Vendor import of Bind 9.8.5-P1
Approved by: delphij (mentor) Sponsored by: DK Hostmaster A/S
This commit is contained in:
parent
650b026006
commit
6f34f6a389
428
CHANGES
428
CHANGES
@ -1,20 +1,386 @@
|
||||
--- 9.8.4-P2 released ---
|
||||
--- 9.8.5-P1 released ---
|
||||
|
||||
3516. [security] Removed the check for regex.h in configure in order
|
||||
to disable regex syntax checking, as it exposes
|
||||
BIND to a critical flaw in libregex on some
|
||||
platforms. [RT #32688]
|
||||
3584. [security] Caching data from an incompletely signed zone could
|
||||
trigger an assertion failure in resolver.c [RT #33690]
|
||||
|
||||
--- 9.8.4-P1 released ---
|
||||
--- 9.8.5 released ---
|
||||
|
||||
3407. [security] Named could die on specific queries with dns64 enabled.
|
||||
[Addressed in change #3388 for BIND 9.8.5 and 9.9.3.]
|
||||
3568. [cleanup] Add a product description line to the version file,
|
||||
to be reported by named -v/-V. [RT #33366]
|
||||
|
||||
--- 9.8.4 released ---
|
||||
3567. [bug] Silence clang static analyzer warnings. [RT #33365]
|
||||
|
||||
3563. [contrib] zone2sqlite failed with some table names. [RT #33375]
|
||||
|
||||
3561. [bug] dig: issue a warning if an EDNS query returns FORMERR
|
||||
or NOTIMP. Adjust usage message. [RT #33363]
|
||||
|
||||
--- 9.8.5rc1 released ---
|
||||
|
||||
3560. [bug] isc-config.sh did not honor includedir and libdir
|
||||
when set via configure. [RT #33345]
|
||||
|
||||
3559. [func] Check that both forms of Sender Policy Framework
|
||||
records exist or do not exist. [RT #33355]
|
||||
|
||||
3558. [bug] IXFR of a DLZ stored zone was broken. [RT #33331]
|
||||
|
||||
3556. [maint] Added AAAA for D.ROOT-SERVERS.NET.
|
||||
|
||||
3555. [bug] Address theoretical race conditions in acache.c
|
||||
(change #3553 was incomplete). [RT #33252]
|
||||
|
||||
3553. [bug] Address suspected double free in acache. [RT #33252]
|
||||
|
||||
3552. [bug] Wrong getopt option string for 'nsupdate -r'.
|
||||
[RT #33280]
|
||||
|
||||
3549. [doc] Documentation for "request-nsid" was missing.
|
||||
[RT #33153]
|
||||
|
||||
3548. [bug] The NSID request code in resolver.c was broken
|
||||
resulting in invalid EDNS options being sent.
|
||||
[RT #33153]
|
||||
|
||||
3547. [bug] Some malformed unknown rdata records were not properly
|
||||
detected and rejected. [RT #33129]
|
||||
|
||||
3056. [func] Added support for URI resource record. [RT #23386]
|
||||
|
||||
--- 9.8.5rc1 released ---
|
||||
|
||||
3546. [func] Add EUI48 and EUI64 types. [RT #33082]
|
||||
|
||||
3544. [contrib] check5011.pl: Script to report the status of
|
||||
managed keys as recorded in managed-keys.bind.
|
||||
Contributed by Tony Finch <dot@dotat.at>
|
||||
|
||||
3543. [bug] Update socket structure before attaching to socket
|
||||
manager after accept. [RT #33084]
|
||||
|
||||
3542. [bug] masterformat system test was broken. [RT #33086]
|
||||
|
||||
3541. [bug] Parts of libdns were not properly initialized when
|
||||
built in libexport mode. [RT #33028]
|
||||
|
||||
3540. [test] libt_api: t_info and t_assert were not thread safe.
|
||||
|
||||
3539. [port] win32: timestamp format didn't match other platforms.
|
||||
|
||||
3538. [test] Running "make test" now requires loopback interfaces
|
||||
to be set up. [RT #32452]
|
||||
|
||||
3537. [tuning] Slave zones, when updated, now send NOTIFY messages
|
||||
to peers before being dumped to disk rather than
|
||||
after. [RT #27242]
|
||||
|
||||
3535. [bug] Minor win32 cleanups. [RT #32962]
|
||||
|
||||
3534. [bug] Extra text after an embedded NULL was ignored when
|
||||
parsing zone files. [RT #32699]
|
||||
|
||||
3533. [contrib] query-loc-0.4.0: memory leaks. [RT #32960]
|
||||
|
||||
3532. [contrib] zkt: fixed buffer overrun, resource leaks. [RT #32960]
|
||||
|
||||
3531. [bug] win32: A uninitialized value could be returned on out
|
||||
of memory. [RT #32960]
|
||||
|
||||
3530. [contrib] Better RTT tracking in queryperf. [RT #30128]
|
||||
|
||||
3526. [cleanup] Set up dependencies for unit tests correctly during
|
||||
build. [RT #32803]
|
||||
|
||||
3521. [bug] Address memory leak in opensslecdsa_link.c. [RT #32249]
|
||||
|
||||
3520. [bug] 'mctx' was not being referenced counted in some places
|
||||
where it should have been. [RT #32794]
|
||||
|
||||
--- 9.8.5b2 released ---
|
||||
|
||||
3517. [bug] Reorder destruction to avoid shutdown race. [RT #32777]
|
||||
|
||||
3515. [port] '%T' is not portable in strftime(). [RT #32763]
|
||||
|
||||
3514. [bug] The ranges for valid key sizes in ddns-confgen and
|
||||
rndc-confgen were too constrained. Keys up to 512
|
||||
bits are now allowed for most algorithms, and up
|
||||
to 1024 bits for hmac-sha384 and hmac-sha512.
|
||||
[RT #32753]
|
||||
|
||||
3509. [cleanup] Added a product line to version file to allow for
|
||||
easy naming of different products (BIND
|
||||
vs BIND ESV, for example). [RT #32755]
|
||||
|
||||
3508. [contrib] queryperf was incorrectly rejecting the -T option.
|
||||
[RT #32338]
|
||||
|
||||
3503. [doc] Clarify size_spec syntax. [RT #32449]
|
||||
|
||||
3500. [security] Support NAPTR regular expression validation on
|
||||
all platforms without using libregex, which
|
||||
can be vulnerable to memory exhaustion attack
|
||||
(CVE-2013-2266). [RT #32688]
|
||||
|
||||
3499. [doc] Corrected ARM documentation of built-in zones.
|
||||
[RT #32694]
|
||||
|
||||
3498. [bug] zone statistics for zones which matched a potential
|
||||
empty zone could have their zone-statistics setting
|
||||
overridden.
|
||||
|
||||
3496. [func] Improvements to RPZ performance. The "response-policy"
|
||||
syntax now includes a "min-ns-dots" clause, with
|
||||
default 1, to exclude top-level domains from
|
||||
NSIP and NSDNAME checking. --enable-rpz-nsip and
|
||||
--enable-rpz-nsdname are now the default. [RT #32251]
|
||||
|
||||
3489. [bug] --enable-developer now turns on ISC_LIST_CHECKINIT.
|
||||
When cloning a rdataset do not copy the link contents.
|
||||
[RT #32651]
|
||||
|
||||
3488. [bug] Use after free error with DH generated keys. [RT #32649]
|
||||
|
||||
3487. [bug] Change 3444 was not complete. There was a additional
|
||||
place where the NOQNAME proof needed to be saved.
|
||||
[RT #32629]
|
||||
|
||||
3486. [bug] named could crash when using TKEY-negotiated keys
|
||||
that had been deleted and then recreated. [RT #32506]
|
||||
|
||||
3485. [cleanup] Only compile openssl_gostlink.c if we support GOST.
|
||||
|
||||
3481. [cleanup] Removed use of const const in atf.
|
||||
|
||||
3479. [bug] Address potential memory leaks in gssapi support
|
||||
code. [RT #32405]
|
||||
|
||||
3478. [port] Fix a build failure in strict C99 environments
|
||||
[RT #32475]
|
||||
|
||||
3474. [bug] nsupdate could assert when the local and remote
|
||||
address families didn't match. [RT #22897]
|
||||
|
||||
3470. [bug] Slave zones could fail to dump when successfully
|
||||
refreshing after an initial failure. [RT #31276]
|
||||
|
||||
--- 9.8.5b1 released ---
|
||||
|
||||
3468. [security] RPZ rules to generate A records (but not AAAA records)
|
||||
could trigger an assertion failure when used in
|
||||
conjunction with DNS64 (CVE-2012-5689). [RT #32141]
|
||||
|
||||
3467. [bug] Added checks in dnssec-keygen and dnssec-settime
|
||||
to check for delete date < inactive date. [RT #31719]
|
||||
|
||||
3465. [bug] Handle isolated reserved ports. [RT #31778]
|
||||
|
||||
3464. [maint] Updates to PKCS#11 openssl patches, supporting
|
||||
versions 0.9.8x, 1.0.0j, 1.0.1c [RT #29749]
|
||||
|
||||
3463. [doc] Clarify managed-keys syntax in ARM. [RT #32232]
|
||||
|
||||
3462. [doc] Clarify server selection behavior of dig when using
|
||||
-4 or -6 options. [RT #32181]
|
||||
|
||||
3461. [bug] Negative responses could incorrectly have AD=1
|
||||
set. [RT #32237]
|
||||
|
||||
3458. [bug] Return FORMERR when presented with a overly long
|
||||
domain named in a request. [RT #29682]
|
||||
|
||||
3457. [protocol] Add ILNP records (NID, LP, L32, L64). [RT #31836]
|
||||
|
||||
3456. [port] g++47: ATF failed to compile. [RT #32012]
|
||||
|
||||
3455. [contrib] queryperf: fix getopt option list. [RT #32338]
|
||||
|
||||
3454. [port] sparc64: improve atomic support. [RT #25182]
|
||||
|
||||
3452. [bug] Accept duplicate singleton records. [RT #32329]
|
||||
|
||||
3451. [port] Increase per thread stack size from 64K to 1M.
|
||||
[RT #32230]
|
||||
|
||||
3450. [bug] Stop logfileconfig system test spam system logs.
|
||||
[RT #32315]
|
||||
|
||||
3449. [bug] gen.c: use the pre-processor to construct format
|
||||
strings so that compiler can perform sanity checks;
|
||||
check the snprintf results. [RT #17576]
|
||||
|
||||
3448. [bug] The allow-query-on ACL was not processed correctly.
|
||||
[RT #29486]
|
||||
|
||||
3447. [port] Add support for libxml2-2.9.x [RT #32231]
|
||||
|
||||
3446. [port] win32: Add source ID (see change #3400) to build.
|
||||
[RT #31683]
|
||||
|
||||
3445. [bug] Warn about zone files with blank owner names
|
||||
immediately after $ORIGIN directives. [RT #31848]
|
||||
|
||||
3444. [bug] The NOQNAME proof was not being returned from cached
|
||||
insecure responses. [RT #21409]
|
||||
|
||||
3443. [bug] ddns-confgen: Some TSIG algorithms were incorrectly
|
||||
rejected when generating keys. [RT #31927]
|
||||
|
||||
3442. [port] Net::DNS 0.69 introduced a non backwards compatible
|
||||
change. [RT #32216]
|
||||
|
||||
3441. [maint] D.ROOT-SERVERS.NET is now 199.7.91.13.
|
||||
|
||||
3440. [bug] Reorder get_key_struct to not trigger a assertion when
|
||||
cleaning up due to out of memory error. [RT #32131]
|
||||
|
||||
3439. [bug] contrib/dlz error checking fixes. [RT #32102]
|
||||
|
||||
3438. [bug] Don't accept unknown data escape in quotes. [RT #32031]
|
||||
|
||||
3437. [bug] isc_buffer_init -> isc_buffer_constinit to initialize
|
||||
buffers with constant data. [RT #32064]
|
||||
|
||||
3436. [bug] Check malloc/calloc return values. [RT #32088]
|
||||
|
||||
3435. [bug] Cross compilation support in configure was broken.
|
||||
[RT #32078]
|
||||
|
||||
3431. [bug] ddns-confgen: Some valid key algorithms were
|
||||
not accepted. [RT #31927]
|
||||
|
||||
3430. [bug] win32: isc_time_formatISO8601 was missing the
|
||||
'T' between the date and time. [RT #32044]
|
||||
|
||||
3429. [bug] dns_zone_getserial2 could a return success without
|
||||
returning a valid serial. [RT #32007]
|
||||
|
||||
3428. [cleanup] dig: Add timezone to date output. [RT #2269]
|
||||
|
||||
3427. [bug] dig +trace incorrectly displayed name server
|
||||
addresses instead of names. [RT #31641]
|
||||
|
||||
3425. [bug] "acacheentry" reference counting was broken resulting
|
||||
in use after free. [RT #31908]
|
||||
|
||||
3422. [bug] Added a clear error message for when the SOA does not
|
||||
match the referral. [RT #31281]
|
||||
|
||||
3421. [bug] Named loops when re-signing if all keys are offline.
|
||||
[RT #31916]
|
||||
|
||||
3420. [bug] Address VPATH compilation issues. [RT #31879]
|
||||
|
||||
3419. [bug] Memory leak on validation cancel. [RT #31869]
|
||||
|
||||
3415. [bug] named could die with a REQUIRE failure if a validation
|
||||
was canceled. [RT #31804]
|
||||
|
||||
3412. [bug] Copy timeval structure from control message data.
|
||||
[RT #31548]
|
||||
|
||||
3411. [tuning] Use IPV6_USE_MIN_MTU or equivalent with TCP in addition
|
||||
to UDP. [RT #31690]
|
||||
|
||||
3410. [bug] Addressed Coverity warnings. [RT #31626]
|
||||
|
||||
3409. [contrib] contrib/dane/mkdane.sh: Tool to generate TLSA RR's
|
||||
from X.509 certificates, for use with DANE
|
||||
(DNS-based Authentication of Named Entities).
|
||||
[RT #30513]
|
||||
|
||||
3406. [bug] mem.c: Fix compilation errors when building with
|
||||
ISC_MEM_TRACKLINES or ISC_MEMPOOL_NAMES disabled.
|
||||
Also, ISC_MEM_DEBUG is no longer optional. [RT #31559]
|
||||
|
||||
3405. [bug] Handle time going backwards in acache. [RT #31253]
|
||||
|
||||
3404. [bug] dnssec-signzone: When re-signing a zone, remove
|
||||
RRSIG and NSEC records from nodes that used to be
|
||||
in-zone but are now below a zone cut. [RT #31556]
|
||||
|
||||
3403. [bug] Silence noisy OpenSSL logging. [RT #31497]
|
||||
|
||||
3402. [test] The IPv6 interface numbers used for system
|
||||
tests were incorrect on some platforms. [RT #25085]
|
||||
|
||||
3401. [bug] Addressed Coverity warnings. [RT #31484]
|
||||
|
||||
3400. [cleanup] "named -V" can now report a source ID string, defined
|
||||
in the "srcid" file in the build tree and normally set
|
||||
to the most recent git hash. [RT #31494]
|
||||
|
||||
3397. [bug] dig crashed when using +nssearch with +tcp. [RT #25298]
|
||||
|
||||
3396. [bug] OPT records were incorrectly removed from signed,
|
||||
truncated responses. [RT #31439]
|
||||
|
||||
3395. [protocol] Add RFC 6598 reverse zones to built in empty zones
|
||||
list, 64.100.IN-ADDR.ARPA ... 127.100.IN-ADDR.ARPA.
|
||||
[RT #31336]
|
||||
|
||||
3394. [bug] Adjust 'successfully validated after lower casing
|
||||
signer' log level and category. [RT #31414]
|
||||
|
||||
3393. [bug] 'host -C' could core dump if REFUSED was received.
|
||||
[RT #31381]
|
||||
|
||||
3391. [bug] A DNSKEY lookup that encountered a CNAME failed.
|
||||
[RT #31262]
|
||||
|
||||
3390. [bug] Silence clang compiler warnings. [RT #30417]
|
||||
|
||||
3389. [bug] Always return NOERROR (not 0) in TSIG. [RT #31275]
|
||||
|
||||
3388. [bug] Fixed several Coverity warnings.
|
||||
Note: This change includes a fix for a bug that
|
||||
was subsequently determined to be an exploitable
|
||||
security vulnerability, CVE-2012-5688: named could
|
||||
die on specific queries with dns64 enabled.
|
||||
[RT #30996]
|
||||
|
||||
3386. [bug] Address locking violation when generating new NSEC /
|
||||
NSEC3 chains. [RT #31224]
|
||||
|
||||
3384. [bug] Improved logging of crypto errors. [RT #30963]
|
||||
|
||||
3383. [security] A certain combination of records in the RBT could
|
||||
cause named to hang while populating the additional
|
||||
section of a response. [RT #31090]
|
||||
cause named to hang while populating the additional
|
||||
section of a response. [RT #31090]
|
||||
|
||||
3382. [bug] SOA query from slave used use-v6-udp-ports range,
|
||||
if set, regardless of the address family in use.
|
||||
[RT #24173]
|
||||
|
||||
3381. [contrib] Update queryperf to support more RR types.
|
||||
[RT #30762]
|
||||
|
||||
3380. [bug] named could die if a nonexistent master list was
|
||||
referenced in a also-notify. [RT #31004]
|
||||
|
||||
3379. [bug] isc_interval_zero and isc_time_epoch should be
|
||||
"const (type)* const". [RT #31069]
|
||||
|
||||
3378. [bug] Handle missing 'managed-keys-directory' better.
|
||||
[RT #30625]
|
||||
|
||||
3376. [bug] Lack of EDNS support was being recorded without a
|
||||
successful response. [RT #30811]
|
||||
|
||||
3375. [func] Check that 'rndc dumpdb' works on a empty cache.
|
||||
[RT #30808]
|
||||
|
||||
3374. [bug] isc_parse_uint32 failed to return a range error on
|
||||
systems with 64 bit longs. [RT #30232]
|
||||
|
||||
3372. [bug] Silence spurious "deleted from unreachable cache"
|
||||
messages. [RT #30501]
|
||||
|
||||
3371. [bug] AD=1 should behave like DO=1 when deciding whether to
|
||||
add NS RRsets to the additional section or not.
|
||||
[RT #30479]
|
||||
|
||||
--- 9.8.4 released ---
|
||||
|
||||
3373. [bug] win32: open raw files in binary mode. [RT #30944]
|
||||
|
||||
@ -135,11 +501,11 @@
|
||||
--- 9.8.3 released ---
|
||||
|
||||
3318. [tuning] Reduce the amount of work performed while holding a
|
||||
bucket lock when finshed with a fetch context.
|
||||
bucket lock when finished with a fetch context.
|
||||
[RT #29239]
|
||||
|
||||
3314. [bug] The masters list could be updated while refesh_callback
|
||||
and stub_callback were using it. [RT #26732]
|
||||
3314. [bug] The masters list could be updated while stub_callback
|
||||
or refresh_callback were using it. [RT #26732]
|
||||
|
||||
3313. [protocol] Add TLSA record type. [RT #28989]
|
||||
|
||||
@ -151,7 +517,7 @@
|
||||
|
||||
3310. [test] Increase table size for mutex profiling. [RT #28809]
|
||||
|
||||
3309. [bug] resolver.c:fctx_finddone() was not threadsafe.
|
||||
3309. [bug] resolver.c:fctx_finddone() was not thread safe.
|
||||
[RT #27995]
|
||||
|
||||
3307. [bug] Add missing ISC_LANG_BEGINDECLS and ISC_LANG_ENDDECLS.
|
||||
@ -328,7 +694,7 @@
|
||||
|
||||
3234. [bug] 'make depend' produced invalid makefiles. [RT #26830]
|
||||
|
||||
3231. [bug] named could fail to send a uncompressable zone.
|
||||
3231. [bug] named could fail to send a incompressible zone.
|
||||
[RT #26796]
|
||||
|
||||
3230. [bug] 'dig axfr' failed to properly handle a multi-message
|
||||
@ -345,7 +711,7 @@
|
||||
|
||||
3226. [bug] Address minor resource leakages. [RT #26624]
|
||||
|
||||
3221. [bug] Fixed a potential coredump on shutdown due to
|
||||
3221. [bug] Fixed a potential core dump on shutdown due to
|
||||
referencing fetch context after it's been freed.
|
||||
[RT #26720]
|
||||
|
||||
@ -369,7 +735,7 @@
|
||||
|
||||
3209. [func] Add "dnssec-lookaside 'no'". [RT #24858]
|
||||
|
||||
3208. [bug] 'dig -y' handle unknown tsig alorithm better.
|
||||
3208. [bug] 'dig -y' handle unknown tsig algorithm better.
|
||||
[RT #25522]
|
||||
|
||||
3207. [contrib] Fixed build error in Berkeley DB DLZ module. [RT #26444]
|
||||
@ -672,7 +1038,7 @@
|
||||
3077. [bug] zone.c:zone_refreshkeys() incorrectly called
|
||||
dns_zone_attach(), use zone->irefs instead. [RT #23303]
|
||||
|
||||
3075. [bug] dns_dnssec_findzonekeys{2} used a inconsistant
|
||||
3075. [bug] dns_dnssec_findzonekeys{2} used a inconsistent
|
||||
timestamp when determining which keys are active.
|
||||
[RT #23642]
|
||||
|
||||
@ -686,7 +1052,7 @@
|
||||
3072. [bug] dns_dns64_aaaaok() potential NULL pointer dereference.
|
||||
[RT #20256]
|
||||
|
||||
3071. [bug] has_nsec could be used unintialised in
|
||||
3071. [bug] has_nsec could be used uninitialized in
|
||||
update.c:next_active. [RT #20256]
|
||||
|
||||
3070. [bug] dnssec-signzone potential NULL pointer dereference.
|
||||
@ -732,7 +1098,7 @@
|
||||
|
||||
3052. [test] Fixed last autosign test report. [RT #23256]
|
||||
|
||||
3051. [bug] NS records obsure DNAME records at the bottom of the
|
||||
3051. [bug] NS records obscure DNAME records at the bottom of the
|
||||
zone if both are present. [RT #23035]
|
||||
|
||||
3050. [bug] The autosign system test was timing dependent.
|
||||
@ -742,7 +1108,7 @@
|
||||
3049. [bug] Save and restore the gid when creating creating
|
||||
named.pid at startup. [RT #23290]
|
||||
|
||||
3048. [bug] Fully separate view key mangement. [RT #23419]
|
||||
3048. [bug] Fully separate view key management. [RT #23419]
|
||||
|
||||
3047. [bug] DNSKEY NODATA responses not cached fixed in
|
||||
validator.c. Tests added to dnssec system test.
|
||||
@ -1079,7 +1445,7 @@
|
||||
no data response. [RT #21744]
|
||||
|
||||
2952. [port] win32: named-checkzone and named-checkconf failed
|
||||
to initialise winsock. [RT #21932]
|
||||
to initialize winsock. [RT #21932]
|
||||
|
||||
2951. [bug] named failed to generate a correct signed response
|
||||
in a optout, delegation only zone with no secure
|
||||
@ -1125,7 +1491,7 @@
|
||||
in use. [RT# 21868]
|
||||
|
||||
2938. [bug] When generating signed responses, from a signed zone
|
||||
that uses NSEC3, named would use a uninitialised
|
||||
that uses NSEC3, named would use a uninitialized
|
||||
pointer if it needed to skip a NSEC3 record because
|
||||
it didn't match the selected NSEC3PARAM record for
|
||||
zone. [RT# 21868]
|
||||
@ -1179,7 +1545,7 @@
|
||||
revisit the issue and complete the fix later.
|
||||
[RT #21710]
|
||||
|
||||
2930. [experimental] New "rndc addzone" and "rndc delzone" commads
|
||||
2930. [experimental] New "rndc addzone" and "rndc delzone" commands
|
||||
allow dynamic addition and deletion of zones.
|
||||
To enable this feature, specify a "new-zone-file"
|
||||
option at the view or options level in named.conf.
|
||||
@ -1355,7 +1721,7 @@
|
||||
successfully responds to the query using plain DNS.
