
.PP
The TSIG key is redundantly stored in two separate files. This is a consequence of nsupdate using the DST library for its cryptographic operations, and may change in future releases.
.SH "COPYRIGHT"
Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2004\-2008 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000\-2003 Internet Software Consortium.
.br

29
bin/nsupdate/nsupdate.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: nsupdate.c,v 1.130.18.19 2007/08/28 07:20:01 tbox Exp $ */
/* $Id: nsupdate.c,v 1.130.18.22 2008/01/17 23:45:58 tbox Exp $ */
/*! \file */
@ -311,7 +311,7 @@ parse_hmac(dns_name_t **hmac, const char *hmacstr, size_t len) {
strncpy(buf, hmacstr, len);
buf[len] = 0;
if (strcasecmp(buf, "hmac-md5") == 0) {
*hmac = DNS_TSIG_HMACMD5_NAME;
} else if (strncasecmp(buf, "hmac-md5-", 9) == 0) {
@ -1155,7 +1155,7 @@ evaluate_key(char *cmdline) {
secret = isc_mem_allocate(mctx, secretlen);
if (secret == NULL)
fatal("out of memory");
isc_buffer_init(&secretbuf, secret, secretlen);
result = isc_base64_decodestring(secretstr, &secretbuf);
if (result != ISC_R_SUCCESS) {
@ -1222,8 +1222,8 @@ evaluate_class(char *cmdline) {
}
r.base = word;
r.length = strlen(word);
result = dns_rdataclass_fromtext(&rdclass, &r);
r.length = strlen(word);
result = dns_rdataclass_fromtext(&rdclass, &r);
if (result != ISC_R_SUCCESS) {
fprintf(stderr, "could not parse class name: %s\n", word);
return (STATUS_SYNTAX);
@ -1407,8 +1407,7 @@ update_addordelete(char *cmdline, isc_boolean_t isdelete) {
failure:
if (name != NULL)
dns_message_puttempname(updatemsg, &name);
if (rdata != NULL)
dns_message_puttemprdata(updatemsg, &rdata);
dns_message_puttemprdata(updatemsg, &rdata);
return (STATUS_SYNTAX);
}
@ -1480,7 +1479,7 @@ show_message(dns_message_t *msg) {
setzone(userzone);
bufsz = INITTEXT;
do {
do {
if (bufsz > MAXTEXT) {
fprintf(stderr, "could not allocate large enough "
"buffer to display message\n");
@ -1662,7 +1661,7 @@ update_completed(isc_task_t *task, isc_event_t *event) {
char buf[64];
isc_buffer_t b;
dns_rdataset_t *rds;
isc_buffer_init(&b, buf, sizeof(buf) - 1);
result = dns_rcode_totext(answer->rcode, &b);
check_result(result, "dns_rcode_totext");
@ -1678,7 +1677,7 @@ update_completed(isc_task_t *task, isc_event_t *event) {
int bufsz;
bufsz = INITTEXT;
do {
do {
if (bufsz > MAXTEXT) {
fprintf(stderr, "could not allocate large "
"enough buffer to display message\n");
@ -1766,7 +1765,7 @@ recvsoa(isc_task_t *task, isc_event_t *event) {
ddebug("recvsoa()");
requests--;
REQUIRE(event->ev_type == DNS_EVENT_REQUESTDONE);
reqev = (dns_requestevent_t *)event;
request = reqev->request;
@ -1883,7 +1882,7 @@ recvsoa(isc_task_t *task, isc_event_t *event) {
section = DNS_SECTION_ANSWER;
else if (pass == 1)
section = DNS_SECTION_AUTHORITY;
else
else
goto droplabel;
result = dns_message_firstname(rcvmsg, section);
@ -1912,7 +1911,7 @@ recvsoa(isc_task_t *task, isc_event_t *event) {
break;
}
}
result = dns_message_nextname(rcvmsg, section);
}
@ -1977,7 +1976,7 @@ recvsoa(isc_task_t *task, isc_event_t *event) {
dns_message_destroy(&rcvmsg);
ddebug("Out of recvsoa");
return;
droplabel:
result = dns_message_firstname(soaquery, DNS_SECTION_QUESTION);
INSIST(result == ISC_R_SUCCESS);

7
bin/nsupdate/nsupdate.docbook
View File

@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@ -18,14 +18,14 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: nsupdate.docbook,v 1.18.18.10 2007/08/28 07:20:01 tbox Exp $ -->
<!-- $Id: nsupdate.docbook,v 1.18.18.12 2008/08/29 23:46:16 tbox Exp $ -->
<refentry>
<refentryinfo>
<date>Jun 30, 2000</date>
</refentryinfo>
<refmeta>
<refentrytitle>nsupdate</refentrytitle>
<manvolnum>8</manvolnum>
<manvolnum>1</manvolnum>
<refmiscinfo>BIND9</refmiscinfo>
</refmeta>
<refnamediv>
@ -39,6 +39,7 @@
<year>2005</year>
<year>2006</year>
<year>2007</year>
<year>2008</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>

16
bin/nsupdate/nsupdate.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: nsupdate.html,v 1.14.18.22 2007/05/09 03:33:13 marka Exp $ -->
<!-- $Id: nsupdate.html,v 1.14.18.23 2008/09/01 02:29:00 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">nsupdate</code> [<code class="option">-d</code>] [[<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] | [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-v</code>] [filename]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543417"></a><h2>DESCRIPTION</h2>
<a name="id2543420"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">nsupdate</strong></span>
is used to submit Dynamic DNS Update requests as defined in RFC2136
to a name server.
@ -153,7 +153,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543645"></a><h2>INPUT FORMAT</h2>
<a name="id2543649"></a><h2>INPUT FORMAT</h2>
<p><span><strong class="command">nsupdate</strong></span>
reads input from
<em class="parameter"><code>filename</code></em>
@ -402,7 +402,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544648"></a><h2>EXAMPLES</h2>
<a name="id2544446"></a><h2>EXAMPLES</h2>
<p>
The examples below show how
<span><strong class="command">nsupdate</strong></span>
@ -456,7 +456,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544692"></a><h2>FILES</h2>
<a name="id2544490"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt>
<dd><p>
@ -475,7 +475,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2544829"></a><h2>SEE ALSO</h2>
<a name="id2544560"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">RFC2136</span></span>,
<span class="citerefentry"><span class="refentrytitle">RFC3007</span></span>,
<span class="citerefentry"><span class="refentrytitle">RFC2104</span></span>,
@ -488,7 +488,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544900"></a><h2>BUGS</h2>
<a name="id2542172"></a><h2>BUGS</h2>
<p>
The TSIG key is redundantly stored in two separate files.
This is a consequence of nsupdate using the DST library

12
bin/rndc/rndc-confgen.c
View File

@ -1,8 +1,8 @@
/*
* Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004, 2005, 2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: rndc-confgen.c,v 1.18.18.3 2005/04/29 00:15:40 marka Exp $ */
/* $Id: rndc-confgen.c,v 1.18.18.5 2008/10/15 23:46:06 tbox Exp $ */
/*! \file */
@ -62,7 +62,7 @@
#define DEFAULT_PORT 953
static char program[256];
char *progname;
const char *progname;
isc_boolean_t verbose = ISC_FALSE;
@ -148,7 +148,7 @@ main(int argc, char **argv) {
isc_boolean_t keyonly = ISC_FALSE;
int len;
keydef = keyfile = RNDC_KEYFILE;
keydef = keyfile = RNDC_KEYFILE;
result = isc_file_progname(*argv, program, sizeof(program));
if (result != ISC_R_SUCCESS)
@ -286,7 +286,7 @@ main(int argc, char **argv) {
fatal("isc_mem_get(%d) failed\n", len);
snprintf(buf, len, "%s%s%s", chrootdir,
(*keyfile != '/') ? "/" : "", keyfile);
write_key_file(buf, user, keyname, &key_txtbuffer);
isc_mem_put(mctx, buf, len);
}

3
bin/rndc/rndc.8
View File

@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: rndc.8,v 1.26.18.15 2007/06/20 02:26:58 marka Exp $
.\" $Id: rndc.8,v 1.26.18.16 2007/12/14 22:37:16 marka Exp $
.\"
.hy 0
.ad l
@ -133,6 +133,7 @@ Several error messages could be clearer.
.SH "SEE ALSO"
.PP
\fBrndc.conf\fR(5),
\fBrndc\-confgen\fR(8),
\fBnamed\fR(8),
\fBnamed.conf\fR(5),
\fBndc\fR(8),

22
bin/rndc/rndc.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: rndc.c,v 1.96.18.17.42.3 2008/07/23 23:16:43 marka Exp $ */
/* $Id: rndc.c,v 1.96.18.21 2008/10/15 03:07:19 marka Exp $ */
/*! \file */
@ -61,7 +61,7 @@
#define SERVERADDRS 10
char *progname;
const char *progname;
isc_boolean_t verbose;
static const char *admin_conffile;
@ -93,7 +93,7 @@ static void
usage(int status) {
fprintf(stderr, "\
Usage: %s [-c config] [-s server] [-p port]\n\
[-k key-file ] [-y key] [-V] command\n\
[-k key-file ] [-y key] [-V] command\n\
\n\
command is one of the following:\n\
\n\
@ -106,10 +106,10 @@ command is one of the following:\n\
Retransfer a single zone without checking serial number.\n\
freeze Suspend updates to all dynamic zones.\n\
freeze zone [class [view]]\n\
Suspend updates to a dynamic zone.\n\
Suspend updates to a dynamic zone.\n\
thaw Enable updates to all dynamic zones and reload them.\n\
thaw zone [class [view]]\n\
Enable updates to a frozen dynamic zone and reload it.\n\
Enable updates to a frozen dynamic zone and reload it.\n\
notify zone [class [view]]\n\
Resend NOTIFY messages for the zone.\n\
reconfig Reload configuration file and new zones only.\n\
@ -152,7 +152,7 @@ get_addresses(const char *host, in_port_t port) {
result = isc_sockaddr_frompath(&serveraddrs[nserveraddrs],
host);
if (result == ISC_R_SUCCESS)
nserveraddrs++;
nserveraddrs++;
} else {
count = SERVERADDRS - nserveraddrs;
result = bind9_getaddresses(host, port,
@ -485,7 +485,7 @@ parse_config(isc_mem_t *mctx, isc_log_t *log, const char *keyname,
(void)cfg_map_get(config, "server", &servers);
if (servers != NULL) {
for (elt = cfg_list_first(servers);
elt != NULL;
elt != NULL;
elt = cfg_list_next(elt))
{
const char *name;
@ -521,7 +521,7 @@ parse_config(isc_mem_t *mctx, isc_log_t *log, const char *keyname,
else {
DO("get config key list", cfg_map_get(config, "key", &keys));
for (elt = cfg_list_first(keys);
elt != NULL;
elt != NULL;
elt = cfg_list_next(elt))
{
key = cfg_listelt_value(elt);
@ -599,7 +599,7 @@ parse_config(isc_mem_t *mctx, isc_log_t *log, const char *keyname,
get_addresses(name, (in_port_t) myport);
else
fprintf(stderr, "too many address: "
"%s: dropped\n", name);
"%s: dropped\n", name);
continue;
}
sa = *cfg_obj_assockaddr(address);
@ -739,7 +739,7 @@ main(int argc, char **argv) {
case 'y':
keyname = isc_commandline_argument;
break;
case '?':
usage(0);
break;
@ -773,7 +773,7 @@ main(int argc, char **argv) {
logdest.file.maximum_size = 0;
DO("creating log channel",
isc_log_createchannel(logconfig, "stderr",
ISC_LOG_TOFILEDESC, ISC_LOG_INFO, &logdest,
ISC_LOG_TOFILEDESC, ISC_LOG_INFO, &logdest,
ISC_LOG_PRINTTAG|ISC_LOG_PRINTLEVEL));
DO("enabling log channel", isc_log_usechannel(logconfig, "stderr",
NULL, NULL));

5
bin/rndc/rndc.docbook
View File

@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: rndc.docbook,v 1.8.18.12 2007/08/28 07:20:01 tbox Exp $ -->
<!-- $Id: rndc.docbook,v 1.8.18.13 2007/12/14 20:53:58 marka Exp $ -->
<refentry id="man.rndc">
<refentryinfo>
<date>June 30, 2000</date>
@ -224,6 +224,9 @@
<para><citerefentry>
<refentrytitle>rndc.conf</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>rndc-confgen</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,

5
bin/rndc/rndc.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: rndc.html,v 1.8.18.22 2007/06/20 02:26:58 marka Exp $ -->
<!-- $Id: rndc.html,v 1.8.18.23 2007/12/14 22:37:16 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -149,6 +149,7 @@
<div class="refsect1" lang="en">
<a name="id2543683"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">ndc</span>(8)</span>,
@ -156,7 +157,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543730"></a><h2>AUTHOR</h2>
<a name="id2543738"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

161
configure.in
View File

@ -18,7 +18,7 @@ AC_DIVERT_PUSH(1)dnl
esyscmd([sed "s/^/# /" COPYRIGHT])dnl
AC_DIVERT_POP()dnl
AC_REVISION($Revision: 1.355.18.71.8.2 $)
AC_REVISION($Revision: 1.355.18.85 $)
AC_INIT(lib/dns/name.c)
AC_PREREQ(2.59)
@ -232,6 +232,15 @@ case "$host" in
STD_CDEFINES="$STD_CDEFINES -D_XPG4_2 -D__EXTENSIONS__"
CPPFLAGS="$CPPFLAGS -D_XPG4_2 -D__EXTENSIONS__"
;;
# POSIX doesn't include the IPv6 Advanced Socket API and glibc hides
# parts of the IPv6 Advanced Socket API as a result. This is stupid
# as it breaks how the two halves (Basic and Advanced) of the IPv6
# Socket API were designed to be used but we have to live with it.
# Define _GNU_SOURCE to pull in the IPv6 Advanced Socket API.
*-linux*)
STD_CDEFINES="$STD_CDEFINES -D_GNU_SOURCE"
CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE"
;;
esac
AC_HEADER_STDC
@ -245,6 +254,7 @@ AC_CHECK_HEADERS(fcntl.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param
AC_C_CONST
AC_C_INLINE
AC_C_VOLATILE
AC_CHECK_FUNC(sysctlbyname, AC_DEFINE(HAVE_SYSCTLBYNAME))
#
@ -316,6 +326,78 @@ lifconf.lifc_len = 0;
ISC_PLATFORM_HAVELIFCONF="#undef ISC_PLATFORM_HAVELIFCONF"])
AC_SUBST(ISC_PLATFORM_HAVELIFCONF)
#
# check if we have kqueue
#
AC_ARG_ENABLE(kqueue,
[ --enable-kqueue use BSD kqueue when available [[default=yes]]],
want_kqueue="$enableval", want_kqueue="yes")
case $want_kqueue in
yes)
AC_CHECK_FUNC(kqueue, ac_cv_have_kqueue=yes, ac_cv_have_kqueue=no)
case $ac_cv_have_kqueue in
yes)
ISC_PLATFORM_HAVEKQUEUE="#define ISC_PLATFORM_HAVEKQUEUE 1"
;;
*)
ISC_PLATFORM_HAVEKQUEUE="#undef ISC_PLATFORM_HAVEKQUEUE"
;;
esac
;;
*)
ISC_PLATFORM_HAVEKQUEUE="#undef ISC_PLATFORM_HAVEKQUEUE"
;;
esac
AC_SUBST(ISC_PLATFORM_HAVEKQUEUE)
#
# check if we have epoll. Linux kernel 2.4 has epoll_create() which fails,
# so we need to try running the code, not just test its existence.
#
AC_ARG_ENABLE(epoll,
[ --enable-epoll use Linux epoll when available [[default=yes]]],
want_epoll="$enableval", want_epoll="yes")
case $want_epoll in
yes)
AC_MSG_CHECKING(epoll support)
AC_TRY_RUN([
#include <sys/epoll.h>
int main() {
if (epoll_create(1) < 0)
return (1);
return (0);
}
],
[AC_MSG_RESULT(yes)
ISC_PLATFORM_HAVEEPOLL="#define ISC_PLATFORM_HAVEEPOLL 1"],
[AC_MSG_RESULT(no)
ISC_PLATFORM_HAVEEPOLL="#undef ISC_PLATFORM_HAVEEPOLL"])
;;
*)
ISC_PLATFORM_HAVEEPOLL="#undef ISC_PLATFORM_HAVEEPOLL"
;;
esac
AC_SUBST(ISC_PLATFORM_HAVEEPOLL)
#
# check if we support /dev/poll
#
AC_ARG_ENABLE(devpoll,
[ --enable-devpoll use /dev/poll when available [[default=yes]]],
want_devpoll="$enableval", want_devpoll="yes")
case $want_devpoll in
yes)
AC_CHECK_HEADERS(sys/devpoll.h,
ISC_PLATFORM_HAVEDEVPOLL="#define ISC_PLATFORM_HAVEDEVPOLL 1"
,
ISC_PLATFORM_HAVEDEVPOLL="#undef ISC_PLATFORM_HAVEDEVPOLL"
)
;;
*)
ISC_PLATFORM_HAVEDEVPOLL="#undef ISC_PLATFORM_HAVEDEVPOLL"
;;
esac
AC_SUBST(ISC_PLATFORM_HAVEDEVPOLL)
#
# check if we need to #include sys/select.h explicitly
@ -898,6 +980,16 @@ case "$host" in
;;
esac
#
# Work around Solaris's select() limitations.
#
case "$host" in
*-solaris2.[[89]]|*-solaris2.1?)
AC_DEFINE(FD_SETSIZE, 65536,
[Solaris hack to get select_large_fdset.])
;;
esac
#
# Purify support
#
@ -943,6 +1035,14 @@ AC_SUBST(PURIFY)
#
# GNU libtool support
#
case $build_os in
sunos*)
# Just set the maximum command line length for sunos as it otherwise
# takes a exceptionally long time to work it out. Required for libtool.
lt_cv_sys_max_cmd_len=4096;
;;
esac
AC_ARG_WITH(libtool,
[ --with-libtool use GNU libtool (following indented options supported)],
use_libtool="$withval", use_libtool="no")
@ -1695,7 +1795,8 @@ AC_ARG_ENABLE(linux-caps,
[ --disable-linux-caps disable linux capabilities])
case "$enable_linux_caps" in
yes|'')
AC_CHECK_HEADERS(linux/capability.h)
AC_CHECK_HEADERS(linux/capability.h sys/capability.h)
AC_CHECK_FUNCS(capset)
;;
no)
;;
@ -1781,6 +1882,18 @@ AC_MSG_RESULT(cannot determine type of rlim_cur when cross compiling - assuming
])
AC_SUBST(ISC_PLATFORM_RLIMITTYPE)
#
# Older HP-UX doesn't have gettune
#
case "$host" in
*-hp-hpux*)
AC_CHECK_HEADERS(sys/dyntune.h)
;;
*)
;;
esac
#
# Compaq TruCluster requires more code for handling cluster IP aliases
#
@ -1839,7 +1952,7 @@ case "$host" in
[*-solaris2.[89]])
hack_shutup_pthreadonceinit=yes
;;
*-solaris2.1[0-9])
*-solaris2.1[[0-9]])
hack_shutup_pthreadonceinit=yes
;;
esac
@ -2162,27 +2275,39 @@ AC_SUBST($1)
])
#
# Look for Docbook-XSL stylesheets. Location probably varies by
# system. Guessing where it might be found, based on where SGML stuff
# lives on some systems. FreeBSD is the only one I'm sure of at the
# moment.
# Look for Docbook-XSL stylesheets. Location probably varies by system.
# If it's not explicitly specified, guess where it might be found, based on
# where SGML stuff lives on some systems (FreeBSD is the only one we're sure
# of at the moment).
#
docbook_xsl_trees="/usr/pkg/share/xsl /usr/local/share/xsl /usr/share/xsl"
AC_MSG_CHECKING(for Docbook-XSL path)
AC_ARG_WITH(docbook-xsl,
[ --with-docbook-xsl=PATH Specify path for Docbook-XSL stylesheets],
docbook_path="$withval", docbook_path="auto")
case "$docbook_path" in
auto)
AC_MSG_RESULT(auto)
docbook_xsl_trees="/usr/pkg/share/xsl/docbook /usr/local/share/xsl/docbook /usr/share/xsl/docbook"
;;
*)
docbook_xsl_trees="$withval"
AC_MSG_RESULT($docbook_xsl_trees)
;;
esac
#
# Look for stylesheets we need.
#
NOM_PATH_FILE(XSLT_DOCBOOK_STYLE_HTML, docbook/html/docbook.xsl, $docbook_xsl_trees)
NOM_PATH_FILE(XSLT_DOCBOOK_STYLE_XHTML, docbook/xhtml/docbook.xsl, $docbook_xsl_trees)
NOM_PATH_FILE(XSLT_DOCBOOK_STYLE_MAN, docbook/manpages/docbook.xsl, $docbook_xsl_trees)
NOM_PATH_FILE(XSLT_DOCBOOK_CHUNK_HTML, docbook/html/chunk.xsl, $docbook_xsl_trees)
NOM_PATH_FILE(XSLT_DOCBOOK_CHUNK_XHTML, docbook/xhtml/chunk.xsl, $docbook_xsl_trees)
NOM_PATH_FILE(XSLT_DOCBOOK_CHUNKTOC_HTML, docbook/html/chunktoc.xsl, $docbook_xsl_trees)
NOM_PATH_FILE(XSLT_DOCBOOK_CHUNKTOC_XHTML, docbook/xhtml/chunktoc.xsl, $docbook_xsl_trees)
NOM_PATH_FILE(XSLT_DOCBOOK_MAKETOC_HTML, docbook/html/maketoc.xsl, $docbook_xsl_trees)
NOM_PATH_FILE(XSLT_DOCBOOK_MAKETOC_XHTML, docbook/xhtml/maketoc.xsl, $docbook_xsl_trees)
NOM_PATH_FILE(XSLT_DOCBOOK_STYLE_HTML, html/docbook.xsl, $docbook_xsl_trees)
NOM_PATH_FILE(XSLT_DOCBOOK_STYLE_XHTML, xhtml/docbook.xsl, $docbook_xsl_trees)
NOM_PATH_FILE(XSLT_DOCBOOK_STYLE_MAN, manpages/docbook.xsl, $docbook_xsl_trees)
NOM_PATH_FILE(XSLT_DOCBOOK_CHUNK_HTML, html/chunk.xsl, $docbook_xsl_trees)
NOM_PATH_FILE(XSLT_DOCBOOK_CHUNK_XHTML, xhtml/chunk.xsl, $docbook_xsl_trees)
NOM_PATH_FILE(XSLT_DOCBOOK_CHUNKTOC_HTML, html/chunktoc.xsl, $docbook_xsl_trees)
NOM_PATH_FILE(XSLT_DOCBOOK_CHUNKTOC_XHTML, xhtml/chunktoc.xsl, $docbook_xsl_trees)
NOM_PATH_FILE(XSLT_DOCBOOK_MAKETOC_HTML, html/maketoc.xsl, $docbook_xsl_trees)
NOM_PATH_FILE(XSLT_DOCBOOK_MAKETOC_XHTML, xhtml/maketoc.xsl, $docbook_xsl_trees)
#
# Same dance for db2latex