|
||||
[RT #20930]
|
||||
|
||||
2873. [bug] Cancelling a dynamic update via the dns/client module
|
||||
2873. [bug] Canceling a dynamic update via the dns/client module
|
||||
could trigger an assertion failure. [RT #21133]
|
||||
|
||||
2872. [bug] Modify dns/client.c:dns_client_createx() to only
|
||||
@ -1397,7 +1763,7 @@
|
||||
|
||||
2860. [bug] named-checkconf's usage was out of date. [RT #21039]
|
||||
|
||||
2859. [bug] When cancelling validation it was possible to leak
|
||||
2859. [bug] When canceling validation it was possible to leak
|
||||
memory. [RT #20800]
|
||||
|
||||
2858. [bug] RTT estimates were not being adjusted on ICMP errors.
|
||||
@ -1950,7 +2316,7 @@
|
||||
|
||||
2695. [func] DHCP/DDNS - update fdwatch code for use by
|
||||
DHCP. Modify the api to isc_sockfdwatch_t (the
|
||||
callback functon for isc_socket_fdwatchcreate)
|
||||
callback function for isc_socket_fdwatchcreate)
|
||||
to include information about the direction (read
|
||||
or write) and add isc_socket_fdwatchpoke.
|
||||
[RT #20253]
|
||||
@ -2015,7 +2381,7 @@
|
||||
sets the time when a key is no longer used for
|
||||
signing but is still published.
|
||||
- The "unpublished" date (-U) is deprecated in
|
||||
favour of "deleted" (-D).
|
||||
favor of "deleted" (-D).
|
||||
[RT #20247]
|
||||
|
||||
2676. [bug] --with-export-installdir should have been
|
||||
@ -2461,7 +2827,7 @@
|
||||
|
||||
2553. [bug] Reference leak on DNSSEC validation errors. [RT #19291]
|
||||
|
||||
2552. [bug] zero-no-soa-ttl-cache was not being honoured.
|
||||
2552. [bug] zero-no-soa-ttl-cache was not being honored.
|
||||
[RT #19340]
|
||||
|
||||
2551. [bug] Potential Reference leak on return. [RT #19341]
|
||||
@ -2514,7 +2880,7 @@
|
||||
|
||||
2534. [func] Check NAPTR records regular expressions and
|
||||
replacement strings to ensure they are syntactically
|
||||
valid and consistant. [RT #18168]
|
||||
valid and consistent. [RT #18168]
|
||||
|
||||
2533. [doc] ARM: document @ (at-sign). [RT #17144]
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
Copyright (C) 1996-2003 Internet Software Consortium.
|
||||
|
||||
Permission to use, copy, modify, and/or distribute this software for any
|
||||
|
4
FAQ
4
FAQ
@ -1,6 +1,6 @@
|
||||
Frequently Asked Questions about BIND 9
|
||||
|
||||
Copyright © 2004-2010 Internet Systems Consortium, Inc. ("ISC")
|
||||
Copyright © 2004-2010, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
|
||||
Copyright © 2000-2003 Internet Software Consortium.
|
||||
|
||||
@ -869,7 +869,7 @@ A: If you run Tiger(Mac OS 10.4) or later then this is all you need to do:
|
||||
Copy the key statement from /etc/rndc.conf into /etc/rndc.key, e.g.:
|
||||
|
||||
key "rndc-key" {
|
||||
algorithm hmac-md5;
|
||||
algorithm hmac-sha256;
|
||||
secret "uvceheVuqf17ZwIcTydddw==";
|
||||
};
|
||||
|
||||
|
5
FAQ.xml
5
FAQ.xml
@ -1,7 +1,7 @@
|
||||
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
|
||||
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" []>
|
||||
<!--
|
||||
- Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2010, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -30,6 +30,7 @@
|
||||
<year>2008</year>
|
||||
<year>2009</year>
|
||||
<year>2010</year>
|
||||
<year>2013</year>
|
||||
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
|
||||
</copyright>
|
||||
<copyright>
|
||||
@ -1564,7 +1565,7 @@ rand_irqs="3 14 15"</programlisting>
|
||||
<informalexample>
|
||||
<programlisting>
|
||||
key "rndc-key" {
|
||||
algorithm hmac-md5;
|
||||
algorithm hmac-sha256;
|
||||
secret "uvceheVuqf17ZwIcTydddw==";
|
||||
};</programlisting>
|
||||
</informalexample>
|
||||
|
18
Makefile.in
18
Makefile.in
@ -1,4 +1,4 @@
|
||||
# Copyright (C) 2004-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
# Copyright (C) 2004-2009, 2011-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
# Copyright (C) 1998-2002 Internet Software Consortium.
|
||||
#
|
||||
# Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -61,9 +61,21 @@ tags:
|
||||
rm -f TAGS
|
||||
find lib bin -name "*.[ch]" -print | @ETAGS@ -
|
||||
|
||||
check: test
|
||||
test check:
|
||||
@if test -n "`${PERL} ${top_srcdir}/bin/tests/system/testsock.pl 2>&- || echo fail`"; then \
|
||||
echo I: NOTE: The tests were not run because they require that; \
|
||||
echo I: the IP addresses 10.53.0.1 through 10.53.0.8 are configured; \
|
||||
echo I: as alias addresses on the loopback interface. Please run; \
|
||||
echo I: \'bin/tests/system/ifconfig.sh up\' as root to configure; \
|
||||
echo I: them, then rerun the tests. Run make force-test to run the; \
|
||||
echo I: tests anyway.; \
|
||||
exit 1; \
|
||||
fi
|
||||
${MAKE} test-force
|
||||
|
||||
test:
|
||||
force-test: test-force
|
||||
|
||||
test-force:
|
||||
status=0; \
|
||||
(cd bin/tests && ${MAKE} ${MAKEDEFS} test) || status=1; \
|
||||
(test -f unit/unittest.sh && $(SHELL) unit/unittest.sh) || status=1; \
|
||||
|
5
README
5
README
@ -51,6 +51,11 @@ BIND 9
|
||||
For up-to-date release notes and errata, see
|
||||
http://www.isc.org/software/bind9/releasenotes
|
||||
|
||||
BIND 9.8.5
|
||||
|
||||
BIND 9.8.5 includes several bug fixes and patches security
|
||||
flaws described in CVE-2012-5688, CVE-2012-5689 and CVE-2013-2266.
|
||||
|
||||
BIND 9.8.4
|
||||
|
||||
BIND 9.8.4 includes several bug fixes and patches security
|
||||
|
7
aclocal.m4
vendored
7
aclocal.m4
vendored
@ -1,2 +1,5 @@
|
||||
sinclude(./libtool.m4)dnl
|
||||
|
||||
sinclude(libtool.m4/libtool.m4)dnl
|
||||
sinclude(libtool.m4/ltoptions.m4)dnl
|
||||
sinclude(libtool.m4/ltsugar.m4)dnl
|
||||
sinclude(libtool.m4/ltversion.m4)dnl
|
||||
sinclude(libtool.m4/lt~obsolete.m4)dnl
|
||||
|
@ -1,4 +1,4 @@
|
||||
# Copyright (C) 2004, 2007, 2009, 2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
# Copyright (C) 2004, 2007, 2009, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
# Copyright (C) 1998-2001 Internet Software Consortium.
|
||||
#
|
||||
# Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -19,7 +19,7 @@ srcdir = @srcdir@
|
||||
VPATH = @srcdir@
|
||||
top_srcdir = @top_srcdir@
|
||||
|
||||
SUBDIRS = named rndc dig dnssec tests tools nsupdate \
|
||||
SUBDIRS = named rndc dig dnssec tools tests nsupdate \
|
||||
check confgen @PKCS11_TOOLS@
|
||||
TARGETS =
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2004-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2000-2002 Internet Software Consortium.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -196,6 +196,10 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
|
||||
a->type == dns_rdatatype_a);
|
||||
REQUIRE(aaaa == NULL || !dns_rdataset_isassociated(aaaa) ||
|
||||
aaaa->type == dns_rdatatype_aaaa);
|
||||
|
||||
if (a == NULL || aaaa == NULL)
|
||||
return (answer);
|
||||
|
||||
memset(&hints, 0, sizeof(hints));
|
||||
hints.ai_flags = AI_CANONNAME;
|
||||
hints.ai_family = PF_UNSPEC;
|
||||
@ -258,8 +262,7 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
|
||||
}
|
||||
return (ISC_TRUE);
|
||||
}
|
||||
if (a == NULL || aaaa == NULL)
|
||||
return (answer);
|
||||
|
||||
/*
|
||||
* Check that all glue records really exist.
|
||||
*/
|
||||
@ -597,7 +600,7 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
|
||||
|
||||
dns_zone_settype(zone, dns_zone_master);
|
||||
|
||||
isc_buffer_init(&buffer, zonename, strlen(zonename));
|
||||
isc_buffer_constinit(&buffer, zonename, strlen(zonename));
|
||||
isc_buffer_add(&buffer, strlen(zonename));
|
||||
dns_fixedname_init(&fixorigin);
|
||||
origin = dns_fixedname_name(&fixorigin);
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2004-2007, 2009-2011 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2004-2007, 2009-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 1999-2002 Internet Software Consortium.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -294,6 +294,18 @@ configure_zone(const char *vclass, const char *view,
|
||||
zone_options &= ~DNS_ZONEOPT_CHECKSIBLING;
|
||||
}
|
||||
|
||||
obj = NULL;
|
||||
if (get_maps(maps, "check-spf", &obj)) {
|
||||
if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
|
||||
zone_options |= DNS_ZONEOPT_CHECKSPF;
|
||||
} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
|
||||
zone_options &= ~DNS_ZONEOPT_CHECKSPF;
|
||||
} else
|
||||
INSIST(0);
|
||||
} else {
|
||||
zone_options |= DNS_ZONEOPT_CHECKSPF;
|
||||
}
|
||||
|
||||
obj = NULL;
|
||||
if (get_checknames(maps, &obj)) {
|
||||
if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
|
||||
@ -471,6 +483,7 @@ main(int argc, char **argv) {
|
||||
if (isc_commandline_option != '?')
|
||||
fprintf(stderr, "%s: invalid argument -%c\n",
|
||||
program, isc_commandline_option);
|
||||
/* FALLTHROUGH */
|
||||
case 'h':
|
||||
usage();
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" Copyright (C) 2004-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
|
||||
.\" Copyright (C) 2004-2007, 2009, 2010, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
.\" Copyright (C) 2000-2002 Internet Software Consortium.
|
||||
.\"
|
||||
.\" Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -33,9 +33,9 @@
|
||||
named\-checkzone, named\-compilezone \- zone file validity checking or converting tool
|
||||
.SH "SYNOPSIS"
|
||||
.HP 16
|
||||
\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-h\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename}
|
||||
\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-h\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-T\ \fR\fB\fImode\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename}
|
||||
.HP 18
|
||||
\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {\fB\-o\ \fR\fB\fIfilename\fR\fR} {zonename} {filename}
|
||||
\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-T\ \fR\fB\fImode\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {\fB\-o\ \fR\fB\fIfilename\fR\fR} {zonename} {filename}
|
||||
.SH "DESCRIPTION"
|
||||
.PP
|
||||
\fBnamed\-checkzone\fR
|
||||
@ -236,6 +236,14 @@ Chroot to
|
||||
so that include directives in the configuration file are processed as if run by a similarly chrooted named.
|
||||
.RE
|
||||
.PP
|
||||
\-T \fImode\fR
|
||||
.RS 4
|
||||
Check if Sender Policy Framework records (TXT and SPF) both exist or both don't exist. A warning is issued if they don't match. Possible modes are
|
||||
\fB"warn"\fR
|
||||
(default),
|
||||
\fB"ignore"\fR.
|
||||
.RE
|
||||
.PP
|
||||
\-w \fIdirectory\fR
|
||||
.RS 4
|
||||
chdir to
|
||||
@ -281,7 +289,7 @@ BIND 9 Administrator Reference Manual.
|
||||
.PP
|
||||
Internet Systems Consortium
|
||||
.SH "COPYRIGHT"
|
||||
Copyright \(co 2004\-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
|
||||
Copyright \(co 2004\-2007, 2009, 2010, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
.br
|
||||
Copyright \(co 2000\-2002 Internet Software Consortium.
|
||||
.br
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 1999-2003 Internet Software Consortium.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -145,19 +145,21 @@ main(int argc, char **argv) {
|
||||
if (progmode == progmode_compile) {
|
||||
zone_options |= (DNS_ZONEOPT_CHECKNS |
|
||||
DNS_ZONEOPT_FATALNS |
|
||||
DNS_ZONEOPT_CHECKSPF |
|
||||
DNS_ZONEOPT_CHECKDUPRR |
|
||||
DNS_ZONEOPT_CHECKNAMES |
|
||||
DNS_ZONEOPT_CHECKNAMESFAIL |
|
||||
DNS_ZONEOPT_CHECKWILDCARD);
|
||||
} else
|
||||
zone_options |= DNS_ZONEOPT_CHECKDUPRR;
|
||||
zone_options |= (DNS_ZONEOPT_CHECKDUPRR |
|
||||
DNS_ZONEOPT_CHECKSPF);
|
||||
|
||||
#define ARGCMP(X) (strcmp(isc_commandline_argument, X) == 0)
|
||||
|
||||
isc_commandline_errprint = ISC_FALSE;
|
||||
|
||||
while ((c = isc_commandline_parse(argc, argv,
|
||||
"c:df:hi:jk:m:n:qr:s:t:o:vw:DF:M:S:W:"))
|
||||
"c:df:hi:jk:m:n:qr:s:t:o:vw:DF:M:S:T:W:"))
|
||||
!= EOF) {
|
||||
switch (c) {
|
||||
case 'c':
|
||||
@ -363,6 +365,18 @@ main(int argc, char **argv) {
|
||||
}
|
||||
break;
|
||||
|
||||
case 'T':
|
||||
if (ARGCMP("warn")) {
|
||||
zone_options |= DNS_ZONEOPT_CHECKSPF;
|
||||
} else if (ARGCMP("ignore")) {
|
||||
zone_options &= ~DNS_ZONEOPT_CHECKSPF;
|
||||
} else {
|
||||
fprintf(stderr, "invalid argument to -T: %s\n",
|
||||
isc_commandline_argument);
|
||||
exit(1);
|
||||
}
|
||||
break;
|
||||
|
||||
case 'W':
|
||||
if (ARGCMP("warn"))
|
||||
zone_options |= DNS_ZONEOPT_CHECKWILDCARD;
|
||||
@ -374,6 +388,7 @@ main(int argc, char **argv) {
|
||||
if (isc_commandline_option != '?')
|
||||
fprintf(stderr, "%s: invalid argument -%c\n",
|
||||
prog_name, isc_commandline_option);
|
||||
/* FALLTHROUGH */
|
||||
case 'h':
|
||||
usage();
|
||||
|
||||
|
@ -2,7 +2,7 @@
|
||||
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
|
||||
[<!ENTITY mdash "—">]>
|
||||
<!--
|
||||
- Copyright (C) 2004-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2007, 2009, 2010, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2002 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -38,6 +38,7 @@
|
||||
<year>2007</year>
|
||||
<year>2009</year>
|
||||
<year>2010</year>
|
||||
<year>2013</year>
|
||||
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
|
||||
</copyright>
|
||||
<copyright>
|
||||
@ -75,6 +76,7 @@
|
||||
<arg><option>-s <replaceable class="parameter">style</replaceable></option></arg>
|
||||
<arg><option>-S <replaceable class="parameter">mode</replaceable></option></arg>
|
||||
<arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
|
||||
<arg><option>-T <replaceable class="parameter">mode</replaceable></option></arg>
|
||||
<arg><option>-w <replaceable class="parameter">directory</replaceable></option></arg>
|
||||
<arg><option>-D</option></arg>
|
||||
<arg><option>-W <replaceable class="parameter">mode</replaceable></option></arg>
|
||||
@ -98,6 +100,7 @@
|
||||
<arg><option>-r <replaceable class="parameter">mode</replaceable></option></arg>
|
||||
<arg><option>-s <replaceable class="parameter">style</replaceable></option></arg>
|
||||
<arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
|
||||
<arg><option>-T <replaceable class="parameter">mode</replaceable></option></arg>
|
||||
<arg><option>-w <replaceable class="parameter">directory</replaceable></option></arg>
|
||||
<arg><option>-D</option></arg>
|
||||
<arg><option>-W <replaceable class="parameter">mode</replaceable></option></arg>
|
||||
@ -379,6 +382,18 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-T <replaceable class="parameter">mode</replaceable></term>
|
||||
<listitem>
|
||||
<para>
|
||||
Check if Sender Policy Framework records (TXT and SPF)
|
||||
both exist or both don't exist. A warning is issued
|
||||
if they don't match. Possible modes are
|
||||
<command>"warn"</command> (default), <command>"ignore"</command>.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-w <replaceable class="parameter">directory</replaceable></term>
|
||||
<listitem>
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
- Copyright (C) 2004-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2007, 2009, 2010, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2002 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -29,11 +29,11 @@
|
||||
</div>
|
||||
<div class="refsynopsisdiv">
|
||||
<h2>Synopsis</h2>
|
||||
<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [<code class="option">-d</code>] [<code class="option">-h</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
|
||||
<div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div>
|
||||
<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [<code class="option">-d</code>] [<code class="option">-h</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
|
||||
<div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543696"></a><h2>DESCRIPTION</h2>
|
||||
<a name="id2543716"></a><h2>DESCRIPTION</h2>
|
||||
<p><span><strong class="command">named-checkzone</strong></span>
|
||||
checks the syntax and integrity of a zone file. It performs the
|
||||
same checks as <span><strong class="command">named</strong></span> does when loading a
|
||||
@ -53,7 +53,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543731"></a><h2>OPTIONS</h2>
|
||||
<a name="id2543751"></a><h2>OPTIONS</h2>
|
||||
<div class="variablelist"><dl>
|
||||
<dt><span class="term">-d</span></dt>
|
||||
<dd><p>
|
||||
@ -214,6 +214,13 @@
|
||||
directives in the configuration file are processed as if
|
||||
run by a similarly chrooted named.
|
||||
</p></dd>
|
||||
<dt><span class="term">-T <em class="replaceable"><code>mode</code></em></span></dt>
|
||||
<dd><p>
|
||||
Check if Sender Policy Framework records (TXT and SPF)
|
||||
both exist or both don't exist. A warning is issued
|
||||
if they don't match. Possible modes are
|
||||
<span><strong class="command">"warn"</strong></span> (default), <span><strong class="command">"ignore"</strong></span>.
|
||||
</p></dd>
|
||||
<dt><span class="term">-w <em class="replaceable"><code>directory</code></em></span></dt>
|
||||
<dd><p>
|
||||
chdir to <code class="filename">directory</code> so that
|
||||
@ -247,14 +254,14 @@
|
||||
</dl></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2544446"></a><h2>RETURN VALUES</h2>
|
||||
<a name="id2544422"></a><h2>RETURN VALUES</h2>
|
||||
<p><span><strong class="command">named-checkzone</strong></span>
|
||||
returns an exit status of 1 if
|
||||
errors were detected and 0 otherwise.
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2544458"></a><h2>SEE ALSO</h2>
|
||||
<a name="id2544434"></a><h2>SEE ALSO</h2>
|
||||
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
|
||||
<span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
|
||||
<em class="citetitle">RFC 1035</em>,
|
||||
@ -262,7 +269,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2544491"></a><h2>AUTHOR</h2>
|
||||
<a name="id2544603"></a><h2>AUTHOR</h2>
|
||||
<p><span class="corpauthor">Internet Systems Consortium</span>
|
||||
</p>
|
||||
</div>
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2009, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
@ -126,13 +126,17 @@ generate_key(isc_mem_t *mctx, const char *randomfile, dns_secalg_t alg,
|
||||
|
||||
switch (alg) {
|
||||
case DST_ALG_HMACMD5:
|
||||
case DST_ALG_HMACSHA1:
|
||||
case DST_ALG_HMACSHA224:
|
||||
case DST_ALG_HMACSHA256:
|
||||
if (keysize < 1 || keysize > 512)
|
||||
fatal("keysize %d out of range (must be 1-512)\n",
|
||||
keysize);
|
||||
break;
|
||||
case DST_ALG_HMACSHA256:
|
||||
if (keysize < 1 || keysize > 256)
|
||||
fatal("keysize %d out of range (must be 1-256)\n",
|
||||
case DST_ALG_HMACSHA384:
|
||||
case DST_ALG_HMACSHA512:
|
||||
if (keysize < 1 || keysize > 1024)
|
||||
fatal("keysize %d out of range (must be 1-1024)\n",
|
||||
keysize);
|
||||
break;
|
||||
default:
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2004, 2005, 2007-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2004, 2005, 2007-2009, 2011, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2001, 2003 Internet Software Consortium.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -140,8 +140,6 @@ main(int argc, char **argv) {
|
||||
keysize = strtol(isc_commandline_argument, &p, 10);
|
||||
if (*p != '\0' || keysize < 0)
|
||||
fatal("-b requires a non-negative number");
|
||||
if (keysize < 1 || keysize > 512)
|
||||
fatal("-b must be in the range 1 through 512");
|
||||
break;
|
||||
case 'c':
|
||||
keyfile = isc_commandline_argument;
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
|
||||
.\" Copyright (C) 2004-2010, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
.\" Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
.\"
|
||||
.\" Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -57,7 +57,9 @@ allows multiple lookups to be issued from the command line.
|
||||
Unless it is told to query a specific name server,
|
||||
\fBdig\fR
|
||||
will try each of the servers listed in
|
||||
\fI/etc/resolv.conf\fR.
|
||||
\fI/etc/resolv.conf\fR. If no usable server addreses are found,
|
||||
\fBdig\fR
|
||||
will send the query to the local host.
|
||||
.PP
|
||||
When no command line arguments or options are given,
|
||||
\fBdig\fR
|
||||
@ -95,13 +97,20 @@ is the name or IP address of the name server to query. This can be an IPv4 addre
|
||||
\fIserver\fR
|
||||
argument is a hostname,
|
||||
\fBdig\fR
|
||||
resolves that name before querying that name server. If no
|
||||
resolves that name before querying that name server.
|
||||
.sp
|
||||
If no
|
||||
\fIserver\fR
|
||||
argument is provided,
|
||||
\fBdig\fR
|
||||
consults
|
||||
\fI/etc/resolv.conf\fR
|
||||
and queries the name servers listed there. The reply from the name server that responds is displayed.
|
||||
\fI/etc/resolv.conf\fR; if an address is found there, it queries the name server at that address. If either of the
|
||||
\fB\-4\fR
|
||||
or
|
||||
\fB\-6\fR
|
||||
options are in use, then only addresses for the corresponding transport will be tried. If no usable addresses are found,
|
||||
\fBdig\fR
|
||||
will send the query to the local host. The reply from the name server that responds is displayed.
|
||||
.RE
|
||||
.PP
|
||||
\fBname\fR
|
||||
@ -567,7 +576,7 @@ RFC1035.
|
||||
.PP
|
||||
There are probably too many query options.
|
||||
.SH "COPYRIGHT"
|
||||
Copyright \(co 2004\-2010 Internet Systems Consortium, Inc. ("ISC")
|
||||
Copyright \(co 2004\-2010, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
.br
|
||||
Copyright \(co 2000\-2003 Internet Software Consortium.