302
doc/arm/Bv9ARM-book.xml
View File

@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- File: $Id: Bv9ARM-book.xml,v 1.241.18.82.8.3 2008/07/23 12:04:32 marka Exp $ -->
<!-- File: $Id: Bv9ARM-book.xml,v 1.241.18.97 2008/10/17 19:37:35 jreed Exp $ -->
<book xmlns:xi="http://www.w3.org/2001/XInclude">
<title>BIND 9 Administrator Reference Manual</title>
@ -639,13 +639,11 @@
<title>Supported Operating Systems</title>
<para>
ISC <acronym>BIND</acronym> 9 compiles and runs on a large
number
of Unix-like operating system and on NT-derived versions of
Microsoft Windows such as Windows 2000 and Windows XP. For an
up-to-date
list of supported systems, see the README file in the top level
directory
of the BIND 9 source distribution.
number of Unix-like operating systems, and on some versions of
Microsoft Windows including Windows XP, Windows 2003, and
Windows 2008. For an up-to-date list of supported systems,
see the README file in the top level directory of the BIND 9
source distribution.
</para>
</sect1>
</chapter>
@ -2927,6 +2925,33 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
</para>
</entry>
</row>
<row rowsep="0">
<entry colname="1">
<para>
<varname>port_list</varname>
</para>
</entry>
<entry colname="2">
<para>
A list of an <varname>ip_port</varname> or a port
range.
A port range is specified in the form of
<userinput>range</userinput> followed by
two <varname>ip_port</varname>s,
<varname>port_low</varname> and
<varname>port_high</varname>, which represents
port numbers from <varname>port_low</varname> through
<varname>port_high</varname>, inclusive.
<varname>port_low</varname> must not be larger than
<varname>port_high</varname>.
For example,
<userinput>range 1024 65535</userinput> represents
ports from 1024 through 65535.
In either case an asterisk (`*') character is not
allowed as a valid <varname>ip_port</varname>.
</para>
</entry>
</row>
<row rowsep="0">
<entry colname="1">
<para>
@ -3582,7 +3607,7 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
</sect2>
<sect2>
<title><command>include</command> Statement Grammar</title>
<programlisting>include <replaceable>filename</replaceable>;</programlisting>
<programlisting><command>include</command> <replaceable>filename</replaceable>;</programlisting>
</sect2>
<sect2>
<title><command>include</command> Statement Definition and
@ -3603,7 +3628,7 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
<sect2>
<title><command>key</command> Statement Grammar</title>
<programlisting>key <replaceable>key_id</replaceable> {
<programlisting><command>key</command> <replaceable>key_id</replaceable> {
algorithm <replaceable>string</replaceable>;
secret <replaceable>string</replaceable>;
};
@ -4364,7 +4389,7 @@ category notify { null; };
statement in the <filename>named.conf</filename> file:
</para>
<programlisting>options {
<programlisting><command>options</command> {
<optional> version <replaceable>version_string</replaceable>; </optional>
<optional> hostname <replaceable>hostname_string</replaceable>; </optional>
<optional> server-id <replaceable>server_id_string</replaceable>; </optional>
@ -4425,7 +4450,9 @@ category notify { null; };
<optional> update-check-ksk <replaceable>yes_or_no</replaceable>; </optional>
<optional> allow-v6-synthesis { <replaceable>address_match_list</replaceable> }; </optional>
<optional> blackhole { <replaceable>address_match_list</replaceable> }; </optional>
<optional> use-v4-udp-ports { <replaceable>port_list</replaceable> }; </optional>
<optional> avoid-v4-udp-ports { <replaceable>port_list</replaceable> }; </optional>
<optional> use-v6-udp-ports { <replaceable>port_list</replaceable> }; </optional>
<optional> avoid-v6-udp-ports { <replaceable>port_list</replaceable> }; </optional>
<optional> listen-on <optional> port <replaceable>ip_port</replaceable> </optional> { <replaceable>address_match_list</replaceable> }; </optional>
<optional> listen-on-v6 <optional> port <replaceable>ip_port</replaceable> </optional> { <replaceable>address_match_list</replaceable> }; </optional>
@ -5627,11 +5654,12 @@ options {
to address (A or AAAA) records and that glue
address records exist for delegated zones. For
MX and SRV records only in-zone hostnames are
checked (for out-of-zone hostnames use named-checkzone).
checked (for out-of-zone hostnames use
<command>named-checkzone</command>).
For NS records only names below top of zone are
checked (for out-of-zone names and glue consistency
checks use named-checkzone). The default is
<command>yes</command>.
checks use <command>named-checkzone</command>).
The default is <command>yes</command>.
</para>
</listitem>
</varlistentry>
@ -6058,7 +6086,7 @@ listen-on-v6 port 1234 { !2001:db8::/32; any; };
</para>
</sect3>
<sect3>
<sect3 id="query_address">
<title>Query Address</title>
<para>
If the server doesn't know the answer to a question, it will
@ -6068,25 +6096,94 @@ listen-on-v6 port 1234 { !2001:db8::/32; any; };
If <command>address</command> is <command>*</command> (asterisk) or is omitted,
a wildcard IP address (<command>INADDR_ANY</command>)
will be used.
</para>
<para>
If <command>port</command> is <command>*</command> or is omitted,
a random unprivileged port number is picked up and will be
used for each query.
It is generally strongly discouraged to
specify a particular port for the
<command>query-source</command> or
<command>query-source-v6</command> options;
it implicitly disables the use of randomized port numbers
and leads to insecure operation.
The <command>avoid-v4-udp-ports</command>
and <command>avoid-v6-udp-ports</command> options can be used
to prevent named
from selecting certain ports. The defaults are:
a random port number from a pre-configured
range is picked up and will be used for each query.
The port range(s) is that specified in
the <command>use-v4-udp-ports</command> (for IPv4)
and <command>use-v6-udp-ports</command> (for IPv6)
options, excluding the ranges specified in
the <command>avoid-v4-udp-ports</command>
and <command>avoid-v6-udp-ports</command> options, respectively.
</para>
<para>
The defaults of the <command>query-source</command> and
<command>query-source-v6</command> options
are:
</para>
<programlisting>query-source address * port *;
query-source-v6 address * port *;
</programlisting>
<para>
If <command>use-v4-udp-ports</command> or
<command>use-v6-udp-ports</command> is unspecified,
<command>named</command> will check if the operating
system provides a programming interface to retrieve the
system's default range for ephemeral ports.
If such an interface is available,
<command>named</command> will use the corresponding system
default range; otherwise, it will use its own defaults:
</para>
<programlisting>use-v4-udp-ports { range 1024 65535; };
use-v6-udp-ports { range 1024 65535; };
</programlisting>
<para>
Note: make sure the ranges be sufficiently large for
security. A desirable size depends on various parameters,
but we generally recommend it contain at least 16384 ports
(14 bits of entropy).
Note also that the system's default range when used may be
too small for this purpose, and that the range may even be
changed while <command>named</command> is running; the new
range will automatically be applied when <command>named</command>
is reloaded.
It is encouraged to
configure <command>use-v4-udp-ports</command> and
<command>use-v6-udp-ports</command> explicitly so that the
ranges are sufficiently large and are reasonably
independent from the ranges used by other applications.
</para>
<para>
Note: the operational configuration
where <command>named</command> runs may prohibit the use
of some ports. For example, UNIX systems will not allow
<command>named</command> running without a root privilege
to use ports less than 1024.
If such ports are included in the specified (or detected)
set of query ports, the corresponding query attempts will
fail, resulting in resolution failures or delay.
It is therefore important to configure the set of ports
that can be safely used in the expected operational environment.
</para>
<para>
The defaults of the <command>avoid-v4-udp-ports</command> and
<command>avoid-v6-udp-ports</command> options
are:
</para>
<programlisting>avoid-v4-udp-ports {};
avoid-v6-udp-ports {};
</programlisting>
<para>
Note: it is generally strongly discouraged to
specify a particular port for the
<command>query-source</command> or
<command>query-source-v6</command> options;
it implicitly disables the use of randomized port numbers
and can be insecure.
</para>
<note>
<para>
The address specified in the <command>query-source</command> option
@ -6432,17 +6529,48 @@ query-source-v6 address * port *;
</sect3>
<sect3>
<title>Bad UDP Port Lists</title>
<para><command>avoid-v4-udp-ports</command>
and <command>avoid-v6-udp-ports</command> specify a list
of IPv4 and IPv6 UDP ports that will not be used as system
assigned source ports for UDP sockets. These lists
prevent named from choosing as its random source port a
port that is blocked by your firewall. If a query went
out with such a source port, the answer would not get by
the firewall and the name server would have to query
again.
<title>UDP Port Lists</title>
<para>
<command>use-v4-udp-ports</command>,
<command>avoid-v4-udp-ports</command>,
<command>use-v6-udp-ports</command>, and
<command>avoid-v6-udp-ports</command>
specify a list of IPv4 and IPv6 UDP ports that will be
used or not used as source ports for UDP messages.
See <xref linkend="query_address"/> about how the
available ports are determined.
For example, with the following configuration
</para>
<programlisting>
use-v6-udp-ports { range 32768 65535; };
avoid-v6-udp-ports { 40000; range 50000 60000; };
</programlisting>
<para>
UDP ports of IPv6 messages sent
from <command>named</command> will be in one
of the following ranges: 32768 to 39999, 40001 to 49999,
and 60001 to 65535.
</para>
<para>
<command>avoid-v4-udp-ports</command> and
<command>avoid-v6-udp-ports</command> can be used
to prevent <command>named</command> from choosing as its random source port a
port that is blocked by your firewall or a port that is
used by other applications;
if a query went out with a source port blocked by a
firewall, the
answer would not get by the firewall and the name server would
have to query again.
Note: the desired range can also be represented only with
<command>use-v4-udp-ports</command> and
<command>use-v6-udp-ports</command>, and the
<command>avoid-</command> options are redundant in that
sense; they are provided for backward compatibility and
to possibly simplify the port specification.
</para>
</sect3>
<sect3>
@ -6618,8 +6746,10 @@ query-source-v6 address * port *;
transfers. The default is <literal>512</literal>.
The minimum value is <literal>128</literal> and the
maximum value is <literal>128</literal> less than
'files' or FD_SETSIZE (whichever is smaller). This
option may be removed in the future.
maxsockets (-S). This option may be removed in the future.
</para>
<para>
This option has little effect on Windows.
</para>
</listitem>
</varlistentry>
@ -6629,16 +6759,23 @@ query-source-v6 address * port *;
<listitem>
<para>
The maximum amount of memory to use for the
server's cache, in bytes. When the amount of data in the
cache
server's cache, in bytes.
When the amount of data in the cache
reaches this limit, the server will cause records to expire
prematurely so that the limit is not exceeded. In a server
with
multiple views, the limit applies separately to the cache of
each
view. The default is <literal>unlimited</literal>, meaning that
records are purged from the cache only when their TTLs
expire.
prematurely so that the limit is not exceeded.
A value of 0 is special, meaning that
records are purged from the cache only when their
TTLs expire.
Another special keyword <userinput>unlimited</userinput>
means the maximum value of 32-bit unsigned integers
(0xffffffff), which may not have the same effect as
0 on machines that support more than 32 bits of
memory space.
Any positive values less than 2MB will be ignored reset
to 2MB.
In a server with multiple views, the limit applies
separately to the cache of each view.
The default is 0.
</para>
</listitem>
</varlistentry>
@ -7041,6 +7178,10 @@ query-source-v6 address * port *;
Sets the maximum time for which the server will
cache ordinary (positive) answers. The default is
one week (7 days).
A value of zero may cause all queries to return
SERVFAIL, because of lost caches of intermediate
RRsets (such as NS and glue AAAA/A records) in the
resolution process.
</para>
</listitem>
</varlistentry>
@ -7320,9 +7461,8 @@ query-source-v6 address * port *;
<para>
The current list of empty zones is:
<itemizedlist>
<!-- XXX: The RFC1918 addresses are #defined out in sources currently.
<listitem>10.IN-ADDR.ARPA</listitem>
<listitem>127.IN-ADDR.ARPA</listitem>
<listitem>254.169.IN-ADDR.ARPA</listitem>
<listitem>16.172.IN-ADDR.ARPA</listitem>
<listitem>17.172.IN-ADDR.ARPA</listitem>
<listitem>18.172.IN-ADDR.ARPA</listitem>
@ -7340,7 +7480,12 @@ query-source-v6 address * port *;
<listitem>30.172.IN-ADDR.ARPA</listitem>
<listitem>31.172.IN-ADDR.ARPA</listitem>
<listitem>168.192.IN-ADDR.ARPA</listitem>
XXX: end of RFC1918 addresses #defined out -->
<listitem>0.IN-ADDR.ARPA</listitem>
<listitem>127.IN-ADDR.ARPA</listitem>
<listitem>254.169.IN-ADDR.ARPA</listitem>
<listitem>2.0.192.IN-ADDR.ARPA</listitem>
<listitem>255.255.255.255.IN-ADDR.ARPA</listitem>
<listitem>0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA</listitem>
<listitem>1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA</listitem>
<listitem>D.F.IP6.ARPA</listitem>
@ -7567,8 +7712,10 @@ query-source-v6 address * port *;
<command>success</command>,
<command>referral</command>,
<command>nxrrset</command>,
<command>nxdomain</command>, or
<command>failure</command>
<command>nxdomain</command>,
<command>failure</command>,
<command>duplicate</command>, or
<command>dropped</command>
to be incremented, and may additionally cause the
<command>recursion</command> counter to be
incremented.
@ -7699,7 +7846,7 @@ query-source-v6 address * port *;
<sect2 id="server_statement_grammar">
<title><command>server</command> Statement Grammar</title>
<programlisting>server <replaceable>ip_addr[/prefixlen]</replaceable> {
<programlisting><command>server</command> <replaceable>ip_addr[/prefixlen]</replaceable> {
<optional> bogus <replaceable>yes_or_no</replaceable> ; </optional>
<optional> provide-ixfr <replaceable>yes_or_no</replaceable> ; </optional>
<optional> request-ixfr <replaceable>yes_or_no</replaceable> ; </optional>
@ -7908,7 +8055,7 @@ query-source-v6 address * port *;
<sect2>
<title><command>trusted-keys</command> Statement Grammar</title>
<programlisting>trusted-keys {
<programlisting><command>trusted-keys</command> {
<replaceable>string</replaceable> <replaceable>number</replaceable> <replaceable>number</replaceable> <replaceable>number</replaceable> <replaceable>string</replaceable> ;
<optional> <replaceable>string</replaceable> <replaceable>number</replaceable> <replaceable>number</replaceable> <replaceable>number</replaceable> <replaceable>string</replaceable> ; <optional>...</optional></optional>
};
@ -7949,7 +8096,7 @@ query-source-v6 address * port *;
<sect2 id="view_statement_grammar">
<title><command>view</command> Statement Grammar</title>
<programlisting>view <replaceable>view_name</replaceable>
<programlisting><command>view</command> <replaceable>view_name</replaceable>
<optional><replaceable>class</replaceable></optional> {
match-clients { <replaceable>address_match_list</replaceable> };
match-destinations { <replaceable>address_match_list</replaceable> };
@ -8005,7 +8152,7 @@ query-source-v6 address * port *;
<para>
Zones defined within a <command>view</command>
statement will
be only be accessible to clients that match the <command>view</command>.
only be accessible to clients that match the <command>view</command>.
By defining a zone of the same name in multiple views, different
zone data can be given to different clients, for example,
"internal"
@ -8090,7 +8237,7 @@ view "external" {
<title><command>zone</command>
Statement Grammar</title>
<programlisting>zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replaceable></optional> {
<programlisting><command>zone</command> <replaceable>zone_name</replaceable> <optional><replaceable>class</replaceable></optional> {
type master;
<optional> allow-query { <replaceable>address_match_list</replaceable> }; </optional>
<optional> allow-transfer { <replaceable>address_match_list</replaceable> }; </optional>
@ -9433,6 +9580,19 @@ zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replacea
</para>
</entry>
</row>
<row rowsep="0">
<entry colname="1">
<para>
IPSECKEY
</para>
</entry>
<entry colname="2">
<para>
Provides a method for storing IPsec keying material in
DNS. Described in RFC 4025.
</para>
</entry>
</row>
<row rowsep="0">
<entry colname="1">
<para>
@ -9671,6 +9831,19 @@ zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replacea
</para>
</entry>
</row>
<row rowsep="0">
<entry colname="1">
<para>
SPF
</para>
</entry>
<entry colname="2">
<para>
Contains the Sender Policy Framework information
for a given email domain. Described in RFC 4408.
</para>
</entry>
</row>
<row rowsep="0">
<entry colname="1">
<para>
@ -9684,6 +9857,19 @@ zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replacea
</para>
</entry>
</row>
<row rowsep="0">
<entry colname="1">
<para>
SSHFP
</para>
</entry>
<entry colname="2">
<para>
Provides a way to securly publish a secure shell key's
fingerprint. Described in RFC 4255.
</para>
</entry>
</row>
<row rowsep="0">
<entry colname="1">
<para>
@ -10469,7 +10655,7 @@ $GENERATE 1-127 $ CNAME $.0</programlisting>
is equivalent to
</para>
<programlisting>0.0.0.192.IN-ADDR.ARPA NS SERVER1.EXAMPLE.
<programlisting>0.0.0.192.IN-ADDR.ARPA. NS SERVER1.EXAMPLE.
0.0.0.192.IN-ADDR.ARPA. NS SERVER2.EXAMPLE.
1.0.0.192.IN-ADDR.ARPA. CNAME 1.0.0.0.192.IN-ADDR.ARPA.
2.0.0.192.IN-ADDR.ARPA. CNAME 2.0.0.0.192.IN-ADDR.ARPA.

52
doc/arm/Bv9ARM.ch01.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.ch01.html,v 1.16.18.21 2007/10/31 01:35:57 marka Exp $ -->
<!-- $Id: Bv9ARM.ch01.html,v 1.16.18.26 2008/05/24 01:31:10 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -45,17 +45,17 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564117">Scope of Document</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564140">Organization of This Document</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2563474">Conventions Used in This Document</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564816">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2563405">Scope of Document</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564385">Organization of This Document</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564524">Conventions Used in This Document</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564637">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564837">DNS Fundamentals</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564871">Domains and Domain Names</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567208">Zones</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567285">Authoritative Name Servers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567526">Caching Name Servers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567588">Name Servers in Multiple Roles</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564659">DNS Fundamentals</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564693">Domains and Domain Names</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564845">Zones</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567243">Authoritative Name Servers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567416">Caching Name Servers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567546">Name Servers in Multiple Roles</a></span></dt>
</dl></dd>
</dl>
</div>
@ -71,7 +71,7 @@
</p>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2564117"></a>Scope of Document</h2></div></div></div>
<a name="id2563405"></a>Scope of Document</h2></div></div></div>
<p>
The Berkeley Internet Name Domain
(<acronym class="acronym">BIND</acronym>) implements a
@ -87,7 +87,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2564140"></a>Organization of This Document</h2></div></div></div>
<a name="id2564385"></a>Organization of This Document</h2></div></div></div>
<p>
In this document, <span class="emphasis"><em>Section 1</em></span> introduces
the basic <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym> concepts. <span class="emphasis"><em>Section 2</em></span>
@ -116,7 +116,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2563474"></a>Conventions Used in This Document</h2></div></div></div>
<a name="id2564524"></a>Conventions Used in This Document</h2></div></div></div>
<p>
In this document, we use the following general typographic
conventions:
@ -243,7 +243,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2564816"></a>The Domain Name System (<acronym class="acronym">DNS</acronym>)</h2></div></div></div>
<a name="id2564637"></a>The Domain Name System (<acronym class="acronym">DNS</acronym>)</h2></div></div></div>
<p>
The purpose of this document is to explain the installation
and upkeep of the <acronym class="acronym">BIND</acronym> (Berkeley Internet
@ -253,7 +253,7 @@
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2564837"></a>DNS Fundamentals</h3></div></div></div>
<a name="id2564659"></a>DNS Fundamentals</h3></div></div></div>
<p>
The Domain Name System (DNS) is a hierarchical, distributed
database. It stores information for mapping Internet host names to
@ -273,7 +273,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2564871"></a>Domains and Domain Names</h3></div></div></div>
<a name="id2564693"></a>Domains and Domain Names</h3></div></div></div>
<p>
The data stored in the DNS is identified by <span class="emphasis"><em>domain names</em></span> that are organized as a tree according to
organizational or administrative boundaries. Each node of the tree,
@ -319,7 +319,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2567208"></a>Zones</h3></div></div></div>
<a name="id2564845"></a>Zones</h3></div></div></div>
<p>
To properly operate a name server, it is important to understand
the difference between a <span class="emphasis"><em>zone</em></span>
@ -372,7 +372,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2567285"></a>Authoritative Name Servers</h3></div></div></div>
<a name="id2567243"></a>Authoritative Name Servers</h3></div></div></div>
<p>
Each zone is served by at least
one <span class="emphasis"><em>authoritative name server</em></span>,
@ -389,7 +389,7 @@
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2567308"></a>The Primary Master</h4></div></div></div>
<a name="id2567267"></a>The Primary Master</h4></div></div></div>
<p>
The authoritative server where the master copy of the zone
data is maintained is called the
@ -409,7 +409,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2567338"></a>Slave Servers</h4></div></div></div>
<a name="id2567297"></a>Slave Servers</h4></div></div></div>
<p>
The other authoritative servers, the <span class="emphasis"><em>slave</em></span>
servers (also known as <span class="emphasis"><em>secondary</em></span> servers)
@ -425,7 +425,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2567360"></a>Stealth Servers</h4></div></div></div>
<a name="id2567386"></a>Stealth Servers</h4></div></div></div>
<p>
Usually all of the zone's authoritative servers are listed in
NS records in the parent zone. These NS records constitute
@ -460,7 +460,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2567526"></a>Caching Name Servers</h3></div></div></div>
<a name="id2567416"></a>Caching Name Servers</h3></div></div></div>
<p>
The resolver libraries provided by most operating systems are
<span class="emphasis"><em>stub resolvers</em></span>, meaning that they are not
@ -487,7 +487,7 @@
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2567561"></a>Forwarding</h4></div></div></div>
<a name="id2567520"></a>Forwarding</h4></div></div></div>
<p>
Even a caching name server does not necessarily perform
the complete recursive lookup itself. Instead, it can
@ -514,7 +514,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2567588"></a>Name Servers in Multiple Roles</h3></div></div></div>
<a name="id2567546"></a>Name Servers in Multiple Roles</h3></div></div></div>
<p>
The <acronym class="acronym">BIND</acronym> name server can
simultaneously act as

36
doc/arm/Bv9ARM.ch02.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.ch02.html,v 1.13.18.21 2007/10/31 01:35:57 marka Exp $ -->
<!-- $Id: Bv9ARM.ch02.html,v 1.13.18.28 2008/09/12 01:32:08 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -45,16 +45,16 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567622">Hardware requirements</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567649">CPU Requirements</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567661">Memory Requirements</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567688">Name Server Intensive Environment Issues</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567699">Supported Operating Systems</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567580">Hardware requirements</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567607">CPU Requirements</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567620">Memory Requirements</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567851">Name Server Intensive Environment Issues</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567862">Supported Operating Systems</a></span></dt>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2567622"></a>Hardware requirements</h2></div></div></div>
<a name="id2567580"></a>Hardware requirements</h2></div></div></div>
<p>
<acronym class="acronym">DNS</acronym> hardware requirements have
traditionally been quite modest.
@ -73,7 +73,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2567649"></a>CPU Requirements</h2></div></div></div>
<a name="id2567607"></a>CPU Requirements</h2></div></div></div>
<p>
CPU requirements for <acronym class="acronym">BIND</acronym> 9 range from
i486-class machines
@ -84,7 +84,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2567661"></a>Memory Requirements</h2></div></div></div>
<a name="id2567620"></a>Memory Requirements</h2></div></div></div>
<p>
The memory of the server has to be large enough to fit the
cache and zones loaded off disk. The <span><strong class="command">max-cache-size</strong></span>
@ -107,7 +107,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2567688"></a>Name Server Intensive Environment Issues</h2></div></div></div>
<a name="id2567851"></a>Name Server Intensive Environment Issues</h2></div></div></div>
<p>
For name server intensive environments, there are two alternative
configurations that may be used. The first is where clients and
@ -124,16 +124,14 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2567699"></a>Supported Operating Systems</h2></div></div></div>
<a name="id2567862"></a>Supported Operating Systems</h2></div></div></div>
<p>
ISC <acronym class="acronym">BIND</acronym> 9 compiles and runs on a large
number
of Unix-like operating system and on NT-derived versions of
Microsoft Windows such as Windows 2000 and Windows XP. For an
up-to-date
list of supported systems, see the README file in the top level
directory
of the BIND 9 source distribution.
number of Unix-like operating systems, and on some versions of
Microsoft Windows including Windows XP, Windows 2003, and
Windows 2008. For an up-to-date list of supported systems,
see the README file in the top level directory of the BIND 9
source distribution.
</p>
</div>
</div>

28
doc/arm/Bv9ARM.ch03.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.ch03.html,v 1.35.18.31 2007/10/31 01:35:57 marka Exp $ -->
<!-- $Id: Bv9ARM.ch03.html,v 1.35.18.36 2008/05/24 01:31:10 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -47,14 +47,14 @@
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#sample_configuration">Sample Configurations</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568004">A Caching-only Name Server</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568020">An Authoritative-only Name Server</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567894">A Caching-only Name Server</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567910">An Authoritative-only Name Server</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568042">Load Balancing</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568465">Name Server Operations</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568001">Load Balancing</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568423">Name Server Operations</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568470">Tools for Use With the Name Server Daemon</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570184">Signals</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568428">Tools for Use With the Name Server Daemon</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570142">Signals</a></span></dt>
</dl></dd>
</dl>
</div>
@ -68,7 +68,7 @@
<a name="sample_configuration"></a>Sample Configurations</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2568004"></a>A Caching-only Name Server</h3></div></div></div>
<a name="id2567894"></a>A Caching-only Name Server</h3></div></div></div>
<p>
The following sample configuration is appropriate for a caching-only
name server for use by clients internal to a corporation. All
@ -95,7 +95,7 @@ zone "0.0.127.in-addr.arpa" {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2568020"></a>An Authoritative-only Name Server</h3></div></div></div>
<a name="id2567910"></a>An Authoritative-only Name Server</h3></div></div></div>
<p>
This sample configuration is for an authoritative-only server
that is the master server for "<code class="filename">example.com</code>"
@ -137,7 +137,7 @@ zone "eng.example.com" {
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2568042"></a>Load Balancing</h2></div></div></div>
<a name="id2568001"></a>Load Balancing</h2></div></div></div>
<p>
A primitive form of load balancing can be achieved in
the <acronym class="acronym">DNS</acronym> by using multiple records
@ -280,10 +280,10 @@ zone "eng.example.com" {
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2568465"></a>Name Server Operations</h2></div></div></div>
<a name="id2568423"></a>Name Server Operations</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2568470"></a>Tools for Use With the Name Server Daemon</h3></div></div></div>
<a name="id2568428"></a>Tools for Use With the Name Server Daemon</h3></div></div></div>
<p>
This section describes several indispensable diagnostic,
administrative and monitoring tools available to the system
@ -739,7 +739,7 @@ controls {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2570184"></a>Signals</h3></div></div></div>
<a name="id2570142"></a>Signals</h3></div></div></div>
<p>
Certain UNIX signals cause the name server to take specific
actions, as described in the following table. These signals can

72
doc/arm/Bv9ARM.ch04.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.ch04.html,v 1.40.18.41 2007/10/31 01:35:57 marka Exp $ -->
<!-- $Id: Bv9ARM.ch04.html,v 1.40.18.46 2008/05/24 01:31:11 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -49,29 +49,29 @@
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dynamic_update">Dynamic Update</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#journal">The journal file</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#incremental_zone_transfers">Incremental Zone Transfers (IXFR)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570642">Split DNS</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570660">Example split DNS setup</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570600">Split DNS</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570618">Example split DNS setup</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#tsig">TSIG</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571095">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571169">Copying the Shared Secret to Both Machines</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571179">Informing the Servers of the Key's Existence</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571219">Instructing the Server to Use the Key</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571413">TSIG Key Based Access Control</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571458">Errors</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570985">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571127">Copying the Shared Secret to Both Machines</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571138">Informing the Servers of the Key's Existence</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571177">Instructing the Server to Use the Key</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571303">TSIG Key Based Access Control</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571416">Errors</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571472">TKEY</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571521">SIG(0)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571430">TKEY</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571547">SIG(0)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#DNSSEC">DNSSEC</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571725">Generating Keys</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571795">Signing the Zone</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571874">Configuring Servers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571684">Generating Keys</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571753">Signing the Zone</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571832">Configuring Servers</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2572153">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571975">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572215">Address Lookups Using AAAA Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572236">Address to Name Lookups Using Nibble Format</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572173">Address Lookups Using AAAA Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572195">Address to Name Lookups Using Nibble Format</a></span></dt>
</dl></dd>
</dl>
</div>
@ -205,7 +205,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2570642"></a>Split DNS</h2></div></div></div>
<a name="id2570600"></a>Split DNS</h2></div></div></div>
<p>
Setting up different views, or visibility, of the DNS space to
internal and external resolvers is usually referred to as a
@ -235,7 +235,7 @@
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2570660"></a>Example split DNS setup</h3></div></div></div>
<a name="id2570618"></a>Example split DNS setup</h3></div></div></div>
<p>
Let's say a company named <span class="emphasis"><em>Example, Inc.</em></span>
(<code class="literal">example.com</code>)
@ -481,7 +481,7 @@ nameserver 172.16.72.4
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2571095"></a>Generate Shared Keys for Each Pair of Hosts</h3></div></div></div>
<a name="id2570985"></a>Generate Shared Keys for Each Pair of Hosts</h3></div></div></div>
<p>
A shared secret is generated to be shared between <span class="emphasis"><em>host1</em></span> and <span class="emphasis"><em>host2</em></span>.
An arbitrary key name is chosen: "host1-host2.". The key name must
@ -489,7 +489,7 @@ nameserver 172.16.72.4
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2571112"></a>Automatic Generation</h4></div></div></div>
<a name="id2571070"></a>Automatic Generation</h4></div></div></div>
<p>
The following command will generate a 128-bit (16 byte) HMAC-MD5
key as described above. Longer keys are better, but shorter keys
@ -514,7 +514,7 @@ nameserver 172.16.72.4
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2571150"></a>Manual Generation</h4></div></div></div>
<a name="id2571109"></a>Manual Generation</h4></div></div></div>
<p>
The shared secret is simply a random sequence of bits, encoded
in base-64. Most ASCII strings are valid base-64 strings (assuming
@ -529,7 +529,7 @@ nameserver 172.16.72.4
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2571169"></a>Copying the Shared Secret to Both Machines</h3></div></div></div>
<a name="id2571127"></a>Copying the Shared Secret to Both Machines</h3></div></div></div>
<p>
This is beyond the scope of DNS. A secure transport mechanism
should be used. This could be secure FTP, ssh, telephone, etc.
@ -537,7 +537,7 @@ nameserver 172.16.72.4
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2571179"></a>Informing the Servers of the Key's Existence</h3></div></div></div>
<a name="id2571138"></a>Informing the Servers of the Key's Existence</h3></div></div></div>
<p>
Imagine <span class="emphasis"><em>host1</em></span> and <span class="emphasis"><em>host 2</em></span>
are
@ -566,7 +566,7 @@ key host1-host2. {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2571219"></a>Instructing the Server to Use the Key</h3></div></div></div>
<a name="id2571177"></a>Instructing the Server to Use the Key</h3></div></div></div>
<p>
Since keys are shared between two hosts only, the server must
be told when keys are to be used. The following is added to the <code class="filename">named.conf</code> file
@ -598,7 +598,7 @@ server 10.1.2.3 {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2571413"></a>TSIG Key Based Access Control</h3></div></div></div>
<a name="id2571303"></a>TSIG Key Based Access Control</h3></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> allows IP addresses and ranges
to be specified in ACL
@ -626,7 +626,7 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2571458"></a>Errors</h3></div></div></div>
<a name="id2571416"></a>Errors</h3></div></div></div>
<p>
The processing of TSIG signed messages can result in
several errors. If a signed message is sent to a non-TSIG aware
@ -652,7 +652,7 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2571472"></a>TKEY</h2></div></div></div>
<a name="id2571430"></a>TKEY</h2></div></div></div>
<p><span><strong class="command">TKEY</strong></span>
is a mechanism for automatically generating a shared secret
between two hosts. There are several "modes" of
@ -688,7 +688,7 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2571521"></a>SIG(0)</h2></div></div></div>
<a name="id2571547"></a>SIG(0)</h2></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> 9 partially supports DNSSEC SIG(0)
transaction signatures as specified in RFC 2535 and RFC2931.
@ -749,7 +749,7 @@ allow-update { key host1-host2. ;};
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2571725"></a>Generating Keys</h3></div></div></div>
<a name="id2571684"></a>Generating Keys</h3></div></div></div>
<p>
The <span><strong class="command">dnssec-keygen</strong></span> program is used to
generate keys.
@ -800,7 +800,7 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2571795"></a>Signing the Zone</h3></div></div></div>
<a name="id2571753"></a>Signing the Zone</h3></div></div></div>
<p>
The <span><strong class="command">dnssec-signzone</strong></span> program is used
to
@ -844,7 +844,7 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2571874"></a>Configuring Servers</h3></div></div></div>
<a name="id2571832"></a>Configuring Servers</h3></div></div></div>
<p>
To enable <span><strong class="command">named</strong></span> to respond appropriately
to DNS requests from DNSSEC aware clients,
@ -932,7 +932,7 @@ options {
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2572153"></a>IPv6 Support in <acronym class="acronym">BIND</acronym> 9</h2></div></div></div>
<a name="id2571975"></a>IPv6 Support in <acronym class="acronym">BIND</acronym> 9</h2></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> 9 fully supports all currently
defined forms of IPv6
@ -971,7 +971,7 @@ options {
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2572215"></a>Address Lookups Using AAAA Records</h3></div></div></div>
<a name="id2572173"></a>Address Lookups Using AAAA Records</h3></div></div></div>
<p>
The IPv6 AAAA record is a parallel to the IPv4 A record,
and, unlike the deprecated A6 record, specifies the entire
@ -990,7 +990,7 @@ host 3600 IN AAAA 2001:db8::1
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2572236"></a>Address to Name Lookups Using Nibble Format</h3></div></div></div>
<a name="id2572195"></a>Address to Name Lookups Using Nibble Format</h3></div></div></div>
<p>
When looking up an address in nibble format, the address
components are simply reversed, just as in IPv4, and

8
doc/arm/Bv9ARM.ch05.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.ch05.html,v 1.33.18.33 2007/10/31 01:35:58 marka Exp $ -->
<!-- $Id: Bv9ARM.ch05.html,v 1.33.18.38 2008/05/24 01:31:11 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -45,13 +45,13 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2572269">The Lightweight Resolver Library</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2572228">The Lightweight Resolver Library</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#lwresd">Running a Resolver Daemon</a></span></dt>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2572269"></a>The Lightweight Resolver Library</h2></div></div></div>
<a name="id2572228"></a>The Lightweight Resolver Library</h2></div></div></div>
<p>
Traditionally applications have been linked with a stub resolver
library that sends recursive DNS queries to a local caching name