|
||||
.br
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -186,7 +186,7 @@ help(void) {
|
||||
" +domain=### (Set default domainname)\n"
|
||||
" +bufsize=### (Set EDNS0 Max UDP packet size)\n"
|
||||
" +ndots=### (Set NDOTS value)\n"
|
||||
" +edns=### (Set EDNS version)\n"
|
||||
" +[no]edns[=###] (Set EDNS version) [0]\n"
|
||||
" +[no]search (Set whether to use searchlist)\n"
|
||||
" +[no]showsearch (Search with intermediate results)\n"
|
||||
" +[no]defname (Ditto)\n"
|
||||
@ -240,6 +240,8 @@ received(int bytes, isc_sockaddr_t *from, dig_query_t *query) {
|
||||
isc_uint64_t diff;
|
||||
isc_time_t now;
|
||||
time_t tnow;
|
||||
struct tm tmnow;
|
||||
char time_str[100];
|
||||
char fromtext[ISC_SOCKADDR_FORMATSIZE];
|
||||
|
||||
isc_sockaddr_format(from, fromtext, sizeof(fromtext));
|
||||
@ -251,7 +253,10 @@ received(int bytes, isc_sockaddr_t *from, dig_query_t *query) {
|
||||
printf(";; Query time: %ld msec\n", (long int)diff/1000);
|
||||
printf(";; SERVER: %s(%s)\n", fromtext, query->servname);
|
||||
time(&tnow);
|
||||
printf(";; WHEN: %s", ctime(&tnow));
|
||||
tmnow = *localtime(&tnow);
|
||||
if (strftime(time_str, sizeof(time_str),
|
||||
"%a %b %d %H:%M:%S %Z %Y", &tmnow) > 0U)
|
||||
printf(";; WHEN: %s\n", time_str);
|
||||
if (query->lookup->doing_xfr) {
|
||||
printf(";; XFR size: %u records (messages %u, "
|
||||
"bytes %" ISC_PRINT_QUADFORMAT "u)\n",
|
||||
@ -259,7 +264,6 @@ received(int bytes, isc_sockaddr_t *from, dig_query_t *query) {
|
||||
query->byte_count);
|
||||
} else {
|
||||
printf(";; MSG SIZE rcvd: %u\n", bytes);
|
||||
|
||||
}
|
||||
if (key != NULL) {
|
||||
if (!validated)
|
||||
@ -276,7 +280,7 @@ received(int bytes, isc_sockaddr_t *from, dig_query_t *query) {
|
||||
"from %s(%s) in %d ms\n\n",
|
||||
query->lookup->doing_xfr ?
|
||||
query->byte_count : (isc_uint64_t)bytes,
|
||||
fromtext, query->servname,
|
||||
fromtext, query->userarg,
|
||||
(int)diff/1000);
|
||||
}
|
||||
}
|
||||
@ -525,6 +529,13 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
|
||||
printf(";; WARNING: recursion requested "
|
||||
"but not available\n");
|
||||
}
|
||||
if (msg != query->lookup->sendmsg &&
|
||||
query->lookup->edns != -1 && msg->opt == NULL &&
|
||||
(msg->rcode == dns_rcode_formerr ||
|
||||
msg->rcode == dns_rcode_notimp))
|
||||
printf("\n;; WARNING: EDNS query returned status "
|
||||
"%s - retry with '+noedns'\n",
|
||||
rcode_totext(msg->rcode));
|
||||
if (msg != query->lookup->sendmsg && extrabytes != 0U)
|
||||
printf(";; WARNING: Messages has %u extra byte%s at "
|
||||
"end\n", extrabytes, extrabytes != 0 ? "s" : "");
|
||||
@ -855,8 +866,10 @@ plus_option(char *option, isc_boolean_t is_batchfile,
|
||||
lookup->edns = -1;
|
||||
break;
|
||||
}
|
||||
if (value == NULL)
|
||||
goto need_value;
|
||||
if (value == NULL) {
|
||||
lookup->edns = 0;
|
||||
break;
|
||||
}
|
||||
result = parse_uint(&num, value, 255, "edns");
|
||||
if (result != ISC_R_SUCCESS)
|
||||
fatal("Couldn't parse edns");
|
||||
|
@ -2,7 +2,7 @@
|
||||
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
|
||||
[<!ENTITY mdash "—">]>
|
||||
<!--
|
||||
- Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2010, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -45,6 +45,7 @@
|
||||
<year>2008</year>
|
||||
<year>2009</year>
|
||||
<year>2010</year>
|
||||
<year>2013</year>
|
||||
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
|
||||
</copyright>
|
||||
<copyright>
|
||||
@ -116,9 +117,10 @@
|
||||
|
||||
<para>
|
||||
Unless it is told to query a specific name server,
|
||||
<command>dig</command> will try each of the servers listed
|
||||
in
|
||||
<filename>/etc/resolv.conf</filename>.
|
||||
<command>dig</command> will try each of the servers listed in
|
||||
<filename>/etc/resolv.conf</filename>. If no usable server addreses
|
||||
are found, <command>dig</command> will send the query to the local
|
||||
host.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
@ -157,20 +159,25 @@
|
||||
<term><constant>server</constant></term>
|
||||
<listitem>
|
||||
<para>
|
||||
is the name or IP address of the name server to query. This can
|
||||
be an IPv4
|
||||
address in dotted-decimal notation or an IPv6
|
||||
is the name or IP address of the name server to query. This
|
||||
can be an IPv4 address in dotted-decimal notation or an IPv6
|
||||
address in colon-delimited notation. When the supplied
|
||||
<parameter>server</parameter> argument is a
|
||||
hostname,
|
||||
<command>dig</command> resolves that name before
|
||||
querying that name
|
||||
server. If no <parameter>server</parameter>
|
||||
argument is provided,
|
||||
<command>dig</command> consults <filename>/etc/resolv.conf</filename>
|
||||
and queries the name servers listed there. The reply from the
|
||||
name
|
||||
server that responds is displayed.
|
||||
<parameter>server</parameter> argument is a hostname,
|
||||
<command>dig</command> resolves that name before querying
|
||||
that name server.
|
||||
</para>
|
||||
<para>
|
||||
If no <parameter>server</parameter> argument is
|
||||
provided, <command>dig</command> consults
|
||||
<filename>/etc/resolv.conf</filename>; if an
|
||||
address is found there, it queries the name server at
|
||||
that address. If either of the <option>-4</option> or
|
||||
<option>-6</option> options are in use, then
|
||||
only addresses for the corresponding transport
|
||||
will be tried. If no usable addresses are found,
|
||||
<command>dig</command> will send the query to the
|
||||
local host. The reply from the name server that
|
||||
responds is displayed.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
- Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2010, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -34,7 +34,7 @@
|
||||
<div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543524"></a><h2>DESCRIPTION</h2>
|
||||
<a name="id2543527"></a><h2>DESCRIPTION</h2>
|
||||
<p><span><strong class="command">dig</strong></span>
|
||||
(domain information groper) is a flexible tool
|
||||
for interrogating DNS name servers. It performs DNS lookups and
|
||||
@ -57,9 +57,10 @@
|
||||
</p>
|
||||
<p>
|
||||
Unless it is told to query a specific name server,
|
||||
<span><strong class="command">dig</strong></span> will try each of the servers listed
|
||||
in
|
||||
<code class="filename">/etc/resolv.conf</code>.
|
||||
<span><strong class="command">dig</strong></span> will try each of the servers listed in
|
||||
<code class="filename">/etc/resolv.conf</code>. If no usable server addreses
|
||||
are found, <span><strong class="command">dig</strong></span> will send the query to the local
|
||||
host.
|
||||
</p>
|
||||
<p>
|
||||
When no command line arguments or options are given,
|
||||
@ -80,7 +81,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543597"></a><h2>SIMPLE USAGE</h2>
|
||||
<a name="id2543606"></a><h2>SIMPLE USAGE</h2>
|
||||
<p>
|
||||
A typical invocation of <span><strong class="command">dig</strong></span> looks like:
|
||||
</p>
|
||||
@ -91,22 +92,29 @@
|
||||
</p>
|
||||
<div class="variablelist"><dl>
|
||||
<dt><span class="term"><code class="constant">server</code></span></dt>
|
||||
<dd><p>
|
||||
is the name or IP address of the name server to query. This can
|
||||
be an IPv4
|
||||
address in dotted-decimal notation or an IPv6
|
||||
<dd>
|
||||
<p>
|
||||
is the name or IP address of the name server to query. This
|
||||
can be an IPv4 address in dotted-decimal notation or an IPv6
|
||||
address in colon-delimited notation. When the supplied
|
||||
<em class="parameter"><code>server</code></em> argument is a
|
||||
hostname,
|
||||
<span><strong class="command">dig</strong></span> resolves that name before
|
||||
querying that name
|
||||
server. If no <em class="parameter"><code>server</code></em>
|
||||
argument is provided,
|
||||
<span><strong class="command">dig</strong></span> consults <code class="filename">/etc/resolv.conf</code>
|
||||
and queries the name servers listed there. The reply from the
|
||||
name
|
||||
server that responds is displayed.
|
||||
</p></dd>
|
||||
<em class="parameter"><code>server</code></em> argument is a hostname,
|
||||
<span><strong class="command">dig</strong></span> resolves that name before querying
|
||||
that name server.
|
||||
</p>
|
||||
<p>
|
||||
If no <em class="parameter"><code>server</code></em> argument is
|
||||
provided, <span><strong class="command">dig</strong></span> consults
|
||||
<code class="filename">/etc/resolv.conf</code>; if an
|
||||
address is found there, it queries the name server at
|
||||
that address. If either of the <code class="option">-4</code> or
|
||||
<code class="option">-6</code> options are in use, then
|
||||
only addresses for the corresponding transport
|
||||
will be tried. If no usable addresses are found,
|
||||
<span><strong class="command">dig</strong></span> will send the query to the
|
||||
local host. The reply from the name server that
|
||||
responds is displayed.
|
||||
</p>
|
||||
</dd>
|
||||
<dt><span class="term"><code class="constant">name</code></span></dt>
|
||||
<dd><p>
|
||||
is the name of the resource record that is to be looked up.
|
||||
@ -126,7 +134,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543688"></a><h2>OPTIONS</h2>
|
||||
<a name="id2543709"></a><h2>OPTIONS</h2>
|
||||
<p>
|
||||
The <code class="option">-b</code> option sets the source IP address of the query
|
||||
to <em class="parameter"><code>address</code></em>. This must be a valid
|
||||
@ -230,7 +238,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2544037"></a><h2>QUERY OPTIONS</h2>
|
||||
<a name="id2544058"></a><h2>QUERY OPTIONS</h2>
|
||||
<p><span><strong class="command">dig</strong></span>
|
||||
provides a number of query options which affect
|
||||
the way in which lookups are made and the results displayed. Some of
|
||||
@ -561,7 +569,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2545186"></a><h2>MULTIPLE QUERIES</h2>
|
||||
<a name="id2545207"></a><h2>MULTIPLE QUERIES</h2>
|
||||
<p>
|
||||
The BIND 9 implementation of <span><strong class="command">dig </strong></span>
|
||||
supports
|
||||
@ -607,7 +615,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2545248"></a><h2>IDN SUPPORT</h2>
|
||||
<a name="id2545337"></a><h2>IDN SUPPORT</h2>
|
||||
<p>
|
||||
If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized
|
||||
domain name) support, it can accept and display non-ASCII domain names.
|
||||
@ -621,14 +629,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2545338"></a><h2>FILES</h2>
|
||||
<a name="id2545360"></a><h2>FILES</h2>
|
||||
<p><code class="filename">/etc/resolv.conf</code>
|
||||
</p>
|
||||
<p><code class="filename">${HOME}/.digrc</code>
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2545355"></a><h2>SEE ALSO</h2>
|
||||
<a name="id2545377"></a><h2>SEE ALSO</h2>
|
||||
<p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
|
||||
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
|
||||
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
|
||||
@ -636,7 +644,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2545393"></a><h2>BUGS</h2>
|
||||
<a name="id2545414"></a><h2>BUGS</h2>
|
||||
<p>
|
||||
There are probably too many query options.
|
||||
</p>
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -794,6 +794,7 @@ make_empty_lookup(void) {
|
||||
dns_fixedname_init(&looknew->fdomain);
|
||||
ISC_LINK_INIT(looknew, link);
|
||||
ISC_LIST_INIT(looknew->q);
|
||||
ISC_LIST_INIT(looknew->connecting);
|
||||
ISC_LIST_INIT(looknew->my_server_list);
|
||||
return (looknew);
|
||||
}
|
||||
@ -815,11 +816,11 @@ clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers) {
|
||||
|
||||
looknew = make_empty_lookup();
|
||||
INSIST(looknew != NULL);
|
||||
strncpy(looknew->textname, lookold->textname, MXNAME);
|
||||
strlcpy(looknew->textname, lookold->textname, MXNAME);
|
||||
#if DIG_SIGCHASE_TD
|
||||
strncpy(looknew->textnamesigchase, lookold->textnamesigchase, MXNAME);
|
||||
strlcpy(looknew->textnamesigchase, lookold->textnamesigchase, MXNAME);
|
||||
#endif
|
||||
strncpy(looknew->cmdline, lookold->cmdline, MXNAME);
|
||||
strlcpy(looknew->cmdline, lookold->cmdline, MXNAME);
|
||||
looknew->textname[MXNAME-1] = 0;
|
||||
looknew->rdtype = lookold->rdtype;
|
||||
looknew->qrdtype = lookold->qrdtype;
|
||||
@ -998,7 +999,7 @@ parse_hmac(const char *hmac) {
|
||||
len = strlen(hmac);
|
||||
if (len >= (int) sizeof(buf))
|
||||
fatal("unknown key type '%.*s'", len, hmac);
|
||||
strncpy(buf, hmac, sizeof(buf));
|
||||
strlcpy(buf, hmac, sizeof(buf));
|
||||
|
||||
digestbits = 0;
|
||||
|
||||
@ -1080,8 +1081,8 @@ read_confkey(void) {
|
||||
secretstr = cfg_obj_asstring(secretobj);
|
||||
algorithm = cfg_obj_asstring(algorithmobj);
|
||||
|
||||
strncpy(keynametext, keyname, sizeof(keynametext));
|
||||
strncpy(keysecret, secretstr, sizeof(keysecret));
|
||||
strlcpy(keynametext, keyname, sizeof(keynametext));
|
||||
strlcpy(keysecret, secretstr, sizeof(keysecret));
|
||||
parse_hmac(algorithm);
|
||||
setup_text_key();
|
||||
|
||||
@ -1164,7 +1165,7 @@ make_searchlist_entry(char *domain) {
|
||||
if (search == NULL)
|
||||
fatal("memory allocation failure in %s:%d",
|
||||
__FILE__, __LINE__);
|
||||
strncpy(search->origin, domain, MXNAME);
|
||||
strlcpy(search->origin, domain, MXNAME);
|
||||
search->origin[MXNAME-1] = 0;
|
||||
ISC_LINK_INIT(search, link);
|
||||
return (search);
|
||||
@ -1473,7 +1474,10 @@ clear_query(dig_query_t *query) {
|
||||
if (lookup->current_query == query)
|
||||
lookup->current_query = NULL;
|
||||
|
||||
ISC_LIST_UNLINK(lookup->q, query, link);
|
||||
if (ISC_LINK_LINKED(query, link))
|
||||
ISC_LIST_UNLINK(lookup->q, query, link);
|
||||
if (ISC_LINK_LINKED(query, clink))
|
||||
ISC_LIST_UNLINK(lookup->connecting, query, clink);
|
||||
if (ISC_LINK_LINKED(&query->recvbuf, link))
|
||||
ISC_LIST_DEQUEUE(query->recvlist, &query->recvbuf,
|
||||
link);
|
||||
@ -1481,6 +1485,7 @@ clear_query(dig_query_t *query) {
|
||||
ISC_LIST_DEQUEUE(query->lengthlist, &query->lengthbuf,
|
||||
link);
|
||||
INSIST(query->recvspace != NULL);
|
||||
|
||||
if (query->sock != NULL) {
|
||||
isc_socket_detach(&query->sock);
|
||||
sockcount--;
|
||||
@ -1508,13 +1513,22 @@ try_clear_lookup(dig_lookup_t *lookup) {
|
||||
|
||||
debug("try_clear_lookup(%p)", lookup);
|
||||
|
||||
if (ISC_LIST_HEAD(lookup->q) != NULL) {
|
||||
if (ISC_LIST_HEAD(lookup->q) != NULL ||
|
||||
ISC_LIST_HEAD(lookup->connecting) != NULL)
|
||||
{
|
||||
if (debugging) {
|
||||
q = ISC_LIST_HEAD(lookup->q);
|
||||
while (q != NULL) {
|
||||
debug("query to %s still pending", q->servname);
|
||||
q = ISC_LIST_NEXT(q, link);
|
||||
}
|
||||
|
||||
q = ISC_LIST_HEAD(lookup->connecting);
|
||||
while (q != NULL) {
|
||||
debug("query to %s still connecting",
|
||||
q->servname);
|
||||
q = ISC_LIST_NEXT(q, clink);
|
||||
}
|
||||
}
|
||||
return (ISC_FALSE);
|
||||
}
|
||||
@ -1642,7 +1656,7 @@ start_lookup(void) {
|
||||
= current_lookup->rdclassset;
|
||||
current_lookup->rdclass = dns_rdataclass_in;
|
||||
|
||||
strncpy(current_lookup->textnamesigchase,
|
||||
strlcpy(current_lookup->textnamesigchase,
|
||||
current_lookup->textname, MXNAME);
|
||||
|
||||
current_lookup->trace_root_sigchase = ISC_TRUE;
|
||||
@ -1654,7 +1668,7 @@ start_lookup(void) {
|
||||
check_result(result, "dns_name_totext");
|
||||
isc_buffer_usedregion(b, &r);
|
||||
r.base[r.length] = '\0';
|
||||
strncpy(current_lookup->textname, (char*)r.base,
|
||||
strlcpy(current_lookup->textname, (char*)r.base,
|
||||
MXNAME);
|
||||
isc_buffer_free(&b);
|
||||
|
||||
@ -2290,7 +2304,6 @@ setup_lookup(dig_lookup_t *lookup) {
|
||||
query->rr_count = 0;
|
||||
query->msg_count = 0;
|
||||
query->byte_count = 0;
|
||||
ISC_LINK_INIT(query, link);
|
||||
ISC_LIST_INIT(query->recvlist);
|
||||
ISC_LIST_INIT(query->lengthlist);
|
||||
query->sock = NULL;
|
||||
@ -2303,6 +2316,7 @@ setup_lookup(dig_lookup_t *lookup) {
|
||||
isc_buffer_init(&query->slbuf, query->slspace, 2);
|
||||
query->sendbuf = lookup->renderbuf;
|
||||
|
||||
ISC_LINK_INIT(query, clink);
|
||||
ISC_LINK_INIT(query, link);
|
||||
ISC_LIST_ENQUEUE(lookup->q, query, link);
|
||||
}
|
||||
@ -2424,6 +2438,7 @@ static void
|
||||
force_timeout(dig_lookup_t *l, dig_query_t *query) {
|
||||
isc_event_t *event;
|
||||
|
||||
debug("force_timeout ()");
|
||||
event = isc_event_allocate(mctx, query, ISC_TIMEREVENT_IDLE,
|
||||
connect_timeout, l,
|
||||
sizeof(isc_event_t));
|
||||
@ -2491,6 +2506,7 @@ send_tcp_connect(dig_query_t *query) {
|
||||
send_tcp_connect(next);
|
||||
return;
|
||||
}
|
||||
|
||||
INSIST(query->sock == NULL);
|
||||
result = isc_socket_create(socketmgr,
|
||||
isc_sockaddr_pf(&query->sockaddr),
|
||||
@ -2521,6 +2537,9 @@ send_tcp_connect(dig_query_t *query) {
|
||||
if (l->ns_search_only && !l->trace_root) {
|
||||
debug("sending next, since searching");
|
||||
next = ISC_LIST_NEXT(query, link);
|
||||
if (ISC_LINK_LINKED(query, link))
|
||||
ISC_LIST_DEQUEUE(l->q, query, link);
|
||||
ISC_LIST_ENQUEUE(l->connecting, query, clink);
|
||||
if (next != NULL)
|
||||
send_tcp_connect(next);
|
||||
}
|
||||
@ -2601,7 +2620,7 @@ send_udp(dig_query_t *query) {
|
||||
static void
|
||||
connect_timeout(isc_task_t *task, isc_event_t *event) {
|
||||
dig_lookup_t *l = NULL;
|
||||
dig_query_t *query = NULL, *cq;
|
||||
dig_query_t *query = NULL, *next, *cq;
|
||||
|
||||
UNUSED(task);
|
||||
REQUIRE(event->ev_type == ISC_TIMEREVENT_IDLE);
|
||||
@ -2625,7 +2644,9 @@ connect_timeout(isc_task_t *task, isc_event_t *event) {
|
||||
if (query->sock != NULL)
|
||||
isc_socket_cancel(query->sock, NULL,
|
||||
ISC_SOCKCANCEL_ALL);
|
||||
send_tcp_connect(ISC_LIST_NEXT(cq, link));
|
||||
next = ISC_LIST_NEXT(cq, link);
|
||||
if (next != NULL)
|
||||
send_tcp_connect(next);
|
||||
}
|
||||
UNLOCK_LOOKUP;
|
||||
return;
|
||||
@ -2868,9 +2889,8 @@ connect_done(isc_task_t *task, isc_event_t *event) {
|
||||
if (next != NULL) {
|
||||
bringup_timer(next, TCP_TIMEOUT);
|
||||
send_tcp_connect(next);
|
||||
} else {
|
||||
} else
|
||||
check_next_lookup(l);
|
||||
}
|
||||
UNLOCK_LOOKUP;
|
||||
return;
|
||||
}
|
||||