433
doc/arm/Bv9ARM.ch06.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.ch06.html,v 1.82.18.73.8.1 2008/05/27 22:07:34 each Exp $ -->
<!-- $Id: Bv9ARM.ch06.html,v 1.82.18.88 2008/10/18 01:29:58 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -48,52 +48,52 @@
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#configuration_file_elements">Configuration File Elements</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#address_match_lists">Address Match Lists</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2573480">Comment Syntax</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2573436">Comment Syntax</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#Configuration_File_Grammar">Configuration File Grammar</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574092"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574117"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#acl"><span><strong class="command">acl</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574282"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574307"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage"><span><strong class="command">controls</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574711"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574726"><span><strong class="command">include</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574736"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574753"><span><strong class="command">include</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574749"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574771"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574930"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575056"><span><strong class="command">logging</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574776"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574800"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574958"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575084"><span><strong class="command">logging</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576406"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576480"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576544"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576587"><span><strong class="command">masters</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576435"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576508"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576572"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576616"><span><strong class="command">masters</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576602"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576631"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#options"><span><strong class="command">options</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_grammar"><span><strong class="command">server</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_definition_and_usage"><span><strong class="command">server</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2585361"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2585410"><span><strong class="command">trusted-keys</strong></span> Statement Definition
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2585614"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2585666"><span><strong class="command">trusted-keys</strong></span> Statement Definition
and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#view_statement_grammar"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2585490"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2585748"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span><strong class="command">zone</strong></span>
Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2586798"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587332"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2589080">Zone File</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2589477">Zone File</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591101">Discussion of MX Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591500">Discussion of MX Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591653">Inverse Mapping in IPv4</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591848">Other Zone File Directives</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2592173"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2592188">Inverse Mapping in IPv4</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2592384">Other Zone File Directives</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2592572"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zonefile_format">Additional File Formats</a></span></dt>
</dl></dd>
</dl>
@ -353,6 +353,33 @@
</td>
</tr>
<tr>
<td>
<p>
<code class="varname">port_list</code>
</p>
</td>
<td>
<p>
A list of an <code class="varname">ip_port</code> or a port
range.
A port range is specified in the form of
<strong class="userinput"><code>range</code></strong> followed by
two <code class="varname">ip_port</code>s,
<code class="varname">port_low</code> and
<code class="varname">port_high</code>, which represents
port numbers from <code class="varname">port_low</code> through
<code class="varname">port_high</code>, inclusive.
<code class="varname">port_low</code> must not be larger than
<code class="varname">port_high</code>.
For example,
<strong class="userinput"><code>range 1024 65535</code></strong> represents
ports from 1024 through 65535.
In either case an asterisk (`*') character is not
allowed as a valid <code class="varname">ip_port</code>.
</p>
</td>
</tr>
<tr>
<td>
<p>
<code class="varname">size_spec</code>
@ -428,7 +455,7 @@
<a name="address_match_lists"></a>Address Match Lists</h3></div></div></div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2573277"></a>Syntax</h4></div></div></div>
<a name="id2573302"></a>Syntax</h4></div></div></div>
<pre class="programlisting"><code class="varname">address_match_list</code> = address_match_list_element ;
[<span class="optional"> address_match_list_element; ... </span>]
<code class="varname">address_match_list_element</code> = [<span class="optional"> ! </span>] (ip_address [<span class="optional">/length</span>] |
@ -437,7 +464,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2573305"></a>Definition and Usage</h4></div></div></div>
<a name="id2573330"></a>Definition and Usage</h4></div></div></div>
<p>
Address match lists are primarily used to determine access
control for various server operations. They are also used in
@ -515,7 +542,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2573480"></a>Comment Syntax</h3></div></div></div>
<a name="id2573436"></a>Comment Syntax</h3></div></div></div>
<p>
The <acronym class="acronym">BIND</acronym> 9 comment syntax allows for
comments to appear
@ -525,7 +552,7 @@
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2573495"></a>Syntax</h4></div></div></div>
<a name="id2573588"></a>Syntax</h4></div></div></div>
<p>
</p>
<pre class="programlisting">/* This is a <acronym class="acronym">BIND</acronym> comment as in C */</pre>
@ -540,7 +567,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2573525"></a>Definition and Usage</h4></div></div></div>
<a name="id2573618"></a>Definition and Usage</h4></div></div></div>
<p>
Comments may appear anywhere that whitespace may appear in
a <acronym class="acronym">BIND</acronym> configuration file.
@ -774,7 +801,7 @@
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2574092"></a><span><strong class="command">acl</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2574117"></a><span><strong class="command">acl</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">acl</strong></span> acl-name {
address_match_list
};
@ -857,7 +884,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2574282"></a><span><strong class="command">controls</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2574307"></a><span><strong class="command">controls</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">controls</strong></span> {
[ inet ( ip_addr | * ) [ port ip_port ] allow { <em class="replaceable"><code> address_match_list </code></em> }
keys { <em class="replaceable"><code>key_list</code></em> }; ]
@ -979,12 +1006,12 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2574711"></a><span><strong class="command">include</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting">include <em class="replaceable"><code>filename</code></em>;</pre>
<a name="id2574736"></a><span><strong class="command">include</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">include</strong></span> <em class="replaceable"><code>filename</code></em>;</pre>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2574726"></a><span><strong class="command">include</strong></span> Statement Definition and
<a name="id2574753"></a><span><strong class="command">include</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p>
The <span><strong class="command">include</strong></span> statement inserts the
@ -999,8 +1026,8 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2574749"></a><span><strong class="command">key</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting">key <em class="replaceable"><code>key_id</code></em> {
<a name="id2574776"></a><span><strong class="command">key</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">key</strong></span> <em class="replaceable"><code>key_id</code></em> {
algorithm <em class="replaceable"><code>string</code></em>;
secret <em class="replaceable"><code>string</code></em>;
};
@ -1008,7 +1035,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2574771"></a><span><strong class="command">key</strong></span> Statement Definition and Usage</h3></div></div></div>
<a name="id2574800"></a><span><strong class="command">key</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>
The <span><strong class="command">key</strong></span> statement defines a shared
secret key for use with TSIG (see <a href="Bv9ARM.ch04.html#tsig" title="TSIG">the section called &#8220;TSIG&#8221;</a>)
@ -1055,7 +1082,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2574930"></a><span><strong class="command">logging</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2574958"></a><span><strong class="command">logging</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">logging</strong></span> {
[ <span><strong class="command">channel</strong></span> <em class="replaceable"><code>channel_name</code></em> {
( <span><strong class="command">file</strong></span> <em class="replaceable"><code>path name</code></em>
@ -1079,7 +1106,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2575056"></a><span><strong class="command">logging</strong></span> Statement Definition and
<a name="id2575084"></a><span><strong class="command">logging</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p>
The <span><strong class="command">logging</strong></span> statement configures a
@ -1113,7 +1140,7 @@
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2575108"></a>The <span><strong class="command">channel</strong></span> Phrase</h4></div></div></div>
<a name="id2575137"></a>The <span><strong class="command">channel</strong></span> Phrase</h4></div></div></div>
<p>
All log output goes to one or more <span class="emphasis"><em>channels</em></span>;
you can make as many of them as you want.
@ -1632,7 +1659,7 @@ category notify { null; };
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2576406"></a><span><strong class="command">lwres</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2576435"></a><span><strong class="command">lwres</strong></span> Statement Grammar</h3></div></div></div>
<p>
This is the grammar of the <span><strong class="command">lwres</strong></span>
statement in the <code class="filename">named.conf</code> file:
@ -1647,7 +1674,7 @@ category notify { null; };
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2576480"></a><span><strong class="command">lwres</strong></span> Statement Definition and Usage</h3></div></div></div>
<a name="id2576508"></a><span><strong class="command">lwres</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>
The <span><strong class="command">lwres</strong></span> statement configures the
name
@ -1698,14 +1725,14 @@ category notify { null; };
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2576544"></a><span><strong class="command">masters</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2576572"></a><span><strong class="command">masters</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting">
<span><strong class="command">masters</strong></span> <em class="replaceable"><code>name</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] { ( <em class="replaceable"><code>masters_list</code></em> | <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">key <em class="replaceable"><code>key</code></em></span>] ) ; [<span class="optional">...</span>] };
</pre>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2576587"></a><span><strong class="command">masters</strong></span> Statement Definition and
<a name="id2576616"></a><span><strong class="command">masters</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p><span><strong class="command">masters</strong></span>
lists allow for a common set of masters to be easily used by
@ -1714,12 +1741,12 @@ category notify { null; };
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2576602"></a><span><strong class="command">options</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2576631"></a><span><strong class="command">options</strong></span> Statement Grammar</h3></div></div></div>
<p>
This is the grammar of the <span><strong class="command">options</strong></span>
statement in the <code class="filename">named.conf</code> file:
</p>
<pre class="programlisting">options {
<pre class="programlisting"><span><strong class="command">options</strong></span> {
[<span class="optional"> version <em class="replaceable"><code>version_string</code></em>; </span>]
[<span class="optional"> hostname <em class="replaceable"><code>hostname_string</code></em>; </span>]
[<span class="optional"> server-id <em class="replaceable"><code>server_id_string</code></em>; </span>]
@ -1780,7 +1807,9 @@ category notify { null; };
[<span class="optional"> update-check-ksk <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> allow-v6-synthesis { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> blackhole { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> use-v4-udp-ports { <em class="replaceable"><code>port_list</code></em> }; </span>]
[<span class="optional"> avoid-v4-udp-ports { <em class="replaceable"><code>port_list</code></em> }; </span>]
[<span class="optional"> use-v6-udp-ports { <em class="replaceable"><code>port_list</code></em> }; </span>]
[<span class="optional"> avoid-v6-udp-ports { <em class="replaceable"><code>port_list</code></em> }; </span>]
[<span class="optional"> listen-on [<span class="optional"> port <em class="replaceable"><code>ip_port</code></em> </span>] { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> listen-on-v6 [<span class="optional"> port <em class="replaceable"><code>ip_port</code></em> </span>] { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
@ -1797,6 +1826,7 @@ category notify { null; };
[<span class="optional"> max-transfer-idle-in <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> max-transfer-idle-out <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> tcp-clients <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> reserved-sockets <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> recursive-clients <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> serial-query-rate <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> serial-queries <em class="replaceable"><code>number</code></em>; </span>]
@ -2739,11 +2769,12 @@ options {
to address (A or AAAA) records and that glue
address records exist for delegated zones. For
MX and SRV records only in-zone hostnames are
checked (for out-of-zone hostnames use named-checkzone).
checked (for out-of-zone hostnames use
<span><strong class="command">named-checkzone</strong></span>).
For NS records only names below top of zone are
checked (for out-of-zone names and glue consistency
checks use named-checkzone). The default is
<span><strong class="command">yes</strong></span>.
checks use <span><strong class="command">named-checkzone</strong></span>).
The default is <span><strong class="command">yes</strong></span>.
</p></dd>
<dt><span class="term"><span><strong class="command">check-mx-cname</strong></span></span></dt>
<dd><p>
@ -2789,7 +2820,7 @@ options {
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2580536"></a>Forwarding</h4></div></div></div>
<a name="id2580525"></a>Forwarding</h4></div></div></div>
<p>
The forwarding facility can be used to create a large site-wide
cache on a few servers, reducing traffic over links to external
@ -2833,7 +2864,7 @@ options {
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2580595"></a>Dual-stack Servers</h4></div></div></div>
<a name="id2580721"></a>Dual-stack Servers</h4></div></div></div>
<p>
Dual-stack servers are used as servers of last resort to work
around
@ -2988,7 +3019,7 @@ options {
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2581153"></a>Interfaces</h4></div></div></div>
<a name="id2581142"></a>Interfaces</h4></div></div></div>
<p>
The interfaces and ports that the server will answer queries
from may be specified using the <span><strong class="command">listen-on</strong></span> option. <span><strong class="command">listen-on</strong></span> takes
@ -3068,7 +3099,7 @@ listen-on-v6 port 1234 { !2001:db8::/32; any; };
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2581241"></a>Query Address</h4></div></div></div>
<a name="query_address"></a>Query Address</h4></div></div></div>
<p>
If the server doesn't know the answer to a question, it will
query other name servers. <span><strong class="command">query-source</strong></span> specifies
@ -3077,23 +3108,83 @@ listen-on-v6 port 1234 { !2001:db8::/32; any; };
If <span><strong class="command">address</strong></span> is <span><strong class="command">*</strong></span> (asterisk) or is omitted,
a wildcard IP address (<span><strong class="command">INADDR_ANY</strong></span>)
will be used.
</p>
<p>
If <span><strong class="command">port</strong></span> is <span><strong class="command">*</strong></span> or is omitted,
a random unprivileged port number is picked up and will be
used for each query.
It is generally strongly discouraged to
specify a particular port for the
<span><strong class="command">query-source</strong></span> or
<span><strong class="command">query-source-v6</strong></span>
options; it implicitly disables the use of randomized port numbers
and leads to insecure operation.
The <span><strong class="command">avoid-v4-udp-ports</strong></span>
and <span><strong class="command">avoid-v6-udp-ports</strong></span> options can be used
to prevent named
from selecting certain ports. The defaults are:
a random port number from a pre-configured
range is picked up and will be used for each query.
The port range(s) is that specified in
the <span><strong class="command">use-v4-udp-ports</strong></span> (for IPv4)
and <span><strong class="command">use-v6-udp-ports</strong></span> (for IPv6)
options, excluding the ranges specified in
the <span><strong class="command">avoid-v4-udp-ports</strong></span>
and <span><strong class="command">avoid-v6-udp-ports</strong></span> options, respectively.
</p>
<p>
The defaults of the <span><strong class="command">query-source</strong></span> and
<span><strong class="command">query-source-v6</strong></span> options
are:
</p>
<pre class="programlisting">query-source address * port *;
query-source-v6 address * port *;
</pre>
<p>
If <span><strong class="command">use-v4-udp-ports</strong></span> or
<span><strong class="command">use-v6-udp-ports</strong></span> is unspecified,
<span><strong class="command">named</strong></span> will check if the operating
system provides a programming interface to retrieve the
system's default range for ephemeral ports.
If such an interface is available,
<span><strong class="command">named</strong></span> will use the corresponding system
default range; otherwise, it will use its own defaults:
</p>
<pre class="programlisting">use-v4-udp-ports { range 1024 65535; };
use-v6-udp-ports { range 1024 65535; };
</pre>
<p>
Note: make sure the ranges be sufficiently large for
security. A desirable size depends on various parameters,
but we generally recommend it contain at least 16384 ports
(14 bits of entropy).
Note also that the system's default range when used may be
too small for this purpose, and that the range may even be
changed while <span><strong class="command">named</strong></span> is running; the new
range will automatically be applied when <span><strong class="command">named</strong></span>
is reloaded.
It is encouraged to
configure <span><strong class="command">use-v4-udp-ports</strong></span> and
<span><strong class="command">use-v6-udp-ports</strong></span> explicitly so that the
ranges are sufficiently large and are reasonably
independent from the ranges used by other applications.
</p>
<p>
Note: the operational configuration
where <span><strong class="command">named</strong></span> runs may prohibit the use
of some ports. For example, UNIX systems will not allow
<span><strong class="command">named</strong></span> running without a root privilege
to use ports less than 1024.
If such ports are included in the specified (or detected)
set of query ports, the corresponding query attempts will
fail, resulting in resolution failures or delay.
It is therefore important to configure the set of ports
that can be safely used in the expected operational environment.
</p>
<p>
The defaults of the <span><strong class="command">avoid-v4-udp-ports</strong></span> and
<span><strong class="command">avoid-v6-udp-ports</strong></span> options
are:
</p>
<pre class="programlisting">avoid-v4-udp-ports {};
avoid-v6-udp-ports {};
</pre>
<p>
Note: it is generally strongly discouraged to
specify a particular port for the
<span><strong class="command">query-source</strong></span> or
<span><strong class="command">query-source-v6</strong></span> options;
it implicitly disables the use of randomized port numbers
and can be insecure.
</p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>
@ -3356,21 +3447,49 @@ query-source-v6 address * port *;
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2581988"></a>Bad UDP Port Lists</h4></div></div></div>
<p><span><strong class="command">avoid-v4-udp-ports</strong></span>
and <span><strong class="command">avoid-v6-udp-ports</strong></span> specify a list
of IPv4 and IPv6 UDP ports that will not be used as system
assigned source ports for UDP sockets. These lists
prevent named from choosing as its random source port a
port that is blocked by your firewall. If a query went
out with such a source port, the answer would not get by
the firewall and the name server would have to query
again.
<a name="id2582140"></a>UDP Port Lists</h4></div></div></div>
<p>
<span><strong class="command">use-v4-udp-ports</strong></span>,
<span><strong class="command">avoid-v4-udp-ports</strong></span>,
<span><strong class="command">use-v6-udp-ports</strong></span>, and
<span><strong class="command">avoid-v6-udp-ports</strong></span>
specify a list of IPv4 and IPv6 UDP ports that will be
used or not used as source ports for UDP messages.
See <a href="Bv9ARM.ch06.html#query_address" title="Query Address">the section called &#8220;Query Address&#8221;</a> about how the
available ports are determined.
For example, with the following configuration
</p>
<pre class="programlisting">
use-v6-udp-ports { range 32768 65535; };
avoid-v6-udp-ports { 40000; range 50000 60000; };
</pre>
<p>
UDP ports of IPv6 messages sent
from <span><strong class="command">named</strong></span> will be in one
of the following ranges: 32768 to 39999, 40001 to 49999,
and 60001 to 65535.
</p>
<p>
<span><strong class="command">avoid-v4-udp-ports</strong></span> and
<span><strong class="command">avoid-v6-udp-ports</strong></span> can be used
to prevent <span><strong class="command">named</strong></span> from choosing as its random source port a
port that is blocked by your firewall or a port that is
used by other applications;
if a query went out with a source port blocked by a
firewall, the
answer would not get by the firewall and the name server would
have to query again.
Note: the desired range can also be represented only with
<span><strong class="command">use-v4-udp-ports</strong></span> and
<span><strong class="command">use-v6-udp-ports</strong></span>, and the
<span><strong class="command">avoid-</strong></span> options are redundant in that
sense; they are provided for backward compatibility and
to possibly simplify the port specification.
</p>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2582003"></a>Operating System Resource Limits</h4></div></div></div>
<a name="id2582200"></a>Operating System Resource Limits</h4></div></div></div>
<p>
The server's usage of many system resources can be limited.
Scaled values are allowed when specifying resource limits. For
@ -3429,7 +3548,7 @@ query-source-v6 address * port *;
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2582186"></a>Server Resource Limits</h4></div></div></div>
<a name="id2582452"></a>Server Resource Limits</h4></div></div></div>
<p>
The following options set limits on the server's
resource consumption that are enforced internally by the
@ -3478,19 +3597,42 @@ query-source-v6 address * port *;
connections that the server will accept.
The default is <code class="literal">100</code>.
</p></dd>
<dt><span class="term"><span><strong class="command">reserved-sockets</strong></span></span></dt>
<dd>
<p>
The number of file descriptors reserved for TCP, stdio,
etc. This needs to be big enough to cover the number of
interfaces named listens on, tcp-clients as well as
to provide room for outgoing TCP queries and incoming zone
transfers. The default is <code class="literal">512</code>.
The minimum value is <code class="literal">128</code> and the
maximum value is <code class="literal">128</code> less than
maxsockets (-S). This option may be removed in the future.
</p>
<p>
This option has little effect on Windows.
</p>
</dd>
<dt><span class="term"><span><strong class="command">max-cache-size</strong></span></span></dt>
<dd><p>
The maximum amount of memory to use for the
server's cache, in bytes. When the amount of data in the
cache
server's cache, in bytes.
When the amount of data in the cache
reaches this limit, the server will cause records to expire
prematurely so that the limit is not exceeded. In a server
with
multiple views, the limit applies separately to the cache of
each
view. The default is <code class="literal">unlimited</code>, meaning that
records are purged from the cache only when their TTLs
expire.
prematurely so that the limit is not exceeded.
A value of 0 is special, meaning that
records are purged from the cache only when their
TTLs expire.
Another special keyword <strong class="userinput"><code>unlimited</code></strong>
means the maximum value of 32-bit unsigned integers
(0xffffffff), which may not have the same effect as
0 on machines that support more than 32 bits of
memory space.
Any positive values less than 2MB will be ignored reset
to 2MB.
In a server with multiple views, the limit applies
separately to the cache of each view.
The default is 0.
</p></dd>
<dt><span class="term"><span><strong class="command">tcp-listen-queue</strong></span></span></dt>
<dd><p>
@ -3507,7 +3649,7 @@ query-source-v6 address * port *;
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2582320"></a>Periodic Task Intervals</h4></div></div></div>
<a name="id2582682"></a>Periodic Task Intervals</h4></div></div></div>
<div class="variablelist"><dl>
<dt><span class="term"><span><strong class="command">cleaning-interval</strong></span></span></dt>
<dd><p>
@ -3837,6 +3979,10 @@ query-source-v6 address * port *;
Sets the maximum time for which the server will
cache ordinary (positive) answers. The default is
one week (7 days).
A value of zero may cause all queries to return
SERVFAIL, because of lost caches of intermediate
RRsets (such as NS and glue AAAA/A records) in the
resolution process.
</p></dd>
<dt><span class="term"><span><strong class="command">min-roots</strong></span></span></dt>
<dd>
@ -4062,27 +4208,11 @@ query-source-v6 address * port *;
The current list of empty zones is:
</p>
<div class="itemizedlist"><ul type="disc">
<li>10.IN-ADDR.ARPA</li>
<li>0.IN-ADDR.ARPA</li>
<li>127.IN-ADDR.ARPA</li>
<li>254.169.IN-ADDR.ARPA</li>
<li>16.172.IN-ADDR.ARPA</li>
<li>17.172.IN-ADDR.ARPA</li>
<li>18.172.IN-ADDR.ARPA</li>
<li>19.172.IN-ADDR.ARPA</li>
<li>20.172.IN-ADDR.ARPA</li>
<li>21.172.IN-ADDR.ARPA</li>
<li>22.172.IN-ADDR.ARPA</li>
<li>23.172.IN-ADDR.ARPA</li>
<li>24.172.IN-ADDR.ARPA</li>
<li>25.172.IN-ADDR.ARPA</li>
<li>26.172.IN-ADDR.ARPA</li>
<li>27.172.IN-ADDR.ARPA</li>
<li>28.172.IN-ADDR.ARPA</li>
<li>29.172.IN-ADDR.ARPA</li>
<li>30.172.IN-ADDR.ARPA</li>
<li>31.172.IN-ADDR.ARPA</li>
<li>168.192.IN-ADDR.ARPA</li>
<li>2.0.192.IN-ADDR.ARPA</li>
<li>255.255.255.255.IN-ADDR.ARPA</li>
<li>0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA</li>
<li>1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA</li>
<li>D.F.IP6.ARPA</li>
@ -4292,8 +4422,10 @@ query-source-v6 address * port *;
<span><strong class="command">success</strong></span>,
<span><strong class="command">referral</strong></span>,
<span><strong class="command">nxrrset</strong></span>,
<span><strong class="command">nxdomain</strong></span>, or
<span><strong class="command">failure</strong></span>
<span><strong class="command">nxdomain</strong></span>,
<span><strong class="command">failure</strong></span>,
<span><strong class="command">duplicate</strong></span>, or
<span><strong class="command">dropped</strong></span>
to be incremented, and may additionally cause the
<span><strong class="command">recursion</strong></span> counter to be
incremented.
@ -4397,7 +4529,7 @@ query-source-v6 address * port *;
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="server_statement_grammar"></a><span><strong class="command">server</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting">server <em class="replaceable"><code>ip_addr[/prefixlen]</code></em> {
<pre class="programlisting"><span><strong class="command">server</strong></span> <em class="replaceable"><code>ip_addr[/prefixlen]</code></em> {
[<span class="optional"> bogus <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> provide-ixfr <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> request-ixfr <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
@ -4587,8 +4719,8 @@ query-source-v6 address * port *;
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2585361"></a><span><strong class="command">trusted-keys</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting">trusted-keys {
<a name="id2585614"></a><span><strong class="command">trusted-keys</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">trusted-keys</strong></span> {
<em class="replaceable"><code>string</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ;
[<span class="optional"> <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ; [<span class="optional">...</span>]</span>]
};
@ -4596,7 +4728,7 @@ query-source-v6 address * port *;
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2585410"></a><span><strong class="command">trusted-keys</strong></span> Statement Definition
<a name="id2585666"></a><span><strong class="command">trusted-keys</strong></span> Statement Definition
and Usage</h3></div></div></div>
<p>
The <span><strong class="command">trusted-keys</strong></span> statement defines
@ -4627,7 +4759,7 @@ query-source-v6 address * port *;
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="view_statement_grammar"></a><span><strong class="command">view</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting">view <em class="replaceable"><code>view_name</code></em>
<pre class="programlisting"><span><strong class="command">view</strong></span> <em class="replaceable"><code>view_name</code></em>
[<span class="optional"><em class="replaceable"><code>class</code></em></span>] {
match-clients { <em class="replaceable"><code>address_match_list</code></em> };
match-destinations { <em class="replaceable"><code>address_match_list</code></em> };
@ -4639,7 +4771,7 @@ query-source-v6 address * port *;
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2585490"></a><span><strong class="command">view</strong></span> Statement Definition and Usage</h3></div></div></div>
<a name="id2585748"></a><span><strong class="command">view</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>
The <span><strong class="command">view</strong></span> statement is a powerful
feature
@ -4680,7 +4812,7 @@ query-source-v6 address * port *;
<p>
Zones defined within a <span><strong class="command">view</strong></span>
statement will
be only be accessible to clients that match the <span><strong class="command">view</strong></span>.
only be accessible to clients that match the <span><strong class="command">view</strong></span>.
By defining a zone of the same name in multiple views, different
zone data can be given to different clients, for example,
"internal"
@ -4759,7 +4891,7 @@ view "external" {
<div class="titlepage"><div><div><h3 class="title">
<a name="zone_statement_grammar"></a><span><strong class="command">zone</strong></span>
Statement Grammar</h3></div></div></div>
<pre class="programlisting">zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em></span>] {
<pre class="programlisting"><span><strong class="command">zone</strong></span> <em class="replaceable"><code>zone_name</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em></span>] {
type master;
[<span class="optional"> allow-query { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-transfer { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
@ -4891,10 +5023,10 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2586798"></a><span><strong class="command">zone</strong></span> Statement Definition and Usage</h3></div></div></div>
<a name="id2587332"></a><span><strong class="command">zone</strong></span> Statement Definition and Usage</h3></div></div></div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2586806"></a>Zone Types</h4></div></div></div>
<a name="id2587339"></a>Zone Types</h4></div></div></div>
<div class="informaltable"><table border="1">
<colgroup>
<col>
@ -5103,7 +5235,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2587362"></a>Class</h4></div></div></div>
<a name="id2587690"></a>Class</h4></div></div></div>
<p>
The zone's name may optionally be followed by a class. If
a class is not specified, class <code class="literal">IN</code> (for <code class="varname">Internet</code>),
@ -5125,7 +5257,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2587395"></a>Zone Options</h4></div></div></div>
<a name="id2587723"></a>Zone Options</h4></div></div></div>
<div class="variablelist"><dl>
<dt><span class="term"><span><strong class="command">allow-notify</strong></span></span></dt>
<dd><p>
@ -5613,7 +5745,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2589080"></a>Zone File</h2></div></div></div>
<a name="id2589477"></a>Zone File</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="types_of_resource_records_and_when_to_use_them"></a>Types of Resource Records and When to Use Them</h3></div></div></div>
@ -5626,7 +5758,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2589098"></a>Resource Records</h4></div></div></div>
<a name="id2589495"></a>Resource Records</h4></div></div></div>
<p>
A domain name identifies a node. Each node has a set of
resource information, which may be empty. The set of resource
@ -5888,6 +6020,19 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</td>
</tr>
<tr>
<td>
<p>
IPSECKEY
</p>
</td>
<td>
<p>
Provides a method for storing IPsec keying material in
DNS. Described in RFC 4025.
</p>
</td>
</tr>
<tr>
<td>
<p>
ISDN
@ -6126,6 +6271,19 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</td>
</tr>
<tr>
<td>
<p>
SPF
</p>
</td>
<td>
<p>
Contains the Sender Policy Framework information
for a given email domain. Described in RFC 4408.
</p>
</td>
</tr>
<tr>
<td>
<p>
SRV
@ -6139,6 +6297,19 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</td>
</tr>
<tr>
<td>
<p>
SSHFP
</p>
</td>
<td>
<p>
Provides a way to securly publish a secure shell key's
fingerprint. Described in RFC 4255.
</p>
</td>
</tr>
<tr>
<td>
<p>
TXT
@ -6277,7 +6448,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2590513"></a>Textual expression of RRs</h4></div></div></div>
<a name="id2590912"></a>Textual expression of RRs</h4></div></div></div>
<p>
RRs are represented in binary form in the packets of the DNS
protocol, and are usually represented in highly encoded form
@ -6480,7 +6651,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2591101"></a>Discussion of MX Records</h3></div></div></div>
<a name="id2591500"></a>Discussion of MX Records</h3></div></div></div>
<p>
As described above, domain servers store information as a
series of resource records, each of which contains a particular
@ -6738,7 +6909,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2591653"></a>Inverse Mapping in IPv4</h3></div></div></div>
<a name="id2592188"></a>Inverse Mapping in IPv4</h3></div></div></div>
<p>
Reverse name resolution (that is, translation from IP address
to name) is achieved by means of the <span class="emphasis"><em>in-addr.arpa</em></span> domain
@ -6799,7 +6970,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2591848"></a>Other Zone File Directives</h3></div></div></div>
<a name="id2592384"></a>Other Zone File Directives</h3></div></div></div>
<p>
The Master File Format was initially defined in RFC 1035 and
has subsequently been extended. While the Master File Format
@ -6814,7 +6985,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2591870"></a>The <span><strong class="command">$ORIGIN</strong></span> Directive</h4></div></div></div>
<a name="id2592406"></a>The <span><strong class="command">$ORIGIN</strong></span> Directive</h4></div></div></div>
<p>
Syntax: <span><strong class="command">$ORIGIN</strong></span>
<em class="replaceable"><code>domain-name</code></em>
@ -6842,7 +7013,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2592000"></a>The <span><strong class="command">$INCLUDE</strong></span> Directive</h4></div></div></div>
<a name="id2592467"></a>The <span><strong class="command">$INCLUDE</strong></span> Directive</h4></div></div></div>
<p>
Syntax: <span><strong class="command">$INCLUDE</strong></span>
<em class="replaceable"><code>filename</code></em>
@ -6878,7 +7049,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2592069"></a>The <span><strong class="command">$TTL</strong></span> Directive</h4></div></div></div>
<a name="id2592536"></a>The <span><strong class="command">$TTL</strong></span> Directive</h4></div></div></div>
<p>
Syntax: <span><strong class="command">$TTL</strong></span>
<em class="replaceable"><code>default-ttl</code></em>
@ -6897,7 +7068,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2592173"></a><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</h3></div></div></div>
<a name="id2592572"></a><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</h3></div></div></div>
<p>
Syntax: <span><strong class="command">$GENERATE</strong></span>
<em class="replaceable"><code>range</code></em>
@ -6922,7 +7093,7 @@ $GENERATE 1-127 $ CNAME $.0</pre>
<p>
is equivalent to
</p>
<pre class="programlisting">0.0.0.192.IN-ADDR.ARPA NS SERVER1.EXAMPLE.
<pre class="programlisting">0.0.0.192.IN-ADDR.ARPA. NS SERVER1.EXAMPLE.
0.0.0.192.IN-ADDR.ARPA. NS SERVER2.EXAMPLE.
1.0.0.192.IN-ADDR.ARPA. CNAME 1.0.0.0.192.IN-ADDR.ARPA.
2.0.0.192.IN-ADDR.ARPA. CNAME 2.0.0.0.192.IN-ADDR.ARPA.