@ -3427,6 +3447,7 @@ recv_done(isc_task_t *task, isc_event_t *event) {
|
||||
if (n == 0)
|
||||
docancel = ISC_TRUE;
|
||||
l->trace_root = ISC_FALSE;
|
||||
usesearch = ISC_FALSE;
|
||||
} else
|
||||
#ifdef DIG_SIGCHASE
|
||||
if (!do_sigchase)
|
||||
@ -3603,15 +3624,19 @@ getaddresses(dig_lookup_t *lookup, const char *host, isc_result_t *resultp) {
|
||||
*/
|
||||
void
|
||||
do_lookup(dig_lookup_t *lookup) {
|
||||
dig_query_t *query;
|
||||
|
||||
REQUIRE(lookup != NULL);
|
||||
|
||||
debug("do_lookup()");
|
||||
lookup->pending = ISC_TRUE;
|
||||
if (lookup->tcp_mode)
|
||||
send_tcp_connect(ISC_LIST_HEAD(lookup->q));
|
||||
else
|
||||
send_udp(ISC_LIST_HEAD(lookup->q));
|
||||
query = ISC_LIST_HEAD(lookup->q);
|
||||
if (query != NULL) {
|
||||
if (lookup->tcp_mode)
|
||||
send_tcp_connect(query);
|
||||
else
|
||||
send_udp(query);
|
||||
}
|
||||
}
|
||||
|
||||
/*%
|
||||
@ -4083,7 +4108,7 @@ sigchase_scanname(dns_rdatatype_t type, dns_rdatatype_t covers,
|
||||
check_result(result, "dns_name_totext");
|
||||
isc_buffer_usedregion(b, &r);
|
||||
r.base[r.length] = '\0';
|
||||
strcpy(lookup->textname, (char*)r.base);
|
||||
strlcpy(lookup->textname, (char*)r.base, sizeof(lookup->textname));
|
||||
isc_buffer_free(&b);
|
||||
|
||||
if (type == dns_rdatatype_rrsig)
|
||||
@ -4208,7 +4233,7 @@ opentmpkey(isc_mem_t *mctx, const char *file, char **tempp, FILE **fp) {
|
||||
return (ISC_R_NOMEMORY);
|
||||
|
||||
memset(tempnamekey, 0, tempnamekeylen);
|
||||
strncpy(tempnamekey, tempname, tempnamelen);
|
||||
strlcpy(tempnamekey, tempname, tempnamelen);
|
||||
strcat(tempnamekey ,".key");
|
||||
|
||||
|
||||
@ -4342,7 +4367,7 @@ prepare_lookup(dns_name_t *name)
|
||||
lookup->new_search = ISC_TRUE;
|
||||
lookup->trace_root_sigchase = ISC_FALSE;
|
||||
|
||||
strncpy(lookup->textname, lookup->textnamesigchase, MXNAME);
|
||||
strlcpy(lookup->textname, lookup->textnamesigchase, MXNAME);
|
||||
|
||||
lookup->rdtype = lookup->rdtype_sigchase;
|
||||
lookup->rdtypeset = ISC_TRUE;
|
||||
@ -4401,7 +4426,7 @@ prepare_lookup(dns_name_t *name)
|
||||
dns_rdata_totext(&aaaa, &ns.name, b);
|
||||
isc_buffer_usedregion(b, &r);
|
||||
r.base[r.length] = '\0';
|
||||
strncpy(namestr, (char*)r.base,
|
||||
strlcpy(namestr, (char*)r.base,
|
||||
DNS_NAME_FORMATSIZE);
|
||||
isc_buffer_free(&b);
|
||||
dns_rdata_reset(&aaaa);
|
||||
@ -4430,7 +4455,7 @@ prepare_lookup(dns_name_t *name)
|
||||
dns_rdata_totext(&a, &ns.name, b);
|
||||
isc_buffer_usedregion(b, &r);
|
||||
r.base[r.length] = '\0';
|
||||
strncpy(namestr, (char*)r.base,
|
||||
strlcpy(namestr, (char*)r.base,
|
||||
DNS_NAME_FORMATSIZE);
|
||||
isc_buffer_free(&b);
|
||||
dns_rdata_reset(&a);
|
||||
@ -4609,7 +4634,6 @@ contains_trusted_key(dns_name_t *name, dns_rdataset_t *rdataset,
|
||||
{
|
||||
isc_result_t result;
|
||||
dns_rdata_t rdata = DNS_RDATA_INIT;
|
||||
dst_key_t *trustedKey = NULL;
|
||||
dst_key_t *dnsseckey = NULL;
|
||||
int i;
|
||||
|
||||
@ -4653,10 +4677,6 @@ contains_trusted_key(dns_name_t *name, dns_rdataset_t *rdataset,
|
||||
dst_key_free(&dnsseckey);
|
||||
} while (dns_rdataset_next(rdataset) == ISC_R_SUCCESS);
|
||||
|
||||
if (trustedKey != NULL)
|
||||
dst_key_free(&trustedKey);
|
||||
trustedKey = NULL;
|
||||
|
||||
return (ISC_R_NOTFOUND);
|
||||
}
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2004-2007, 2009-2011 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2004-2007, 2009-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -446,10 +446,18 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
|
||||
if (msg->rcode != 0) {
|
||||
char namestr[DNS_NAME_FORMATSIZE];
|
||||
dns_name_format(query->lookup->name, namestr, sizeof(namestr));
|
||||
printf("Host %s not found: %d(%s)\n",
|
||||
(msg->rcode != dns_rcode_nxdomain) ? namestr :
|
||||
query->lookup->textname, msg->rcode,
|
||||
rcode_totext(msg->rcode));
|
||||
|
||||
if (query->lookup->identify_previous_line)
|
||||
printf("Nameserver %s:\n\t%s not found: %d(%s)\n",
|
||||
query->servname,
|
||||
(msg->rcode != dns_rcode_nxdomain) ? namestr :
|
||||
query->lookup->textname, msg->rcode,
|
||||
rcode_totext(msg->rcode));
|
||||
else
|
||||
printf("Host %s not found: %d(%s)\n",
|
||||
(msg->rcode != dns_rcode_nxdomain) ? namestr :
|
||||
query->lookup->textname, msg->rcode,
|
||||
rcode_totext(msg->rcode));
|
||||
return (ISC_R_SUCCESS);
|
||||
}
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2004-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -168,6 +168,7 @@ isc_boolean_t sigchase;
|
||||
dns_name_t *oname;
|
||||
ISC_LINK(dig_lookup_t) link;
|
||||
ISC_LIST(dig_query_t) q;
|
||||
ISC_LIST(dig_query_t) connecting;
|
||||
dig_query_t *current_query;
|
||||
dig_serverlist_t my_server_list;
|
||||
dig_searchlist_t *origin;
|
||||
@ -214,6 +215,7 @@ struct dig_query {
|
||||
slspace[4];
|
||||
isc_socket_t *sock;
|
||||
ISC_LINK(dig_query_t) link;
|
||||
ISC_LINK(dig_query_t) clink;
|
||||
isc_sockaddr_t sockaddr;
|
||||
isc_time_t time_sent;
|
||||
isc_uint64_t byte_count;
|
||||
|
@ -356,6 +356,8 @@ main(int argc, char **argv) {
|
||||
fprintf(stderr, "The use of RSA (RSAMD5) is not recommended.\n"
|
||||
"If you still wish to use RSA (RSAMD5) please "
|
||||
"specify \"-a RSAMD5\"\n");
|
||||
if (freeit != NULL)
|
||||
free(freeit);
|
||||
return (1);
|
||||
} else {
|
||||
r.base = algname;
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Portions Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Portions Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Portions Copyright (C) 1999-2003 Internet Software Consortium.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -526,6 +526,7 @@ main(int argc, char **argv) {
|
||||
"recommended.\nIf you still wish to "
|
||||
"use RSA (RSAMD5) please specify "
|
||||
"\"-a RSAMD5\"\n");
|
||||
INSIST(freeit == NULL);
|
||||
return (1);
|
||||
} else if (strcasecmp(algname, "HMAC-MD5") == 0)
|
||||
alg = DST_ALG_HMACMD5;
|
||||
@ -960,8 +961,15 @@ main(int argc, char **argv) {
|
||||
dst_key_settime(key, DST_TIME_INACTIVE,
|
||||
inactive);
|
||||
|
||||
if (setdel)
|
||||
if (setdel) {
|
||||
if (setinact && delete < inactive)
|
||||
fprintf(stderr, "%s: warning: Key is "
|
||||
"scheduled to be deleted "
|
||||
"before it is scheduled to be "
|
||||
"made inactive.\n",
|
||||
program);
|
||||
dst_key_settime(key, DST_TIME_DELETE, delete);
|
||||
}
|
||||
} else {
|
||||
if (setpub || setact || setrev || setinact ||
|
||||
setdel || unsetpub || unsetact ||
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2009-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
@ -20,7 +20,6 @@
|
||||
|
||||
#include <config.h>
|
||||
|
||||
#include <libgen.h>
|
||||
#include <stdlib.h>
|
||||
#include <unistd.h>
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2009-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2009-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
@ -20,7 +20,6 @@
|
||||
|
||||
#include <config.h>
|
||||
|
||||
#include <libgen.h>
|
||||
#include <stdlib.h>
|
||||
#include <unistd.h>
|
||||
#include <errno.h>
|
||||
@ -140,6 +139,7 @@ main(int argc, char **argv) {
|
||||
int prepub = -1;
|
||||
isc_stdtime_t now;
|
||||
isc_stdtime_t pub = 0, act = 0, rev = 0, inact = 0, del = 0;
|
||||
isc_stdtime_t prevact = 0, previnact = 0, prevdel = 0;
|
||||
isc_boolean_t setpub = ISC_FALSE, setact = ISC_FALSE;
|
||||
isc_boolean_t setrev = ISC_FALSE, setinact = ISC_FALSE;
|
||||
isc_boolean_t setdel = ISC_FALSE;
|
||||
@ -344,7 +344,6 @@ main(int argc, char **argv) {
|
||||
|
||||
if (predecessor != NULL) {
|
||||
char keystr[DST_KEY_FORMATSIZE];
|
||||
isc_stdtime_t when;
|
||||
int major, minor;
|
||||
|
||||
if (prepub == -1)
|
||||
@ -376,19 +375,20 @@ main(int argc, char **argv) {
|
||||
fatal("Predecessor has incompatible format "
|
||||
"version %d.%d\n\t", major, minor);
|
||||
|
||||
result = dst_key_gettime(prevkey, DST_TIME_ACTIVATE, &when);
|
||||
result = dst_key_gettime(prevkey, DST_TIME_ACTIVATE, &prevact);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
fatal("Predecessor has no activation date. "
|
||||
"You must set one before\n\t"
|
||||
"generating a successor.");
|
||||
|
||||
result = dst_key_gettime(prevkey, DST_TIME_INACTIVE, &act);
|
||||
result = dst_key_gettime(prevkey, DST_TIME_INACTIVE,
|
||||
&previnact);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
fatal("Predecessor has no inactivation date. "
|
||||
"You must set one before\n\t"
|
||||
"generating a successor.");
|
||||
|
||||
pub = act - prepub;
|
||||
pub = prevact - prepub;
|
||||
if (pub < now && prepub != 0)
|
||||
fatal("Predecessor will become inactive before the\n\t"
|
||||
"prepublication period ends. Either change "
|
||||
@ -396,13 +396,18 @@ main(int argc, char **argv) {
|
||||
"or use the -i option to set a shorter "
|
||||
"prepublication interval.");
|
||||
|
||||
result = dst_key_gettime(prevkey, DST_TIME_DELETE, &when);
|
||||
result = dst_key_gettime(prevkey, DST_TIME_DELETE, &prevdel);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
fprintf(stderr, "%s: WARNING: Predecessor has no "
|
||||
fprintf(stderr, "%s: warning: Predecessor has no "
|
||||
"removal date;\n\t"
|
||||
"it will remain in the zone "
|
||||
"indefinitely after rollover.\n",
|
||||
program);
|
||||
else if (prevdel < previnact)
|
||||
fprintf(stderr, "%s: warning: Predecessor is "
|
||||
"scheduled to be deleted\n\t"
|
||||
"before it is scheduled to be "
|
||||
"inactive.\n", program);
|
||||
|
||||
changed = setpub = setact = ISC_TRUE;
|
||||
dst_key_free(&prevkey);
|
||||
@ -464,6 +469,20 @@ main(int argc, char **argv) {
|
||||
fatal("Key flags mismatch");
|
||||
}
|
||||
|
||||
prevdel = previnact = 0;
|
||||
if ((setdel && setinact && del < inact) ||
|
||||
(dst_key_gettime(key, DST_TIME_INACTIVE,
|
||||
&previnact) == ISC_R_SUCCESS &&
|
||||
setdel && !setinact && del < previnact) ||
|
||||
(dst_key_gettime(key, DST_TIME_DELETE,
|
||||
&prevdel) == ISC_R_SUCCESS &&
|
||||
setinact && !setdel && prevdel < inact) ||
|
||||
(!setdel && !setinact && prevdel < previnact))
|
||||
fprintf(stderr, "%s: warning: Key is scheduled to "
|
||||
"be deleted before it is\n\t"
|
||||
"scheduled to be inactive.\n",
|
||||
program);
|
||||
|
||||
if (force)
|
||||
set_keyversion(key);
|
||||
else
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Portions Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Portions Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Portions Copyright (C) 1999-2003 Internet Software Consortium.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -646,6 +646,8 @@ hashlist_add(hashlist_t *l, const unsigned char *hash, size_t len)
|
||||
if (l->entries == l->size) {
|
||||
l->size = l->size * 2 + 100;
|
||||
l->hashbuf = realloc(l->hashbuf, l->size * l->length);
|
||||
if (l->hashbuf == NULL)
|
||||
fatal("unable to grow hashlist: out of memory");
|
||||
}
|
||||
memset(l->hashbuf + l->entries * l->length, 0, l->length);
|
||||
memcpy(l->hashbuf + l->entries * l->length, hash, len);
|
||||
@ -2027,7 +2029,9 @@ add_ds(dns_name_t *name, dns_dbnode_t *node, isc_uint32_t nsttl) {
|
||||
* Remove records of the given type and their signatures.
|
||||
*/
|
||||
static void
|
||||
remove_records(dns_dbnode_t *node, dns_rdatatype_t which) {
|
||||
remove_records(dns_dbnode_t *node, dns_rdatatype_t which,
|
||||
isc_boolean_t checknsec)
|
||||
{
|
||||
isc_result_t result;
|
||||
dns_rdatatype_t type, covers;
|
||||
dns_rdatasetiter_t *rdsiter = NULL;
|
||||
@ -2048,10 +2052,12 @@ remove_records(dns_dbnode_t *node, dns_rdatatype_t which) {
|
||||
covers = rdataset.covers;
|
||||
dns_rdataset_disassociate(&rdataset);
|
||||
if (type == which || covers == which) {
|
||||
if (which == dns_rdatatype_nsec && !update_chain)
|
||||
if (which == dns_rdatatype_nsec &&
|
||||
checknsec && !update_chain)
|
||||
fatal("Zone contains NSEC records. Use -u "
|
||||
"to update to NSEC3.");
|
||||
if (which == dns_rdatatype_nsec3param && !update_chain)
|
||||
if (which == dns_rdatatype_nsec3param &&
|
||||
checknsec && !update_chain)
|
||||
fatal("Zone contains NSEC3 chains. Use -u "
|
||||
"to update to NSEC.");
|
||||
result = dns_db_deleterdataset(gdb, node, gversion,
|
||||
@ -2063,6 +2069,39 @@ remove_records(dns_dbnode_t *node, dns_rdatatype_t which) {
|
||||
dns_rdatasetiter_destroy(&rdsiter);
|
||||
}
|
||||
|
||||
/*
|
||||
* Remove signatures covering the given type (0 == all signatures).
|
||||
*/
|
||||
static void
|
||||
remove_sigs(dns_dbnode_t *node, dns_rdatatype_t which) {
|
||||
isc_result_t result;
|
||||
dns_rdatatype_t type, covers;
|
||||
dns_rdatasetiter_t *rdsiter = NULL;
|
||||
dns_rdataset_t rdataset;
|
||||
|
||||
dns_rdataset_init(&rdataset);
|
||||
result = dns_db_allrdatasets(gdb, node, gversion, 0, &rdsiter);
|
||||
check_result(result, "dns_db_allrdatasets()");
|
||||
for (result = dns_rdatasetiter_first(rdsiter);
|
||||
result == ISC_R_SUCCESS;
|
||||
result = dns_rdatasetiter_next(rdsiter)) {
|
||||
dns_rdatasetiter_current(rdsiter, &rdataset);
|
||||
type = rdataset.type;
|
||||
covers = rdataset.covers;
|
||||
dns_rdataset_disassociate(&rdataset);
|
||||
|
||||
if (type == dns_rdatatype_rrsig &&
|
||||
(covers == which || which == 0))
|
||||
{
|
||||
result = dns_db_deleterdataset(gdb, node, gversion,
|
||||
type, covers);
|
||||
check_result(result, "dns_db_deleterdataset()");
|
||||
continue;
|
||||
}
|
||||
}
|
||||
dns_rdatasetiter_destroy(&rdsiter);
|
||||
}
|
||||
|
||||
/*%
|
||||
* Generate NSEC records for the zone and remove NSEC3/NSEC3PARAM records.
|
||||
*/
|
||||
@ -2139,14 +2178,17 @@ nsecify(void) {
|
||||
}
|
||||
|
||||
if (dns_name_equal(name, gorigin))
|
||||
remove_records(node, dns_rdatatype_nsec3param);
|
||||
remove_records(node, dns_rdatatype_nsec3param,
|
||||
ISC_TRUE);
|
||||
|
||||
if (delegation(name, node, &nsttl)) {
|
||||
zonecut = dns_fixedname_name(&fzonecut);
|
||||
dns_name_copy(name, zonecut, NULL);
|
||||
remove_sigs(node, 0);
|
||||
if (generateds)
|
||||
add_ds(name, node, nsttl);
|
||||
}
|
||||
|
||||
result = dns_dbiterator_next(dbiter);
|
||||
nextnode = NULL;
|
||||
while (result == ISC_R_SUCCESS) {
|
||||
@ -2164,6 +2206,9 @@ nsecify(void) {
|
||||
(zonecut != NULL &&
|
||||
dns_name_issubdomain(nextname, zonecut)))
|
||||
{
|
||||
remove_sigs(nextnode, 0);
|
||||
remove_records(nextnode, dns_rdatatype_nsec,
|
||||
ISC_FALSE);
|
||||
dns_db_detachnode(gdb, &nextnode);
|
||||
result = dns_dbiterator_next(dbiter);
|
||||
continue;
|
||||
@ -2555,7 +2600,7 @@ nsec3ify(unsigned int hashalg, unsigned int iterations,
|
||||
}
|
||||
|
||||
if (dns_name_equal(name, gorigin))
|
||||
remove_records(node, dns_rdatatype_nsec);
|
||||
remove_records(node, dns_rdatatype_nsec, ISC_TRUE);
|
||||
|
||||
result = dns_dbiterator_next(dbiter);
|
||||
nextnode = NULL;
|
||||
@ -2572,6 +2617,7 @@ nsec3ify(unsigned int hashalg, unsigned int iterations,
|
||||
if (!dns_name_issubdomain(nextname, gorigin) ||
|
||||
(zonecut != NULL &&
|
||||
dns_name_issubdomain(nextname, zonecut))) {
|
||||
remove_sigs(nextnode, 0);
|
||||
dns_db_detachnode(gdb, &nextnode);
|
||||
result = dns_dbiterator_next(dbiter);
|
||||
continue;
|
||||
@ -2579,6 +2625,7 @@ nsec3ify(unsigned int hashalg, unsigned int iterations,
|
||||
if (delegation(nextname, nextnode, &nsttl)) {
|
||||
zonecut = dns_fixedname_name(&fzonecut);
|
||||
dns_name_copy(nextname, zonecut, NULL);
|
||||
remove_sigs(nextnode, 0);
|
||||
if (generateds)
|
||||
add_ds(nextname, nextnode, nsttl);
|
||||
if (OPTOUT(nsec3flags) &&
|
||||
@ -3011,7 +3058,7 @@ set_nsec3params(isc_boolean_t update_chain, isc_boolean_t set_salt,
|
||||
dns_rdata_nsec3_t nsec3;
|
||||
dns_fixedname_t fname;
|
||||
dns_name_t *hashname;
|
||||
unsigned char orig_salt[256];
|
||||
unsigned char orig_salt[255];
|
||||
size_t orig_saltlen;
|
||||
dns_hash_t orig_hash;
|
||||
isc_uint16_t orig_iter;
|
||||
|
@ -1,4 +1,4 @@
|
||||
# Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
# Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
# Copyright (C) 1998-2002 Internet Software Consortium.
|
||||
#
|
||||
# Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -21,6 +21,12 @@ top_srcdir = @top_srcdir@
|
||||
|
||||
@BIND9_VERSION@
|
||||
|
||||
@BIND9_PRODUCT@
|
||||
|
||||
@BIND9_DESCRIPTION@
|
||||
|
||||
@BIND9_SRCID@
|
||||
|
||||
@BIND9_CONFIGARGS@
|
||||
|
||||
@BIND9_MAKE_INCLUDES@
|
||||
@ -114,6 +120,9 @@ MANOBJS = ${MANPAGES} ${HTMLPAGES}
|
||||
main.@O@: main.c
|
||||
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
|
||||
-DVERSION=\"${VERSION}\" \
|
||||
-DPRODUCT=\"${PRODUCT}\" \
|
||||
-DDESCRIPTION=\"${DESCRIPTION}\" \
|
||||
-DSRCID=\"${SRCID}\" \
|
||||
-DCONFIGARGS="\"${CONFIGARGS}\"" \
|
||||
-DNS_LOCALSTATEDIR=\"${localstatedir}\" \
|
||||
-DNS_SYSCONFDIR=\"${sysconfdir}\" -c ${srcdir}/main.c
|
||||
@ -124,6 +133,7 @@ bind.keys.h: ${top_srcdir}/bind.keys ${srcdir}/bindkeys.pl
|
||||
config.@O@: config.c bind.keys.h
|
||||
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
|
||||
-DVERSION=\"${VERSION}\" \
|
||||
-DSRCID=\"${SRCID}\" \
|
||||
-DNS_LOCALSTATEDIR=\"${localstatedir}\" \
|
||||
-DNS_SYSCONFDIR=\"${sysconfdir}\" \
|
||||
-c ${srcdir}/config.c
|
||||
@ -167,3 +177,6 @@ install:: named@EXEEXT@ lwresd@EXEEXT@ installdirs
|
||||
${INSTALL_DATA} ${srcdir}/named.conf.5 ${DESTDIR}${mandir}/man5
|
||||
|
||||
@DLZ_DRIVER_RULES@
|
||||
|
||||
named-symtbl.@O@: named-symtbl.c
|
||||
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -c named-symtbl.c
|
||||
|
@ -1394,10 +1394,9 @@ client_request(isc_task_t *task, isc_event_t *event) {
|
||||
|
||||
INSIST(client->recursionquota == NULL);
|
||||
|
||||
INSIST(client->state ==
|
||||
TCP_CLIENT(client) ?
|
||||
NS_CLIENTSTATE_READING :
|
||||
NS_CLIENTSTATE_READY);
|
||||
INSIST(client->state == (TCP_CLIENT(client) ?
|
||||
NS_CLIENTSTATE_READING :
|
||||
NS_CLIENTSTATE_READY));
|
||||
|
||||
ns_client_requests++;
|
||||
|
||||
@ -2408,6 +2407,9 @@ ns_client_replace(ns_client_t *client) {
|
||||
|
||||
CTRACE("replace");
|
||||
|
||||
REQUIRE(client != NULL);
|
||||
REQUIRE(client->manager != NULL);
|
||||
|
||||
result = ns_clientmgr_createclients(client->manager,
|
||||
1, client->interface,
|
||||
(TCP_CLIENT(client) ?