16
doc/arm/Bv9ARM.ch07.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.ch07.html,v 1.75.18.63 2007/10/31 01:35:59 marka Exp $ -->
<!-- $Id: Bv9ARM.ch07.html,v 1.75.18.76 2008/10/16 01:29:41 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -46,10 +46,10 @@
<p><b>Table of Contents</b></p>
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2592714"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2593181"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2592791">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2592851">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2593326">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2593386">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#dynamic_update_security">Dynamic Update Security</a></span></dt>
</dl>
@ -118,7 +118,7 @@ zone "example.com" {
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2592714"></a><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span>
<a name="id2593181"></a><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span>
</h2></div></div></div>
<p>
On UNIX servers, it is possible to run <acronym class="acronym">BIND</acronym> in a <span class="emphasis"><em>chrooted</em></span> environment
@ -142,7 +142,7 @@ zone "example.com" {
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2592791"></a>The <span><strong class="command">chroot</strong></span> Environment</h3></div></div></div>
<a name="id2593326"></a>The <span><strong class="command">chroot</strong></span> Environment</h3></div></div></div>
<p>
In order for a <span><strong class="command">chroot</strong></span> environment
to
@ -170,7 +170,7 @@ zone "example.com" {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2592851"></a>Using the <span><strong class="command">setuid</strong></span> Function</h3></div></div></div>
<a name="id2593386"></a>Using the <span><strong class="command">setuid</strong></span> Function</h3></div></div></div>
<p>
Prior to running the <span><strong class="command">named</strong></span> daemon,
use

20
doc/arm/Bv9ARM.ch08.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.ch08.html,v 1.75.18.64 2007/10/31 01:35:59 marka Exp $ -->
<!-- $Id: Bv9ARM.ch08.html,v 1.75.18.77 2008/10/16 01:29:41 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -45,18 +45,18 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2592999">Common Problems</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2593004">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2593016">Incrementing and Changing the Serial Number</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2593033">Where Can I Get Help?</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2593466">Common Problems</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2593472">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2593483">Incrementing and Changing the Serial Number</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2593500">Where Can I Get Help?</a></span></dt>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2592999"></a>Common Problems</h2></div></div></div>
<a name="id2593466"></a>Common Problems</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2593004"></a>It's not working; how can I figure out what's wrong?</h3></div></div></div>
<a name="id2593472"></a>It's not working; how can I figure out what's wrong?</h3></div></div></div>
<p>
The best solution to solving installation and
configuration issues is to take preventative measures by setting
@ -68,7 +68,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2593016"></a>Incrementing and Changing the Serial Number</h2></div></div></div>
<a name="id2593483"></a>Incrementing and Changing the Serial Number</h2></div></div></div>
<p>
Zone serial numbers are just numbers &#8212; they aren't
date related. A lot of people set them to a number that
@ -95,7 +95,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2593033"></a>Where Can I Get Help?</h2></div></div></div>
<a name="id2593500"></a>Where Can I Get Help?</h2></div></div></div>
<p>
The Internet Systems Consortium
(<acronym class="acronym">ISC</acronym>) offers a wide range

182
doc/arm/Bv9ARM.ch09.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.ch09.html,v 1.75.18.66 2007/10/31 01:35:59 marka Exp $ -->
<!-- $Id: Bv9ARM.ch09.html,v 1.75.18.80 2008/10/18 01:29:59 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -45,21 +45,21 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2593300">Acknowledgments</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2593630">Acknowledgments</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#historical_dns_information">A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2593472">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2593802">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#ipv6addresses">IPv6 addresses (AAAA)</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bibliography">Bibliography (and Suggested Reading)</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#rfcs">Request for Comments (RFCs)</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#internet_drafts">Internet Drafts</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2596683">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2597082">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
</dl></dd>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2593300"></a>Acknowledgments</h2></div></div></div>
<a name="id2593630"></a>Acknowledgments</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="historical_dns_information"></a>A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym>
@ -164,7 +164,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2593472"></a>General <acronym class="acronym">DNS</acronym> Reference Information</h2></div></div></div>
<a name="id2593802"></a>General <acronym class="acronym">DNS</acronym> Reference Information</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="ipv6addresses"></a>IPv6 addresses (AAAA)</h3></div></div></div>
@ -252,17 +252,17 @@
</p>
<div class="bibliography">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2593659"></a>Bibliography</h4></div></div></div>
<a name="id2593990"></a>Bibliography</h4></div></div></div>
<div class="bibliodiv">
<h3 class="title">Standards</h3>
<div class="biblioentry">
<a name="id2593670"></a><p>[<abbr class="abbrev">RFC974</abbr>] <span class="author"><span class="firstname">C.</span> <span class="surname">Partridge</span>. </span><span class="title"><i>Mail Routing and the Domain System</i>. </span><span class="pubdate">January 1986. </span></p>
<a name="id2594001"></a><p>[<abbr class="abbrev">RFC974</abbr>] <span class="author"><span class="firstname">C.</span> <span class="surname">Partridge</span>. </span><span class="title"><i>Mail Routing and the Domain System</i>. </span><span class="pubdate">January 1986. </span></p>
</div>
<div class="biblioentry">
<a name="id2593693"></a><p>[<abbr class="abbrev">RFC1034</abbr>] <span class="author"><span class="firstname">P.V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Concepts and Facilities</i>. </span><span class="pubdate">November 1987. </span></p>
<a name="id2594024"></a><p>[<abbr class="abbrev">RFC1034</abbr>] <span class="author"><span class="firstname">P.V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Concepts and Facilities</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
<div class="biblioentry">
<a name="id2593717"></a><p>[<abbr class="abbrev">RFC1035</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Implementation and
<a name="id2594048"></a><p>[<abbr class="abbrev">RFC1035</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Implementation and
Specification</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
</div>
@ -270,42 +270,42 @@
<h3 class="title">
<a name="proposed_standards"></a>Proposed Standards</h3>
<div class="biblioentry">
<a name="id2593753"></a><p>[<abbr class="abbrev">RFC2181</abbr>] <span class="author"><span class="firstname">R., R. Bush</span> <span class="surname">Elz</span>. </span><span class="title"><i>Clarifications to the <acronym class="acronym">DNS</acronym>
<a name="id2594084"></a><p>[<abbr class="abbrev">RFC2181</abbr>] <span class="author"><span class="firstname">R., R. Bush</span> <span class="surname">Elz</span>. </span><span class="title"><i>Clarifications to the <acronym class="acronym">DNS</acronym>
Specification</i>. </span><span class="pubdate">July 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2593780"></a><p>[<abbr class="abbrev">RFC2308</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Andrews</span>. </span><span class="title"><i>Negative Caching of <acronym class="acronym">DNS</acronym>
<a name="id2594110"></a><p>[<abbr class="abbrev">RFC2308</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Andrews</span>. </span><span class="title"><i>Negative Caching of <acronym class="acronym">DNS</acronym>
Queries</i>. </span><span class="pubdate">March 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2593805"></a><p>[<abbr class="abbrev">RFC1995</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Ohta</span>. </span><span class="title"><i>Incremental Zone Transfer in <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">August 1996. </span></p>
<a name="id2594136"></a><p>[<abbr class="abbrev">RFC1995</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Ohta</span>. </span><span class="title"><i>Incremental Zone Transfer in <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2593830"></a><p>[<abbr class="abbrev">RFC1996</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A Mechanism for Prompt Notification of Zone Changes</i>. </span><span class="pubdate">August 1996. </span></p>
<a name="id2594161"></a><p>[<abbr class="abbrev">RFC1996</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A Mechanism for Prompt Notification of Zone Changes</i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2593853"></a><p>[<abbr class="abbrev">RFC2136</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">Y.</span> <span class="surname">Rekhter</span>, and <span class="firstname">J.</span> <span class="surname">Bound</span>. </span><span class="title"><i>Dynamic Updates in the Domain Name System</i>. </span><span class="pubdate">April 1997. </span></p>
<a name="id2594184"></a><p>[<abbr class="abbrev">RFC2136</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">Y.</span> <span class="surname">Rekhter</span>, and <span class="firstname">J.</span> <span class="surname">Bound</span>. </span><span class="title"><i>Dynamic Updates in the Domain Name System</i>. </span><span class="pubdate">April 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2593909"></a><p>[<abbr class="abbrev">RFC2671</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Extension Mechanisms for DNS (EDNS0)</i>. </span><span class="pubdate">August 1997. </span></p>
<a name="id2594240"></a><p>[<abbr class="abbrev">RFC2671</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Extension Mechanisms for DNS (EDNS0)</i>. </span><span class="pubdate">August 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2593936"></a><p>[<abbr class="abbrev">RFC2672</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Non-Terminal DNS Name Redirection</i>. </span><span class="pubdate">August 1999. </span></p>
<a name="id2594266"></a><p>[<abbr class="abbrev">RFC2672</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Non-Terminal DNS Name Redirection</i>. </span><span class="pubdate">August 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2593962"></a><p>[<abbr class="abbrev">RFC2845</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>, <span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, and <span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secret Key Transaction Authentication for <acronym class="acronym">DNS</acronym> (TSIG)</i>. </span><span class="pubdate">May 2000. </span></p>
<a name="id2594293"></a><p>[<abbr class="abbrev">RFC2845</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>, <span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, and <span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secret Key Transaction Authentication for <acronym class="acronym">DNS</acronym> (TSIG)</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2594024"></a><p>[<abbr class="abbrev">RFC2930</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secret Key Establishment for DNS (TKEY RR)</i>. </span><span class="pubdate">September 2000. </span></p>
<a name="id2594423"></a><p>[<abbr class="abbrev">RFC2930</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secret Key Establishment for DNS (TKEY RR)</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2594054"></a><p>[<abbr class="abbrev">RFC2931</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DNS Request and Transaction Signatures (SIG(0)s)</i>. </span><span class="pubdate">September 2000. </span></p>
<a name="id2594453"></a><p>[<abbr class="abbrev">RFC2931</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DNS Request and Transaction Signatures (SIG(0)s)</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2594084"></a><p>[<abbr class="abbrev">RFC3007</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secure Domain Name System (DNS) Dynamic Update</i>. </span><span class="pubdate">November 2000. </span></p>
<a name="id2594483"></a><p>[<abbr class="abbrev">RFC3007</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secure Domain Name System (DNS) Dynamic Update</i>. </span><span class="pubdate">November 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2594110"></a><p>[<abbr class="abbrev">RFC3645</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Kwan</span>, <span class="firstname">P.</span> <span class="surname">Garg</span>, <span class="firstname">J.</span> <span class="surname">Gilroy</span>, <span class="firstname">L.</span> <span class="surname">Esibov</span>, <span class="firstname">J.</span> <span class="surname">Westhead</span>, and <span class="firstname">R.</span> <span class="surname">Hall</span>. </span><span class="title"><i>Generic Security Service Algorithm for Secret
<a name="id2594509"></a><p>[<abbr class="abbrev">RFC3645</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Kwan</span>, <span class="firstname">P.</span> <span class="surname">Garg</span>, <span class="firstname">J.</span> <span class="surname">Gilroy</span>, <span class="firstname">L.</span> <span class="surname">Esibov</span>, <span class="firstname">J.</span> <span class="surname">Westhead</span>, and <span class="firstname">R.</span> <span class="surname">Hall</span>. </span><span class="title"><i>Generic Security Service Algorithm for Secret
Key Transaction Authentication for DNS
(GSS-TSIG)</i>. </span><span class="pubdate">October 2003. </span></p>
</div>
@ -314,19 +314,19 @@
<h3 class="title">
<acronym class="acronym">DNS</acronym> Security Proposed Standards</h3>
<div class="biblioentry">
<a name="id2594193"></a><p>[<abbr class="abbrev">RFC3225</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Conrad</span>. </span><span class="title"><i>Indicating Resolver Support of DNSSEC</i>. </span><span class="pubdate">December 2001. </span></p>
<a name="id2594592"></a><p>[<abbr class="abbrev">RFC3225</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Conrad</span>. </span><span class="title"><i>Indicating Resolver Support of DNSSEC</i>. </span><span class="pubdate">December 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2594288"></a><p>[<abbr class="abbrev">RFC3833</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Atkins</span> and <span class="firstname">R.</span> <span class="surname">Austein</span>. </span><span class="title"><i>Threat Analysis of the Domain Name System (DNS)</i>. </span><span class="pubdate">August 2004. </span></p>
<a name="id2594618"></a><p>[<abbr class="abbrev">RFC3833</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Atkins</span> and <span class="firstname">R.</span> <span class="surname">Austein</span>. </span><span class="title"><i>Threat Analysis of the Domain Name System (DNS)</i>. </span><span class="pubdate">August 2004. </span></p>
</div>
<div class="biblioentry">
<a name="id2594324"></a><p>[<abbr class="abbrev">RFC4033</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>DNS Security Introduction and Requirements</i>. </span><span class="pubdate">March 2005. </span></p>
<a name="id2594654"></a><p>[<abbr class="abbrev">RFC4033</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>DNS Security Introduction and Requirements</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
<div class="biblioentry">
<a name="id2594389"></a><p>[<abbr class="abbrev">RFC4044</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Resource Records for the DNS Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
<a name="id2594720"></a><p>[<abbr class="abbrev">RFC4044</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Resource Records for the DNS Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
<div class="biblioentry">
<a name="id2594454"></a><p>[<abbr class="abbrev">RFC4035</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Protocol Modifications for the DNS
<a name="id2594785"></a><p>[<abbr class="abbrev">RFC4035</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Protocol Modifications for the DNS
Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
</div>
@ -334,146 +334,146 @@
<h3 class="title">Other Important RFCs About <acronym class="acronym">DNS</acronym>
Implementation</h3>
<div class="biblioentry">
<a name="id2594596"></a><p>[<abbr class="abbrev">RFC1535</abbr>] <span class="author"><span class="firstname">E.</span> <span class="surname">Gavron</span>. </span><span class="title"><i>A Security Problem and Proposed Correction With Widely
<a name="id2594858"></a><p>[<abbr class="abbrev">RFC1535</abbr>] <span class="author"><span class="firstname">E.</span> <span class="surname">Gavron</span>. </span><span class="title"><i>A Security Problem and Proposed Correction With Widely
Deployed <acronym class="acronym">DNS</acronym> Software.</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
<a name="id2594621"></a><p>[<abbr class="abbrev">RFC1536</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Kumar</span>, <span class="firstname">J.</span> <span class="surname">Postel</span>, <span class="firstname">C.</span> <span class="surname">Neuman</span>, <span class="firstname">P.</span> <span class="surname">Danzig</span>, and <span class="firstname">S.</span> <span class="surname">Miller</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Implementation
<a name="id2594884"></a><p>[<abbr class="abbrev">RFC1536</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Kumar</span>, <span class="firstname">J.</span> <span class="surname">Postel</span>, <span class="firstname">C.</span> <span class="surname">Neuman</span>, <span class="firstname">P.</span> <span class="surname">Danzig</span>, and <span class="firstname">S.</span> <span class="surname">Miller</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Implementation
Errors and Suggested Fixes</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
<a name="id2594690"></a><p>[<abbr class="abbrev">RFC1982</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Elz</span> and <span class="firstname">R.</span> <span class="surname">Bush</span>. </span><span class="title"><i>Serial Number Arithmetic</i>. </span><span class="pubdate">August 1996. </span></p>
<a name="id2594952"></a><p>[<abbr class="abbrev">RFC1982</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Elz</span> and <span class="firstname">R.</span> <span class="surname">Bush</span>. </span><span class="title"><i>Serial Number Arithmetic</i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2594725"></a><p>[<abbr class="abbrev">RFC4074</abbr>] <span class="authorgroup"><span class="firstname">Y.</span> <span class="surname">Morishita</span> and <span class="firstname">T.</span> <span class="surname">Jinmei</span>. </span><span class="title"><i>Common Misbehaviour Against <acronym class="acronym">DNS</acronym>
<a name="id2594987"></a><p>[<abbr class="abbrev">RFC4074</abbr>] <span class="authorgroup"><span class="firstname">Y.</span> <span class="surname">Morishita</span> and <span class="firstname">T.</span> <span class="surname">Jinmei</span>. </span><span class="title"><i>Common Misbehaviour Against <acronym class="acronym">DNS</acronym>
Queries for IPv6 Addresses</i>. </span><span class="pubdate">May 2005. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Resource Record Types</h3>
<div class="biblioentry">
<a name="id2594771"></a><p>[<abbr class="abbrev">RFC1183</abbr>] <span class="authorgroup"><span class="firstname">C.F.</span> <span class="surname">Everhart</span>, <span class="firstname">L. A.</span> <span class="surname">Mamakos</span>, <span class="firstname">R.</span> <span class="surname">Ullmann</span>, and <span class="firstname">P.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>New <acronym class="acronym">DNS</acronym> RR Definitions</i>. </span><span class="pubdate">October 1990. </span></p>
<a name="id2595033"></a><p>[<abbr class="abbrev">RFC1183</abbr>] <span class="authorgroup"><span class="firstname">C.F.</span> <span class="surname">Everhart</span>, <span class="firstname">L. A.</span> <span class="surname">Mamakos</span>, <span class="firstname">R.</span> <span class="surname">Ullmann</span>, and <span class="firstname">P.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>New <acronym class="acronym">DNS</acronym> RR Definitions</i>. </span><span class="pubdate">October 1990. </span></p>
</div>
<div class="biblioentry">
<a name="id2594828"></a><p>[<abbr class="abbrev">RFC1706</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">R.</span> <span class="surname">Colella</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> NSAP Resource Records</i>. </span><span class="pubdate">October 1994. </span></p>
<a name="id2595091"></a><p>[<abbr class="abbrev">RFC1706</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">R.</span> <span class="surname">Colella</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> NSAP Resource Records</i>. </span><span class="pubdate">October 1994. </span></p>
</div>
<div class="biblioentry">
<a name="id2594866"></a><p>[<abbr class="abbrev">RFC2168</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Daniel</span> and <span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="title"><i>Resolution of Uniform Resource Identifiers using
<a name="id2595128"></a><p>[<abbr class="abbrev">RFC2168</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Daniel</span> and <span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="title"><i>Resolution of Uniform Resource Identifiers using
the Domain Name System</i>. </span><span class="pubdate">June 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2594901"></a><p>[<abbr class="abbrev">RFC1876</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Davis</span>, <span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">T.</span>, and <span class="firstname">I.</span> <span class="surname">Dickinson</span>. </span><span class="title"><i>A Means for Expressing Location Information in the
<a name="id2595163"></a><p>[<abbr class="abbrev">RFC1876</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Davis</span>, <span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">T.</span>, and <span class="firstname">I.</span> <span class="surname">Dickinson</span>. </span><span class="title"><i>A Means for Expressing Location Information in the
Domain
Name System</i>. </span><span class="pubdate">January 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2594955"></a><p>[<abbr class="abbrev">RFC2052</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A <acronym class="acronym">DNS</acronym> RR for Specifying the
<a name="id2595218"></a><p>[<abbr class="abbrev">RFC2052</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A <acronym class="acronym">DNS</acronym> RR for Specifying the
Location of
Services.</i>. </span><span class="pubdate">October 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2594994"></a><p>[<abbr class="abbrev">RFC2163</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Allocchio</span>. </span><span class="title"><i>Using the Internet <acronym class="acronym">DNS</acronym> to
<a name="id2595256"></a><p>[<abbr class="abbrev">RFC2163</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Allocchio</span>. </span><span class="title"><i>Using the Internet <acronym class="acronym">DNS</acronym> to
Distribute MIXER
Conformant Global Address Mapping</i>. </span><span class="pubdate">January 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2595019"></a><p>[<abbr class="abbrev">RFC2230</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Atkinson</span>. </span><span class="title"><i>Key Exchange Delegation Record for the <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">October 1997. </span></p>
<a name="id2595282"></a><p>[<abbr class="abbrev">RFC2230</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Atkinson</span>. </span><span class="title"><i>Key Exchange Delegation Record for the <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">October 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2595045"></a><p>[<abbr class="abbrev">RFC2536</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DSA KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
<a name="id2595307"></a><p>[<abbr class="abbrev">RFC2536</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DSA KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2595072"></a><p>[<abbr class="abbrev">RFC2537</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
<a name="id2595334"></a><p>[<abbr class="abbrev">RFC2537</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2595098"></a><p>[<abbr class="abbrev">RFC2538</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Storing Certificates in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
<a name="id2595361"></a><p>[<abbr class="abbrev">RFC2538</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Storing Certificates in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2595138"></a><p>[<abbr class="abbrev">RFC2539</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Storage of Diffie-Hellman Keys in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
<a name="id2595400"></a><p>[<abbr class="abbrev">RFC2539</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Storage of Diffie-Hellman Keys in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2595168"></a><p>[<abbr class="abbrev">RFC2540</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Detached Domain Name System (DNS) Information</i>. </span><span class="pubdate">March 1999. </span></p>
<a name="id2595430"></a><p>[<abbr class="abbrev">RFC2540</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Detached Domain Name System (DNS) Information</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2595197"></a><p>[<abbr class="abbrev">RFC2782</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span>. </span><span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="author"><span class="firstname">L.</span> <span class="surname">Esibov</span>. </span><span class="title"><i>A DNS RR for specifying the location of services (DNS SRV)</i>. </span><span class="pubdate">February 2000. </span></p>
<a name="id2595460"></a><p>[<abbr class="abbrev">RFC2782</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span>. </span><span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="author"><span class="firstname">L.</span> <span class="surname">Esibov</span>. </span><span class="title"><i>A DNS RR for specifying the location of services (DNS SRV)</i>. </span><span class="pubdate">February 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2595240"></a><p>[<abbr class="abbrev">RFC2915</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="author"><span class="firstname">R.</span> <span class="surname">Daniel</span>. </span><span class="title"><i>The Naming Authority Pointer (NAPTR) DNS Resource Record</i>. </span><span class="pubdate">September 2000. </span></p>
<a name="id2595502"></a><p>[<abbr class="abbrev">RFC2915</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="author"><span class="firstname">R.</span> <span class="surname">Daniel</span>. </span><span class="title"><i>The Naming Authority Pointer (NAPTR) DNS Resource Record</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2595273"></a><p>[<abbr class="abbrev">RFC3110</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)</i>. </span><span class="pubdate">May 2001. </span></p>
<a name="id2595536"></a><p>[<abbr class="abbrev">RFC3110</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)</i>. </span><span class="pubdate">May 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2595300"></a><p>[<abbr class="abbrev">RFC3123</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Koch</span>. </span><span class="title"><i>A DNS RR Type for Lists of Address Prefixes (APL RR)</i>. </span><span class="pubdate">June 2001. </span></p>
<a name="id2595562"></a><p>[<abbr class="abbrev">RFC3123</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Koch</span>. </span><span class="title"><i>A DNS RR Type for Lists of Address Prefixes (APL RR)</i>. </span><span class="pubdate">June 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2595323"></a><p>[<abbr class="abbrev">RFC3596</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">C.</span> <span class="surname">Huitema</span>, <span class="firstname">V.</span> <span class="surname">Ksinant</span>, and <span class="firstname">M.</span> <span class="surname">Souissi</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Extensions to support IP
<a name="id2595586"></a><p>[<abbr class="abbrev">RFC3596</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">C.</span> <span class="surname">Huitema</span>, <span class="firstname">V.</span> <span class="surname">Ksinant</span>, and <span class="firstname">M.</span> <span class="surname">Souissi</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Extensions to support IP
version 6</i>. </span><span class="pubdate">October 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2595381"></a><p>[<abbr class="abbrev">RFC3597</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gustafsson</span>. </span><span class="title"><i>Handling of Unknown DNS Resource Record (RR) Types</i>. </span><span class="pubdate">September 2003. </span></p>
<a name="id2595643"></a><p>[<abbr class="abbrev">RFC3597</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gustafsson</span>. </span><span class="title"><i>Handling of Unknown DNS Resource Record (RR) Types</i>. </span><span class="pubdate">September 2003. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">
<acronym class="acronym">DNS</acronym> and the Internet</h3>
<div class="biblioentry">
<a name="id2595413"></a><p>[<abbr class="abbrev">RFC1101</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Network Names
<a name="id2595675"></a><p>[<abbr class="abbrev">RFC1101</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Network Names
and Other Types</i>. </span><span class="pubdate">April 1989. </span></p>
</div>
<div class="biblioentry">
<a name="id2595438"></a><p>[<abbr class="abbrev">RFC1123</abbr>] <span class="author"><span class="surname">Braden</span>. </span><span class="title"><i>Requirements for Internet Hosts - Application and
<a name="id2595701"></a><p>[<abbr class="abbrev">RFC1123</abbr>] <span class="author"><span class="surname">Braden</span>. </span><span class="title"><i>Requirements for Internet Hosts - Application and
Support</i>. </span><span class="pubdate">October 1989. </span></p>
</div>
<div class="biblioentry">
<a name="id2595461"></a><p>[<abbr class="abbrev">RFC1591</abbr>] <span class="author"><span class="firstname">J.</span> <span class="surname">Postel</span>. </span><span class="title"><i>Domain Name System Structure and Delegation</i>. </span><span class="pubdate">March 1994. </span></p>
<a name="id2595723"></a><p>[<abbr class="abbrev">RFC1591</abbr>] <span class="author"><span class="firstname">J.</span> <span class="surname">Postel</span>. </span><span class="title"><i>Domain Name System Structure and Delegation</i>. </span><span class="pubdate">March 1994. </span></p>
</div>
<div class="biblioentry">
<a name="id2595484"></a><p>[<abbr class="abbrev">RFC2317</abbr>] <span class="authorgroup"><span class="firstname">H.</span> <span class="surname">Eidnes</span>, <span class="firstname">G.</span> <span class="surname">de Groot</span>, and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Classless IN-ADDR.ARPA Delegation</i>. </span><span class="pubdate">March 1998. </span></p>
<a name="id2595747"></a><p>[<abbr class="abbrev">RFC2317</abbr>] <span class="authorgroup"><span class="firstname">H.</span> <span class="surname">Eidnes</span>, <span class="firstname">G.</span> <span class="surname">de Groot</span>, and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Classless IN-ADDR.ARPA Delegation</i>. </span><span class="pubdate">March 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2595530"></a><p>[<abbr class="abbrev">RFC2826</abbr>] <span class="authorgroup"><span class="surname">Internet Architecture Board</span>. </span><span class="title"><i>IAB Technical Comment on the Unique DNS Root</i>. </span><span class="pubdate">May 2000. </span></p>
<a name="id2595793"></a><p>[<abbr class="abbrev">RFC2826</abbr>] <span class="authorgroup"><span class="surname">Internet Architecture Board</span>. </span><span class="title"><i>IAB Technical Comment on the Unique DNS Root</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2595554"></a><p>[<abbr class="abbrev">RFC2929</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, <span class="firstname">E.</span> <span class="surname">Brunner-Williams</span>, and <span class="firstname">B.</span> <span class="surname">Manning</span>. </span><span class="title"><i>Domain Name System (DNS) IANA Considerations</i>. </span><span class="pubdate">September 2000. </span></p>
<a name="id2595816"></a><p>[<abbr class="abbrev">RFC2929</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, <span class="firstname">E.</span> <span class="surname">Brunner-Williams</span>, and <span class="firstname">B.</span> <span class="surname">Manning</span>. </span><span class="title"><i>Domain Name System (DNS) IANA Considerations</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">
<acronym class="acronym">DNS</acronym> Operations</h3>
<div class="biblioentry">
<a name="id2595611"></a><p>[<abbr class="abbrev">RFC1033</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Lottor</span>. </span><span class="title"><i>Domain administrators operations guide.</i>. </span><span class="pubdate">November 1987. </span></p>
<a name="id2595874"></a><p>[<abbr class="abbrev">RFC1033</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Lottor</span>. </span><span class="title"><i>Domain administrators operations guide.</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
<div class="biblioentry">
<a name="id2595635"></a><p>[<abbr class="abbrev">RFC1537</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Beertema</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Data File
<a name="id2595897"></a><p>[<abbr class="abbrev">RFC1537</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Beertema</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Data File
Configuration Errors</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
<a name="id2595661"></a><p>[<abbr class="abbrev">RFC1912</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Barr</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Operational and
<a name="id2595924"></a><p>[<abbr class="abbrev">RFC1912</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Barr</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Operational and
Configuration Errors</i>. </span><span class="pubdate">February 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2595688"></a><p>[<abbr class="abbrev">RFC2010</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Operational Criteria for Root Name Servers.</i>. </span><span class="pubdate">October 1996. </span></p>
<a name="id2595950"></a><p>[<abbr class="abbrev">RFC2010</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Operational Criteria for Root Name Servers.</i>. </span><span class="pubdate">October 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2595724"></a><p>[<abbr class="abbrev">RFC2219</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Hamilton</span> and <span class="firstname">R.</span> <span class="surname">Wright</span>. </span><span class="title"><i>Use of <acronym class="acronym">DNS</acronym> Aliases for
<a name="id2595987"></a><p>[<abbr class="abbrev">RFC2219</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Hamilton</span> and <span class="firstname">R.</span> <span class="surname">Wright</span>. </span><span class="title"><i>Use of <acronym class="acronym">DNS</acronym> Aliases for
Network Services.</i>. </span><span class="pubdate">October 1997. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Internationalized Domain Names</h3>
<div class="biblioentry">
<a name="id2595770"></a><p>[<abbr class="abbrev">RFC2825</abbr>] <span class="authorgroup"><span class="surname">IAB</span> and <span class="firstname">R.</span> <span class="surname">Daigle</span>. </span><span class="title"><i>A Tangled Web: Issues of I18N, Domain Names,
<a name="id2596033"></a><p>[<abbr class="abbrev">RFC2825</abbr>] <span class="authorgroup"><span class="surname">IAB</span> and <span class="firstname">R.</span> <span class="surname">Daigle</span>. </span><span class="title"><i>A Tangled Web: Issues of I18N, Domain Names,
and the Other Internet protocols</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2595802"></a><p>[<abbr class="abbrev">RFC3490</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Faltstrom</span>, <span class="firstname">P.</span> <span class="surname">Hoffman</span>, and <span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Internationalizing Domain Names in Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
<a name="id2596065"></a><p>[<abbr class="abbrev">RFC3490</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Faltstrom</span>, <span class="firstname">P.</span> <span class="surname">Hoffman</span>, and <span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Internationalizing Domain Names in Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2595848"></a><p>[<abbr class="abbrev">RFC3491</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Hoffman</span> and <span class="firstname">M.</span> <span class="surname">Blanchet</span>. </span><span class="title"><i>Nameprep: A Stringprep Profile for Internationalized Domain Names</i>. </span><span class="pubdate">March 2003. </span></p>
<a name="id2596110"></a><p>[<abbr class="abbrev">RFC3491</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Hoffman</span> and <span class="firstname">M.</span> <span class="surname">Blanchet</span>. </span><span class="title"><i>Nameprep: A Stringprep Profile for Internationalized Domain Names</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2595883"></a><p>[<abbr class="abbrev">RFC3492</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Punycode: A Bootstring encoding of Unicode
<a name="id2596146"></a><p>[<abbr class="abbrev">RFC3492</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Punycode: A Bootstring encoding of Unicode
for Internationalized Domain Names in
Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
@ -489,47 +489,47 @@
</p>
</div>
<div class="biblioentry">
<a name="id2595928"></a><p>[<abbr class="abbrev">RFC1464</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Rosenbaum</span>. </span><span class="title"><i>Using the Domain Name System To Store Arbitrary String
<a name="id2596190"></a><p>[<abbr class="abbrev">RFC1464</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Rosenbaum</span>. </span><span class="title"><i>Using the Domain Name System To Store Arbitrary String
Attributes</i>. </span><span class="pubdate">May 1993. </span></p>
</div>
<div class="biblioentry">
<a name="id2595950"></a><p>[<abbr class="abbrev">RFC1713</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Romao</span>. </span><span class="title"><i>Tools for <acronym class="acronym">DNS</acronym> Debugging</i>. </span><span class="pubdate">November 1994. </span></p>
<a name="id2596213"></a><p>[<abbr class="abbrev">RFC1713</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Romao</span>. </span><span class="title"><i>Tools for <acronym class="acronym">DNS</acronym> Debugging</i>. </span><span class="pubdate">November 1994. </span></p>
</div>
<div class="biblioentry">
<a name="id2595976"></a><p>[<abbr class="abbrev">RFC1794</abbr>] <span class="author"><span class="firstname">T.</span> <span class="surname">Brisco</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Support for Load
<a name="id2596238"></a><p>[<abbr class="abbrev">RFC1794</abbr>] <span class="author"><span class="firstname">T.</span> <span class="surname">Brisco</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Support for Load
Balancing</i>. </span><span class="pubdate">April 1995. </span></p>
</div>
<div class="biblioentry">
<a name="id2596002"></a><p>[<abbr class="abbrev">RFC2240</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Legal Basis for Domain Name Allocation</i>. </span><span class="pubdate">November 1997. </span></p>
<a name="id2596332"></a><p>[<abbr class="abbrev">RFC2240</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Legal Basis for Domain Name Allocation</i>. </span><span class="pubdate">November 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2596025"></a><p>[<abbr class="abbrev">RFC2345</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>, <span class="firstname">T.</span> <span class="surname">Wolf</span>, and <span class="firstname">G.</span> <span class="surname">Oglesby</span>. </span><span class="title"><i>Domain Names and Company Name Retrieval</i>. </span><span class="pubdate">May 1998. </span></p>
<a name="id2596356"></a><p>[<abbr class="abbrev">RFC2345</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>, <span class="firstname">T.</span> <span class="surname">Wolf</span>, and <span class="firstname">G.</span> <span class="surname">Oglesby</span>. </span><span class="title"><i>Domain Names and Company Name Retrieval</i>. </span><span class="pubdate">May 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2596071"></a><p>[<abbr class="abbrev">RFC2352</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Convention For Using Legal Names as Domain Names</i>. </span><span class="pubdate">May 1998. </span></p>
<a name="id2596402"></a><p>[<abbr class="abbrev">RFC2352</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Convention For Using Legal Names as Domain Names</i>. </span><span class="pubdate">May 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2596094"></a><p>[<abbr class="abbrev">RFC3071</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>. </span><span class="title"><i>Reflections on the DNS, RFC 1591, and Categories of Domains</i>. </span><span class="pubdate">February 2001. </span></p>
<a name="id2596425"></a><p>[<abbr class="abbrev">RFC3071</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>. </span><span class="title"><i>Reflections on the DNS, RFC 1591, and Categories of Domains</i>. </span><span class="pubdate">February 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2596121"></a><p>[<abbr class="abbrev">RFC3258</abbr>] <span class="authorgroup"><span class="firstname">T.</span> <span class="surname">Hardie</span>. </span><span class="title"><i>Distributing Authoritative Name Servers via
<a name="id2596452"></a><p>[<abbr class="abbrev">RFC3258</abbr>] <span class="authorgroup"><span class="firstname">T.</span> <span class="surname">Hardie</span>. </span><span class="title"><i>Distributing Authoritative Name Servers via
Shared Unicast Addresses</i>. </span><span class="pubdate">April 2002. </span></p>
</div>
<div class="biblioentry">
<a name="id2596147"></a><p>[<abbr class="abbrev">RFC3901</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Durand</span> and <span class="firstname">J.</span> <span class="surname">Ihren</span>. </span><span class="title"><i>DNS IPv6 Transport Operational Guidelines</i>. </span><span class="pubdate">September 2004. </span></p>
<a name="id2596477"></a><p>[<abbr class="abbrev">RFC3901</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Durand</span> and <span class="firstname">J.</span> <span class="surname">Ihren</span>. </span><span class="title"><i>DNS IPv6 Transport Operational Guidelines</i>. </span><span class="pubdate">September 2004. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Obsolete and Unimplemented Experimental RFC</h3>
<div class="biblioentry">
<a name="id2596190"></a><p>[<abbr class="abbrev">RFC1712</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Farrell</span>, <span class="firstname">M.</span> <span class="surname">Schulze</span>, <span class="firstname">S.</span> <span class="surname">Pleitner</span>, and <span class="firstname">D.</span> <span class="surname">Baldoni</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Geographical
<a name="id2596521"></a><p>[<abbr class="abbrev">RFC1712</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Farrell</span>, <span class="firstname">M.</span> <span class="surname">Schulze</span>, <span class="firstname">S.</span> <span class="surname">Pleitner</span>, and <span class="firstname">D.</span> <span class="surname">Baldoni</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Geographical
Location</i>. </span><span class="pubdate">November 1994. </span></p>
</div>
<div class="biblioentry">
<a name="id2596248"></a><p>[<abbr class="abbrev">RFC2673</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Binary Labels in the Domain Name System</i>. </span><span class="pubdate">August 1999. </span></p>
<a name="id2596579"></a><p>[<abbr class="abbrev">RFC2673</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Binary Labels in the Domain Name System</i>. </span><span class="pubdate">August 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2596275"></a><p>[<abbr class="abbrev">RFC2874</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span> and <span class="firstname">C.</span> <span class="surname">Huitema</span>. </span><span class="title"><i>DNS Extensions to Support IPv6 Address Aggregation
<a name="id2596605"></a><p>[<abbr class="abbrev">RFC2874</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span> and <span class="firstname">C.</span> <span class="surname">Huitema</span>. </span><span class="title"><i>DNS Extensions to Support IPv6 Address Aggregation
and Renumbering</i>. </span><span class="pubdate">July 2000. </span></p>
</div>
</div>
@ -543,39 +543,39 @@
</p>
</div>
<div class="biblioentry">
<a name="id2596323"></a><p>[<abbr class="abbrev">RFC2065</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">C.</span> <span class="surname">Kaufman</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">January 1997. </span></p>
<a name="id2596653"></a><p>[<abbr class="abbrev">RFC2065</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">C.</span> <span class="surname">Kaufman</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">January 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2596362"></a><p>[<abbr class="abbrev">RFC2137</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secure Domain Name System Dynamic Update</i>. </span><span class="pubdate">April 1997. </span></p>
<a name="id2596693"></a><p>[<abbr class="abbrev">RFC2137</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secure Domain Name System Dynamic Update</i>. </span><span class="pubdate">April 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2596389"></a><p>[<abbr class="abbrev">RFC2535</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">March 1999. </span></p>
<a name="id2596720"></a><p>[<abbr class="abbrev">RFC2535</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2596419"></a><p>[<abbr class="abbrev">RFC3008</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Domain Name System Security (DNSSEC)
<a name="id2596818"></a><p>[<abbr class="abbrev">RFC3008</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Domain Name System Security (DNSSEC)
Signing Authority</i>. </span><span class="pubdate">November 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2596444"></a><p>[<abbr class="abbrev">RFC3090</abbr>] <span class="authorgroup"><span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>DNS Security Extension Clarification on Zone Status</i>. </span><span class="pubdate">March 2001. </span></p>
<a name="id2596843"></a><p>[<abbr class="abbrev">RFC3090</abbr>] <span class="authorgroup"><span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>DNS Security Extension Clarification on Zone Status</i>. </span><span class="pubdate">March 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2596471"></a><p>[<abbr class="abbrev">RFC3445</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Massey</span> and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Limiting the Scope of the KEY Resource Record (RR)</i>. </span><span class="pubdate">December 2002. </span></p>
<a name="id2596870"></a><p>[<abbr class="abbrev">RFC3445</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Massey</span> and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Limiting the Scope of the KEY Resource Record (RR)</i>. </span><span class="pubdate">December 2002. </span></p>
</div>
<div class="biblioentry">
<a name="id2596507"></a><p>[<abbr class="abbrev">RFC3655</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Redefinition of DNS Authenticated Data (AD) bit</i>. </span><span class="pubdate">November 2003. </span></p>
<a name="id2596906"></a><p>[<abbr class="abbrev">RFC3655</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Redefinition of DNS Authenticated Data (AD) bit</i>. </span><span class="pubdate">November 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2596544"></a><p>[<abbr class="abbrev">RFC3658</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Delegation Signer (DS) Resource Record (RR)</i>. </span><span class="pubdate">December 2003. </span></p>
<a name="id2596942"></a><p>[<abbr class="abbrev">RFC3658</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Delegation Signer (DS) Resource Record (RR)</i>. </span><span class="pubdate">December 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2596570"></a><p>[<abbr class="abbrev">RFC3755</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Weiler</span>. </span><span class="title"><i>Legacy Resolver Compatibility for Delegation Signer (DS)</i>. </span><span class="pubdate">May 2004. </span></p>
<a name="id2596969"></a><p>[<abbr class="abbrev">RFC3755</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Weiler</span>. </span><span class="title"><i>Legacy Resolver Compatibility for Delegation Signer (DS)</i>. </span><span class="pubdate">May 2004. </span></p>
</div>
<div class="biblioentry">
<a name="id2596597"></a><p>[<abbr class="abbrev">RFC3757</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Kolkman</span>, <span class="firstname">J.</span> <span class="surname">Schlyter</span>, and <span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>Domain Name System KEY (DNSKEY) Resource Record
<a name="id2596996"></a><p>[<abbr class="abbrev">RFC3757</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Kolkman</span>, <span class="firstname">J.</span> <span class="surname">Schlyter</span>, and <span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>Domain Name System KEY (DNSKEY) Resource Record
(RR) Secure Entry Point (SEP) Flag</i>. </span><span class="pubdate">April 2004. </span></p>
</div>
<div class="biblioentry">
<a name="id2596642"></a><p>[<abbr class="abbrev">RFC3845</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Schlyter</span>. </span><span class="title"><i>DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format</i>. </span><span class="pubdate">August 2004. </span></p>
<a name="id2597041"></a><p>[<abbr class="abbrev">RFC3845</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Schlyter</span>. </span><span class="title"><i>DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format</i>. </span><span class="pubdate">August 2004. </span></p>
</div>
</div>
</div>
@ -596,14 +596,14 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2596683"></a>Other Documents About <acronym class="acronym">BIND</acronym>
<a name="id2597082"></a>Other Documents About <acronym class="acronym">BIND</acronym>
</h3></div></div></div>
<p></p>
<div class="bibliography">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2596693"></a>Bibliography</h4></div></div></div>
<a name="id2597092"></a>Bibliography</h4></div></div></div>
<div class="biblioentry">
<a name="id2596695"></a><p><span class="authorgroup"><span class="firstname">Paul</span> <span class="surname">Albitz</span> and <span class="firstname">Cricket</span> <span class="surname">Liu</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></i>. </span><span class="copyright">Copyright © 1998 Sebastopol, CA: O'Reilly and Associates. </span></p>
<a name="id2597094"></a><p><span class="authorgroup"><span class="firstname">Paul</span> <span class="surname">Albitz</span> and <span class="firstname">Cricket</span> <span class="surname">Liu</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></i>. </span><span class="copyright">Copyright © 1998 Sebastopol, CA: O'Reilly and Associates. </span></p>
</div>
</div>
</div>

4
doc/arm/Bv9ARM.ch10.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.ch10.html,v 1.2.2.6 2007/01/30 00:23:46 marka Exp $ -->
<!-- $Id: Bv9ARM.ch10.html,v 1.2.2.9 2008/05/24 01:31:12 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

150
doc/arm/Bv9ARM.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.html,v 1.85.18.68 2007/10/31 01:35:59 marka Exp $ -->
<!-- $Id: Bv9ARM.html,v 1.85.18.82 2008/10/18 01:29:59 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -40,8 +40,8 @@
<div class="titlepage">
<div>
<div><h1 class="title">
<a name="id2563155"></a>BIND 9 Administrator Reference Manual</h1></div>
<div><p class="copyright">Copyright © 2004-2007 Internet Systems Consortium, Inc. ("ISC")</p></div>
<a name="id2563174"></a>BIND 9 Administrator Reference Manual</h1></div>
<div><p class="copyright">Copyright © 2004-2008 Internet Systems Consortium, Inc. ("ISC")</p></div>
<div><p class="copyright">Copyright © 2000-2003 Internet Software Consortium.</p></div>
</div>
<hr>
@ -51,39 +51,39 @@
<dl>
<dt><span class="chapter"><a href="Bv9ARM.ch01.html">1. Introduction</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564117">Scope of Document</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564140">Organization of This Document</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2563474">Conventions Used in This Document</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564816">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2563405">Scope of Document</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564385">Organization of This Document</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564524">Conventions Used in This Document</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564637">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564837">DNS Fundamentals</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564871">Domains and Domain Names</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567208">Zones</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567285">Authoritative Name Servers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567526">Caching Name Servers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567588">Name Servers in Multiple Roles</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564659">DNS Fundamentals</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564693">Domains and Domain Names</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564845">Zones</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567243">Authoritative Name Servers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567416">Caching Name Servers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567546">Name Servers in Multiple Roles</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch02.html">2. <acronym class="acronym">BIND</acronym> Resource Requirements</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567622">Hardware requirements</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567649">CPU Requirements</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567661">Memory Requirements</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567688">Name Server Intensive Environment Issues</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567699">Supported Operating Systems</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567580">Hardware requirements</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567607">CPU Requirements</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567620">Memory Requirements</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567851">Name Server Intensive Environment Issues</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567862">Supported Operating Systems</a></span></dt>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch03.html">3. Name Server Configuration</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#sample_configuration">Sample Configurations</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568004">A Caching-only Name Server</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568020">An Authoritative-only Name Server</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567894">A Caching-only Name Server</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567910">An Authoritative-only Name Server</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568042">Load Balancing</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568465">Name Server Operations</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568001">Load Balancing</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568423">Name Server Operations</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568470">Tools for Use With the Name Server Daemon</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570184">Signals</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568428">Tools for Use With the Name Server Daemon</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570142">Signals</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch04.html">4. Advanced DNS Features</a></span></dt>
@ -92,34 +92,34 @@
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dynamic_update">Dynamic Update</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#journal">The journal file</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#incremental_zone_transfers">Incremental Zone Transfers (IXFR)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570642">Split DNS</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570660">Example split DNS setup</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570600">Split DNS</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570618">Example split DNS setup</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#tsig">TSIG</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571095">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571169">Copying the Shared Secret to Both Machines</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571179">Informing the Servers of the Key's Existence</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571219">Instructing the Server to Use the Key</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571413">TSIG Key Based Access Control</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571458">Errors</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570985">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571127">Copying the Shared Secret to Both Machines</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571138">Informing the Servers of the Key's Existence</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571177">Instructing the Server to Use the Key</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571303">TSIG Key Based Access Control</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571416">Errors</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571472">TKEY</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571521">SIG(0)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571430">TKEY</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571547">SIG(0)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#DNSSEC">DNSSEC</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571725">Generating Keys</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571795">Signing the Zone</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571874">Configuring Servers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571684">Generating Keys</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571753">Signing the Zone</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571832">Configuring Servers</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2572153">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571975">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572215">Address Lookups Using AAAA Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572236">Address to Name Lookups Using Nibble Format</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572173">Address Lookups Using AAAA Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572195">Address to Name Lookups Using Nibble Format</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch05.html">5. The <acronym class="acronym">BIND</acronym> 9 Lightweight Resolver</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2572269">The Lightweight Resolver Library</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2572228">The Lightweight Resolver Library</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#lwresd">Running a Resolver Daemon</a></span></dt>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch06.html">6. <acronym class="acronym">BIND</acronym> 9 Configuration Reference</a></span></dt>
@ -127,83 +127,83 @@
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#configuration_file_elements">Configuration File Elements</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#address_match_lists">Address Match Lists</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2573480">Comment Syntax</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2573436">Comment Syntax</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#Configuration_File_Grammar">Configuration File Grammar</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574092"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574117"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#acl"><span><strong class="command">acl</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574282"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574307"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage"><span><strong class="command">controls</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574711"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574726"><span><strong class="command">include</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574736"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574753"><span><strong class="command">include</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574749"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574771"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574930"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575056"><span><strong class="command">logging</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574776"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574800"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574958"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575084"><span><strong class="command">logging</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576406"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576480"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576544"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576587"><span><strong class="command">masters</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576435"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576508"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576572"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576616"><span><strong class="command">masters</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576602"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576631"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#options"><span><strong class="command">options</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_grammar"><span><strong class="command">server</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_definition_and_usage"><span><strong class="command">server</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2585361"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2585410"><span><strong class="command">trusted-keys</strong></span> Statement Definition
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2585614"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2585666"><span><strong class="command">trusted-keys</strong></span> Statement Definition
and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#view_statement_grammar"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2585490"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2585748"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span><strong class="command">zone</strong></span>
Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2586798"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587332"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2589080">Zone File</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2589477">Zone File</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591101">Discussion of MX Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591500">Discussion of MX Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591653">Inverse Mapping in IPv4</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591848">Other Zone File Directives</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2592173"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2592188">Inverse Mapping in IPv4</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2592384">Other Zone File Directives</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2592572"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zonefile_format">Additional File Formats</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch07.html">7. <acronym class="acronym">BIND</acronym> 9 Security Considerations</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2592714"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2593181"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2592791">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2592851">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2593326">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2593386">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#dynamic_update_security">Dynamic Update Security</a></span></dt>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch08.html">8. Troubleshooting</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2592999">Common Problems</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2593004">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2593016">Incrementing and Changing the Serial Number</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2593033">Where Can I Get Help?</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2593466">Common Problems</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2593472">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2593483">Incrementing and Changing the Serial Number</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2593500">Where Can I Get Help?</a></span></dt>
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch09.html">A. Appendices</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2593300">Acknowledgments</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2593630">Acknowledgments</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#historical_dns_information">A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2593472">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2593802">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#ipv6addresses">IPv6 addresses (AAAA)</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bibliography">Bibliography (and Suggested Reading)</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#rfcs">Request for Comments (RFCs)</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#internet_drafts">Internet Drafts</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2596683">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2597082">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="reference"><a href="Bv9ARM.ch10.html">I. Manual pages</a></span></dt>

9677
doc/arm/Bv9ARM.pdf
View File

File diff suppressed because one or more lines are too long

36
doc/arm/man.dig.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.dig.html,v 1.2.2.48 2007/10/31 01:35:59 marka Exp $ -->
<!-- $Id: man.dig.html,v 1.2.2.65 2008/10/18 01:29:59 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -47,12 +47,12 @@
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">dig</code> [@server] [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-k <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] [<code class="option">-q <em class="replaceable"><code>name</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]name:key</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [name] [type] [class] [queryopt...]</p></div>
<div class="cmdsynopsis"><p><code class="command">dig</code> [@server] [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-k <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-m</code>] [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] [<code class="option">-q <em class="replaceable"><code>name</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]name:key</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [name] [type] [class] [queryopt...]</p></div>
<div class="cmdsynopsis"><p><code class="command">dig</code> [<code class="option">-h</code>]</p></div>
<div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2564025"></a><h2>DESCRIPTION</h2>
<a name="id2563849"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dig</strong></span>
(domain information groper) is a flexible tool
for interrogating DNS name servers. It performs DNS lookups and
@ -80,8 +80,8 @@
<code class="filename">/etc/resolv.conf</code>.
</p>
<p>
When no command line arguments or options are given, will perform an
NS query for "." (the root).
When no command line arguments or options are given,
<span><strong class="command">dig</strong></span> will perform an NS query for "." (the root).
</p>
<p>
It is possible to set per-user defaults for <span><strong class="command">dig</strong></span> via
@ -92,13 +92,13 @@
<p>
The IN and CH class names overlap with the IN and CH top level
domains names. Either use the <code class="option">-t</code> and
<code class="option">-c</code> options to specify the type and class or
use the <code class="option">-q</code> the specify the domain name or
<code class="option">-c</code> options to specify the type and class,
use the <code class="option">-q</code> the specify the domain name, or
use "IN." and "CH." when looking up these top level domains.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2569712"></a><h2>SIMPLE USAGE</h2>
<a name="id2563944"></a><h2>SIMPLE USAGE</h2>
<p>
A typical invocation of <span><strong class="command">dig</strong></span> looks like:
</p>
@ -144,7 +144,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2623002"></a><h2>OPTIONS</h2>
<a name="id2569789"></a><h2>OPTIONS</h2>
<p>
The <code class="option">-b</code> option sets the source IP address of the query
to <em class="parameter"><code>address</code></em>. This must be a valid
@ -169,6 +169,10 @@
the same way they would be presented as queries to
<span><strong class="command">dig</strong></span> using the command-line interface.
</p>
<p>
The <code class="option">-m</code> option enables memory usage debugging.
</p>
<p>
If a non-standard port number is to be queried, the
<code class="option">-p</code> option is used. <em class="parameter"><code>port#</code></em> is
@ -244,7 +248,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2649413"></a><h2>QUERY OPTIONS</h2>
<a name="id2624336"></a><h2>QUERY OPTIONS</h2>
<p><span><strong class="command">dig</strong></span>
provides a number of query options which affect
the way in which lookups are made and the results displayed. Some of
@ -563,7 +567,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2650468"></a><h2>MULTIPLE QUERIES</h2>
<a name="id2625254"></a><h2>MULTIPLE QUERIES</h2>
<p>
The BIND 9 implementation of <span><strong class="command">dig </strong></span>
supports
@ -609,7 +613,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2650553"></a><h2>IDN SUPPORT</h2>
<a name="id2625408"></a><h2>IDN SUPPORT</h2>
<p>
If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
@ -623,14 +627,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2650582"></a><h2>FILES</h2>
<a name="id2625436"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
<p><code class="filename">${HOME}/.digrc</code>
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2650603"></a><h2>SEE ALSO</h2>
<a name="id2625458"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
@ -638,7 +642,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2650641"></a><h2>BUGS</h2>
<a name="id2625495"></a><h2>BUGS</h2>
<p>
There are probably too many query options.
</p>

20
doc/arm/man.dnssec-keygen.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.dnssec-keygen.html,v 1.2.2.47 2007/10/31 01:35:59 marka Exp $ -->
<!-- $Id: man.dnssec-keygen.html,v 1.2.2.66 2008/10/18 01:29:59 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> {-a <em class="replaceable"><code>algorithm</code></em>} {-b <em class="replaceable"><code>keysize</code></em>} {-n <em class="replaceable"><code>nametype</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k</code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2597830"></a><h2>DESCRIPTION</h2>
<a name="id2598403"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-keygen</strong></span>
generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
and RFC 4034. It can also generate keys for use with
@ -58,7 +58,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2597844"></a><h2>OPTIONS</h2>
<a name="id2598417"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
@ -166,7 +166,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2598187"></a><h2>GENERATED KEYS</h2>
<a name="id2598692"></a><h2>GENERATED KEYS</h2>
<p>
When <span><strong class="command">dnssec-keygen</strong></span> completes
successfully,
@ -212,7 +212,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2598295"></a><h2>EXAMPLE</h2>
<a name="id2600711"></a><h2>EXAMPLE</h2>
<p>
To generate a 768-bit DSA key for the domain
<strong class="userinput"><code>example.com</code></strong>, the following command would be
@ -233,16 +233,16 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2600195"></a><h2>SEE ALSO</h2>
<a name="id2601518"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 2535</em>,
<em class="citetitle">RFC 2539</em>,
<em class="citetitle">RFC 2845</em>,
<em class="citetitle">RFC 2539</em>.
<em class="citetitle">RFC 4033</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2600226"></a><h2>AUTHOR</h2>
<a name="id2601549"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

16
doc/arm/man.dnssec-signzone.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.dnssec-signzone.html,v 1.2.2.46 2007/10/31 01:35:59 marka Exp $ -->
<!-- $Id: man.dnssec-signzone.html,v 1.2.2.65 2008/10/18 01:29:59 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-p</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-t</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] {zonefile} [key...]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2598823"></a><h2>DESCRIPTION</h2>
<a name="id2599262"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-signzone</strong></span>
signs a zone. It generates
NSEC and RRSIG records and produces a signed version of the
@ -61,7 +61,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2598842"></a><h2>OPTIONS</h2>
<a name="id2599282"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a</span></dt>
<dd><p>
@ -259,7 +259,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2641307"></a><h2>EXAMPLE</h2>
<a name="id2653693"></a><h2>EXAMPLE</h2>
<p>
The following command signs the <strong class="userinput"><code>example.com</code></strong>
zone with the DSA key generated by <span><strong class="command">dnssec-keygen</strong></span>
@ -288,14 +288,14 @@ db.example.com.signed
%</pre>
</div>
<div class="refsect1" lang="en">
<a name="id2641380"></a><h2>SEE ALSO</h2>
<a name="id2653766"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 2535</em>.
<em class="citetitle">RFC 4033</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2641404"></a><h2>AUTHOR</h2>
<a name="id2653790"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