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2001-2003 Internet Software Consortium.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -150,6 +150,7 @@ options {\n\
|
||||
check-names response ignore;\n\
|
||||
check-dup-records warn;\n\
|
||||
check-mx warn;\n\
|
||||
check-spf warn;\n\
|
||||
acache-enable no;\n\
|
||||
acache-cleaning-interval 60;\n\
|
||||
max-acache-size 16M;\n\
|
||||
@ -639,17 +640,16 @@ ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list,
|
||||
if (isc_sockaddr_getport(&addrs[i]) == 0)
|
||||
isc_sockaddr_setport(&addrs[i], port);
|
||||
keys[i] = NULL;
|
||||
if (!cfg_obj_isstring(key)) {
|
||||
i++;
|
||||
i++; /* Increment here so that cleanup on error works. */
|
||||
if (!cfg_obj_isstring(key))
|
||||
continue;
|
||||
}
|
||||
keys[i] = isc_mem_get(mctx, sizeof(dns_name_t));
|
||||
if (keys[i] == NULL)
|
||||
keys[i - 1] = isc_mem_get(mctx, sizeof(dns_name_t));
|
||||
if (keys[i - 1] == NULL)
|
||||
goto cleanup;
|
||||
dns_name_init(keys[i], NULL);
|
||||
dns_name_init(keys[i - 1], NULL);
|
||||
|
||||
keystr = cfg_obj_asstring(key);
|
||||
isc_buffer_init(&b, keystr, strlen(keystr));
|
||||
isc_buffer_constinit(&b, keystr, strlen(keystr));
|
||||
isc_buffer_add(&b, strlen(keystr));
|
||||
dns_fixedname_init(&fname);
|
||||
result = dns_name_fromtext(dns_fixedname_name(&fname), &b,
|
||||
@ -657,10 +657,9 @@ ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list,
|
||||
if (result != ISC_R_SUCCESS)
|
||||
goto cleanup;
|
||||
result = dns_name_dup(dns_fixedname_name(&fname), mctx,
|
||||
keys[i]);
|
||||
keys[i - 1]);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
goto cleanup;
|
||||
i++;
|
||||
}
|
||||
if (pushed != 0) {
|
||||
pushed--;
|
||||
@ -716,7 +715,7 @@ ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list,
|
||||
if (addrs != NULL)
|
||||
isc_mem_put(mctx, addrs, addrcount * sizeof(isc_sockaddr_t));
|
||||
if (keys != NULL) {
|
||||
for (j = 0; j <= i; j++) {
|
||||
for (j = 0; j < i; j++) {
|
||||
if (keys[j] == NULL)
|
||||
continue;
|
||||
if (dns_name_dynamic(keys[j]))
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2004-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2004-2007, 2009, 2010, 2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2001-2003 Internet Software Consortium.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -61,7 +61,7 @@ command_compare(const char *text, const char *command) {
|
||||
isc_result_t
|
||||
ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
|
||||
isccc_sexpr_t *data;
|
||||
char *command;
|
||||
char *command = NULL;
|
||||
isc_result_t result;
|
||||
int log_level;
|
||||
#ifdef HAVE_LIBSCF
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2004-2008, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2004-2008, 2011-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2001-2003 Internet Software Consortium.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -149,7 +149,7 @@ free_listener(controllistener_t *listener) {
|
||||
if (listener->acl != NULL)
|
||||
dns_acl_detach(&listener->acl);
|
||||
|
||||
isc_mem_put(listener->mctx, listener, sizeof(*listener));
|
||||
isc_mem_putanddetach(&listener->mctx, listener, sizeof(*listener));
|
||||
}
|
||||
|
||||
static void
|
||||
@ -1066,8 +1066,9 @@ add_listener(ns_controls_t *cp, controllistener_t **listenerp,
|
||||
result = ISC_R_NOMEMORY;
|
||||
|
||||
if (result == ISC_R_SUCCESS) {
|
||||
listener->mctx = NULL;
|
||||
isc_mem_attach(mctx, &listener->mctx);
|
||||
listener->controls = cp;
|
||||
listener->mctx = mctx;
|
||||
listener->task = cp->server->task;
|
||||
listener->address = *addr;
|
||||
listener->sock = NULL;
|
||||
|
@ -165,16 +165,17 @@ struct ns_client {
|
||||
#define NS_CLIENT_MAGIC ISC_MAGIC('N','S','C','c')
|
||||
#define NS_CLIENT_VALID(c) ISC_MAGIC_VALID(c, NS_CLIENT_MAGIC)
|
||||
|
||||
#define NS_CLIENTATTR_TCP 0x01
|
||||
#define NS_CLIENTATTR_RA 0x02 /*%< Client gets recursive service */
|
||||
#define NS_CLIENTATTR_PKTINFO 0x04 /*%< pktinfo is valid */
|
||||
#define NS_CLIENTATTR_MULTICAST 0x08 /*%< recv'd from multicast */
|
||||
#define NS_CLIENTATTR_WANTDNSSEC 0x10 /*%< include dnssec records */
|
||||
#define NS_CLIENTATTR_WANTNSID 0x20 /*%< include nameserver ID */
|
||||
#define NS_CLIENTATTR_TCP 0x001
|
||||
#define NS_CLIENTATTR_RA 0x002 /*%< Client gets recursive service */
|
||||
#define NS_CLIENTATTR_PKTINFO 0x004 /*%< pktinfo is valid */
|
||||
#define NS_CLIENTATTR_MULTICAST 0x008 /*%< recv'd from multicast */
|
||||
#define NS_CLIENTATTR_WANTDNSSEC 0x010 /*%< include dnssec records */
|
||||
#define NS_CLIENTATTR_WANTNSID 0x020 /*%< include nameserver ID */
|
||||
#ifdef ALLOW_FILTER_AAAA_ON_V4
|
||||
#define NS_CLIENTATTR_FILTER_AAAA 0x40 /*%< suppress AAAAs */
|
||||
#define NS_CLIENTATTR_FILTER_AAAA_RC 0x80 /*%< recursing for A against AAAA */
|
||||
#define NS_CLIENTATTR_FILTER_AAAA 0x040 /*%< suppress AAAAs */
|
||||
#define NS_CLIENTATTR_FILTER_AAAA_RC 0x080 /*%< recursing for A against AAAA */
|
||||
#endif
|
||||
#define NS_CLIENTATTR_WANTAD 0x100 /*%< want AD in response if possible */
|
||||
|
||||
extern unsigned int ns_client_requests;
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 1999-2003 Internet Software Consortium.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -66,6 +66,9 @@ EXTERN isc_timermgr_t * ns_g_timermgr INIT(NULL);
|
||||
EXTERN isc_socketmgr_t * ns_g_socketmgr INIT(NULL);
|
||||
EXTERN cfg_parser_t * ns_g_parser INIT(NULL);
|
||||
EXTERN const char * ns_g_version INIT(VERSION);
|
||||
EXTERN const char * ns_g_product INIT(PRODUCT);
|
||||
EXTERN const char * ns_g_description INIT(DESCRIPTION);
|
||||
EXTERN const char * ns_g_srcid INIT(SRCID);
|
||||
EXTERN const char * ns_g_configargs INIT(CONFIGARGS);
|
||||
EXTERN in_port_t ns_g_port INIT(0);
|
||||
EXTERN in_port_t lwresd_g_listenport INIT(0);
|
||||
@ -120,6 +123,7 @@ EXTERN isc_boolean_t ns_g_coreok INIT(ISC_TRUE);
|
||||
EXTERN const char * ns_g_chrootdir INIT(NULL);
|
||||
EXTERN isc_boolean_t ns_g_foreground INIT(ISC_FALSE);
|
||||
EXTERN isc_boolean_t ns_g_logstderr INIT(ISC_FALSE);
|
||||
EXTERN isc_boolean_t ns_g_nosyslog INIT(ISC_FALSE);
|
||||
|
||||
EXTERN const char * ns_g_defaultsessionkeyfile
|
||||
INIT(NS_LOCALSTATEDIR "/run/named/"
|
||||
@ -153,6 +157,7 @@ EXTERN isc_boolean_t ns_g_memstatistics INIT(ISC_FALSE);
|
||||
EXTERN isc_boolean_t ns_g_clienttest INIT(ISC_FALSE);
|
||||
EXTERN isc_boolean_t ns_g_nosoa INIT(ISC_FALSE);
|
||||
EXTERN isc_boolean_t ns_g_noaa INIT(ISC_FALSE);
|
||||
EXTERN isc_boolean_t ns_g_nonearest INIT(ISC_FALSE);
|
||||
|
||||
#undef EXTERN
|
||||
#undef INIT
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2004-2010, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 1999-2003 Internet Software Consortium.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -165,7 +165,9 @@ enum {
|
||||
dns_nsstatscounter_updatefail = 34,
|
||||
dns_nsstatscounter_updatebadprereq = 35,
|
||||
|
||||
dns_nsstatscounter_max = 36
|
||||
dns_nsstatscounter_rpz_rewrites = 36,
|
||||
|
||||
dns_nsstatscounter_max = 37
|
||||
};
|
||||
|
||||
void
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2004-2009, 2011, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 1999-2002 Internet Software Consortium.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -79,11 +79,13 @@ ns_interfacemgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr,
|
||||
if (mgr == NULL)
|
||||
return (ISC_R_NOMEMORY);
|
||||
|
||||
mgr->mctx = NULL;
|
||||
isc_mem_attach(mctx, &mgr->mctx);
|
||||
|
||||
result = isc_mutex_init(&mgr->lock);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
goto cleanup_mem;
|
||||
|
||||
mgr->mctx = mctx;
|
||||
mgr->taskmgr = taskmgr;
|
||||
mgr->socketmgr = socketmgr;
|
||||
mgr->dispatchmgr = dispatchmgr;
|
||||
@ -115,7 +117,7 @@ ns_interfacemgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr,
|
||||
ns_listenlist_detach(&mgr->listenon4);
|
||||
ns_listenlist_detach(&mgr->listenon6);
|
||||
cleanup_mem:
|
||||
isc_mem_put(mctx, mgr, sizeof(*mgr));
|
||||
isc_mem_putanddetach(&mgr->mctx, mgr, sizeof(*mgr));
|
||||
return (result);
|
||||
}
|
||||
|
||||
@ -128,7 +130,7 @@ ns_interfacemgr_destroy(ns_interfacemgr_t *mgr) {
|
||||
clearlistenon(mgr);
|
||||
DESTROYLOCK(&mgr->lock);
|
||||
mgr->magic = 0;
|
||||
isc_mem_put(mgr->mctx, mgr, sizeof(*mgr));
|
||||
isc_mem_putanddetach(&mgr->mctx, mgr, sizeof(*mgr));
|
||||
}
|
||||
|
||||
dns_aclenv_t *
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2004-2007, 2009, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 1999-2002 Internet Software Consortium.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -201,7 +201,7 @@ isc_result_t
|
||||
ns_log_setdefaultcategory(isc_logconfig_t *lcfg) {
|
||||
isc_result_t result;
|
||||
|
||||
if (! ns_g_logstderr) {
|
||||
if (! ns_g_logstderr && ! ns_g_nosyslog) {
|
||||
result = isc_log_usechannel(lcfg, "default_syslog",
|
||||
ISC_LOGCATEGORY_DEFAULT, NULL);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2004-2007, 2011 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2004-2007, 2011, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 1999-2001 Internet Software Consortium.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -246,14 +246,16 @@ channel_fromconf(const cfg_obj_t *channel, isc_logconfig_t *lctx) {
|
||||
isc_result_totext(result));
|
||||
} else
|
||||
(void)isc_stdio_close(fp);
|
||||
} else {
|
||||
syslog(LOG_ERR, "isc_file_isplainfile '%s' failed: %s",
|
||||
dest.file.name, isc_result_totext(result));
|
||||
fprintf(stderr, "isc_file_isplainfile '%s' failed: %s",
|
||||
dest.file.name, isc_result_totext(result));
|
||||
goto done;
|
||||
}
|
||||
if (!ns_g_nosyslog)
|
||||
syslog(LOG_ERR, "isc_file_isplainfile '%s' failed: %s",
|
||||
dest.file.name, isc_result_totext(result));
|
||||
fprintf(stderr, "isc_file_isplainfile '%s' failed: %s",
|
||||
dest.file.name, isc_result_totext(result));
|
||||
}
|
||||
|
||||
done:
|
||||
return (result);
|
||||
}
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2004-2009, 2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -368,7 +368,7 @@ ns_lwdmanager_create(isc_mem_t *mctx, const cfg_obj_t *lwres,
|
||||
|
||||
dns_fixedname_init(&fname);
|
||||
name = dns_fixedname_name(&fname);
|
||||
isc_buffer_init(&namebuf, searchstr,
|
||||
isc_buffer_constinit(&namebuf, searchstr,
|
||||
strlen(searchstr));
|
||||
isc_buffer_add(&namebuf, strlen(searchstr));
|
||||
result = dns_name_fromtext(name, &namebuf,
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 1999-2003 Internet Software Consortium.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -523,6 +523,10 @@ parse_command_line(int argc, char *argv[]) {
|
||||
maxudp = 512;
|
||||
else if (!strcmp(isc_commandline_argument, "maxudp1460"))
|
||||
maxudp = 1460;
|
||||
else if (!strcmp(isc_commandline_argument, "nosyslog"))
|
||||
ns_g_nosyslog = ISC_TRUE;
|
||||
else if (!strcmp(isc_commandline_argument, "nonearest"))
|
||||
ns_g_nonearest = ISC_TRUE;
|
||||
else
|
||||
fprintf(stderr, "unknown -T flag '%s\n",
|
||||
isc_commandline_argument);
|
||||
@ -531,10 +535,16 @@ parse_command_line(int argc, char *argv[]) {
|
||||
ns_g_username = isc_commandline_argument;
|
||||
break;
|
||||
case 'v':
|
||||
printf("BIND %s\n", ns_g_version);
|
||||
printf("%s %s", ns_g_product, ns_g_version);
|
||||
if (*ns_g_description != 0)
|
||||
printf(" %s", ns_g_description);
|
||||
printf("\n");
|
||||
exit(0);
|
||||
case 'V':
|
||||
printf("BIND %s built with %s\n", ns_g_version,
|
||||
printf("%s %s", ns_g_product, ns_g_version);
|
||||
if (*ns_g_description != 0)
|
||||
printf(" %s", ns_g_description);
|
||||
printf(" <id:%s> built with %s\n", ns_g_srcid,
|
||||
ns_g_configargs);
|
||||
#ifdef OPENSSL
|
||||
printf("using OpenSSL version: %s\n",
|
||||
@ -787,8 +797,8 @@ setup(void) {
|
||||
isc_result_totext(result));
|
||||
|
||||
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN,
|
||||
ISC_LOG_NOTICE, "starting BIND %s%s", ns_g_version,
|
||||
saved_command_line);
|
||||
ISC_LOG_NOTICE, "starting %s %s%s", ns_g_product,
|
||||
ns_g_version, saved_command_line);
|
||||
|
||||
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN,
|
||||
ISC_LOG_NOTICE, "built with %s", ns_g_configargs);
|
||||
@ -1029,9 +1039,9 @@ main(int argc, char *argv[]) {
|
||||
*/
|
||||
strlcat(version,
|
||||
#if defined(NO_VERSION_DATE) || !defined(__DATE__)
|
||||
"named version: BIND " VERSION,
|
||||
"named version: BIND " VERSION " <" SRCID ">",
|
||||
#else
|
||||
"named version: BIND " VERSION " (" __DATE__ ")",
|
||||
"named version: BIND " VERSION " <" SRCID "> (" __DATE__ ")",
|
||||
#endif
|
||||
sizeof(version));
|
||||
result = isc_file_progname(*argv, program_name, sizeof(program_name));
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
|
||||
.\" Copyright (C) 2004-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
.\"
|
||||
.\" Permission to use, copy, modify, and/or distribute this software for any
|
||||
.\" purpose with or without fee is hereby granted, provided that the above
|
||||
@ -187,7 +187,7 @@ options {
|
||||
random\-device \fIquoted_string\fR;
|
||||
recursive\-clients \fIinteger\fR;
|
||||
serial\-query\-rate \fIinteger\fR;
|
||||
server\-id ( \fIquoted_string\fR | none |;
|
||||
server\-id ( \fIquoted_string\fR | none );
|
||||
stacksize \fIsize\fR;
|
||||
statistics\-file \fIquoted_string\fR;
|
||||
statistics\-interval \fIinteger\fR; // not yet implemented
|
||||
@ -592,5 +592,5 @@ zone \fIstring\fR \fIoptional_class\fR {
|
||||
\fBrndc\fR(8),
|
||||
BIND 9 Administrator Reference Manual.
|
||||
.SH "COPYRIGHT"
|
||||
Copyright \(co 2004\-2011 Internet Systems Consortium, Inc. ("ISC")
|
||||
Copyright \(co 2004\-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
.br
|
||||
|
@ -2,7 +2,7 @@
|
||||
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
|
||||
[<!ENTITY mdash "—">]>
|
||||
<!--
|
||||
- Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
- purpose with or without fee is hereby granted, provided that the above
|
||||
@ -44,6 +44,7 @@
|
||||
<year>2009</year>
|
||||
<year>2010</year>
|
||||
<year>2011</year>
|
||||
<year>2013</year>
|
||||
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
|
||||
</copyright>
|
||||
</docinfo>
|
||||
@ -218,7 +219,7 @@ options {
|
||||
random-device <replaceable>quoted_string</replaceable>;
|
||||
recursive-clients <replaceable>integer</replaceable>;
|
||||
serial-query-rate <replaceable>integer</replaceable>;
|
||||
server-id ( <replaceable>quoted_string</replaceable> | none |;
|
||||
server-id ( <replaceable>quoted_string</replaceable> | none );
|
||||
stacksize <replaceable>size</replaceable>;
|
||||
statistics-file <replaceable>quoted_string</replaceable>;
|
||||
statistics-interval <replaceable>integer</replaceable>; // not yet implemented
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
- Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
- purpose with or without fee is hereby granted, provided that the above
|
||||
@ -31,7 +31,7 @@
|
||||
<div class="cmdsynopsis"><p><code class="command">named.conf</code> </p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543353"></a><h2>DESCRIPTION</h2>
|
||||
<a name="id2543356"></a><h2>DESCRIPTION</h2>
|
||||
<p><code class="filename">named.conf</code> is the configuration file
|
||||
for
|
||||
<span><strong class="command">named</strong></span>. Statements are enclosed
|
||||
@ -50,14 +50,14 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543381"></a><h2>ACL</h2>
|
||||
<a name="id2543384"></a><h2>ACL</h2>
|
||||
<div class="literallayout"><p><br>
|
||||
acl <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
|
||||
<br>
|
||||
</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543397"></a><h2>KEY</h2>
|
||||
<a name="id2543400"></a><h2>KEY</h2>
|
||||
<div class="literallayout"><p><br>
|
||||
key <em class="replaceable"><code>domain_name</code></em> {<br>
|
||||
algorithm <em class="replaceable"><code>string</code></em>;<br>
|
||||
@ -66,7 +66,7 @@ key
|
||||
</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543416"></a><h2>MASTERS</h2>
|
||||
<a name="id2543419"></a><h2>MASTERS</h2>
|
||||
<div class="literallayout"><p><br>
|
||||
masters <em class="replaceable"><code>string</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
|
||||
( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
|
||||
@ -75,7 +75,7 @@ masters
|
||||
</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543462"></a><h2>SERVER</h2>
|
||||
<a name="id2543465"></a><h2>SERVER</h2>
|
||||
<div class="literallayout"><p><br>
|
||||
server ( <em class="replaceable"><code>ipv4_address[<span class="optional">/prefixlen</span>]</code></em> | <em class="replaceable"><code>ipv6_address[<span class="optional">/prefixlen</span>]</code></em> ) {<br>
|
||||
bogus <em class="replaceable"><code>boolean</code></em>;<br>
|
||||
@ -97,7 +97,7 @@ server
|
||||
</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543530"></a><h2>TRUSTED-KEYS</h2>
|
||||
<a name="id2543533"></a><h2>TRUSTED-KEYS</h2>
|
||||
<div class="literallayout"><p><br>
|
||||
trusted-keys {<br>
|
||||
<em class="replaceable"><code>domain_name</code></em> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ... <br>
|
||||
@ -105,7 +105,7 @@ trusted-keys
|
||||
</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543556"></a><h2>MANAGED-KEYS</h2>
|
||||
<a name="id2543559"></a><h2>MANAGED-KEYS</h2>
|
||||
<div class="literallayout"><p><br>
|
||||
managed-keys {<br>
|
||||
<em class="replaceable"><code>domain_name</code></em> <code class="constant">initial-key</code> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ... <br>
|
||||
@ -113,7 +113,7 @@ managed-keys
|
||||
</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543585"></a><h2>CONTROLS</h2>
|
||||
<a name="id2543588"></a><h2>CONTROLS</h2>
|
||||
<div class="literallayout"><p><br>
|
||||
controls {<br>
|
||||
inet ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
|
||||
@ -125,7 +125,7 @@ controls
|
||||
</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543620"></a><h2>LOGGING</h2>
|
||||
<a name="id2543623"></a><h2>LOGGING</h2>
|
||||
<div class="literallayout"><p><br>
|
||||
logging {<br>
|
||||
channel <em class="replaceable"><code>string</code></em> {<br>
|
||||
@ -143,7 +143,7 @@ logging
|
||||
</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543658"></a><h2>LWRES</h2>
|
||||
<a name="id2543661"></a><h2>LWRES</h2>
|
||||
<div class="literallayout"><p><br>
|
||||
lwres {<br>
|
||||
listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
|
||||
@ -156,7 +156,7 @@ lwres
|
||||
</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543700"></a><h2>OPTIONS</h2>
|
||||
<a name="id2543703"></a><h2>OPTIONS</h2>
|
||||
<div class="literallayout"><p><br>
|
||||
options {<br>
|
||||
avoid-v4-udp-ports { <em class="replaceable"><code>port</code></em>; ... };<br>
|
||||
@ -184,7 +184,7 @@ options
|
||||
random-device <em class="replaceable"><code>quoted_string</code></em>;<br>
|
||||
recursive-clients <em class="replaceable"><code>integer</code></em>;<br>
|
||||
serial-query-rate <em class="replaceable"><code>integer</code></em>;<br>
|
||||
server-id ( <em class="replaceable"><code>quoted_string</code></em> | none |;<br>
|
||||
server-id ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
|
||||
stacksize <em class="replaceable"><code>size</code></em>;<br>
|
||||
statistics-file <em class="replaceable"><code>quoted_string</code></em>;<br>
|
||||
statistics-interval <em class="replaceable"><code>integer</code></em>; // not yet implemented<br>
|
||||
@ -360,7 +360,7 @@ options
|
||||
</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2544574"></a><h2>VIEW</h2>
|
||||
<a name="id2544578"></a><h2>VIEW</h2>
|
||||
<div class="literallayout"><p><br>
|
||||
view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
|
||||
match-clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
|
||||
@ -523,7 +523,7 @@ view
|
||||
</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2545284"></a><h2>ZONE</h2>
|
||||
<a name="id2545287"></a><h2>ZONE</h2>
|
||||
<div class="literallayout"><p><br>
|
||||
zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
|
||||
type ( master | slave | stub | hint |<br>
|
||||
@ -618,12 +618,12 @@ zone
|
||||
</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2545664"></a><h2>FILES</h2>
|
||||
<a name="id2545667"></a><h2>FILES</h2>
|
||||
<p><code class="filename">/etc/named.conf</code>
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2545675"></a><h2>SEE ALSO</h2>
|
||||
<a name="id2545678"></a><h2>SEE ALSO</h2>
|
||||
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
|
||||
<span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
|
||||
<span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 1999-2003 Internet Software Consortium.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -94,6 +94,10 @@
|
||||
/*% Want DNSSEC? */
|
||||
#define WANTDNSSEC(c) (((c)->attributes & \
|
||||
NS_CLIENTATTR_WANTDNSSEC) != 0)
|
||||
/*% Want WANTAD? */
|
||||
#define WANTAD(c) (((c)->attributes & \
|
||||
NS_CLIENTATTR_WANTAD) != 0)
|
||||
|
||||
/*% No authority? */
|
||||
#define NOAUTHORITY(c) (((c)->query.attributes & \
|
||||
NS_QUERYATTR_NOAUTHORITY) != 0)
|
||||
@ -651,7 +655,7 @@ query_validatezonedb(ns_client_t *client, dns_name_t *name,
|
||||
dns_dbversion_t **versionp)
|
||||
{
|
||||
isc_result_t result;
|
||||
dns_acl_t *queryacl;
|
||||
dns_acl_t *queryacl, *queryonacl;
|
||||
ns_dbversion_t *dbversion;
|
||||
|
||||
REQUIRE(zone != NULL);
|
||||
@ -763,6 +767,21 @@ query_validatezonedb(ns_client_t *client, dns_name_t *name,
|
||||
client->query.attributes |= NS_QUERYATTR_QUERYOKVALID;
|
||||
}
|
||||
|
||||
/* If and only if we've gotten this far, check allow-query-on too */
|
||||
if (result == ISC_R_SUCCESS) {
|
||||
queryonacl = dns_zone_getqueryonacl(zone);
|
||||
if (queryonacl == NULL)
|
||||
queryonacl = client->view->queryonacl;
|
||||
|
||||
result = ns_client_checkaclsilent(client, NULL,
|
||||
queryonacl, ISC_TRUE);
|
||||
if ((options & DNS_GETDB_NOLOG) == 0 &&
|
||||
result != ISC_R_SUCCESS)
|
||||
ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
|
||||
NS_LOGMODULE_QUERY, ISC_LOG_INFO,
|
||||
"query-on denied");
|
||||
}
|
||||
|
||||
dbversion->acl_checked = ISC_TRUE;
|
||||
if (result != ISC_R_SUCCESS) {
|
||||
dbversion->queryok = ISC_FALSE;
|
||||
@ -831,12 +850,29 @@ query_getzonedb(ns_client_t *client, dns_name_t *name, dns_rdatatype_t qtype,
|
||||
}
|
||||
|
||||
static void
|
||||
rpz_log_rewrite(ns_client_t *client, const char *disabled,
|
||||
rpz_log_rewrite(ns_client_t *client, isc_boolean_t disabled,
|
||||
dns_rpz_policy_t policy, dns_rpz_type_t type,
|
||||
dns_name_t *rpz_qname) {
|
||||
dns_zone_t *zone, dns_name_t *rpz_qname)
|
||||
{
|
||||
isc_stats_t *zonestats;
|
||||
char qname_buf[DNS_NAME_FORMATSIZE];
|
||||
char rpz_qname_buf[DNS_NAME_FORMATSIZE];
|
||||
|
||||
/*
|
||||
* Count enabled rewrites in the global counter.
|
||||
* Count both enabled and disabled rewrites for each zone.
|
||||
*/
|
||||
if (!disabled && policy != DNS_RPZ_POLICY_PASSTHRU) {
|
||||
isc_stats_increment(ns_g_server->nsstats,
|
||||
dns_nsstatscounter_rpz_rewrites);
|
||||
}
|
||||
if (zone != NULL) {
|
||||
zonestats = dns_zone_getrequeststats(zone);
|
||||
if (zonestats != NULL)
|
||||
isc_stats_increment(zonestats,
|
||||
dns_nsstatscounter_rpz_rewrites);
|
||||
}
|
||||
|
||||
if (!isc_log_wouldlog(ns_g_lctx, DNS_RPZ_INFO_LEVEL))
|
||||
return;
|
||||
|
||||
@ -845,7 +881,7 @@ rpz_log_rewrite(ns_client_t *client, const char *disabled,
|
||||
|
||||
ns_client_log(client, DNS_LOGCATEGORY_RPZ, NS_LOGMODULE_QUERY,
|
||||
DNS_RPZ_INFO_LEVEL, "%srpz %s %s rewrite %s via %s",
|
||||
disabled,
|
||||
disabled ? "disabled " : "",
|
||||
dns_rpz_type2str(type), dns_rpz_policy2str(policy),
|
||||
qname_buf, rpz_qname_buf);
|
||||
}
|
||||
@ -861,6 +897,9 @@ rpz_log_fail(ns_client_t *client, int level,
|
||||
if (!isc_log_wouldlog(ns_g_lctx, level))
|
||||
return;
|
||||
|
||||
/*
|
||||
* bin/tests/system/rpz/tests.sh looks for "rpz.*failed".