14
doc/arm/man.host.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.host.html,v 1.2.2.46 2007/10/31 01:35:59 marka Exp $ -->
<!-- $Id: man.host.html,v 1.2.2.64 2008/10/18 01:29:59 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">host</code> [<code class="option">-aCdlnrsTwv</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>] [<code class="option">-R <em class="replaceable"><code>number</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] {name} [server]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2597000"></a><h2>DESCRIPTION</h2>
<a name="id2597501"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">host</strong></span>
is a simple utility for performing DNS lookups.
It is normally used to convert names to IP addresses and vice versa.
@ -166,7 +166,7 @@
NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified,
<span><strong class="command">host</strong></span> automatically selects an appropriate
query
type. By default it looks for A records, but if the
type. By default it looks for A, AAAA, and MX records, but if the
<code class="option">-C</code> option was given, queries will be made for SOA
records, and if <em class="parameter"><code>name</code></em> is a
dotted-decimal IPv4
@ -202,7 +202,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2597514"></a><h2>IDN SUPPORT</h2>
<a name="id2597947"></a><h2>IDN SUPPORT</h2>
<p>
If <span><strong class="command">host</strong></span> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
@ -216,12 +216,12 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2597543"></a><h2>FILES</h2>
<a name="id2598044"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2597557"></a><h2>SEE ALSO</h2>
<a name="id2598058"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
</p>

14
doc/arm/man.named-checkconf.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.named-checkconf.html,v 1.2.2.49 2007/10/31 01:35:59 marka Exp $ -->
<!-- $Id: man.named-checkconf.html,v 1.2.2.67 2008/10/18 01:29:59 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,14 +50,14 @@
<div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [<code class="option">-v</code>] [<code class="option">-j</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename} [<code class="option">-z</code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2599604"></a><h2>DESCRIPTION</h2>
<a name="id2599904"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named-checkconf</strong></span>
checks the syntax, but not the semantics, of a named
configuration file.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2599618"></a><h2>OPTIONS</h2>
<a name="id2599917"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
<dd><p>
@ -88,21 +88,21 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2599720"></a><h2>RETURN VALUES</h2>
<a name="id2600020"></a><h2>RETURN VALUES</h2>
<p><span><strong class="command">named-checkconf</strong></span>
returns an exit status of 1 if
errors were detected and 0 otherwise.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2599734"></a><h2>SEE ALSO</h2>
<a name="id2600034"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2599764"></a><h2>AUTHOR</h2>
<a name="id2600064"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

14
doc/arm/man.named-checkzone.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.named-checkzone.html,v 1.2.2.52 2007/10/31 01:35:59 marka Exp $ -->
<!-- $Id: man.named-checkzone.html,v 1.2.2.70 2008/10/18 01:29:59 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -51,7 +51,7 @@
<div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2600689"></a><h2>DESCRIPTION</h2>
<a name="id2601603"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named-checkzone</strong></span>
checks the syntax and integrity of a zone file. It performs the
same checks as <span><strong class="command">named</strong></span> does when loading a
@ -71,7 +71,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2600739"></a><h2>OPTIONS</h2>
<a name="id2601653"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-d</span></dt>
<dd><p>
@ -251,14 +251,14 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2655177"></a><h2>RETURN VALUES</h2>
<a name="id2656364"></a><h2>RETURN VALUES</h2>
<p><span><strong class="command">named-checkzone</strong></span>
returns an exit status of 1 if
errors were detected and 0 otherwise.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2655191"></a><h2>SEE ALSO</h2>
<a name="id2656378"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
<em class="citetitle">RFC 1035</em>,
@ -266,7 +266,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2655224"></a><h2>AUTHOR</h2>
<a name="id2656480"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

45
doc/arm/man.named.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.named.html,v 1.2.2.53 2007/10/31 01:35:59 marka Exp $ -->
<!-- $Id: man.named.html,v 1.2.2.72 2008/10/18 01:29:59 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -47,10 +47,10 @@
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div>
<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-S <em class="replaceable"><code>#max-socks</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2601798"></a><h2>DESCRIPTION</h2>
<a name="id2602169"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named</strong></span>
is a Domain Name System (DNS) server,
part of the BIND 9 distribution from ISC. For more
@ -65,7 +65,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2601829"></a><h2>OPTIONS</h2>
<a name="id2602200"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-4</span></dt>
<dd><p>
@ -144,6 +144,31 @@
</p>
</div>
</dd>
<dt><span class="term">-S <em class="replaceable"><code>#max-socks</code></em></span></dt>
<dd>
<p>
Allow <span><strong class="command">named</strong></span> to use up to
<em class="replaceable"><code>#max-socks</code></em> sockets.
</p>
<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Warning</h3>
<p>
This option should be unnecessary for the vast majority
of users.
The use of this option could even be harmful because the
specified value may exceed the limitation of the
underlying system API.
It is therefore set only when the default configuration
causes exhaustion of file descriptors and the
operational environment is known to support the
specified number of sockets.
Note also that the actual maximum number is normally a little
fewer than the specified value because
<span><strong class="command">named</strong></span> reserves some file descriptors
for its internal use.
</p>
</div>
</dd>
<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
<dd>
<p>Chroot
@ -209,7 +234,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2604492"></a><h2>SIGNALS</h2>
<a name="id2603333"></a><h2>SIGNALS</h2>
<p>
In routine operation, signals should not be used to control
the nameserver; <span><strong class="command">rndc</strong></span> should be used
@ -230,7 +255,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2604542"></a><h2>CONFIGURATION</h2>
<a name="id2605226"></a><h2>CONFIGURATION</h2>
<p>
The <span><strong class="command">named</strong></span> configuration file is too complex
to describe in detail here. A complete description is provided
@ -239,7 +264,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2604562"></a><h2>FILES</h2>
<a name="id2605245"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="filename">/etc/named.conf</code></span></dt>
<dd><p>
@ -252,7 +277,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2604605"></a><h2>SEE ALSO</h2>
<a name="id2645430"></a><h2>SEE ALSO</h2>
<p><em class="citetitle">RFC 1033</em>,
<em class="citetitle">RFC 1034</em>,
<em class="citetitle">RFC 1035</em>,
@ -265,7 +290,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2604881"></a><h2>AUTHOR</h2>
<a name="id2645500"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

14
doc/arm/man.rndc-confgen.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.rndc-confgen.html,v 1.2.2.55 2007/10/31 01:35:59 marka Exp $ -->
<!-- $Id: man.rndc-confgen.html,v 1.2.2.76 2008/10/18 01:29:59 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -48,7 +48,7 @@
<div class="cmdsynopsis"><p><code class="command">rndc-confgen</code> [<code class="option">-a</code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-c <em class="replaceable"><code>keyfile</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [<code class="option">-s <em class="replaceable"><code>address</code></em></code>] [<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2605524"></a><h2>DESCRIPTION</h2>
<a name="id2605546"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">rndc-confgen</strong></span>
generates configuration files
for <span><strong class="command">rndc</strong></span>. It can be used as a
@ -64,7 +64,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2605590"></a><h2>OPTIONS</h2>
<a name="id2605612"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a</span></dt>
<dd>
@ -171,7 +171,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2606454"></a><h2>EXAMPLES</h2>
<a name="id2606203"></a><h2>EXAMPLES</h2>
<p>
To allow <span><strong class="command">rndc</strong></span> to be used with
no manual configuration, run
@ -188,7 +188,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2609036"></a><h2>SEE ALSO</h2>
<a name="id2607830"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
@ -196,7 +196,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2609075"></a><h2>AUTHOR</h2>
<a name="id2607868"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

14
doc/arm/man.rndc.conf.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.rndc.conf.html,v 1.2.2.55 2007/10/31 01:35:59 marka Exp $ -->
<!-- $Id: man.rndc.conf.html,v 1.2.2.75 2008/10/18 01:29:59 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">rndc.conf</code> </p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2603676"></a><h2>DESCRIPTION</h2>
<a name="id2604313"></a><h2>DESCRIPTION</h2>
<p><code class="filename">rndc.conf</code> is the configuration file
for <span><strong class="command">rndc</strong></span>, the BIND 9 name server control
utility. This file has a similar structure and syntax to
@ -135,7 +135,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2604121"></a><h2>EXAMPLE</h2>
<a name="id2604485"></a><h2>EXAMPLE</h2>
<pre class="programlisting">
options {
default-server localhost;
@ -209,7 +209,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2604994"></a><h2>NAME SERVER CONFIGURATION</h2>
<a name="id2604743"></a><h2>NAME SERVER CONFIGURATION</h2>
<p>
The name server must be configured to accept rndc connections and
to recognize the key specified in the <code class="filename">rndc.conf</code>
@ -219,7 +219,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2605019"></a><h2>SEE ALSO</h2>
<a name="id2604769"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">mmencode</span>(1)</span>,
@ -227,7 +227,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2605058"></a><h2>AUTHOR</h2>
<a name="id2604807"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

15
doc/arm/man.rndc.html
View File

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.rndc.html,v 1.2.2.54 2007/10/31 01:35:59 marka Exp $ -->
<!-- $Id: man.rndc.html,v 1.2.2.74 2008/10/18 01:29:59 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">rndc</code> [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2603169"></a><h2>DESCRIPTION</h2>
<a name="id2603601"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">rndc</strong></span>
controls the operation of a name
server. It supersedes the <span><strong class="command">ndc</strong></span> utility
@ -79,7 +79,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2603219"></a><h2>OPTIONS</h2>
<a name="id2603651"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt>
<dd><p>
@ -151,7 +151,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2603512"></a><h2>LIMITATIONS</h2>
<a name="id2603876"></a><h2>LIMITATIONS</h2>
<p><span><strong class="command">rndc</strong></span>
does not yet support all the commands of
the BIND 8 <span><strong class="command">ndc</strong></span> utility.
@ -165,8 +165,9 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2603543"></a><h2>SEE ALSO</h2>
<a name="id2604043"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">ndc</span>(8)</span>,
@ -174,7 +175,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2603590"></a><h2>AUTHOR</h2>
<a name="id2604099"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

3
doc/misc/Makefile.in
View File

@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: Makefile.in,v 1.3.18.3 2007/08/28 07:20:03 tbox Exp $
# $Id: Makefile.in,v 1.3.18.4 2007/12/02 22:36:01 marka Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@ -40,6 +40,7 @@ CFG_TEST = ../../bin/tests/cfg_test
options: FORCE
if test -x ${CFG_TEST} && \
${CFG_TEST} --named --grammar | \
${PERL} ${srcdir}/sort-options.pl | \
${PERL} ${srcdir}/format-options.pl >$@.new ; then \
mv -f $@.new $@ ; \
else \

29
doc/misc/format-options.pl
View File

@ -1,9 +1,9 @@
#!/usr/bin/perl
#
# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2001 Internet Software Consortium.
#
# Permission to use, copy, modify, and distribute this software for any
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
@ -15,7 +15,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: format-options.pl,v 1.2 2004/03/05 05:04:53 marka Exp $
# $Id: format-options.pl,v 1.2.18.2 2007/12/02 23:46:31 tbox Exp $
print <<END;
@ -26,11 +26,24 @@ END
# Break long lines
while (<>) {
chomp;
s/\t/ /g;
if (length >= 79) {
m!^( *)!;
my $indent = $1;
s!^(.{0,75}) (.*)$!\1\n$indent \2!;
my $line = $_;
m!^( *)!;
my $indent = $1;
my $comment = "";
if ( $line =~ m!//.*! ) {
$comment = $&;
$line =~ s!//.*!!;
}
print;
my $start = "";
while (length($line) >= 79 - length($comment)) {
$_ = $line;
# this makes sure that the comment has something in front of it
$len = 75 - length($comment);
m!^(.{0,$len}) (.*)$!;
$start = $start.$1."\n";
$line = $indent." ".$2;
}
print $start.$line.$comment."\n";
}

14
doc/misc/migration
View File

@ -1,4 +1,4 @@
Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
Copyright (C) 2004, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
@ -26,6 +26,16 @@ understand the many-answers zone transfer format (e.g., BIND 4.9.5 or
older) you need to explicitly specify "transfer-format one-answer;" in
either the options block or a server statement.
BIND 9.4 onwards implements "allow-query-cache". The "allow-query"
option is no longer used to specify access to the cache. The
"allow-query" option continues to specify which hosts are allowed
to ask ordinary DNS questions. The new "allow-query-cache" option
is used to specify which hosts are allowed to get answers from the
cache. Since BIND 9.4.1, if "allow-query-cache" is not set then
"allow-recursion" is used if it is set, otherwise "allow-query" is
used if it is set, otherwise the default localnets and localhost
is used.
1.2. Handling of Configuration File Errors
In BIND 9, named refuses to start if it detects an error in
@ -254,4 +264,4 @@ necessary, the umask should be set explicitly in the script used to
start the named process.
$Id: migration,v 1.45.18.2 2007/09/07 06:34:21 marka Exp $
$Id: migration,v 1.45.18.3 2008/03/18 15:45:43 jreed Exp $

872
doc/misc/options
View File

@ -2,480 +2,488 @@
This is a summary of the named.conf options supported by
this version of BIND 9.
options {
avoid-v4-udp-ports { <port>; ... };
avoid-v6-udp-ports { <port>; ... };
blackhole { <address_match_element>; ... };
coresize <size>;
datasize <size>;
deallocate-on-exit <boolean>; // obsolete
directory <quoted_string>;
dump-file <quoted_string>;
fake-iquery <boolean>; // obsolete
files <size>;
has-old-clients <boolean>; // obsolete
heartbeat-interval <integer>;
host-statistics <boolean>; // not implemented
host-statistics-max <integer>; // not implemented
hostname ( <quoted_string> | none );
interface-interval <integer>;
listen-on [ port <integer> ] { <address_match_element>; ... };
listen-on-v6 [ port <integer> ] { <address_match_element>; ... };
match-mapped-addresses <boolean>;
memstatistics-file <quoted_string>;
multiple-cnames <boolean>; // obsolete
named-xfer <quoted_string>; // obsolete
pid-file ( <quoted_string> | none );
port <integer>;
querylog <boolean>;
recursing-file <quoted_string>;
random-device <quoted_string>;
recursive-clients <integer>;
serial-queries <integer>; // obsolete
serial-query-rate <integer>;
server-id ( <quoted_string> | none |;
stacksize <size>;
statistics-file <quoted_string>;
statistics-interval <integer>; // not yet implemented
tcp-clients <integer>;
tcp-listen-queue <integer>;
tkey-dhkey <quoted_string> <integer>;
tkey-gssapi-credential <quoted_string>;
tkey-domain <quoted_string>;
transfers-per-ns <integer>;
transfers-in <integer>;
transfers-out <integer>;
treat-cr-as-space <boolean>; // obsolete
use-id-pool <boolean>; // obsolete
use-ixfr <boolean>;
version ( <quoted_string> | none );
flush-zones-on-shutdown <boolean>;
allow-query-cache { <address_match_element>; ... };
allow-recursion { <address_match_element>; ... };
allow-v6-synthesis { <address_match_element>; ... }; // obsolete
sortlist { <address_match_element>; ... };
topology { <address_match_element>; ... }; // not implemented
auth-nxdomain <boolean>; // default changed
minimal-responses <boolean>;
recursion <boolean>;
rrset-order { [ class <string> ] [ type <string> ] [ name
<quoted_string> ] <string> <string>; ... };
provide-ixfr <boolean>;
request-ixfr <boolean>;
fetch-glue <boolean>; // obsolete
rfc2308-type1 <boolean>; // not yet implemented
additional-from-auth <boolean>;
additional-from-cache <boolean>;
query-source <querysource4>;
query-source-v6 <querysource6>;
cleaning-interval <integer>;
min-roots <integer>; // not implemented
lame-ttl <integer>;
max-ncache-ttl <integer>;
max-cache-ttl <integer>;
transfer-format ( many-answers | one-answer );
max-cache-size <size_no_default>;
check-names ( master | slave | response ) ( fail | warn | ignore );
cache-file <quoted_string>;
suppress-initial-notify <boolean>; // not yet implemented
preferred-glue <string>;
dual-stack-servers [ port <integer> ] { ( <quoted_string> [port
<integer>] | <ipv4_address> [port <integer>] | <ipv6_address> [port <integer>] ); ... };
edns-udp-size <integer>;
max-udp-size <integer>;
root-delegation-only [ exclude { <quoted_string>; ... } ];
disable-algorithms <string> { <string>; ... };
dnssec-enable <boolean>;
dnssec-validation <boolean>;
dnssec-lookaside <string> trust-anchor <string>;
dnssec-must-be-secure <string> <boolean>;
dnssec-accept-expired <boolean>;
ixfr-from-differences <ixfrdiff>;
acache-enable <boolean>;
acache-cleaning-interval <integer>;
max-acache-size <size_no_default>;
clients-per-query <integer>;
max-clients-per-query <integer>;
empty-server <string>;
empty-contact <string>;
empty-zones-enable <boolean>;
disable-empty-zone <string>;
zero-no-soa-ttl-cache <boolean>;
allow-query { <address_match_element>; ... };
allow-transfer { <address_match_element>; ... };
allow-update { <address_match_element>; ... };
allow-update-forwarding { <address_match_element>; ... };
allow-notify { <address_match_element>; ... };
masterfile-format ( text | raw );
notify <notifytype>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
also-notify [ port <integer> ] { ( <ipv4_address> | <ipv6_address>
) [ port <integer> ]; ... };
notify-delay <integer>;
dialup <dialuptype>;
forward ( first | only );
forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
[ port <integer> ]; ... };
maintain-ixfr-base <boolean>; // obsolete
max-ixfr-log-size <size>; // obsolete
max-journal-size <size_no_default>;
max-transfer-time-in <integer>;
max-transfer-time-out <integer>;
max-transfer-idle-in <integer>;
max-transfer-idle-out <integer>;
max-retry-time <integer>;
min-retry-time <integer>;
max-refresh-time <integer>;
min-refresh-time <integer>;
multi-master <boolean>;
sig-validity-interval <integer>;
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * )
];
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
* ) ];
use-alt-transfer-source <boolean>;
zone-statistics <boolean>;
key-directory <quoted_string>;
check-wildcard <boolean>;
check-integrity <boolean>;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
check-srv-cname ( fail | warn | ignore );
check-sibling <boolean>;
zero-no-soa-ttl <boolean>;
update-check-ksk <boolean>;
};
acl <string> { <address_match_element>; ... };
controls {
inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | *
) ] allow { <address_match_element>; ... } [ keys { <string>; ... } ];
) ] allow { <address_match_element>; ... } [ keys { <string>;
... } ];
unix <quoted_string> perm <integer> owner <integer> group <integer>
[ keys { <string>; ... } ];
};
acl <string> { <address_match_element>; ... };
masters <string> [ port <integer> ] { ( <masters> | <ipv4_address> [port
<integer>] | <ipv6_address> [port <integer>] ) [ key <string> ]; ... };
logging {
channel <string> {
file <log_file>;
syslog <optional_facility>;
null;
stderr;
severity <log_severity>;
print-time <boolean>;
print-severity <boolean>;
print-category <boolean>;
};
category <string> { <string>; ... };
};
view <string> <optional_class> {
match-clients { <address_match_element>; ... };
match-destinations { <address_match_element>; ... };
match-recursive-only <boolean>;
key <string> {
algorithm <string>;
secret <string>;
};
zone <string> <optional_class> {
type ( master | slave | stub | hint | forward |
delegation-only );
file <quoted_string>;
journal <quoted_string>;
ixfr-base <quoted_string>; // obsolete
ixfr-tmp-file <quoted_string>; // obsolete
masters [ port <integer> ] { ( <masters> | <ipv4_address>
[port <integer>] | <ipv6_address> [port <integer>] ) [ key <string> ]; ... };
pubkey <integer> <integer> <integer> <quoted_string>; //
obsolete
update-policy { ( grant | deny ) <string> ( name |
subdomain | wildcard | self | selfsub | selfwild ) <string> <rrtypelist>; ... };
database <string>;
delegation-only <boolean>;
check-names ( fail | warn | ignore );
ixfr-from-differences <boolean>;
allow-query { <address_match_element>; ... };
allow-transfer { <address_match_element>; ... };
allow-update { <address_match_element>; ... };
allow-update-forwarding { <address_match_element>; ... };
allow-notify { <address_match_element>; ... };
masterfile-format ( text | raw );
notify <notifytype>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
) ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
| * ) ];
also-notify [ port <integer> ] { ( <ipv4_address> |
<ipv6_address> ) [ port <integer> ]; ... };
notify-delay <integer>;
dialup <dialuptype>;
forward ( first | only );
forwarders [ port <integer> ] { ( <ipv4_address> |
<ipv6_address> ) [ port <integer> ]; ... };
maintain-ixfr-base <boolean>; // obsolete
max-ixfr-log-size <size>; // obsolete
max-journal-size <size_no_default>;
max-transfer-time-in <integer>;
max-transfer-time-out <integer>;
max-transfer-idle-in <integer>;
max-transfer-idle-out <integer>;
max-retry-time <integer>;
min-retry-time <integer>;
max-refresh-time <integer>;
min-refresh-time <integer>;
multi-master <boolean>;
sig-validity-interval <integer>;
transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
* ) ];
transfer-source-v6 ( <ipv6_address> | * ) [ port (
<integer> | * ) ];
alt-transfer-source ( <ipv4_address> | * ) [ port (
<integer> | * ) ];
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port (
<integer> | * ) ];
use-alt-transfer-source <boolean>;
zone-statistics <boolean>;
key-directory <quoted_string>;
check-wildcard <boolean>;
check-integrity <boolean>;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
check-srv-cname ( fail | warn | ignore );
check-sibling <boolean>;
zero-no-soa-ttl <boolean>;
update-check-ksk <boolean>;
};
dlz <string> {
database <string>;
};
server <netprefix> {
bogus <boolean>;
provide-ixfr <boolean>;
request-ixfr <boolean>;
support-ixfr <boolean>; // obsolete
transfers <integer>;
transfer-format ( many-answers | one-answer );
keys <server_key>;
edns <boolean>;
edns-udp-size <integer>;
max-udp-size <integer>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
) ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
| * ) ];
query-source <querysource4>;
query-source-v6 <querysource6>;
transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
* ) ];
transfer-source-v6 ( <ipv6_address> | * ) [ port (
<integer> | * ) ];
};
trusted-keys { <string> <integer> <integer> <integer>
<quoted_string>; ... };
allow-query-cache { <address_match_element>; ... };
allow-recursion { <address_match_element>; ... };
allow-v6-synthesis { <address_match_element>; ... }; // obsolete
sortlist { <address_match_element>; ... };
topology { <address_match_element>; ... }; // not implemented
auth-nxdomain <boolean>; // default changed
minimal-responses <boolean>;
recursion <boolean>;
rrset-order { [ class <string> ] [ type <string> ] [ name
<quoted_string> ] <string> <string>; ... };
provide-ixfr <boolean>;
request-ixfr <boolean>;
fetch-glue <boolean>; // obsolete
rfc2308-type1 <boolean>; // not yet implemented
additional-from-auth <boolean>;
additional-from-cache <boolean>;
query-source <querysource4>;
query-source-v6 <querysource6>;
cleaning-interval <integer>;
min-roots <integer>; // not implemented
lame-ttl <integer>;
max-ncache-ttl <integer>;
max-cache-ttl <integer>;
transfer-format ( many-answers | one-answer );
max-cache-size <size_no_default>;
check-names ( master | slave | response ) ( fail | warn | ignore );
cache-file <quoted_string>;
suppress-initial-notify <boolean>; // not yet implemented
preferred-glue <string>;
dual-stack-servers [ port <integer> ] { ( <quoted_string> [port
<integer>] | <ipv4_address> [port <integer>] | <ipv6_address> [port <integer>] ); ... };
edns-udp-size <integer>;
max-udp-size <integer>;
root-delegation-only [ exclude { <quoted_string>; ... } ];
disable-algorithms <string> { <string>; ... };
dnssec-enable <boolean>;
dnssec-validation <boolean>;
dnssec-lookaside <string> trust-anchor <string>;
dnssec-must-be-secure <string> <boolean>;
dnssec-accept-expired <boolean>;
ixfr-from-differences <ixfrdiff>;
acache-enable <boolean>;
acache-cleaning-interval <integer>;
max-acache-size <size_no_default>;
clients-per-query <integer>;
max-clients-per-query <integer>;
empty-server <string>;
empty-contact <string>;
empty-zones-enable <boolean>;
disable-empty-zone <string>;
zero-no-soa-ttl-cache <boolean>;
allow-query { <address_match_element>; ... };
allow-transfer { <address_match_element>; ... };
allow-update { <address_match_element>; ... };
allow-update-forwarding { <address_match_element>; ... };
allow-notify { <address_match_element>; ... };
masterfile-format ( text | raw );
notify <notifytype>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
also-notify [ port <integer> ] { ( <ipv4_address> | <ipv6_address>
) [ port <integer> ]; ... };
notify-delay <integer>;
dialup <dialuptype>;
forward ( first | only );
forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
[ port <integer> ]; ... };
maintain-ixfr-base <boolean>; // obsolete
max-ixfr-log-size <size>; // obsolete
max-journal-size <size_no_default>;
max-transfer-time-in <integer>;
max-transfer-time-out <integer>;
max-transfer-idle-in <integer>;
max-transfer-idle-out <integer>;
max-retry-time <integer>;
min-retry-time <integer>;
max-refresh-time <integer>;
min-refresh-time <integer>;
multi-master <boolean>;
sig-validity-interval <integer>;
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * )
];
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
* ) ];
use-alt-transfer-source <boolean>;
zone-statistics <boolean>;
key-directory <quoted_string>;
check-wildcard <boolean>;
check-integrity <boolean>;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
check-srv-cname ( fail | warn | ignore );
check-sibling <boolean>;
zero-no-soa-ttl <boolean>;
update-check-ksk <boolean>;
dlz <string> {
database <string>;
};
lwres {
listen-on [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
[ port <integer> ]; ... };
view <string> <optional_class>;
search { <string>; ... };
ndots <integer>;
};
key <string> {
algorithm <string>;
secret <string>;
};
zone <string> <optional_class> {
type ( master | slave | stub | hint | forward | delegation-only );
file <quoted_string>;
journal <quoted_string>;
ixfr-base <quoted_string>; // obsolete
ixfr-tmp-file <quoted_string>; // obsolete
masters [ port <integer> ] { ( <masters> | <ipv4_address> [port
<integer>] | <ipv6_address> [port <integer>] ) [ key <string> ]; ... };
pubkey <integer> <integer> <integer> <quoted_string>; // obsolete
update-policy { ( grant | deny ) <string> ( name | subdomain |
wildcard | self | selfsub | selfwild ) <string> <rrtypelist>; ... };
database <string>;
delegation-only <boolean>;
check-names ( fail | warn | ignore );
ixfr-from-differences <boolean>;
logging {
category <string> { <string>; ... };
channel <string> {
file <quoted_string> [ versions ( "unlimited" | <integer> )
] [ size <size> ];
null;
print-category <boolean>;
print-severity <boolean>;
print-time <boolean>;
severity <log_severity>;
stderr;
syslog <optional_facility>;
};
};
lwres {
listen-on [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
[ port <integer> ]; ... };
ndots <integer>;
search { <string>; ... };
view <string> <optional_class>;
};
masters <string> [ port <integer> ] { ( <masters> | <ipv4_address> [ port
<integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... };
options {
acache-cleaning-interval <integer>;
acache-enable <boolean>;
additional-from-auth <boolean>;
additional-from-cache <boolean>;
allow-notify { <address_match_element>; ... };
allow-query { <address_match_element>; ... };
allow-query-cache { <address_match_element>; ... };
allow-recursion { <address_match_element>; ... };
allow-transfer { <address_match_element>; ... };
allow-update { <address_match_element>; ... };
allow-update-forwarding { <address_match_element>; ... };
allow-notify { <address_match_element>; ... };
masterfile-format ( text | raw );
notify <notifytype>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
allow-v6-synthesis { <address_match_element>; ... }; // obsolete
also-notify [ port <integer> ] { ( <ipv4_address> | <ipv6_address>
) [ port <integer> ]; ... };
notify-delay <integer>;
dialup <dialuptype>;
forward ( first | only );
forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
[ port <integer> ]; ... };
maintain-ixfr-base <boolean>; // obsolete
max-ixfr-log-size <size>; // obsolete
max-journal-size <size_no_default>;
max-transfer-time-in <integer>;
max-transfer-time-out <integer>;
max-transfer-idle-in <integer>;
max-transfer-idle-out <integer>;
max-retry-time <integer>;
min-retry-time <integer>;
max-refresh-time <integer>;
min-refresh-time <integer>;
multi-master <boolean>;
sig-validity-interval <integer>;
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * )
];
alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
* ) ];
use-alt-transfer-source <boolean>;
zone-statistics <boolean>;
key-directory <quoted_string>;
check-wildcard <boolean>;
auth-nxdomain <boolean>; // default changed
avoid-v4-udp-ports { <portrange>; ... };
avoid-v6-udp-ports { <portrange>; ... };
blackhole { <address_match_element>; ... };
cache-file <quoted_string>;
check-integrity <boolean>;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
check-srv-cname ( fail | warn | ignore );
check-names ( master | slave | response ) ( fail | warn | ignore );
check-sibling <boolean>;
zero-no-soa-ttl <boolean>;
check-srv-cname ( fail | warn | ignore );
check-wildcard <boolean>;
cleaning-interval <integer>;
clients-per-query <integer>;
coresize <size>;
datasize <size>;
deallocate-on-exit <boolean>; // obsolete
dialup <dialuptype>;
directory <quoted_string>;
disable-algorithms <string> { <string>; ... };
disable-empty-zone <string>;
dnssec-accept-expired <boolean>;
dnssec-enable <boolean>;
dnssec-lookaside <string> trust-anchor <string>;
dnssec-must-be-secure <string> <boolean>;
dnssec-validation <boolean>;
dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port
<integer> ] | <ipv4_address> [ port <integer> ] |
<ipv6_address> [ port <integer> ] ); ... };
dump-file <quoted_string>;
edns-udp-size <integer>;
empty-contact <string>;
empty-server <string>;
empty-zones-enable <boolean>;
fake-iquery <boolean>; // obsolete
fetch-glue <boolean>; // obsolete
files <size>;
flush-zones-on-shutdown <boolean>;
forward ( first | only );
forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
[ port <integer> ]; ... };
has-old-clients <boolean>; // obsolete
heartbeat-interval <integer>;
host-statistics <boolean>; // not implemented
host-statistics-max <integer>; // not implemented
hostname ( <quoted_string> | none );
interface-interval <integer>;
ixfr-from-differences <ixfrdiff>;
key-directory <quoted_string>;
lame-ttl <integer>;
listen-on [ port <integer> ] { <address_match_element>; ... };
listen-on-v6 [ port <integer> ] { <address_match_element>; ... };
maintain-ixfr-base <boolean>; // obsolete
masterfile-format ( text | raw );
match-mapped-addresses <boolean>;
max-acache-size <size_no_default>;
max-cache-size <size_no_default>;
max-cache-ttl <integer>;
max-clients-per-query <integer>;
max-ixfr-log-size <size>; // obsolete
max-journal-size <size_no_default>;
max-ncache-ttl <integer>;
max-refresh-time <integer>;
max-retry-time <integer>;
max-transfer-idle-in <integer>;
max-transfer-idle-out <integer>;
max-transfer-time-in <integer>;
max-transfer-time-out <integer>;
max-udp-size <integer>;
memstatistics-file <quoted_string>;
min-refresh-time <integer>;
min-retry-time <integer>;
min-roots <integer>; // not implemented
minimal-responses <boolean>;
multi-master <boolean>;
multiple-cnames <boolean>; // obsolete
named-xfer <quoted_string>; // obsolete
notify <notifytype>;
notify-delay <integer>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
pid-file ( <quoted_string> | none );
port <integer>;
preferred-glue <string>;
provide-ixfr <boolean>;
query-source <querysource4>;
query-source-v6 <querysource6>;
querylog <boolean>;
random-device <quoted_string>;
recursing-file <quoted_string>;
recursion <boolean>;
recursive-clients <integer>;
request-ixfr <boolean>;
reserved-sockets <integer>;
rfc2308-type1 <boolean>; // not yet implemented
root-delegation-only [ exclude { <quoted_string>; ... } ];
rrset-order { [ class <string> ] [ type <string> ] [ name
<quoted_string> ] <string> <string>; ... };
serial-queries <integer>; // obsolete
serial-query-rate <integer>;
server-id ( <quoted_string> | none |;
sig-validity-interval <integer>;
sortlist { <address_match_element>; ... };
stacksize <size>;
statistics-file <quoted_string>;
statistics-interval <integer>; // not yet implemented
suppress-initial-notify <boolean>; // not yet implemented
tcp-clients <integer>;
tcp-listen-queue <integer>;
tkey-dhkey <quoted_string> <integer>;
tkey-domain <quoted_string>;
tkey-gssapi-credential <quoted_string>;
topology { <address_match_element>; ... }; // not implemented
transfer-format ( many-answers | one-answer );
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
transfers-in <integer>;
transfers-out <integer>;
transfers-per-ns <integer>;
treat-cr-as-space <boolean>; // obsolete
update-check-ksk <boolean>;
};
dlz <string> {
database <string>;
use-alt-transfer-source <boolean>;
use-id-pool <boolean>; // obsolete
use-ixfr <boolean>;
use-v4-udp-ports { <portrange>; ... };
use-v6-udp-ports { <portrange>; ... };
version ( <quoted_string> | none );
zero-no-soa-ttl <boolean>;
zero-no-soa-ttl-cache <boolean>;
zone-statistics <boolean>;
};
server <netprefix> {
bogus <boolean>;
provide-ixfr <boolean>;
request-ixfr <boolean>;
support-ixfr <boolean>; // obsolete
transfers <integer>;
transfer-format ( many-answers | one-answer );
keys <server_key>;
edns <boolean>;
edns-udp-size <integer>;
keys <server_key>;
max-udp-size <integer>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
provide-ixfr <boolean>;
query-source <querysource4>;
query-source-v6 <querysource6>;
request-ixfr <boolean>;
support-ixfr <boolean>; // obsolete
transfer-format ( many-answers | one-answer );
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
transfers <integer>;
};
trusted-keys { <string> <integer> <integer> <integer> <quoted_string>; ... };
view <string> <optional_class> {
acache-cleaning-interval <integer>;
acache-enable <boolean>;
additional-from-auth <boolean>;
additional-from-cache <boolean>;
allow-notify { <address_match_element>; ... };
allow-query { <address_match_element>; ... };
allow-query-cache { <address_match_element>; ... };
allow-recursion { <address_match_element>; ... };
allow-transfer { <address_match_element>; ... };
allow-update { <address_match_element>; ... };
allow-update-forwarding { <address_match_element>; ... };
allow-v6-synthesis { <address_match_element>; ... }; // obsolete
also-notify [ port <integer> ] { ( <ipv4_address> | <ipv6_address>
) [ port <integer> ]; ... };
alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
* ) ];
auth-nxdomain <boolean>; // default changed
cache-file <quoted_string>;
check-integrity <boolean>;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
check-names ( master | slave | response ) ( fail | warn | ignore );
check-sibling <boolean>;
check-srv-cname ( fail | warn | ignore );
check-wildcard <boolean>;
cleaning-interval <integer>;
clients-per-query <integer>;
database <string>;
dialup <dialuptype>;
disable-algorithms <string> { <string>; ... };
disable-empty-zone <string>;
dlz <string> {
database <string>;
};
dnssec-accept-expired <boolean>;
dnssec-enable <boolean>;
dnssec-lookaside <string> trust-anchor <string>;
dnssec-must-be-secure <string> <boolean>;
dnssec-validation <boolean>;
dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port
<integer> ] | <ipv4_address> [ port <integer> ] |
<ipv6_address> [ port <integer> ] ); ... };
edns-udp-size <integer>;
empty-contact <string>;
empty-server <string>;
empty-zones-enable <boolean>;
fetch-glue <boolean>; // obsolete
forward ( first | only );
forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
[ port <integer> ]; ... };
ixfr-from-differences <ixfrdiff>;
key <string> {
algorithm <string>;
secret <string>;
};
key-directory <quoted_string>;
lame-ttl <integer>;
maintain-ixfr-base <boolean>; // obsolete
masterfile-format ( text | raw );
match-clients { <address_match_element>; ... };
match-destinations { <address_match_element>; ... };
match-recursive-only <boolean>;
max-acache-size <size_no_default>;
max-cache-size <size_no_default>;
max-cache-ttl <integer>;
max-clients-per-query <integer>;
max-ixfr-log-size <size>; // obsolete
max-journal-size <size_no_default>;
max-ncache-ttl <integer>;
max-refresh-time <integer>;
max-retry-time <integer>;
max-transfer-idle-in <integer>;
max-transfer-idle-out <integer>;
max-transfer-time-in <integer>;
max-transfer-time-out <integer>;
max-udp-size <integer>;
min-refresh-time <integer>;
min-retry-time <integer>;
min-roots <integer>; // not implemented
minimal-responses <boolean>;
multi-master <boolean>;
notify <notifytype>;
notify-delay <integer>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
preferred-glue <string>;
provide-ixfr <boolean>;
query-source <querysource4>;
query-source-v6 <querysource6>;
recursion <boolean>;
request-ixfr <boolean>;
rfc2308-type1 <boolean>; // not yet implemented
root-delegation-only [ exclude { <quoted_string>; ... } ];
rrset-order { [ class <string> ] [ type <string> ] [ name
<quoted_string> ] <string> <string>; ... };
server <netprefix> {
bogus <boolean>;
edns <boolean>;
edns-udp-size <integer>;
keys <server_key>;
max-udp-size <integer>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
) ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
| * ) ];
provide-ixfr <boolean>;
query-source <querysource4>;
query-source-v6 <querysource6>;
request-ixfr <boolean>;
support-ixfr <boolean>; // obsolete
transfer-format ( many-answers | one-answer );
transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
* ) ];
transfer-source-v6 ( <ipv6_address> | * ) [ port (
<integer> | * ) ];
transfers <integer>;
};
sig-validity-interval <integer>;
sortlist { <address_match_element>; ... };
suppress-initial-notify <boolean>; // not yet implemented
topology { <address_match_element>; ... }; // not implemented
transfer-format ( many-answers | one-answer );
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
trusted-keys { <string> <integer> <integer> <integer>
<quoted_string>; ... };
update-check-ksk <boolean>;
use-alt-transfer-source <boolean>;
zero-no-soa-ttl <boolean>;
zero-no-soa-ttl-cache <boolean>;
zone <string> <optional_class> {
allow-notify { <address_match_element>; ... };
allow-query { <address_match_element>; ... };
allow-transfer { <address_match_element>; ... };
allow-update { <address_match_element>; ... };
allow-update-forwarding { <address_match_element>; ... };
also-notify [ port <integer> ] { ( <ipv4_address> |
<ipv6_address> ) [ port <integer> ]; ... };
alt-transfer-source ( <ipv4_address> | * ) [ port (
<integer> | * ) ];
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port (
<integer> | * ) ];
check-integrity <boolean>;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
check-names ( fail | warn | ignore );
check-sibling <boolean>;
check-srv-cname ( fail | warn | ignore );
check-wildcard <boolean>;
database <string>;
delegation-only <boolean>;
dialup <dialuptype>;
file <quoted_string>;
forward ( first | only );
forwarders [ port <integer> ] { ( <ipv4_address> |
<ipv6_address> ) [ port <integer> ]; ... };
ixfr-base <quoted_string>; // obsolete
ixfr-from-differences <boolean>;
ixfr-tmp-file <quoted_string>; // obsolete
journal <quoted_string>;
key-directory <quoted_string>;
maintain-ixfr-base <boolean>; // obsolete
masterfile-format ( text | raw );
masters [ port <integer> ] { ( <masters> | <ipv4_address> [
port <integer> ] | <ipv6_address> [ port <integer> ] )
[ key <string> ]; ... };
max-ixfr-log-size <size>; // obsolete
max-journal-size <size_no_default>;
max-refresh-time <integer>;
max-retry-time <integer>;
max-transfer-idle-in <integer>;
max-transfer-idle-out <integer>;
max-transfer-time-in <integer>;
max-transfer-time-out <integer>;
min-refresh-time <integer>;
min-retry-time <integer>;
multi-master <boolean>;
notify <notifytype>;
notify-delay <integer>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
) ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
| * ) ];
pubkey <integer> <integer> <integer>
<quoted_string>; // obsolete
sig-validity-interval <integer>;
transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
* ) ];
transfer-source-v6 ( <ipv6_address> | * ) [ port (
<integer> | * ) ];
type ( master | slave | stub | hint | forward |
delegation-only );
update-check-ksk <boolean>;
update-policy { ( grant | deny ) <string> ( name |
subdomain | wildcard | self | selfsub | selfwild )
<string> <rrtypelist>; ... };
use-alt-transfer-source <boolean>;
zero-no-soa-ttl <boolean>;
zone-statistics <boolean>;
};
zone-statistics <boolean>;
};
zone <string> <optional_class> {
allow-notify { <address_match_element>; ... };
allow-query { <address_match_element>; ... };
allow-transfer { <address_match_element>; ... };
allow-update { <address_match_element>; ... };
allow-update-forwarding { <address_match_element>; ... };
also-notify [ port <integer> ] { ( <ipv4_address> | <ipv6_address>
) [ port <integer> ]; ... };
alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
* ) ];
check-integrity <boolean>;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
check-names ( fail | warn | ignore );
check-sibling <boolean>;
check-srv-cname ( fail | warn | ignore );
check-wildcard <boolean>;
database <string>;
delegation-only <boolean>;
dialup <dialuptype>;
file <quoted_string>;
forward ( first | only );
forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
[ port <integer> ]; ... };
ixfr-base <quoted_string>; // obsolete
ixfr-from-differences <boolean>;
ixfr-tmp-file <quoted_string>; // obsolete
journal <quoted_string>;
key-directory <quoted_string>;
maintain-ixfr-base <boolean>; // obsolete
masterfile-format ( text | raw );
masters [ port <integer> ] { ( <masters> | <ipv4_address> [ port
<integer> ] | <ipv6_address> [ port <integer> ] ) [ key
<string> ]; ... };
max-ixfr-log-size <size>; // obsolete
max-journal-size <size_no_default>;
max-refresh-time <integer>;
max-retry-time <integer>;
max-transfer-idle-in <integer>;
max-transfer-idle-out <integer>;
max-transfer-time-in <integer>;
max-transfer-time-out <integer>;
min-refresh-time <integer>;
min-retry-time <integer>;
multi-master <boolean>;
notify <notifytype>;
notify-delay <integer>;
notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
pubkey <integer> <integer> <integer> <quoted_string>; // obsolete
sig-validity-interval <integer>;
transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
type ( master | slave | stub | hint | forward | delegation-only );
update-check-ksk <boolean>;
update-policy { ( grant | deny ) <string> ( name | subdomain |
wildcard | self | selfsub | selfwild ) <string> <rrtypelist>;
... };
use-alt-transfer-source <boolean>;
zero-no-soa-ttl <boolean>;
zone-statistics <boolean>;
};