|
||||
*/
|
||||
dns_name_format(client->query.qname, namebuf1, sizeof(namebuf1));
|
||||
dns_name_format(name, namebuf2, sizeof(namebuf2));
|
||||
ns_client_log(client, NS_LOGCATEGORY_QUERY_EERRORS,
|
||||
@ -3074,6 +3113,14 @@ query_addbestns(ns_client_t *client) {
|
||||
SECURE(client) && WANTDNSSEC(client))
|
||||
goto cleanup;
|
||||
|
||||
/*
|
||||
* If the answer is secure only add NS records if they are secure * when the client may be looking for AD in the response.
|
||||
*/
|
||||
if (SECURE(client) && (WANTDNSSEC(client) || WANTAD(client)) &&
|
||||
((rdataset->trust != dns_trust_secure) ||
|
||||
(sigrdataset != NULL && sigrdataset->trust != dns_trust_secure)))
|
||||
goto cleanup;
|
||||
|
||||
/*
|
||||
* If the client doesn't want DNSSEC we can discard the sigrdataset
|
||||
* now.
|
||||
@ -4028,6 +4075,8 @@ rpz_rewrite_rrset(ns_client_t *client, dns_rpz_type_t rpz_type,
|
||||
rdatasetp, resuming);
|
||||
switch (result) {
|
||||
case ISC_R_SUCCESS:
|
||||
case DNS_R_GLUE:
|
||||
case DNS_R_ZONECUT:
|
||||
result = rpz_rewrite_ip(client, *rdatasetp, rpz_type);
|
||||
break;
|
||||
case DNS_R_EMPTYNAME:
|
||||
@ -4121,6 +4170,8 @@ rpz_find(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qnamef,
|
||||
dns_name_t *found;
|
||||
isc_result_t result;
|
||||
|
||||
REQUIRE(nodep != NULL);
|
||||
|
||||
result = rpz_ready(client, zonep, dbp, nodep, rdatasetp);
|
||||
if (result != ISC_R_SUCCESS) {
|
||||
*policyp = DNS_RPZ_POLICY_ERROR;
|
||||
@ -4204,26 +4255,32 @@ rpz_find(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qnamef,
|
||||
result = DNS_R_CNAME;
|
||||
}
|
||||
break;
|
||||
case DNS_R_NXRRSET:
|
||||
policy = DNS_RPZ_POLICY_NODATA;
|
||||
break;
|
||||
case DNS_R_DNAME:
|
||||
/*
|
||||
* DNAME policy RRs have very few if any uses that are not
|
||||
* better served with simple wildcards. Making the work would
|
||||
* require complications to get the number of labels matched
|
||||
* in the name or the found name to the main DNS_R_DNAME case
|
||||
* in query_find(). So fall through to treat them as NODATA.
|
||||
* in query_find().
|
||||
*/
|
||||
dns_rdataset_disassociate(*rdatasetp);
|
||||
dns_db_detachnode(*dbp, nodep);
|
||||
/*
|
||||
* Fall through to treat it as a miss.
|
||||
*/
|
||||
case DNS_R_NXRRSET:
|
||||
policy = DNS_RPZ_POLICY_NODATA;
|
||||
break;
|
||||
case DNS_R_NXDOMAIN:
|
||||
case DNS_R_EMPTYNAME:
|
||||
/*
|
||||
* If we don't get a qname hit,
|
||||
* see if it is worth looking for other types.
|
||||
*/
|
||||
dns_db_rpz_enabled(*dbp, client->query.rpz_st);
|
||||
(void)dns_db_rpz_enabled(*dbp, client->query.rpz_st);
|
||||
dns_db_detach(dbp);
|
||||
dns_zone_detach(zonep);
|
||||
result = DNS_R_NXDOMAIN;
|
||||
policy = DNS_RPZ_POLICY_MISS;
|
||||
break;
|
||||
default:
|
||||
@ -4231,9 +4288,7 @@ rpz_find(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qnamef,
|
||||
dns_zone_detach(zonep);
|
||||
rpz_log_fail(client, DNS_RPZ_ERROR_LEVEL, rpz_type, qnamef,
|
||||
"", result);
|
||||
policy = DNS_RPZ_POLICY_ERROR;
|
||||
result = DNS_R_SERVFAIL;
|
||||
break;
|
||||
return (DNS_R_SERVFAIL);
|
||||
}
|
||||
|
||||
*policyp = policy;
|
||||
@ -4299,6 +4354,9 @@ rpz_rewrite_name(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname,
|
||||
if (result == ISC_R_SUCCESS)
|
||||
break;
|
||||
INSIST(result == DNS_R_NAMETOOLONG);
|
||||
/*
|
||||
* Trim the name until it is not too long.
|
||||
*/
|
||||
labels = dns_name_countlabels(prefix);
|
||||
if (labels < 2) {
|
||||
rpz_log_fail(client, DNS_RPZ_ERROR_LEVEL,
|
||||
@ -4322,7 +4380,6 @@ rpz_rewrite_name(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname,
|
||||
rdatasetp, &policy);
|
||||
switch (result) {
|
||||
case DNS_R_NXDOMAIN:
|
||||
case DNS_R_EMPTYNAME:
|
||||
break;
|
||||
case DNS_R_SERVFAIL:
|
||||
rpz_clean(&zone, &db, &node, rdatasetp);
|
||||
@ -4345,13 +4402,45 @@ rpz_rewrite_name(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname,
|
||||
(st->m.type == rpz_type &&
|
||||
0 >= dns_name_compare(rpz_qname, st->qname))))
|
||||
continue;
|
||||
#if 0
|
||||
/*
|
||||
* This code would block a customer reported information
|
||||
* leak of rpz rules by rewriting requests in the
|
||||
* rpz-ip, rpz-nsip, rpz-nsdname,and rpz-passthru TLDs.
|
||||
* Without this code, a bad guy could request
|
||||
* 24.0.3.2.10.rpz-ip. to find the policy rule for
|
||||
* 10.2.3.0/14. It is an insignificant leak and this
|
||||
* code is not worth its cost, because the bad guy
|
||||
* could publish "evil.com A 10.2.3.4" and request
|
||||
* evil.com to get the same information.
|
||||
* Keep code with "#if 0" in case customer demand
|
||||
* is irresistible.
|
||||
*
|
||||
* We have the less frequent case of a triggered
|
||||
* policy. Check that we have not trigger on one
|
||||
* of the pretend RPZ TLDs.
|
||||
* This test would make it impossible to rewrite
|
||||
* names in TLDs that start with "rpz-" should
|
||||
* ICANN ever allow such TLDs.
|
||||
*/
|
||||
labels = dns_name_countlabels(qname);
|
||||
if (labels >= 2) {
|
||||
dns_label_t label;
|
||||
|
||||
dns_name_getlabel(qname, labels-2, &label);
|
||||
if (label.length >= sizeof(DNS_RPZ_PREFIX)-1 &&
|
||||
strncasecmp((const char *)label.base+1,
|
||||
DNS_RPZ_PREFIX,
|
||||
sizeof(DNS_RPZ_PREFIX)-1) == 0)
|
||||
continue;
|
||||
}
|
||||
#endif
|
||||
/*
|
||||
* Merely log DNS_RPZ_POLICY_DISABLED hits.
|
||||
*/
|
||||
if (rpz->policy == DNS_RPZ_POLICY_DISABLED) {
|
||||
rpz_log_rewrite(client, "disabled ",
|
||||
policy, rpz_type, rpz_qname);
|
||||
rpz_log_rewrite(client, ISC_TRUE, policy,
|
||||
rpz_type, zone, rpz_qname);
|
||||
continue;
|
||||
}
|
||||
|
||||
@ -4482,7 +4571,7 @@ rpz_rewrite(ns_client_t *client, dns_rdatatype_t qtype, isc_result_t qresult,
|
||||
rdataset = NULL;
|
||||
if ((st->state & DNS_RPZ_DONE_QNAME) == 0) {
|
||||
/*
|
||||
* Check rules for the query name if this it the first time
|
||||
* Check rules for the query name if this is the first time
|
||||
* for the current qname, i.e. we've not been recursing.
|
||||
* There is a first time for each name in a CNAME chain.
|
||||
*/
|
||||
@ -4524,7 +4613,7 @@ rpz_rewrite(ns_client_t *client, dns_rdatatype_t qtype, isc_result_t qresult,
|
||||
|
||||
dns_fixedname_init(&nsnamef);
|
||||
dns_name_clone(client->query.qname, dns_fixedname_name(&nsnamef));
|
||||
while (st->r.label > 1) {
|
||||
while (st->r.label > client->view->rpz_min_ns_labels) {
|
||||
/*
|
||||
* Get NS rrset for each domain in the current qname.
|
||||
*/
|
||||
@ -4655,8 +4744,8 @@ rpz_rewrite(ns_client_t *client, dns_rdatatype_t qtype, isc_result_t qresult,
|
||||
st->m.policy == DNS_RPZ_POLICY_ERROR) {
|
||||
if (st->m.policy == DNS_RPZ_POLICY_PASSTHRU &&
|
||||
result != DNS_R_DELEGATION)
|
||||
rpz_log_rewrite(client, "", st->m.policy, st->m.type,
|
||||
st->qname);
|
||||
rpz_log_rewrite(client, ISC_FALSE, st->m.policy,
|
||||
st->m.type, st->m.zone, st->qname);
|
||||
rpz_match_clear(st);
|
||||
}
|
||||
if (st->m.policy == DNS_RPZ_POLICY_ERROR) {
|
||||
@ -4671,7 +4760,7 @@ rpz_rewrite(ns_client_t *client, dns_rdatatype_t qtype, isc_result_t qresult,
|
||||
}
|
||||
|
||||
/*
|
||||
* See if response policy zone rewriting is allowed a lack of interest
|
||||
* See if response policy zone rewriting is allowed by a lack of interest
|
||||
* by the client in DNSSEC or a lack of signatures.
|
||||
*/
|
||||
static isc_boolean_t
|
||||
@ -4766,7 +4855,8 @@ rpz_add_cname(ns_client_t *client, dns_rpz_st_t *st,
|
||||
fname, dns_trust_authanswer, st->m.ttl);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
return (result);
|
||||
rpz_log_rewrite(client, "", st->m.policy, st->m.type, st->qname);
|
||||
rpz_log_rewrite(client, ISC_FALSE, st->m.policy,
|
||||
st->m.type, st->m.zone, st->qname);
|
||||
ns_client_qnamereplace(client, fname);
|
||||
/*
|
||||
* Turn off DNSSEC because the results of a
|
||||
@ -5703,9 +5793,10 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
client->attributes &= ~(NS_CLIENTATTR_WANTDNSSEC |
|
||||
DNS_MESSAGEFLAG_AD);
|
||||
query_putrdataset(client, &sigrdataset);
|
||||
rpz_st->q.is_zone = is_zone;
|
||||
is_zone = ISC_TRUE;
|
||||
rpz_log_rewrite(client, "", rpz_st->m.policy,
|
||||
rpz_st->m.type, rpz_st->qname);
|
||||
rpz_log_rewrite(client, ISC_FALSE, rpz_st->m.policy,
|
||||
rpz_st->m.type, zone, rpz_st->qname);
|
||||
}
|
||||
}
|
||||
|
||||
@ -6080,6 +6171,15 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
rdataset = NULL;
|
||||
sigrdataset = NULL;
|
||||
type = qtype = dns_rdatatype_a;
|
||||
rpz_st = client->query.rpz_st;
|
||||
if (rpz_st != NULL) {
|
||||
/*
|
||||
* Arrange for RPZ rewriting of any A records.
|
||||
*/
|
||||
if ((rpz_st->state & DNS_RPZ_REWRITTEN) != 0)
|
||||
is_zone = rpz_st->q.is_zone;
|
||||
rpz_st_clear(client);
|
||||
}
|
||||
dns64 = ISC_TRUE;
|
||||
goto db_find;
|
||||
}
|
||||
@ -6108,7 +6208,10 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
* closest provable encloser.
|
||||
*/
|
||||
if (dns_rdataset_isassociated(rdataset) &&
|
||||
!dns_name_equal(qname, found)) {
|
||||
!dns_name_equal(qname, found) &&
|
||||
!(ns_g_nonearest &&
|
||||
qtype != dns_rdatatype_ds))
|
||||
{
|
||||
unsigned int count;
|
||||
unsigned int skip;
|
||||
|
||||
@ -6338,6 +6441,15 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
sigrdataset = NULL;
|
||||
fname = NULL;
|
||||
type = qtype = dns_rdatatype_a;
|
||||
rpz_st = client->query.rpz_st;
|
||||
if (rpz_st != NULL) {
|
||||
/*
|
||||
* Arrange for RPZ rewriting of any A records.
|
||||
*/
|
||||
if ((rpz_st->state & DNS_RPZ_REWRITTEN) != 0)
|
||||
is_zone = rpz_st->q.is_zone;
|
||||
rpz_st_clear(client);
|
||||
}
|
||||
dns64 = ISC_TRUE;
|
||||
goto db_find;
|
||||
}
|
||||
@ -6838,6 +6950,15 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
||||
rdataset = NULL;
|
||||
sigrdataset = NULL;
|
||||
type = qtype = dns_rdatatype_a;
|
||||
rpz_st = client->query.rpz_st;
|
||||
if (rpz_st != NULL) {
|
||||
/*
|
||||
* Arrange for RPZ rewriting of any A records.
|
||||
*/
|
||||
if ((rpz_st->state & DNS_RPZ_REWRITTEN) != 0)
|
||||
is_zone = rpz_st->q.is_zone;
|
||||
rpz_st_clear(client);
|
||||
}
|
||||
dns64_exclude = dns64 = ISC_TRUE;
|
||||
goto db_find;
|
||||
}
|
||||
@ -7124,7 +7245,6 @@ ns_query_start(ns_client_t *client) {
|
||||
dns_rdatatype_t qtype;
|
||||
unsigned int saved_extflags = client->extflags;
|
||||
unsigned int saved_flags = client->message->flags;
|
||||
isc_boolean_t want_ad;
|
||||
|
||||
CTRACE("ns_query_start");
|
||||
|
||||
@ -7286,13 +7406,11 @@ ns_query_start(ns_client_t *client) {
|
||||
client->query.attributes &= ~NS_QUERYATTR_SECURE;
|
||||
|
||||
/*
|
||||
* Set 'want_ad' if the client has set AD in the query.
|
||||
* Set NS_CLIENTATTR_WANTDNSSEC if the client has set AD in the query.
|
||||
* This allows AD to be returned on queries without DO set.
|
||||
*/
|
||||
if ((message->flags & DNS_MESSAGEFLAG_AD) != 0)
|
||||
want_ad = ISC_TRUE;
|
||||
else
|
||||
want_ad = ISC_FALSE;
|
||||
client->attributes |= NS_CLIENTATTR_WANTAD;
|
||||
|
||||
/*
|
||||
* This is an ordinary query.
|
||||
@ -7317,7 +7435,7 @@ ns_query_start(ns_client_t *client) {
|
||||
* Set AD. We must clear it if we add non-validated data to a
|
||||
* response.
|
||||
*/
|
||||
if (WANTDNSSEC(client) || want_ad)
|
||||
if (WANTDNSSEC(client) || WANTAD(client))
|
||||
message->flags |= DNS_MESSAGEFLAG_AD;
|
||||
|
||||
qclient = NULL;
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 1999-2003 Internet Software Consortium.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -159,7 +159,7 @@
|
||||
* a cache. Only effective when a finite max-cache-size is specified.
|
||||
* This is currently defined to be 8MB.
|
||||
*/
|
||||
#define MAX_ADB_SIZE_FOR_CACHESHARE 8388608
|
||||
#define MAX_ADB_SIZE_FOR_CACHESHARE 8388608U
|
||||
|
||||
struct ns_dispatch {
|
||||
isc_sockaddr_t addr;
|
||||
@ -242,6 +242,72 @@ static const struct {
|
||||
{ "31.172.IN-ADDR.ARPA", ISC_TRUE },
|
||||
{ "168.192.IN-ADDR.ARPA", ISC_TRUE },
|
||||
|
||||
/* RFC 6598 */
|
||||
{ "64.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "65.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "66.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "67.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "68.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "69.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "70.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "71.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "72.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "73.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "74.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "75.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "76.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "77.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "78.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "79.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "80.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "81.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "82.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "83.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "84.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "85.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "86.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "87.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "88.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "89.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "90.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "91.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "92.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "93.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "94.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "95.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "96.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "97.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "98.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "99.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "100.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "101.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "102.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "103.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "104.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "105.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "106.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "107.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "108.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "109.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "110.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "111.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "112.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "113.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "114.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "115.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "116.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "117.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "118.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "119.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "120.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "121.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "122.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "123.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "124.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "125.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "126.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
{ "127.100.IN-ADDR.ARPA", ISC_FALSE },
|
||||
|
||||
/* RFC 5735 and RFC 5737 */
|
||||
{ "0.IN-ADDR.ARPA", ISC_FALSE }, /* THIS NETWORK */
|
||||
{ "127.IN-ADDR.ARPA", ISC_FALSE }, /* LOOPBACK */
|
||||
@ -447,7 +513,7 @@ configure_view_nametable(const cfg_obj_t *vconfig, const cfg_obj_t *config,
|
||||
element = cfg_list_next(element)) {
|
||||
nameobj = cfg_listelt_value(element);
|
||||
str = cfg_obj_asstring(nameobj);
|
||||
isc_buffer_init(&b, str, strlen(str));
|
||||
isc_buffer_constinit(&b, str, strlen(str));
|
||||
isc_buffer_add(&b, strlen(str));
|
||||
CHECK(dns_name_fromtext(name, &b, dns_rootname, 0, NULL));
|
||||
/*
|
||||
@ -564,7 +630,7 @@ dstkey_fromconfig(const cfg_obj_t *vconfig, const cfg_obj_t *key,
|
||||
keystruct.common.rdtype,
|
||||
&keystruct, &rrdatabuf));
|
||||
dns_fixedname_init(&fkeyname);
|
||||
isc_buffer_init(&namebuf, keynamestr, strlen(keynamestr));
|
||||
isc_buffer_constinit(&namebuf, keynamestr, strlen(keynamestr));
|
||||
isc_buffer_add(&namebuf, strlen(keynamestr));
|
||||
CHECK(dns_name_fromtext(keyname, &namebuf, dns_rootname, 0, NULL));
|
||||
CHECK(dst_key_fromdns(keyname, viewclass, &rrdatabuf,
|
||||
@ -798,7 +864,17 @@ configure_view_dnsseckeys(dns_view_t *view, const cfg_obj_t *vconfig,
|
||||
*/
|
||||
obj = NULL;
|
||||
(void)ns_config_get(maps, "managed-keys-directory", &obj);
|
||||
directory = obj != NULL ? cfg_obj_asstring(obj) : NULL;
|
||||
directory = (obj != NULL ? cfg_obj_asstring(obj) : NULL);
|
||||
if (directory != NULL)
|
||||
result = isc_file_isdirectory(directory);
|
||||
if (result != ISC_R_SUCCESS) {
|
||||
isc_log_write(ns_g_lctx, DNS_LOGCATEGORY_SECURITY,
|
||||
NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
|
||||
"invalid managed-keys-directory %s: %s",
|
||||
directory, isc_result_totext(result));
|
||||
goto cleanup;
|
||||
|
||||
}
|
||||
CHECK(add_keydata_zone(view, directory, ns_g_mctx));
|
||||
|
||||
cleanup:
|
||||
@ -824,7 +900,7 @@ mustbesecure(const cfg_obj_t *mbs, dns_resolver_t *resolver) {
|
||||
{
|
||||
obj = cfg_listelt_value(element);
|
||||
str = cfg_obj_asstring(cfg_tuple_get(obj, "name"));
|
||||
isc_buffer_init(&b, str, strlen(str));
|
||||
isc_buffer_constinit(&b, str, strlen(str));
|
||||
isc_buffer_add(&b, strlen(str));
|
||||
CHECK(dns_name_fromtext(name, &b, dns_rootname, 0, NULL));
|
||||
value = cfg_obj_asboolean(cfg_tuple_get(obj, "value"));
|
||||
@ -977,7 +1053,7 @@ configure_order(dns_order_t *order, const cfg_obj_t *ent) {
|
||||
else
|
||||
str = "*";
|
||||
addroot = ISC_TF(strcmp(str, "*") == 0);
|
||||
isc_buffer_init(&b, str, strlen(str));
|
||||
isc_buffer_constinit(&b, str, strlen(str));
|
||||
isc_buffer_add(&b, strlen(str));
|