50
doc/misc/sort-options.pl Executable file
View File

@ -0,0 +1,50 @@
#!/bin/perl
#
# Copyright (C) 2007 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: sort-options.pl,v 1.3.36.2 2007/12/02 23:46:31 tbox Exp $
sub sortlevel() {
my @options = ();
my $fin = "";
my $i = 0;
while (<>) {
if (/^\s*};$/) {
$fin = $_;
# print 2, $_;
last;
}
next if (/^$/);
if (/{$/) {
# print 3, $_;
my $sec = $_;
push(@options, $sec . sortlevel());
} else {
push(@options, $_);
# print 1, $_;
}
$i++;
}
my $result = "";
foreach my $i (sort @options) {
$result = ${result}.${i};
$result = $result."\n" if ($i =~ /^[a-z]/i);
# print 5, ${i};
}
$result = ${result}.${fin};
return ($result);
}
print sortlevel();

13
doc/rfc/index
View File

@ -9,7 +9,7 @@
1183: New DNS RR Definitions (AFSDB, RP, X25, ISDN and RT)
1348: DNS NSAP RRs
1535: A Security Problem and Proposed Correction
With Widely Deployed DNS Software
With Widely Deployed DNS Software
1536: Common DNS Implementation Errors and Suggested Fixes
1537: Common DNS Data File Configuration Errors
1591: Domain Name System Structure and Delegation
@ -63,6 +63,7 @@
2931: DNS Request and Transaction Signatures ( SIG(0)s )
3007: Secure Domain Name System (DNS) Dynamic Update
3008: Domain Name System Security (DNSSEC) Signing Authority
3056: Connection of IPv6 Domains via IPv4 Clouds
3071: Reflections on the DNS, RFC 1591, and Categories of Domains
3090: DNS Security Extension Clarification on Zone Status
3110: RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)
@ -81,17 +82,17 @@
3490: Internationalizing Domain Names In Applications (IDNA)
3491: Nameprep: A Stringprep Profile for Internationalized Domain Names (IDN)
3492: Punycode:A Bootstring encoding of Unicode for
Internationalized Domain Names in Applications (IDNA)
Internationalized Domain Names in Applications (IDNA)
3493: Basic Socket Interface Extensions for IPv6
3513: Internet Protocol Version 6 (IPv6) Addressing Architecture
3596: DNS Extensions to Support IP Version 6
3597: Handling of Unknown DNS Resource Record (RR) Types
3645: Generic Security Service Algorithm for
Secret Key Transaction Authentication for DNS (GSS-TSIG)
Secret Key Transaction Authentication for DNS (GSS-TSIG)
3655: Redefinition of DNS Authenticated Data (AD) bit
3658: Delegation Signer (DS) Resource Record (RR)
3757: Domain Name System KEY (DNSKEY) Resource Record (RR)
Secure Entry Point (SEP) Flag
Secure Entry Point (SEP) Flag
3833: Threat Analysis of the Domain Name System (DNS)
3845: DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format
3901: DNS IPv6 Transport Operational Guidelines
@ -112,3 +113,7 @@
4470: Minimally Covering NSEC Records and DNSSEC On-line Signing
4634: US Secure Hash Algorithms (SHA and HMAC-SHA)
4641: DNSSEC Operational Practices
4648: The Base16, Base32, and Base64 Data Encodings
4701: A DNS Resource Record (RR) for Encoding
Dynamic Host Configuration Protocol (DHCP) Information (DHCID RR)
5155: DNS Security (DNSSEC) Hashed Authenticated Denial of Existence

1011
doc/rfc/rfc4648.txt Normal file
View File

File diff suppressed because it is too large Load Diff

675
doc/rfc/rfc4701.txt Normal file
View File

@ -0,0 +1,675 @@
Network Working Group M. Stapp
Request for Comments: 4701 Cisco Systems, Inc.
Category: Standards Track T. Lemon
Nominum, Inc.
A. Gustafsson
Araneus Information Systems Oy
October 2006
A DNS Resource Record (RR) for Encoding
Dynamic Host Configuration Protocol (DHCP) Information (DHCID RR)
Status of This Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2006).
Abstract
It is possible for Dynamic Host Configuration Protocol (DHCP) clients
to attempt to update the same DNS Fully Qualified Domain Name (FQDN)
or to update a DNS FQDN that has been added to the DNS for another
purpose as they obtain DHCP leases. Whether the DHCP server or the
clients themselves perform the DNS updates, conflicts can arise. To
resolve such conflicts, RFC 4703 proposes storing client identifiers
in the DNS to unambiguously associate domain names with the DHCP
clients to which they refer. This memo defines a distinct Resource
Record (RR) type for this purpose for use by DHCP clients and
servers: the "DHCID" RR.
Stapp, et al. Standards Track [Page 1]
RFC 4701 The DHCID RR October 2006
Table of Contents
1. Introduction ....................................................3
2. Terminology .....................................................3
3. The DHCID RR ....................................................3
3.1. DHCID RDATA Format .........................................3
3.2. DHCID Presentation Format ..................................4
3.3. The DHCID RR Identifier Type Codes .........................4
3.4. The DHCID RR Digest Type Code ..............................4
3.5. Computation of the RDATA ...................................5
3.5.1. Using the Client's DUID .............................5
3.5.2. Using the Client Identifier Option ..................6
3.5.3. Using the Client's htype and chaddr .................6
3.6. Examples ...................................................6
3.6.1. Example 1 ...........................................6
3.6.2. Example 2 ...........................................7
3.6.3. Example 3 ...........................................7
4. Use of the DHCID RR .............................................8
5. Updater Behavior ................................................8
6. Security Considerations .........................................8
7. IANA Considerations .............................................9
8. Acknowledgements ................................................9
9. References ......................................................9
9.1. Normative References .......................................9
9.2. Informative References ....................................10
Stapp, et al. Standards Track [Page 2]
RFC 4701 The DHCID RR October 2006
1. Introduction
A set of procedures to allow DHCP [7] [11] clients and servers to
automatically update the DNS ([3], [4]) is proposed in [1].
Conflicts can arise if multiple DHCP clients wish to use the same DNS
name or a DHCP client attempts to use a name added for another
purpose. To resolve such conflicts, [1] proposes storing client
identifiers in the DNS to unambiguously associate domain names with
the DHCP clients using them. In the interest of clarity, it is
preferable for this DHCP information to use a distinct RR type. This
memo defines a distinct RR for this purpose for use by DHCP clients
or servers: the "DHCID" RR.
In order to obscure potentially sensitive client identifying
information, the data stored is the result of a one-way SHA-256 hash
computation. The hash includes information from the DHCP client's
message as well as the domain name itself, so that the data stored in
the DHCID RR will be dependent on both the client identification used
in the DHCP protocol interaction and the domain name. This means
that the DHCID RDATA will vary if a single client is associated over
time with more than one name. This makes it difficult to 'track' a
client as it is associated with various domain names.
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [2].
3. The DHCID RR
The DHCID RR is defined with mnemonic DHCID and type code 49. The
DHCID RR is only defined in the IN class. DHCID RRs cause no
additional section processing.
3.1. DHCID RDATA Format
The RDATA section of a DHCID RR in transmission contains RDLENGTH
octets of binary data. The format of this data and its
interpretation by DHCP servers and clients are described below.
DNS software should consider the RDATA section to be opaque. DHCP
clients or servers use the DHCID RR to associate a DHCP client's
identity with a DNS name, so that multiple DHCP clients and servers
may deterministically perform dynamic DNS updates to the same zone.
From the updater's perspective, the DHCID resource record RDATA
consists of a 2-octet identifier type, in network byte order,
Stapp, et al. Standards Track [Page 3]
RFC 4701 The DHCID RR October 2006
followed by a 1-octet digest type, followed by one or more octets
representing the actual identifier:
< 2 octets > Identifier type code
< 1 octet > Digest type code
< n octets > Digest (length depends on digest type)
3.2. DHCID Presentation Format
In DNS master files, the RDATA is represented as a single block in
base-64 encoding identical to that used for representing binary data
in [8], Section 3. The data may be divided up into any number of
white-space-separated substrings, down to single base-64 digits,
which are concatenated to form the complete RDATA. These substrings
can span lines using the standard parentheses.
3.3. The DHCID RR Identifier Type Codes
The DHCID RR Identifier Type Code specifies what data from the DHCP
client's request was used as input into the hash function. The
identifier type codes are defined in a registry maintained by IANA,
as specified in Section 7. The initial list of assigned values for
the identifier type code and that type's identifier is:
+------------------+------------------------------------------------+
| Identifier Type | Identifier |
| Code | |
+------------------+------------------------------------------------+
| 0x0000 | The 1-octet 'htype' followed by 'hlen' octets |
| | of 'chaddr' from a DHCPv4 client's DHCPREQUEST |
| | [7]. |
| 0x0001 | The data octets (i.e., the Type and |
| | Client-Identifier fields) from a DHCPv4 |
| | client's Client Identifier option [10]. |
| 0x0002 | The client's DUID (i.e., the data octets of a |
| | DHCPv6 client's Client Identifier option [11] |
| | or the DUID field from a DHCPv4 client's |
| | Client Identifier option [6]). |
| 0x0003 - 0xfffe | Undefined; available to be assigned by IANA. |
| 0xffff | Undefined; RESERVED. |
+------------------+------------------------------------------------+
3.4. The DHCID RR Digest Type Code
The DHCID RR Digest Type Code is an identifier for the digest
algorithm used. The digest is calculated over an identifier and the
canonical FQDN as described in the next section.
Stapp, et al. Standards Track [Page 4]
RFC 4701 The DHCID RR October 2006
The digest type codes are defined in a registry maintained by IANA,
as specified in Section 7. The initial list of assigned values for
the digest type codes is: value 0 is reserved, and value 1 is
SHA-256. Reserving other types requires IETF standards action.
Defining new values will also require IETF standards action to
document how DNS updaters are to deal with multiple digest types.
3.5. Computation of the RDATA
The DHCID RDATA is formed by concatenating the 2-octet identifier
type code with variable-length data.
The RDATA for all type codes other than 0xffff, which is reserved for
future expansion, is formed by concatenating the 2-octet identifier
type code, the 1-octet digest type code, and the digest value (32
octets for SHA-256).
< identifier-type > < digest-type > < digest >
The input to the digest hash function is defined to be:
digest = SHA-256(< identifier > < FQDN >)
The FQDN is represented in the buffer in the canonical wire format as
described in [9], Section 6.2. The identifier type code and the
identifier are related as specified in Section 3.3: the identifier
type code describes the source of the identifier.
A DHCPv4 updater uses the 0x0002 type code if a Client Identifier
option is present in the DHCPv4 messages and it is encoded as
specified in [6]. Otherwise, the updater uses 0x0001 if a Client
Identifier option is present, and 0x0000 if not.
A DHCPv6 updater always uses the 0x0002 type code.
3.5.1. Using the Client's DUID
When the updater is using the Client's DUID (either from a DHCPv6
Client Identifier option or from a portion of the DHCPv4 Client
Identifier option encoded as specified in [6]), the first two octets
of the DHCID RR MUST be 0x0002, in network byte order. The third
octet is the digest type code (1 for SHA-256). The rest of the DHCID
RR MUST contain the results of computing the SHA-256 hash across the
octets of the DUID followed by the FQDN.
Stapp, et al. Standards Track [Page 5]
RFC 4701 The DHCID RR October 2006
3.5.2. Using the Client Identifier Option
When the updater is using the DHCPv4 Client Identifier option sent by
the client in its DHCPREQUEST message, the first two octets of the
DHCID RR MUST be 0x0001, in network byte order. The third octet is
the digest type code (1 for SHA-256). The rest of the DHCID RR MUST
contain the results of computing the SHA-256 hash across the data
octets (i.e., the Type and Client-Identifier fields) of the option,
followed by the FQDN.
3.5.3. Using the Client's htype and chaddr
When the updater is using the client's link-layer address as the
identifier, the first two octets of the DHCID RDATA MUST be zero.
The third octet is the digest type code (1 for SHA-256). To generate
the rest of the resource record, the updater computes a one-way hash
using the SHA-256 algorithm across a buffer containing the client's
network hardware type, link-layer address, and the FQDN data.
Specifically, the first octet of the buffer contains the network
hardware type as it appeared in the DHCP 'htype' field of the
client's DHCPREQUEST message. All of the significant octets of the
'chaddr' field in the client's DHCPREQUEST message follow, in the
same order in which the octets appear in the DHCPREQUEST message.
The number of significant octets in the 'chaddr' field is specified
in the 'hlen' field of the DHCPREQUEST message. The FQDN data, as
specified above, follows.
3.6. Examples
3.6.1. Example 1
A DHCP server allocates the IPv6 address 2001:DB8::1234:5678 to a
client that included the DHCPv6 client-identifier option data 00:01:
00:06:41:2d:f1:66:01:02:03:04:05:06 in its DHCPv6 request. The
server updates the name "chi6.example.com" on the client's behalf and
uses the DHCP client identifier option data as input in forming a
DHCID RR. The DHCID RDATA is formed by setting the two type octets
to the value 0x0002, the 1-octet digest type to 1 for SHA-256, and
performing a SHA-256 hash computation across a buffer containing the
14 octets from the client-id option and the FQDN (represented as
specified in Section 3.5).
chi6.example.com. AAAA 2001:DB8::1234:5678
chi6.example.com. DHCID ( AAIBY2/AuCccgoJbsaxcQc9TUapptP69l
OjxfNuVAA2kjEA= )
If the DHCID RR type is not supported, the RDATA would be encoded
[13] as:
Stapp, et al. Standards Track [Page 6]
RFC 4701 The DHCID RR October 2006
\# 35 ( 000201636fc0b8271c82825bb1ac5c41cf5351aa69b4febd94e8f17cd
b95000da48c40 )
3.6.2. Example 2
A DHCP server allocates the IPv4 address 192.0.2.2 to a client that
included the DHCP client-identifier option data 01:07:08:09:0a:0b:0c
in its DHCP request. The server updates the name "chi.example.com"
on the client's behalf and uses the DHCP client identifier option
data as input in forming a DHCID RR. The DHCID RDATA is formed by
setting the two type octets to the value 0x0001, the 1-octet digest
type to 1 for SHA-256, and performing a SHA-256 hash computation
across a buffer containing the seven octets from the client-id option
and the FQDN (represented as specified in Section 3.5).
chi.example.com. A 192.0.2.2
chi.example.com. DHCID ( AAEBOSD+XR3Os/0LozeXVqcNc7FwCfQdW
L3b/NaiUDlW2No= )
If the DHCID RR type is not supported, the RDATA would be encoded
[13] as:
\# 35 ( 0001013920fe5d1dceb3fd0ba3379756a70d73b17009f41d58bddbfcd
6a2503956d8da )
3.6.3. Example 3
A DHCP server allocating the IPv4 address 192.0.2.3 to a client with
the Ethernet MAC address 01:02:03:04:05:06 using domain name
"client.example.com" uses the client's link-layer address to identify
the client. The DHCID RDATA is composed by setting the two type
octets to zero, the 1-octet digest type to 1 for SHA-256, and
performing an SHA-256 hash computation across a buffer containing the
1-octet 'htype' value for Ethernet, 0x01, followed by the six octets
of the Ethernet MAC address, and the domain name (represented as
specified in Section 3.5).
client.example.com. A 192.0.2.3
client.example.com. DHCID ( AAABxLmlskllE0MVjd57zHcWmEH3pCQ6V
ytcKD//7es/deY= )
If the DHCID RR type is not supported, the RDATA would be encoded
[13] as:
\# 35 ( 000001c4b9a5b249651343158dde7bcc77169841f7a4243a572b5c283
fffedeb3f75e6 )
Stapp, et al. Standards Track [Page 7]
RFC 4701 The DHCID RR October 2006
4. Use of the DHCID RR
This RR MUST NOT be used for any purpose other than that detailed in
[1]. Although this RR contains data that is opaque to DNS servers,
the data must be consistent across all entities that update and
interpret this record. Therefore, new data formats may only be
defined through actions of the DHC Working Group, as a result of
revising [1].
5. Updater Behavior
The data in the DHCID RR allows updaters to determine whether more
than one DHCP client desires to use a particular FQDN. This allows
site administrators to establish policy about DNS updates. The DHCID
RR does not establish any policy itself.
Updaters use data from a DHCP client's request and the domain name
that the client desires to use to compute a client identity hash, and
then compare that hash to the data in any DHCID RRs on the name that
they wish to associate with the client's IP address. If an updater
discovers DHCID RRs whose RDATA does not match the client identity
that they have computed, the updater SHOULD conclude that a different
client is currently associated with the name in question. The
updater SHOULD then proceed according to the site's administrative
policy. That policy might dictate that a different name be selected,
or it might permit the updater to continue.
6. Security Considerations
The DHCID record as such does not introduce any new security problems
into the DNS. In order to obscure the client's identity information,
a one-way hash is used. Further, in order to make it difficult to
'track' a client by examining the names associated with a particular
hash value, the FQDN is included in the hash computation. Thus, the
RDATA is dependent on both the DHCP client identification data and on
each FQDN associated with the client.
However, it should be noted that an attacker that has some knowledge,
such as of MAC addresses commonly used in DHCP client identification
data, may be able to discover the client's DHCP identify by using a
brute-force attack. Even without any additional knowledge, the
number of unknown bits used in computing the hash is typically only
48 to 80.
Administrators should be wary of permitting unsecured DNS updates to
zones, whether or not they are exposed to the global Internet. Both
DHCP clients and servers SHOULD use some form of update
authentication (e.g., [12]) when performing DNS updates.
Stapp, et al. Standards Track [Page 8]
RFC 4701 The DHCID RR October 2006
7. IANA Considerations
IANA has allocated a DNS RR type number for the DHCID record type.
This specification defines a new number-space for the 2-octet
identifier type codes associated with the DHCID RR. IANA has
established a registry of the values for this number-space. Three
initial values are assigned in Section 3.3, and the value 0xFFFF is
reserved for future use. New DHCID RR identifier type codes are
assigned through Standards Action, as defined in [5].
This specification defines a new number-space for the 1-octet digest
type codes associated with the DHCID RR. IANA has established a
registry of the values for this number-space. Two initial values are
assigned in Section 3.4. New DHCID RR digest type codes are assigned
through Standards Action, as defined in [5].
8. Acknowledgements
Many thanks to Harald Alvestrand, Ralph Droms, Olafur Gudmundsson,
Sam Hartman, Josh Littlefield, Pekka Savola, and especially Bernie
Volz for their review and suggestions.
9. References
9.1. Normative References
[1] Stapp, M. and B. Volz, "Resolution of Fully Qualified Domain
Name (FQDN) Conflicts among Dynamic Host Configuration Protocol
(DHCP) Clients", RFC 4703, October 2006.
[2] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997.
[3] Mockapetris, P., "Domain names - concepts and facilities",
STD 13, RFC 1034, November 1987.
[4] Mockapetris, P., "Domain names - implementation and
specification", STD 13, RFC 1035, November 1987.
[5] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA
Considerations Section in RFCs", BCP 26, RFC 2434, October 1998.
[6] Lemon, T. and B. Sommerfeld, "Node-specific Client Identifiers
for Dynamic Host Configuration Protocol Version Four (DHCPv4)",
RFC 4361, February 2006.
Stapp, et al. Standards Track [Page 9]
RFC 4701 The DHCID RR October 2006
9.2. Informative References
[7] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131,
March 1997.
[8] Josefsson, S., "The Base16, Base32, and Base64 Data Encodings",
RFC 3548, July 2003.
[9] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose,
"Resource Records for the DNS Security Extensions", RFC 4034,
March 2005.
[10] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor
Extensions", RFC 2132, March 1997.
[11] Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., and M.
Carney, "Dynamic Host Configuration Protocol for IPv6
(DHCPv6)", RFC 3315, July 2003.
[12] Vixie, P., Gudmundsson, O., Eastlake, D., and B. Wellington,
"Secret Key Transaction Authentication for DNS (TSIG)",
RFC 2845, May 2000.
[13] Gustafsson, A., "Handling of Unknown DNS Resource Record (RR)
Types", RFC 3597, September 2003.
Stapp, et al. Standards Track [Page 10]
RFC 4701 The DHCID RR October 2006
Authors' Addresses
Mark Stapp
Cisco Systems, Inc.
1414 Massachusetts Ave.
Boxborough, MA 01719
USA
Phone: 978.936.1535
EMail: mjs@cisco.com
Ted Lemon
Nominum, Inc.
950 Charter St.
Redwood City, CA 94063
USA
EMail: mellon@nominum.com
Andreas Gustafsson
Araneus Information Systems Oy
Ulappakatu 1
02320 Espoo
Finland
EMail: gson@araneus.fi
Stapp, et al. Standards Track [Page 11]
RFC 4701 The DHCID RR October 2006
Full Copyright Statement
Copyright (C) The Internet Society (2006).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Acknowledgement
Funding for the RFC Editor function is provided by the IETF
Administrative Support Activity (IASA).
Stapp, et al. Standards Track [Page 12]