||||
dns_fixedname_init(&fixed);
|
||||
result = dns_name_fromtext(dns_fixedname_name(&fixed), &b,
|
||||
@ -1163,7 +1239,7 @@ disable_algorithms(const cfg_obj_t *disabled, dns_resolver_t *resolver) {
|
||||
dns_fixedname_init(&fixed);
|
||||
name = dns_fixedname_name(&fixed);
|
||||
str = cfg_obj_asstring(cfg_tuple_get(disabled, "name"));
|
||||
isc_buffer_init(&b, str, strlen(str));
|
||||
isc_buffer_constinit(&b, str, strlen(str));
|
||||
isc_buffer_add(&b, strlen(str));
|
||||
CHECK(dns_name_fromtext(name, &b, dns_rootname, 0, NULL));
|
||||
|
||||
@ -1215,7 +1291,7 @@ on_disable_list(const cfg_obj_t *disablelist, dns_name_t *zonename) {
|
||||
{
|
||||
value = cfg_listelt_value(element);
|
||||
str = cfg_obj_asstring(value);
|
||||
isc_buffer_init(&b, str, strlen(str));
|
||||
isc_buffer_constinit(&b, str, strlen(str));
|
||||
isc_buffer_add(&b, strlen(str));
|
||||
result = dns_name_fromtext(name, &b, dns_rootname,
|
||||
0, NULL);
|
||||
@ -1399,7 +1475,7 @@ dns64_reverse(dns_view_t *view, isc_mem_t *mctx, isc_netaddr_t *na,
|
||||
dns64_dbtype[3] = contact;
|
||||
dns_fixedname_init(&fixed);
|
||||
name = dns_fixedname_name(&fixed);
|
||||
isc_buffer_init(&b, reverse, strlen(reverse));
|
||||
isc_buffer_constinit(&b, reverse, strlen(reverse));
|
||||
isc_buffer_add(&b, strlen(reverse));
|
||||
CHECK(dns_name_fromtext(name, &b, dns_rootname, 0, NULL));
|
||||
CHECK(dns_zone_create(&zone, mctx));
|
||||
@ -1429,40 +1505,58 @@ dns64_reverse(dns_view_t *view, isc_mem_t *mctx, isc_netaddr_t *na,
|
||||
return (result);
|
||||
}
|
||||
|
||||
static isc_result_t
|
||||
configure_rpz_name(dns_view_t *view, const cfg_obj_t *obj, dns_name_t *name,
|
||||
const char *str, const char *msg)
|
||||
{
|
||||
isc_result_t result;
|
||||
|
||||
result = dns_name_fromstring(name, str, DNS_NAME_DOWNCASE, view->mctx);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
cfg_obj_log(obj, ns_g_lctx, DNS_RPZ_ERROR_LEVEL,
|
||||
"invalid %s '%s'", msg, str);
|
||||
return (result);
|
||||
}
|
||||
|
||||
static isc_result_t
|
||||
configure_rpz_name2(dns_view_t *view, const cfg_obj_t *obj, dns_name_t *name,
|
||||
const char *str, const dns_name_t *origin)
|
||||
{
|
||||
isc_result_t result;
|
||||
|
||||
result = dns_name_fromstring2(name, str, origin, DNS_NAME_DOWNCASE,
|
||||
view->mctx);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
cfg_obj_log(obj, ns_g_lctx, DNS_RPZ_ERROR_LEVEL,
|
||||
"invalid zone '%s'", str);
|
||||
return (result);
|
||||
}
|
||||
|
||||
static isc_result_t
|
||||
configure_rpz(dns_view_t *view, const cfg_listelt_t *element,
|
||||
isc_boolean_t recursive_only_def, dns_ttl_t ttl_def)
|
||||
{
|
||||
const cfg_obj_t *rpz_obj, *policy_obj, *obj;
|
||||
const cfg_obj_t *rpz_obj, *obj;
|
||||
const char *str;
|
||||
dns_rpz_zone_t *old, *new;
|
||||
dns_zone_t *zone = NULL;
|
||||
isc_result_t result;
|
||||
|
||||
rpz_obj = cfg_listelt_value(element);
|
||||
|
||||
new = isc_mem_get(view->mctx, sizeof(*new));
|
||||
if (new == NULL) {
|
||||
result = ISC_R_NOMEMORY;
|
||||
goto cleanup;
|
||||
cfg_obj_log(rpz_obj, ns_g_lctx, DNS_RPZ_ERROR_LEVEL,
|
||||
"no memory for response policy zones");
|
||||
return (ISC_R_NOMEMORY);
|
||||
}
|
||||
|
||||
memset(new, 0, sizeof(*new));
|
||||
dns_name_init(&new->origin, NULL);
|
||||
dns_name_init(&new->nsdname, NULL);
|
||||
dns_name_init(&new->cname, NULL);
|
||||
dns_name_init(&new->passthru, NULL);
|
||||
dns_name_init(&new->cname, NULL);
|
||||
ISC_LIST_INITANDAPPEND(view->rpz_zones, new, link);
|
||||
|
||||
rpz_obj = cfg_listelt_value(element);
|
||||
policy_obj = cfg_tuple_get(rpz_obj, "policy");
|
||||
if (cfg_obj_isvoid(policy_obj)) {
|
||||
new->policy = DNS_RPZ_POLICY_GIVEN;
|
||||
} else {
|
||||
str = cfg_obj_asstring(cfg_tuple_get(policy_obj,
|
||||
"policy name"));
|
||||
new->policy = dns_rpz_str2policy(str);
|
||||
INSIST(new->policy != DNS_RPZ_POLICY_ERROR);
|
||||
}
|
||||
|
||||
obj = cfg_tuple_get(rpz_obj, "recursive-only");
|
||||
if (cfg_obj_isvoid(obj)) {
|
||||
new->recursive_only = recursive_only_def;
|
||||
@ -1480,47 +1574,14 @@ configure_rpz(dns_view_t *view, const cfg_listelt_t *element,
|
||||
}
|
||||
|
||||
str = cfg_obj_asstring(cfg_tuple_get(rpz_obj, "zone name"));
|
||||
result = dns_name_fromstring(&new->origin, str, DNS_NAME_DOWNCASE,
|
||||
view->mctx);
|
||||
if (result != ISC_R_SUCCESS) {
|
||||
result = configure_rpz_name(view, rpz_obj, &new->origin, str, "zone");
|
||||
if (result != ISC_R_SUCCESS)
|
||||
return (result);
|
||||
if (dns_name_equal(&new->origin, dns_rootname)) {
|
||||
cfg_obj_log(rpz_obj, ns_g_lctx, DNS_RPZ_ERROR_LEVEL,
|
||||
"invalid zone '%s'", str);
|
||||
goto cleanup;
|
||||
"invalid zone name '%s'", str);
|
||||
return (DNS_R_EMPTYLABEL);
|
||||
}
|
||||
|
||||
result = dns_name_fromstring2(&new->nsdname, DNS_RPZ_NSDNAME_ZONE,
|
||||
&new->origin, DNS_NAME_DOWNCASE,
|
||||
view->mctx);
|
||||
if (result != ISC_R_SUCCESS) {
|
||||
cfg_obj_log(rpz_obj, ns_g_lctx, DNS_RPZ_ERROR_LEVEL,
|
||||
"invalid zone '%s'", str);
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
result = dns_name_fromstring(&new->passthru, DNS_RPZ_PASSTHRU_ZONE,
|
||||
DNS_NAME_DOWNCASE, view->mctx);
|
||||
if (result != ISC_R_SUCCESS) {
|
||||
cfg_obj_log(rpz_obj, ns_g_lctx, DNS_RPZ_ERROR_LEVEL,
|
||||
"invalid zone '%s'", str);
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
result = dns_view_findzone(view, &new->origin, &zone);
|
||||
if (result != ISC_R_SUCCESS) {
|
||||
cfg_obj_log(rpz_obj, ns_g_lctx, DNS_RPZ_ERROR_LEVEL,
|
||||
"unknown zone '%s'", str);
|
||||
goto cleanup;
|
||||
}
|
||||
if (dns_zone_gettype(zone) != dns_zone_master &&
|
||||
dns_zone_gettype(zone) != dns_zone_slave) {
|
||||
cfg_obj_log(rpz_obj, ns_g_lctx, DNS_RPZ_ERROR_LEVEL,
|
||||
"zone '%s' is neither master nor slave", str);
|
||||
dns_zone_detach(&zone);
|
||||
result = DNS_R_NOTMASTER;
|
||||
goto cleanup;
|
||||
}
|
||||
dns_zone_detach(&zone);
|
||||
|
||||
for (old = ISC_LIST_HEAD(view->rpz_zones);
|
||||
old != new;
|
||||
old = ISC_LIST_NEXT(old, link)) {
|
||||
@ -1529,26 +1590,37 @@ configure_rpz(dns_view_t *view, const cfg_listelt_t *element,
|
||||
cfg_obj_log(rpz_obj, ns_g_lctx, DNS_RPZ_ERROR_LEVEL,
|
||||
"duplicate '%s'", str);
|
||||
result = DNS_R_DUPLICATE;
|
||||
goto cleanup;
|
||||
return (result);
|
||||
}
|
||||
}
|
||||
|
||||
if (new->policy == DNS_RPZ_POLICY_CNAME) {
|
||||
str = cfg_obj_asstring(cfg_tuple_get(policy_obj, "cname"));
|
||||
result = dns_name_fromstring(&new->cname, str,
|
||||
DNS_NAME_DOWNCASE, view->mctx);
|
||||
if (result != ISC_R_SUCCESS) {
|
||||
cfg_obj_log(rpz_obj, ns_g_lctx, DNS_RPZ_ERROR_LEVEL,
|
||||
"invalid cname '%s'", str);
|
||||
goto cleanup;
|
||||
result = configure_rpz_name2(view, rpz_obj, &new->nsdname,
|
||||
DNS_RPZ_NSDNAME_ZONE, &new->origin);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
return (result);
|
||||
|
||||
result = configure_rpz_name(view, rpz_obj, &new->passthru,
|
||||
DNS_RPZ_PASSTHRU_ZONE, "zone");
|
||||
if (result != ISC_R_SUCCESS)
|
||||
return (result);
|
||||
|
||||
obj = cfg_tuple_get(rpz_obj, "policy");
|
||||
if (cfg_obj_isvoid(obj)) {
|
||||
new->policy = DNS_RPZ_POLICY_GIVEN;
|
||||
} else {
|
||||
str = cfg_obj_asstring(cfg_tuple_get(obj, "policy name"));
|
||||
new->policy = dns_rpz_str2policy(str);
|
||||
INSIST(new->policy != DNS_RPZ_POLICY_ERROR);
|
||||
if (new->policy == DNS_RPZ_POLICY_CNAME) {
|
||||
str = cfg_obj_asstring(cfg_tuple_get(obj, "cname"));
|
||||
result = configure_rpz_name(view, rpz_obj, &new->cname,
|
||||
str, "cname");
|
||||
if (result != ISC_R_SUCCESS)
|
||||
return (result);
|
||||
}
|
||||
}
|
||||
|
||||
return (ISC_R_SUCCESS);
|
||||
|
||||
cleanup:
|
||||
dns_rpz_view_destroy(view);
|
||||
return (result);
|
||||
}
|
||||
|
||||
/*
|
||||
@ -1617,6 +1689,7 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
|
||||
dns_acl_t *clients = NULL, *mapped = NULL, *excluded = NULL;
|
||||
unsigned int query_timeout;
|
||||
struct cfg_context *nzctx;
|
||||
dns_rpz_zone_t *rpz;
|
||||
|
||||
REQUIRE(DNS_VIEW_VALID(view));
|
||||
|
||||
@ -1714,6 +1787,53 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
|
||||
&view->queryacl));
|
||||
}
|
||||
|
||||
/*
|
||||
* Make the list of response policy zone names for a view that
|
||||
* is used for real lookups and so cares about hints.
|
||||
*/
|
||||
obj = NULL;
|
||||
if (view->rdclass == dns_rdataclass_in && need_hints &&
|
||||
ns_config_get(maps, "response-policy", &obj) == ISC_R_SUCCESS) {
|
||||
const cfg_obj_t *rpz_obj;
|
||||
isc_boolean_t recursive_only_def;
|
||||
dns_ttl_t ttl_def;
|
||||
|
||||
rpz_obj = cfg_tuple_get(obj, "recursive-only");
|
||||
if (!cfg_obj_isvoid(rpz_obj) &&
|
||||
!cfg_obj_asboolean(rpz_obj))
|
||||
recursive_only_def = ISC_FALSE;
|
||||
else
|
||||
recursive_only_def = ISC_TRUE;
|
||||
|
||||
rpz_obj = cfg_tuple_get(obj, "break-dnssec");
|
||||
if (!cfg_obj_isvoid(rpz_obj) &&
|
||||
cfg_obj_asboolean(rpz_obj))
|
||||
view->rpz_break_dnssec = ISC_TRUE;
|
||||
else
|
||||
view->rpz_break_dnssec = ISC_FALSE;
|
||||
|
||||
rpz_obj = cfg_tuple_get(obj, "max-policy-ttl");
|
||||
if (cfg_obj_isuint32(rpz_obj))
|
||||
ttl_def = cfg_obj_asuint32(rpz_obj);
|
||||
else
|
||||
ttl_def = DNS_RPZ_MAX_TTL_DEFAULT;
|
||||
|
||||
rpz_obj = cfg_tuple_get(obj, "min-ns-dots");
|
||||
if (cfg_obj_isuint32(rpz_obj))
|
||||
view->rpz_min_ns_labels = cfg_obj_asuint32(rpz_obj) + 1;
|
||||
else
|
||||
view->rpz_min_ns_labels = 2;
|
||||
|
||||
element = cfg_list_first(cfg_tuple_get(obj, "zone list"));
|
||||
while (element != NULL) {
|
||||
result = configure_rpz(view, element,
|
||||
recursive_only_def, ttl_def);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
goto cleanup;
|
||||
element = cfg_list_next(element);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Configure the zones.
|
||||
*/
|
||||
@ -1735,6 +1855,22 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
|
||||
actx, ISC_FALSE));
|
||||
}
|
||||
|
||||
for (rpz = ISC_LIST_HEAD(view->rpz_zones);
|
||||
rpz != NULL;
|
||||
rpz = ISC_LIST_NEXT(rpz, link))
|
||||
{
|
||||
if (!rpz->defined) {
|
||||
char namebuf[DNS_NAME_FORMATSIZE];
|
||||
|
||||
dns_name_format(&rpz->origin, namebuf, sizeof(namebuf));
|
||||
cfg_obj_log(obj, ns_g_lctx, DNS_RPZ_ERROR_LEVEL,
|
||||
"'%s' is not a master or slave zone",
|
||||
namebuf);
|
||||
result = ISC_R_NOTFOUND;
|
||||
goto cleanup;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* If we're allowing added zones, then load zone configuration
|
||||
* from the newzone file for zones that were added during previous
|
||||
@ -2161,9 +2297,9 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
|
||||
* MAX_ADB_SIZE_FOR_CACHESHARE when the cache is shared.
|
||||
*/
|
||||
max_adb_size = 0;
|
||||
if (max_cache_size != 0) {
|
||||
if (max_cache_size != 0U) {
|
||||
max_adb_size = max_cache_size / 8;
|
||||
if (max_adb_size == 0)
|
||||
if (max_adb_size == 0U)
|
||||
max_adb_size = 1; /* Force minimum. */
|
||||
if (view != nsc->primaryview &&
|
||||
max_adb_size > MAX_ADB_SIZE_FOR_CACHESHARE) {
|
||||
@ -2638,7 +2774,7 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
|
||||
obj = cfg_listelt_value(element);
|
||||
str = cfg_obj_asstring(cfg_tuple_get(obj,
|
||||
"trust-anchor"));
|
||||
isc_buffer_init(&b, str, strlen(str));
|
||||
isc_buffer_constinit(&b, str, strlen(str));
|
||||
isc_buffer_add(&b, strlen(str));
|
||||
dlv = dns_fixedname_name(&view->dlv_fixed);
|
||||
CHECK(dns_name_fromtext(dlv, &b, dns_rootname,
|
||||
@ -2691,7 +2827,7 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
|
||||
element = cfg_list_next(element)) {
|
||||
exclude = cfg_listelt_value(element);
|
||||
str = cfg_obj_asstring(exclude);
|
||||
isc_buffer_init(&b, str, strlen(str));
|
||||
isc_buffer_constinit(&b, str, strlen(str));
|
||||
isc_buffer_add(&b, strlen(str));
|
||||
CHECK(dns_name_fromtext(name, &b, dns_rootname,
|
||||
0, NULL));
|
||||
@ -2745,7 +2881,7 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
|
||||
result = ns_config_get(maps, "empty-server", &obj);
|
||||
if (result == ISC_R_SUCCESS) {
|
||||
str = cfg_obj_asstring(obj);
|
||||
isc_buffer_init(&buffer, str, strlen(str));
|
||||
isc_buffer_constinit(&buffer, str, strlen(str));
|
||||
isc_buffer_add(&buffer, strlen(str));
|
||||
CHECK(dns_name_fromtext(name, &buffer, dns_rootname, 0,
|
||||
NULL));
|
||||
@ -2760,7 +2896,7 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
|
||||
result = ns_config_get(maps, "empty-contact", &obj);
|
||||
if (result == ISC_R_SUCCESS) {
|
||||
str = cfg_obj_asstring(obj);
|
||||
isc_buffer_init(&buffer, str, strlen(str));
|
||||
isc_buffer_constinit(&buffer, str, strlen(str));
|
||||
isc_buffer_add(&buffer, strlen(str));
|
||||
CHECK(dns_name_fromtext(name, &buffer, dns_rootname, 0,
|
||||
NULL));
|
||||
@ -2784,7 +2920,7 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
|
||||
dns_forwarders_t *forwarders = NULL;
|
||||
dns_view_t *pview = NULL;
|
||||
|
||||
isc_buffer_init(&buffer, empty, strlen(empty));
|
||||
isc_buffer_constinit(&buffer, empty, strlen(empty));
|
||||
isc_buffer_add(&buffer, strlen(empty));
|
||||
/*
|
||||
* Look for zone on drop list.
|
||||
@ -2800,7 +2936,6 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
|
||||
*/
|
||||
(void)dns_view_findzone(view, name, &zone);
|
||||
if (zone != NULL) {
|
||||
CHECK(setquerystats(zone, mctx, zonestats_on));
|
||||
dns_zone_detach(&zone);
|
||||
continue;
|
||||
}
|
||||
@ -2886,49 +3021,6 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Make the list of response policy zone names for views that
|
||||
* are used for real lookups and so care about hints.
|
||||
*/
|
||||
obj = NULL;
|
||||
if (view->rdclass == dns_rdataclass_in && need_hints &&
|
||||
ns_config_get(maps, "response-policy", &obj) == ISC_R_SUCCESS) {
|
||||
const cfg_obj_t *recursive_only_obj;
|
||||
const cfg_obj_t *break_dnssec_obj, *ttl_obj;
|
||||
isc_boolean_t recursive_only_def;
|
||||
dns_ttl_t ttl_def;
|
||||
|
||||
recursive_only_obj = cfg_tuple_get(obj, "recursive-only");
|
||||
if (!cfg_obj_isvoid(recursive_only_obj) &&
|
||||
!cfg_obj_asboolean(recursive_only_obj))
|
||||
recursive_only_def = ISC_FALSE;
|
||||
else
|
||||
recursive_only_def = ISC_TRUE;
|
||||
|
||||
break_dnssec_obj = cfg_tuple_get(obj, "break-dnssec");
|
||||
if (!cfg_obj_isvoid(break_dnssec_obj) &&
|
||||
cfg_obj_asboolean(break_dnssec_obj))
|
||||
view->rpz_break_dnssec = ISC_TRUE;
|
||||
else
|
||||
view->rpz_break_dnssec = ISC_FALSE;
|
||||
|
||||
ttl_obj = cfg_tuple_get(obj, "max-policy-ttl");
|
||||
if (cfg_obj_isuint32(ttl_obj))
|
||||
ttl_def = cfg_obj_asuint32(ttl_obj);
|
||||
else
|
||||
ttl_def = DNS_RPZ_MAX_TTL_DEFAULT;
|
||||
|
||||
for (element = cfg_list_first(cfg_tuple_get(obj, "zone list"));
|
||||
element != NULL;
|
||||
element = cfg_list_next(element)) {
|
||||
result = configure_rpz(view, element,
|
||||
recursive_only_def, ttl_def);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
goto cleanup;
|
||||
dns_rpz_set_need(ISC_TRUE);
|
||||
}
|
||||
}
|
||||
|
||||
result = ISC_R_SUCCESS;
|
||||
|
||||
cleanup:
|
||||
@ -3028,7 +3120,7 @@ configure_alternates(const cfg_obj_t *config, dns_view_t *view,
|
||||
isc_buffer_t buffer;
|
||||
in_port_t myport = port;
|
||||
|
||||
isc_buffer_init(&buffer, str, strlen(str));
|
||||
isc_buffer_constinit(&buffer, str, strlen(str));
|
||||
isc_buffer_add(&buffer, strlen(str));
|
||||
dns_fixedname_init(&fixed);
|
||||
name = dns_fixedname_name(&fixed);
|
||||
@ -3280,6 +3372,8 @@ configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig,
|
||||
const char *zname;
|
||||
dns_rdataclass_t zclass;
|
||||
const char *ztypestr;
|
||||
isc_boolean_t is_rpz;
|
||||
dns_rpz_zone_t *rpz;
|
||||
|
||||
options = NULL;
|
||||
(void)cfg_map_get(config, "options", &options);
|
||||
@ -3290,7 +3384,7 @@ configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig,
|
||||
* Get the zone origin as a dns_name_t.
|
||||
*/
|
||||
zname = cfg_obj_asstring(cfg_tuple_get(zconfig, "name"));
|
||||
isc_buffer_init(&buffer, zname, strlen(zname));
|
||||
isc_buffer_constinit(&buffer, zname, strlen(zname));
|
||||
isc_buffer_add(&buffer, strlen(zname));
|
||||
dns_fixedname_init(&fixorigin);
|
||||
CHECK(dns_name_fromtext(dns_fixedname_name(&fixorigin),
|
||||
@ -3408,6 +3502,21 @@ configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig,
|
||||
}
|
||||
INSIST(dupzone == NULL);
|
||||
|
||||
/*
|
||||
* Note whether this is a response policy zone.
|
||||
*/
|
||||
is_rpz = ISC_FALSE;
|
||||
for (rpz = ISC_LIST_HEAD(view->rpz_zones);
|
||||
rpz != NULL;
|
||||
rpz = ISC_LIST_NEXT(rpz, link))
|
||||
{
|
||||
if (dns_name_equal(&rpz->origin, origin)) {
|
||||
is_rpz = ISC_TRUE;
|
||||
rpz->defined = ISC_TRUE;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* See if we can reuse an existing zone. This is
|
||||
* only possible if all of these are true:
|
||||
@ -3416,6 +3525,7 @@ configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig,
|
||||
* - The zone is compatible with the config
|
||||
* options (e.g., an existing master zone cannot
|
||||
* be reused if the options specify a slave zone)
|
||||
* - The zone was and is or was not and is not a policy zone
|
||||
*/
|
||||
result = dns_viewlist_find(&ns_g_server->viewlist,
|
||||
view->name, view->rdclass,
|
||||
@ -3429,6 +3539,9 @@ configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig,
|
||||
if (zone != NULL && !ns_zone_reusable(zone, zconfig))
|
||||
dns_zone_detach(&zone);
|
||||
|
||||
if (zone != NULL && is_rpz != dns_zone_get_rpz(zone))
|
||||
dns_zone_detach(&zone);
|
||||
|
||||
if (zone != NULL) {
|
||||
/*
|
||||
* We found a reusable zone. Make it use the
|
||||
@ -3451,6 +3564,19 @@ configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig,
|
||||
dns_zone_setstats(zone, ns_g_server->zonestats);
|
||||
}
|
||||
|
||||
if (is_rpz) {
|
||||
result = dns_zone_rpz_enable(zone);
|
||||
if (result != ISC_R_SUCCESS) {
|
||||
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
|
||||
NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
|
||||
"zone '%s': incompatible"
|
||||
" masterfile-format or database"
|
||||
" for a response policy zone",
|
||||
zname);
|
||||
goto cleanup;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* If the zone contains a 'forwarders' statement, configure
|
||||
* selective forwarding.