2915
doc/rfc/rfc5155.txt Normal file
View File

File diff suppressed because it is too large Load Diff

6
lib/bind/api
View File

@ -1,3 +1,3 @@
LIBINTERFACE = 4
LIBREVISION = 10
LIBAGE = 0
LIBINTERFACE = 5
LIBREVISION = 2
LIBAGE = 1

8
lib/bind/bsd/Makefile.in
View File

@ -1,7 +1,7 @@
# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2004, 2008 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2001 Internet Software Consortium.
#
# Permission to use, copy, modify, and distribute this software for any
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: Makefile.in,v 1.7 2004/03/05 05:05:07 marka Exp $
# $Id: Makefile.in,v 1.7.18.2 2008/03/20 23:46:01 tbox Exp $
srcdir= @srcdir@
VPATH = @srcdir@
@ -34,6 +34,6 @@ SRCS= daemon.c ftruncate.c gettimeofday.c mktemp.c putenv.c \
TARGETS= ${OBJS}
CINCLUDES= -I.. -I${srcdir}/../include
CINCLUDES= -I.. -I../include -I${srcdir}/../include
@BIND9_MAKE_RULES@

6
lib/bind/bsd/strerror.c
View File

@ -1,6 +1,6 @@
#if defined(LIBC_SCCS) && !defined(lint)
static const char sccsid[] = "@(#)strerror.c 8.1 (Berkeley) 6/4/93";
static const char rcsid[] = "$Id: strerror.c,v 1.4.332.1 2005/04/27 05:00:46 sra Exp $";
static const char rcsid[] = "$Id: strerror.c,v 1.4.332.2 2008/02/18 04:04:06 marka Exp $";
#endif /* LIBC_SCCS and not lint */
/*
@ -60,12 +60,14 @@ isc_strerror(int num) {
static char ebuf[40] = UPREFIX; /*%< 64-bit number + slop */
u_int errnum;
char *p, *t;
#ifndef USE_SYSERROR_LIST
const char *ret;
#endif
char tmp[40];
errnum = num; /*%< convert to unsigned */
#ifdef USE_SYSERROR_LIST
if (errnum < sys_nerr)
if (errnum < (u_int)sys_nerr)
return (sys_errlist[errnum]);
#else
#undef strerror

10
lib/bind/bsd/strtoul.c
View File

@ -1,6 +1,6 @@
#if defined(LIBC_SCCS) && !defined(lint)
static const char sccsid[] = "@(#)strtoul.c 8.1 (Berkeley) 6/4/93";
static const char rcsid[] = "$Id: strtoul.c,v 1.2.164.1 2005/04/27 05:00:47 sra Exp $";
static const char rcsid[] = "$Id: strtoul.c,v 1.2.164.2 2008/02/18 04:04:06 marka Exp $";
#endif /* LIBC_SCCS and not lint */
/*
@ -70,7 +70,7 @@ strtoul(const char *nptr, char **endptr, int base) {
* See strtol for comments as to the logic used.
*/
do {
c = *(unsigned char *)s++;
c = *(const unsigned char *)s++;
} while (isspace(c));
if (c == '-') {
neg = 1;
@ -87,7 +87,7 @@ strtoul(const char *nptr, char **endptr, int base) {
base = c == '0' ? 8 : 10;
cutoff = (u_long)ULONG_MAX / (u_long)base;
cutlim = (u_long)ULONG_MAX % (u_long)base;
for (acc = 0, any = 0;; c = *(unsigned char*)s++) {
for (acc = 0, any = 0;; c = *(const unsigned char*)s++) {
if (isdigit(c))
c -= '0';
else if (isalpha(c))
@ -96,7 +96,7 @@ strtoul(const char *nptr, char **endptr, int base) {
break;
if (c >= base)
break;
if (any < 0 || acc > cutoff || acc == cutoff && c > cutlim)
if (any < 0 || acc > cutoff || (acc == cutoff && c > cutlim))
any = -1;
else {
any = 1;
@ -110,7 +110,7 @@ strtoul(const char *nptr, char **endptr, int base) {
} else if (neg)
acc = -acc;
if (endptr != 0)
*endptr = (char *)(any ? s - 1 : nptr);
DE_CONST((any ? s - 1 : nptr), *endptr);
return (acc);
}

217
lib/bind/configure.in
View File

@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
AC_REVISION($Revision: 1.90.18.34.10.2 $)
AC_REVISION($Revision: 1.90.18.43 $)
AC_INIT(resolv/herror.c)
AC_PREREQ(2.13)
@ -169,7 +169,7 @@ AC_PROG_CC
AC_HEADER_STDC
AC_CHECK_HEADERS(fcntl.h db.h paths.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/timers.h stropts.h)
AC_CHECK_HEADERS(fcntl.h db.h paths.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/timers.h stropts.h memory.h)
AC_C_CONST
AC_C_INLINE
@ -461,6 +461,7 @@ AC_SUBST(WANT_THREADS_OBJS)
AC_CHECK_FUNC(strlcat, AC_DEFINE(HAVE_STRLCAT))
AC_CHECK_FUNC(memmove, AC_DEFINE(HAVE_MEMMOVE))
AC_CHECK_FUNC(memchr, AC_DEFINE(HAVE_MEMCHR))
AC_CHECK_FUNC(strtoul, , AC_DEFINE(NEED_STRTOUL))
AC_CHECK_FUNC(if_nametoindex,
[USE_IFNAMELINKID="#define USE_IFNAMELINKID 1"],
@ -490,6 +491,16 @@ AC_CHECK_FUNC(strerror, [NEED_STRERROR="#undef NEED_STRERROR"],
[NEED_STRERROR="#define NEED_STRERROR 1"])
AC_SUBST(NEED_STRERROR)
if test -n "$NEED_STRERROR"
then
AC_MSG_CHECKING([for extern char * sys_errlist[]])
AC_TRY_LINK([ extern int sys_nerr; extern char *sys_errlist[]; ],
[ const char *p = sys_errlist[0]; ],
AC_MSG_RESULT(yes)
AC_DEFINE(USE_SYSERROR_LIST),
AC_MSG_RESULT(no))
fi
#
# flockfile is usually provided by pthreads, but we may want to use it
# even if compiled with --disable-threads.
@ -666,6 +677,14 @@ AC_SUBST(PURIFY)
#
# GNU libtool support
#
case $host in
sunos*)
# Just set the maximum command line length for sunos as it otherwise
# takes a exceptionally long time to work it out. Required for libtool.
lt_cv_sys_max_cmd_len=4096;
;;
esac
AC_ARG_WITH(libtool,
[ --with-libtool use GNU libtool (following indented options supported)],
use_libtool="$withval", use_libtool="no")
@ -976,6 +995,8 @@ AC_SUBST(ISC_PLATFORM_NEEDATON)
#
case "$host" in
*-dec-osf*)
# Tru64 broke send() by defining it to send_OBSOLETE
AC_DEFINE(REENABLE_SEND)
# Turn on 4.4BSD style sa_len support.
AC_DEFINE(_SOCKADDR_LEN)
;;
@ -1050,6 +1071,7 @@ case "$host" in
*-qnx*) PORT_DIR="port/qnx";;
*-rhapsody*) PORT_DIR="port/rhapsody";;
*-sunos4*)
AC_DEFINE(NEED_SUN4PROTOS)
PORT_NONBLOCK="#define PORT_NONBLOCK O_NDELAY"
PORT_DIR="port/sunos";;
*-solaris2.[[01234]])
@ -1246,6 +1268,38 @@ found_rt_iflist
AC_CHECK_FUNC(strsep,
[ISC_PLATFORM_NEEDSTRSEP="#undef ISC_PLATFORM_NEEDSTRSEP"],
[ISC_PLATFORM_NEEDSTRSEP="#define ISC_PLATFORM_NEEDSTRSEP 1"])
AC_MSG_CHECKING(for char *sprintf)
AC_TRY_COMPILE([
#include <stdio.h>
],
[ char buf[2]; return(*sprintf(buf,"x"));],
AC_DEFINE(SPRINTF_CHAR)
AC_MSG_RESULT(yes)
,
AC_MSG_RESULT(no)
)
AC_MSG_CHECKING(for char *vsprintf)
case $host in
*sunos4*) # not decared in any header file.
AC_DEFINE(VSPRINTF_CHAR)
AC_MSG_RESULT(yes)
;;
*)
AC_TRY_COMPILE([
#include <stdio.h>
],
[ char buf[2]; return(*vsprintf(buf,"x"));],
AC_DEFINE(VSPRINTF_CHAR)
AC_MSG_RESULT(yes)
,
AC_MSG_RESULT(no)
)
;;
esac
AC_CHECK_FUNC(vsnprintf,
[ISC_PLATFORM_NEEDVSNPRINTF="#undef ISC_PLATFORM_NEEDVSNPRINTF"],
[ISC_EXTRA_OBJS="$ISC_EXTRA_OBJS print.$O"
@ -1256,12 +1310,7 @@ AC_SUBST(ISC_PLATFORM_NEEDVSNPRINTF)
AC_SUBST(ISC_EXTRA_OBJS)
AC_SUBST(ISC_EXTRA_SRCS)
AC_CHECK_FUNC(strerror,
[USE_SYSERROR_LIST="#undef USE_SYSERROR_LIST"],
[USE_SYSERROR_LIST="#define USE_SYSERROR_LIST 1"])
AC_SUBST(USE_SYSERROR_LIST)
#
# Determine the printf format characters to use when printing
# values of type isc_int64_t. We make the assumption that platforms
# where a "long long" is the same size as a "long" (e.g., Alpha/OSF1)
@ -1865,19 +1914,37 @@ AC_SUBST(SETGRENT_VOID)
case $host in
ia64-hp-hpux11.*)
NGR_R_CONST="#define NGR_R_CONST"
;;
*-hp-hpux11.*)
#
# HPUX doesn't have a prototype for getnetgrent_r().
#
NGR_R_CONST="#define NGR_R_CONST"
NGR_R_ARGS="#define NGR_R_ARGS char *buf, int buflen"
NGR_R_BAD="#define NGR_R_BAD (0)"
NGR_R_COPY="#define NGR_R_COPY buf, buflen"
NGR_R_COPY_ARGS="#define NGR_R_COPY_ARGS NGR_R_ARGS"
NGR_R_OK="#define NGR_R_OK 1"
NGR_R_RETURN="#define NGR_R_RETURN int"
;;
*)
AC_CHECK_FUNC(getnetgrent_r,
AC_TRY_COMPILE(
[
#undef __USE_MISC
#define __USE_MISC
#undef _REEENTRANT
#define _REEENTRANT
#include <netdb.h>
#include <unistd.h>
int getnetgrent_r(char **m, char **u, char **d, char *b, int l) {}
]
,
[return (0);],
[
NGR_R_CONST="#define NGR_R_CONST"
NGR_R_ARGS="#define NGR_R_ARGS char *buf, int buflen"
NGR_R_BAD="#define NGR_R_BAD (0)"
NGR_R_COPY="#define NGR_R_COPY buf, buflen"
@ -1890,12 +1957,16 @@ AC_TRY_COMPILE(
[
#undef __USE_MISC
#define __USE_MISC
#undef _REEENTRANT
#define _REEENTRANT
#include <netdb.h>
#include <unistd.h>
int getnetgrent_r(char **m, char **u, char **d, char *b, size_t l) {}
]
,
[return (0);],
[
NGR_R_CONST="#define NGR_R_CONST"
NGR_R_ARGS="#define NGR_R_ARGS char *buf, size_t buflen"
NGR_R_BAD="#define NGR_R_BAD (0)"
NGR_R_COPY="#define NGR_R_COPY buf, buflen"
@ -1908,12 +1979,16 @@ AC_TRY_COMPILE(
[
#undef __USE_MISC
#define __USE_MISC
#undef _REEENTRANT
#define _REEENTRANT
#include <netdb.h>
extern int getnetgrent_r( char **, char **, char **, void **);
#include <unistd.h>
extern int getnetgrent_r(char **, char **, char **, void **);
]
,
[return (0);],
[
NGR_R_CONST="#define NGR_R_CONST"
NGR_R_ARGS="#define NGR_R_ARGS void **buf"
NGR_R_BAD="#define NGR_R_BAD (0)"
NGR_R_COPY="#define NGR_R_COPY buf"
@ -1923,10 +1998,35 @@ NGR_R_RETURN="#define NGR_R_RETURN int"
NGR_R_PRIVATE="#define NGR_R_PRIVATE 1"
]
,
AC_TRY_COMPILE(
[
#undef __USE_MISC
#define __USE_MISC
#undef _REEENTRANT
#define _REEENTRANT
#include <netdb.h>
#include <unistd.h>
extern int getnetgrent_r(const char **, const char **, const char **, void *);
]
,
[return (0);],
[
NGR_R_CONST="#define NGR_R_CONST const"
NGR_R_ARGS="#define NGR_R_ARGS void *buf"
NGR_R_BAD="#define NGR_R_BAD (0)"
NGR_R_COPY="#define NGR_R_COPY buf"
NGR_R_COPY_ARGS="#define NGR_R_COPY_ARGS NGR_R_ARGS"
NGR_R_OK="#define NGR_R_OK 1"
NGR_R_RETURN="#define NGR_R_RETURN int"
NGR_R_PRIVATE="#define NGR_R_PRIVATE 2"
]
,
)
)
)
)
,
NGR_R_CONST="#define NGR_R_CONST"
NGR_R_ARGS="#define NGR_R_ARGS char *buf, int buflen"
NGR_R_BAD="#define NGR_R_BAD (0)"
NGR_R_COPY="#define NGR_R_COPY buf, buflen"
@ -1935,6 +2035,7 @@ NGR_R_OK="#define NGR_R_OK 1"
NGR_R_RETURN="#define NGR_R_RETURN int"
)
esac
AC_SUBST(NGR_R_CONST)
AC_SUBST(NGR_R_ARGS)
AC_SUBST(NGR_R_BAD)
AC_SUBST(NGR_R_COPY)
@ -1948,7 +2049,10 @@ AC_TRY_COMPILE(
[
#undef __USE_MISC
#define __USE_MISC
#undef _REEENTRANT
#define _REEENTRANT
#include <netdb.h>
#include <unistd.h>
void endnetgrent_r(void **ptr);
]
,
@ -1957,44 +2061,128 @@ void endnetgrent_r(void **ptr);
[
NGR_R_END_RESULT="#define NGR_R_END_RESULT(x) /* empty */"
NGR_R_END_RETURN="#define NGR_R_END_RETURN void"
NGR_R_ENT_ARGS="#define NGR_R_ENT_ARGS NGR_R_ARGS"
NGR_R_END_ARGS="#define NGR_R_END_ARGS NGR_R_ARGS"
]
,
AC_TRY_COMPILE(
[
#undef __USE_MISC
#define __USE_MISC
#undef _REEENTRANT
#define _REEENTRANT
#include <netdb.h>
#include <unistd.h>
void endnetgrent_r(void *ptr);
]
,
[return (0);]
,
[
NGR_R_END_RESULT="#define NGR_R_END_RESULT(x) /* empty */"
NGR_R_END_RETURN="#define NGR_R_END_RETURN void"
NGR_R_END_ARGS="#define NGR_R_END_ARGS void *buf"
]
,
[
NGR_R_END_RESULT="#define NGR_R_END_RESULT(x) return (x)"
NGR_R_END_RETURN="#define NGR_R_END_RETURN int"
NGR_R_ENT_ARGS="#define NGR_R_ENT_ARGS NGR_R_ARGS"
NGR_R_END_ARGS="#define NGR_R_END_ARGS NGR_R_ARGS"
]
)
)
,
NGR_R_END_RESULT="#define NGR_R_END_RESULT(x) /*empty*/"
NGR_R_END_RETURN="#define NGR_R_END_RETURN void"
NGR_R_ENT_ARGS="#undef NGR_R_ENT_ARGS /*empty*/"
NGR_R_END_ARGS="#undef NGR_R_END_ARGS /*empty*/"
AC_DEFINE(NEED_ENDNETGRENT_R)
)
AC_SUBST(NGR_R_END_RESULT)
AC_SUBST(NGR_R_END_RETURN)
AC_SUBST(NGR_R_ENT_ARGS)
AC_SUBST(NGR_R_END_ARGS)
AC_CHECK_FUNC(setnetgrent_r,
[
case "$host" in
*bsdi*)
#
# No prototype
#
NGR_R_SET_RESULT="#undef NGR_R_SET_RESULT /*empty*/"
NGR_R_SET_RETURN="#define NGR_R_SET_RETURN void"
NGR_R_SET_ARGS="#define NGR_R_SET_ARGS NGR_R_ARGS"
NGR_R_SET_CONST="#define NGR_R_SET_CONST"
;;
*)
*hpux*)
#
# No prototype
#
NGR_R_SET_RESULT="#define NGR_R_SET_RESULT NGR_R_OK"
NGR_R_SET_RETURN="#define NGR_R_SET_RETURN int"
NGR_R_SET_ARGS="#undef NGR_R_SET_ARGS /* empty */"
NGR_R_SET_CONST="#define NGR_R_SET_CONST"
;;
*)
AC_TRY_COMPILE(
[
#undef __USE_MISC
#define __USE_MISC
#undef _REEENTRANT
#define _REEENTRANT
#include <netdb.h>
#include <unistd.h>
void setnetgrent_r(void **ptr);
]
,
[return (0);]
,
[
NGR_R_SET_RESULT="#undef NGR_R_SET_RESULT /* empty */"
NGR_R_SET_RETURN="#define NGR_R_SET_RETURN void"
NGR_R_SET_ARGS="#define NGR_R_SET_ARGS void **buf"
NGR_R_SET_CONST="#define NGR_R_SET_CONST"
]
,
AC_TRY_COMPILE(
[
#undef __USE_MISC
#define __USE_MISC
#undef _REEENTRANT
#define _REEENTRANT
#include <netdb.h>
#include <unistd.h>
extern int setnetgrent_r(char *, void **);
]
,
[return (0);]
,
[
NGR_R_SET_RESULT="#define NGR_R_SET_RESULT NGR_R_OK"
NGR_R_SET_RETURN="#define NGR_R_SET_RETURN int"
NGR_R_SET_ARGS="#define NGR_R_SET_ARGS void **buf"
NGR_R_SET_CONST="#define NGR_R_SET_CONST"
]
,
[
NGR_R_SET_RESULT="#define NGR_R_SET_RESULT NGR_R_OK"
NGR_R_SET_RETURN="#define NGR_R_SET_RETURN int"
NGR_R_SET_ARGS="#undef NGR_R_SET_ARGS"
NGR_R_SET_CONST="#define NGR_R_SET_CONST const"
]
))
;;
esac
]
,
NGR_R_SET_RESULT="#undef NGR_R_SET_RESULT /*empty*/"
NGR_R_SET_RETURN="#define NGR_R_SET_RETURN void"
NGR_R_SET_ARGS="#undef NGR_R_SET_ARGS"
NGR_R_SET_CONST="#define NGR_R_SET_CONST const"
)
AC_SUBST(NGR_R_SET_RESULT)
AC_SUBST(NGR_R_SET_RETURN)
AC_SUBST(NGR_R_SET_ARGS)
AC_SUBST(NGR_R_SET_CONST)
AC_CHECK_FUNC(innetgr_r,,AC_DEFINE(NEED_INNETGR_R))
@ -2590,7 +2778,7 @@ case "$host" in
*-solaris2.9)
hack_shutup_in6addr_init_macros=yes
;;
*-solaris2.1[0-9])
*-solaris2.1[[0-9]])
hack_shutup_in6addr_init_macros=yes
;;
esac
@ -2675,6 +2863,7 @@ AC_OUTPUT(
port/Makefile
${PORT_DIR}/Makefile
${PORT_INCLUDE}/Makefile
include/isc/platform.h
)
# Tell Emacs to edit this file in shell mode.

8
lib/bind/dst/Makefile.in
View File

@ -1,7 +1,7 @@
# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2004, 2008 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2001 Internet Software Consortium.
#
# Permission to use, copy, modify, and distribute this software for any
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: Makefile.in,v 1.6 2004/03/05 05:05:09 marka Exp $
# $Id: Makefile.in,v 1.6.18.2 2008/03/20 23:46:01 tbox Exp $
srcdir= @srcdir@
VPATH = @srcdir@
@ -26,7 +26,7 @@ TARGETS= ${OBJS}
CRYPTFLAGS= -DCYLINK_DSS -DHMAC_MD5 -DUSE_MD5 -DDNSSAFE
CINCLUDES= -I.. -I${srcdir}/../include ${CRYPTINCL}
CINCLUDES= -I.. -I../include -I${srcdir}/../include ${CRYPTINCL}
CDEFINES= ${CRYPTFLAGS}
@BIND9_MAKE_RULES@

2
lib/bind/dst/dst_api.c
View File

@ -1,5 +1,5 @@
#ifndef LINT
static const char rcsid[] = "$Header: /proj/cvs/prod/bind9/lib/bind/dst/dst_api.c,v 1.10.332.7 2007/09/26 04:41:47 each Exp $";
static const char rcsid[] = "$Header: /proj/cvs/prod/bind9/lib/bind/dst/Attic/dst_api.c,v 1.10.332.7 2007/09/26 04:41:47 each Exp $";
#endif
/*

2
lib/bind/dst/hmac_link.c
View File

@ -1,6 +1,6 @@
#ifdef HMAC_MD5
#ifndef LINT
static const char rcsid[] = "$Header: /proj/cvs/prod/bind9/lib/bind/dst/hmac_link.c,v 1.3.164.5 2007/09/26 04:41:47 each Exp $";
static const char rcsid[] = "$Header: /proj/cvs/prod/bind9/lib/bind/dst/Attic/hmac_link.c,v 1.3.164.5 2007/09/26 04:41:47 each Exp $";
#endif
/*
* Portions Copyright (c) 1995-1998 by Trusted Information Systems, Inc.

2
lib/bind/dst/support.c
View File

@ -1,4 +1,4 @@
static const char rcsid[] = "$Header: /proj/cvs/prod/bind9/lib/bind/dst/support.c,v 1.3.332.3 2005/10/11 00:25:09 marka Exp $";
static const char rcsid[] = "$Header: /proj/cvs/prod/bind9/lib/bind/dst/Attic/support.c,v 1.3.332.3 2005/10/11 00:25:09 marka Exp $";
/*

8
lib/bind/include/Makefile.in
View File

@ -1,7 +1,7 @@
# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2004, 2008 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2001 Internet Software Consortium.
#
# Permission to use, copy, modify, and distribute this software for any
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: Makefile.in,v 1.4 2004/03/05 05:05:11 marka Exp $
# $Id: Makefile.in,v 1.4.18.2 2008/01/23 02:15:02 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@ -24,7 +24,7 @@ HEADERS=fd_setsize.h hesiod.h irp.h irs.h netdb.h netgroup.h res_update.h \
AHEADERS= arpa/inet.h arpa/nameser.h arpa/nameser_compat.h
IHEADERS= isc/assertions.h isc/ctl.h isc/dst.h isc/eventlib.h isc/heap.h \
isc/irpmarshall.h isc/list.h isc/logging.h isc/memcluster.h \
isc/misc.h isc/tree.h
isc/misc.h isc/tree.h isc/platform.h.in
all:

Some files were not shown because too many files have changed in this diff Show More