|
||||
@ -4126,7 +4252,7 @@ configure_session_key(const cfg_obj_t **maps, ns_server_t *server,
|
||||
INSIST(result == ISC_R_SUCCESS);
|
||||
keynamestr = cfg_obj_asstring(obj);
|
||||
dns_fixedname_init(&fname);
|
||||
isc_buffer_init(&buffer, keynamestr, strlen(keynamestr));
|
||||
isc_buffer_constinit(&buffer, keynamestr, strlen(keynamestr));
|
||||
isc_buffer_add(&buffer, strlen(keynamestr));
|
||||
keyname = dns_fixedname_name(&fname);
|
||||
result = dns_name_fromtext(keyname, &buffer, dns_rootname, 0, NULL);
|
||||
@ -5858,6 +5984,7 @@ zone_from_args(ns_server_t *server, char *args, dns_zone_t **zonep,
|
||||
dns_rdataclass_t rdclass;
|
||||
|
||||
REQUIRE(zonep != NULL && *zonep == NULL);
|
||||
REQUIRE(zonename == NULL || *zonename == NULL);
|
||||
|
||||
input = args;
|
||||
|
||||
@ -5870,7 +5997,7 @@ zone_from_args(ns_server_t *server, char *args, dns_zone_t **zonep,
|
||||
zonetxt = next_token(&input, " \t");
|
||||
if (zonetxt == NULL)
|
||||
return (ISC_R_SUCCESS);
|
||||
if (zonename)
|
||||
if (zonename != NULL)
|
||||
*zonename = zonetxt;
|
||||
|
||||
/* Look for the optional class name. */
|
||||
@ -5880,7 +6007,7 @@ zone_from_args(ns_server_t *server, char *args, dns_zone_t **zonep,
|
||||
viewtxt = next_token(&input, " \t");
|
||||
}
|
||||
|
||||
isc_buffer_init(&buf, zonetxt, strlen(zonetxt));
|
||||
isc_buffer_constinit(&buf, zonetxt, strlen(zonetxt));
|
||||
isc_buffer_add(&buf, strlen(zonetxt));
|
||||
dns_fixedname_init(&name);
|
||||
result = dns_name_fromtext(dns_fixedname_name(&name),
|
||||
@ -6788,7 +6915,7 @@ ns_server_flushname(ns_server_t *server, char *args) {
|
||||
if (target == NULL)
|
||||
return (ISC_R_UNEXPECTEDEND);
|
||||
|
||||
isc_buffer_init(&b, target, strlen(target));
|
||||
isc_buffer_constinit(&b, target, strlen(target));
|
||||
isc_buffer_add(&b, strlen(target));
|
||||
dns_fixedname_init(&fixed);
|
||||
name = dns_fixedname_name(&fixed);
|
||||
@ -7342,7 +7469,7 @@ ns_server_add_zone(ns_server_t *server, char *args) {
|
||||
CHECK(cfg_map_get(config, "addzone", &parms));
|
||||
|
||||
zonename = cfg_obj_asstring(cfg_tuple_get(parms, "name"));
|
||||
isc_buffer_init(&buf, zonename, strlen(zonename));
|
||||
isc_buffer_constinit(&buf, zonename, strlen(zonename));
|
||||
isc_buffer_add(&buf, strlen(zonename));
|
||||
dns_name_init(&dnsname, NULL);
|
||||
isc_buffer_allocate(server->mctx, &nbuf, 256);
|
||||
@ -7406,7 +7533,8 @@ ns_server_add_zone(ns_server_t *server, char *args) {
|
||||
CHECK(isc_stdio_open(view->new_zone_file, "a", &fp));
|
||||
|
||||
/* Mark view unfrozen so that zone can be added */
|
||||
isc_task_beginexclusive(server->task);
|
||||
result = isc_task_beginexclusive(server->task);
|
||||
RUNTIME_CHECK(result == ISC_R_SUCCESS);
|
||||
dns_view_thaw(view);
|
||||
result = configure_zone(cfg->config, parms, vconfig,
|
||||
server->mctx, view, cfg->actx, ISC_FALSE);
|
||||
@ -7515,8 +7643,7 @@ ns_server_del_zone(ns_server_t *server, char *args) {
|
||||
|
||||
/* Parse parameters */
|
||||
CHECK(zone_from_args(server, args, &zone, &zonename));
|
||||
if (result != ISC_R_SUCCESS)
|
||||
return (result);
|
||||
|
||||
if (zone == NULL) {
|
||||
result = ISC_R_UNEXPECTEDEND;
|
||||
goto cleanup;
|
||||
@ -7531,8 +7658,8 @@ ns_server_del_zone(ns_server_t *server, char *args) {
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if (zonename != NULL)
|
||||
znamelen = strlen(zonename);
|
||||
INSIST(zonename != NULL);
|
||||
znamelen = strlen(zonename);
|
||||
|
||||
/* Dig out configuration for this zone */
|
||||
view = dns_zone_getview(zone);
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2008-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2008-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
@ -202,6 +202,8 @@ init_desc(void) {
|
||||
SET_NSSTATDESC(updatebadprereq,
|
||||
"updates rejected due to prerequisite failure",
|
||||
"UpdateBadPrereq");
|
||||
SET_NSSTATDESC(rpz_rewrites, "response policy zone rewrites",
|
||||
"RPZRewrites");
|
||||
INSIST(i == dns_nsstatscounter_max);
|
||||
|
||||
/* Initialize resolver statistics */
|
||||
@ -877,11 +879,11 @@ generatexml(ns_server_t *server, int *buflen, xmlChar **buf) {
|
||||
TRY0(xmlTextWriterEndElement(writer)); /* views */
|
||||
|
||||
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "socketmgr"));
|
||||
isc_socketmgr_renderxml(ns_g_socketmgr, writer);
|
||||
TRY0(isc_socketmgr_renderxml(ns_g_socketmgr, writer));
|
||||
TRY0(xmlTextWriterEndElement(writer)); /* socketmgr */
|
||||
|
||||
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "taskmgr"));
|
||||
isc_taskmgr_renderxml(ns_g_taskmgr, writer);
|
||||
TRY0(isc_taskmgr_renderxml(ns_g_taskmgr, writer));
|
||||
TRY0(xmlTextWriterEndElement(writer)); /* taskmgr */
|
||||
|
||||
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "server"));
|
||||
@ -944,7 +946,7 @@ generatexml(ns_server_t *server, int *buflen, xmlChar **buf) {
|
||||
TRY0(xmlTextWriterEndElement(writer)); /* server */
|
||||
|
||||
TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "memory"));
|
||||
isc_mem_renderxml(writer);
|
||||
TRY0(isc_mem_renderxml(writer));
|
||||
TRY0(xmlTextWriterEndElement(writer)); /* memory */
|
||||
|
||||
TRY0(xmlTextWriterEndElement(writer)); /* statistics */
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2004-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2004-2007, 2009, 2010, 2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 1999-2001 Internet Software Consortium.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -73,7 +73,7 @@ ns_tkeyctx_fromconfig(const cfg_obj_t *options, isc_mem_t *mctx,
|
||||
if (result == ISC_R_SUCCESS) {
|
||||
s = cfg_obj_asstring(cfg_tuple_get(obj, "name"));
|
||||
n = cfg_obj_asuint32(cfg_tuple_get(obj, "keyid"));
|
||||
isc_buffer_init(&b, s, strlen(s));
|
||||
isc_buffer_constinit(&b, s, strlen(s));
|
||||
isc_buffer_add(&b, strlen(s));
|
||||
dns_fixedname_init(&fname);
|
||||
name = dns_fixedname_name(&fname);
|
||||
@ -87,7 +87,7 @@ ns_tkeyctx_fromconfig(const cfg_obj_t *options, isc_mem_t *mctx,
|
||||
result = cfg_map_get(options, "tkey-domain", &obj);
|
||||
if (result == ISC_R_SUCCESS) {
|
||||
s = cfg_obj_asstring(obj);
|
||||
isc_buffer_init(&b, s, strlen(s));
|
||||
isc_buffer_constinit(&b, s, strlen(s));
|
||||
isc_buffer_add(&b, strlen(s));
|
||||
dns_fixedname_init(&fname);
|
||||
name = dns_fixedname_name(&fname);
|
||||
@ -106,7 +106,7 @@ ns_tkeyctx_fromconfig(const cfg_obj_t *options, isc_mem_t *mctx,
|
||||
if (result == ISC_R_SUCCESS) {
|
||||
s = cfg_obj_asstring(obj);
|
||||
|
||||
isc_buffer_init(&b, s, strlen(s));
|
||||
isc_buffer_constinit(&b, s, strlen(s));
|
||||
isc_buffer_add(&b, strlen(s));
|
||||
dns_fixedname_init(&fname);
|
||||
name = dns_fixedname_name(&fname);
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2004-2007, 2009, 2011 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2004-2007, 2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 1999-2001 Internet Software Consortium.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -78,7 +78,7 @@ add_initial_keys(const cfg_obj_t *list, dns_tsig_keyring_t *ring,
|
||||
* Create the key name.
|
||||
*/
|
||||
dns_name_init(&keyname, NULL);
|
||||
isc_buffer_init(&keynamesrc, keyid, strlen(keyid));
|
||||
isc_buffer_constinit(&keynamesrc, keyid, strlen(keyid));
|
||||
isc_buffer_add(&keynamesrc, strlen(keyid));
|
||||
isc_buffer_init(&keynamebuf, keynamedata, sizeof(keynamedata));
|
||||
ret = dns_name_fromtext(&keyname, &keynamesrc, dns_rootname,
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2011-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
@ -225,7 +225,9 @@ dlopen_dlz_create(const char *dlzname, unsigned int argc, char *argv[],
|
||||
return (ISC_R_FAILURE);
|
||||
}
|
||||
|
||||
isc_mem_create(0, 0, &mctx);
|
||||
result = isc_mem_create(0, 0, &mctx);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
return (result);
|
||||
|
||||
cd = isc_mem_get(mctx, sizeof(*cd));
|
||||
if (cd == NULL) {
|
||||
@ -247,7 +249,9 @@ dlopen_dlz_create(const char *dlzname, unsigned int argc, char *argv[],
|
||||
}
|
||||
|
||||
/* Initialize the lock */
|
||||
isc_mutex_init(&cd->lock);
|
||||
result = isc_mutex_init(&cd->lock);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
goto failed;
|
||||
|
||||
/* Open the library */
|
||||
dlopen_flags = RTLD_NOW|RTLD_GLOBAL;
|
||||
@ -351,11 +355,11 @@ dlopen_dlz_create(const char *dlzname, unsigned int argc, char *argv[],
|
||||
|
||||
failed:
|
||||
dlopen_log(ISC_LOG_ERROR, "dlz_dlopen of '%s' failed", dlzname);
|
||||
if (cd->dl_path)
|
||||
if (cd->dl_path != NULL)
|
||||
isc_mem_free(mctx, cd->dl_path);
|
||||
if (cd->dlzname)
|
||||
if (cd->dlzname != NULL)
|
||||
isc_mem_free(mctx, cd->dlzname);
|
||||
if (dlopen_flags)
|
||||
if (dlopen_flags != 0)
|
||||
(void) isc_mutex_destroy(&cd->lock);
|
||||
#ifdef HAVE_DLCLOSE
|
||||
if (cd->dl_handle)
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 1999-2003 Internet Software Consortium.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -3500,7 +3500,8 @@ add_signing_records(dns_db_t *db, dns_rdatatype_t privatetype,
|
||||
ISC_LIST_UNLINK(temp_diff.tuples, tuple, link);
|
||||
ISC_LIST_APPEND(diff->tuples, tuple, link);
|
||||
|
||||
dns_rdata_tostruct(&tuple->rdata, &dnskey, NULL);
|
||||
result = dns_rdata_tostruct(&tuple->rdata, &dnskey, NULL);
|
||||
RUNTIME_CHECK(result == ISC_R_SUCCESS);
|
||||
if ((dnskey.flags &
|
||||
(DNS_KEYFLAG_OWNERMASK|DNS_KEYTYPE_NOAUTH))
|
||||
!= DNS_KEYOWNER_ZONE)
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2004-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 1999-2003 Internet Software Consortium.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -833,14 +833,6 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) {
|
||||
FAILQ(DNS_R_NOTAUTH, "non-authoritative zone",
|
||||
question_name, question_class);
|
||||
is_dlz = ISC_TRUE;
|
||||
/*
|
||||
* DLZ only support full zone transfer, not incremental
|
||||
*/
|
||||
if (reqtype != dns_rdatatype_axfr) {
|
||||
mnemonic = "AXFR-style IXFR";
|
||||
reqtype = dns_rdatatype_axfr;
|
||||
}
|
||||
|
||||
} else {
|
||||
/*
|
||||
* not DLZ and not in normal zone table, we are
|
||||
@ -852,12 +844,14 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) {
|
||||
} else {
|
||||
/* zone table has a match */
|
||||
switch(dns_zone_gettype(zone)) {
|
||||
/* Master and slave zones are OK for transfer. */
|
||||
case dns_zone_master:
|
||||
case dns_zone_slave:
|
||||
case dns_zone_dlz:
|
||||
break; /* Master and slave zones are OK for transfer. */
|
||||
break;
|
||||
default:
|
||||
FAILQ(DNS_R_NOTAUTH, "non-authoritative zone", question_name, question_class);
|
||||
FAILQ(DNS_R_NOTAUTH, "non-authoritative zone",
|
||||
question_name, question_class);
|
||||
}
|
||||
CHECK(dns_zone_getdb(zone, &db));
|
||||
dns_db_currentversion(db, &ver);
|
||||
@ -992,7 +986,7 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) {
|
||||
is_poll = ISC_TRUE;
|
||||
goto have_stream;
|
||||
}
|
||||
journalfile = dns_zone_getjournal(zone);
|
||||
journalfile = is_dlz ? NULL : dns_zone_getjournal(zone);
|
||||
if (journalfile != NULL)
|
||||
result = ixfr_rrstream_create(mctx,
|
||||
journalfile,
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 1999-2003 Internet Software Consortium.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -56,6 +56,7 @@
|
||||
typedef enum {
|
||||
allow_notify,
|
||||
allow_query,
|
||||
allow_query_on,
|
||||
allow_transfer,
|
||||
allow_update,
|
||||
allow_update_forwarding
|
||||
@ -104,6 +105,11 @@ configure_zone_acl(const cfg_obj_t *zconfig, const cfg_obj_t *vconfig,
|
||||
aclp = &view->queryacl;
|
||||
aclname = "allow-query";
|
||||
break;
|
||||
case allow_query_on:
|
||||
if (view != NULL)
|
||||
aclp = &view->queryonacl;
|
||||
aclname = "allow-query-on";
|
||||
break;
|
||||
case allow_transfer:
|
||||
if (view != NULL)
|
||||
aclp = &view->transferacl;
|
||||
@ -269,7 +275,7 @@ configure_zone_ssutable(const cfg_obj_t *zconfig, dns_zone_t *zone,
|
||||
|
||||
dns_fixedname_init(&fident);
|
||||
str = cfg_obj_asstring(identity);
|
||||
isc_buffer_init(&b, str, strlen(str));
|
||||
isc_buffer_constinit(&b, str, strlen(str));
|
||||
isc_buffer_add(&b, strlen(str));
|
||||
result = dns_name_fromtext(dns_fixedname_name(&fident), &b,
|
||||
dns_rootname, 0, NULL);
|
||||
@ -292,7 +298,7 @@ configure_zone_ssutable(const cfg_obj_t *zconfig, dns_zone_t *zone,
|
||||
}
|
||||
} else {
|
||||
str = cfg_obj_asstring(dname);
|
||||
isc_buffer_init(&b, str, strlen(str));
|
||||
isc_buffer_constinit(&b, str, strlen(str));
|
||||
isc_buffer_add(&b, strlen(str));
|
||||
result = dns_name_fromtext(dns_fixedname_name(&fname),
|
||||
&b, dns_rootname, 0, NULL);
|
||||
@ -525,7 +531,7 @@ configure_staticstub_servernames(const cfg_obj_t *zconfig, dns_zone_t *zone,
|
||||
dns_fixedname_init(&fixed_name);
|
||||
nsname = dns_fixedname_name(&fixed_name);
|
||||
|
||||
isc_buffer_init(&b, str, strlen(str));
|
||||
isc_buffer_constinit(&b, str, strlen(str));
|
||||
isc_buffer_add(&b, strlen(str));
|
||||
result = dns_name_fromtext(nsname, &b, dns_rootname, 0, NULL);
|
||||
if (result != ISC_R_SUCCESS) {
|
||||
@ -934,6 +940,11 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
|
||||
dns_zone_setqueryacl,
|
||||
dns_zone_clearqueryacl));
|
||||
|
||||
RETERR(configure_zone_acl(zconfig, vconfig, config,
|
||||
allow_query_on, ac, zone,
|
||||
dns_zone_setqueryonacl,
|
||||
dns_zone_clearqueryonacl));
|
||||
|
||||
obj = NULL;
|
||||
result = ns_config_get(maps, "dialup", &obj);
|
||||
INSIST(result == ISC_R_SUCCESS && obj != NULL);
|
||||
@ -1111,6 +1122,17 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
|
||||
dns_zone_setoption(zone, DNS_ZONEOPT_CHECKSIBLING,
|
||||
cfg_obj_asboolean(obj));
|
||||
|
||||
obj = NULL;
|
||||
result = ns_config_get(maps, "check-spf", &obj);
|
||||
INSIST(result == ISC_R_SUCCESS && obj != NULL);
|
||||
if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
|
||||
check = ISC_TRUE;
|
||||
} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
|
||||
check = ISC_FALSE;
|
||||
} else
|
||||
INSIST(0);
|
||||
dns_zone_setoption(zone, DNS_ZONEOPT_CHECKSPF, check);
|
||||
|
||||
obj = NULL;
|
||||
result = ns_config_get(maps, "zero-no-soa-ttl", &obj);
|
||||
INSIST(result == ISC_R_SUCCESS && obj != NULL);
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -930,7 +930,7 @@ get_address(char *host, in_port_t port, isc_sockaddr_t *sockaddr) {
|
||||
INSIST(count == 1);
|
||||
}
|
||||
|
||||
#define PARSE_ARGS_FMT "dDML:y:ghlovk:p:rR::t:u:"
|
||||
#define PARSE_ARGS_FMT "dDML:y:ghlovk:p:r:R::t:u:"
|
||||
|
||||
static void
|
||||
pre_parse_args(int argc, char **argv) {
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -771,6 +771,7 @@ main(int argc, char **argv) {
|
||||
program, isc_commandline_option);
|
||||
usage(1);
|
||||
}
|
||||
/* FALLTHROUGH */
|
||||
case 'h':
|
||||
usage(0);
|
||||
break;
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2004, 2005, 2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2004, 2005, 2007, 2009, 2010, 2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
* Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -93,6 +93,7 @@ main(int argc, char **argv) {
|
||||
if (isc_commandline_option != '?')
|
||||
fprintf(stderr, "%s: invalid argument -%c\n",
|
||||
program, isc_commandline_option);
|
||||
/* FALLTHROUGH */
|
||||
case 'h':
|
||||
usage();
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
|
||||
.\" Copyright (C) 2010, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
.\"
|
||||
.\" Permission to use, copy, modify, and/or distribute this software for any
|
||||
.\" purpose with or without fee is hereby granted, provided that the above
|
||||
@ -23,7 +23,7 @@
|
||||
.\" Manual: BIND9
|
||||
.\" Source: BIND9
|
||||
.\"
|
||||
.TH "ISC\-HMAC\-FIXUP" "1" "January 5, 2010" "BIND9" "BIND9"
|
||||
.TH "ISC\-HMAC\-FIXUP" "8" "January 5, 2010" "BIND9" "BIND9"
|
||||
.\" disable hyphenation
|
||||
.nh
|
||||
.\" disable justification (adjust text to left margin only)
|
||||
@ -57,5 +57,5 @@ RFC 2104.
|
||||
.PP
|
||||
Internet Systems Consortium
|
||||
.SH "COPYRIGHT"
|
||||
Copyright \(co 2010 Internet Systems Consortium, Inc. ("ISC")
|
||||
Copyright \(co 2010, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
.br
|
||||
|
@ -2,7 +2,7 @@
|
||||
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
|
||||
[<!ENTITY mdash "—">]>
|
||||
<!--
|
||||
- Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2010, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
- purpose with or without fee is hereby granted, provided that the above
|
||||
@ -25,7 +25,7 @@
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle><application>isc-hmac-fixup</application></refentrytitle>
|
||||
<manvolnum>1</manvolnum>
|
||||
<manvolnum>8</manvolnum>
|
||||
<refmiscinfo>BIND9</refmiscinfo>
|
||||
</refmeta>
|
||||
|
||||
@ -37,6 +37,7 @@
|
||||
<docinfo>
|
||||
<copyright>
|
||||
<year>2010</year>
|
||||
<year>2013</year>
|
||||
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
|
||||
</copyright>
|
||||
</docinfo>
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
- Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2010, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
- purpose with or without fee is hereby granted, provided that the above
|
||||
@ -31,7 +31,7 @@
|
||||
<div class="cmdsynopsis"><p><code class="command">isc-hmac-fixup</code> {<em class="replaceable"><code>algorithm</code></em>} {<em class="replaceable"><code>secret</code></em>}</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543352"></a><h2>DESCRIPTION</h2>
|
||||
<a name="id2543355"></a><h2>DESCRIPTION</h2>
|
||||
<p>
|
||||
Versions of BIND 9 up to and including BIND 9.6 had a bug causing
|
||||
HMAC-SHA* TSIG keys which were longer than the digest length of the
|
||||
@ -57,7 +57,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543376"></a><h2>SECURITY CONSIDERATIONS</h2>
|
||||
<a name="id2543379"></a><h2>SECURITY CONSIDERATIONS</h2>
|
||||
<p>
|
||||
Secrets that have been converted by <span><strong class="command">isc-hmac-fixup</strong></span>
|
||||
are shortened, but as this is how the HMAC protocol works in
|
||||
@ -68,14 +68,14 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543389"></a><h2>SEE ALSO</h2>
|
||||
<a name="id2543393"></a><h2>SEE ALSO</h2>
|
||||
<p>
|
||||
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
|
||||
<em class="citetitle">RFC 2104</em>.
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2543406"></a><h2>AUTHOR</h2>
|
||||
<a name="id2543410"></a><h2>AUTHOR</h2>
|
||||
<p><span class="corpauthor">Internet Systems Consortium</span>
|
||||
</p>
|
||||
</div>
|
||||
|
10
config.h.in
10
config.h.in
@ -283,9 +283,15 @@ int sigwait(const unsigned int *set, int *sig);
|
||||
/* Define to 1 if you have the <net/if6.h> header file. */
|
||||
#undef HAVE_NET_IF6_H
|
||||
|
||||
/* Define if your OpenSSL version supports ECDSA. */
|
||||
#undef HAVE_OPENSSL_ECDSA
|
||||
|
||||
/* Define if your OpenSSL version supports GOST. */
|
||||
#undef HAVE_OPENSSL_GOST
|
||||
|
||||
/* Define to 1 if you have the <regex.h> header file. */
|
||||
#undef HAVE_REGEX_H
|
||||
|
||||
/* Define to 1 if you have the `setegid' function. */
|
||||
#undef HAVE_SETEGID
|
||||
|
||||
@ -367,6 +373,10 @@ int sigwait(const unsigned int *set, int *sig);
|
||||
/* Define to allow building of objects for dlopen(). */
|
||||
#undef ISC_DLZ_DLOPEN
|
||||
|
||||
/* Define to the sub-directory in which libtool stores uninstalled libraries.
|
||||
*/
|
||||
#undef LT_OBJDIR
|
||||
|
||||
/* Defined if extern char *optarg is not declared. */
|
||||
#undef NEED_OPTARG
|
||||
|
||||
|
@ -60,7 +60,7 @@ case $host in
|
||||
esac
|
||||
|
||||
AC_ARG_ENABLE(threads,
|
||||
[ --enable-threads enable multithreading])
|
||||
[ --enable-threads enable multithreading])
|
||||
case "$enable_threads" in
|
||||
yes)
|
||||
use_threads=true
|
||||
|
257
configure.in
257
configure.in
@ -1,4 +1,4 @@
|
||||
# Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
# Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
# Copyright (C) 1998-2003 Internet Software Consortium.
|
||||
#
|
||||
# Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -24,6 +24,7 @@ AC_INIT(lib/dns/name.c)
|
||||
AC_PREREQ(2.59)
|
||||
|
||||
AC_CONFIG_HEADER(config.h)
|
||||
AC_CONFIG_MACRO_DIR([libtool.m4])
|
||||
|
||||
AC_CANONICAL_HOST
|
||||
|
||||
@ -62,14 +63,13 @@ It is available from http://www.isc.org as a separate download.])
|
||||
;;
|
||||
esac
|
||||
|
||||
AC_ARG_ENABLE(developer, [ --enable-developer enable developer build settings])
|
||||
AC_ARG_ENABLE(developer, [ --enable-developer enable developer build settings])
|
||||
case "$enable_developer" in
|
||||
yes)
|
||||
STD_CDEFINES="$STD_CDEFINES -DISC_LIST_CHECKINIT=1"
|
||||
test "${enable_fixed_rrset+set}" = set || enable_fixed_rrset=yes
|
||||
test "${with_atf+set}" = set || with_atf=yes
|
||||
test "${enable_filter_aaaa+set}" = set || enable_filter_aaaa=yes
|
||||
test "${enable_rpz_nsip+set}" = set || enable_rpz_nsip=yes
|
||||
test "${enable_rpz_nsdname+set}" = set || enable_rpz_nsdname=yes
|
||||
test "${with_dlz_filesystem+set}" = set || with_dlz_filesystem=yes
|
||||
case "$host" in
|
||||
*-darwin*)
|
||||
@ -298,7 +298,7 @@ esac
|
||||
|
||||
AC_HEADER_STDC
|
||||
|
||||
AC_CHECK_HEADERS(fcntl.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,,
|
||||
AC_CHECK_HEADERS(fcntl.h regex.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,,
|
||||
[$ac_includes_default
|
||||
#ifdef HAVE_SYS_PARAM_H
|
||||
# include <sys/param.h>
|
||||
@ -322,17 +322,15 @@ AC_CHECK_FUNCS(setegid setresgid)
|
||||
# is reported to not support "static inline" (RT #1212).
|
||||
#
|
||||
AC_MSG_CHECKING(for static inline breakage)
|
||||
AC_TRY_COMPILE(, [
|
||||
foo1();
|
||||
}
|
||||
|
||||
AC_TRY_COMPILE([
|
||||
static inline int foo1() {
|
||||
return 0;
|
||||
}
|
||||
|
||||
static inline int foo2() {
|
||||
return foo1();
|
||||
],
|
||||
}
|
||||
], [foo1();],
|
||||
[AC_MSG_RESULT(no)],
|
||||
[AC_MSG_RESULT(yes)
|
||||
AC_DEFINE(inline, ,[Define to empty if your compiler does not support "static inline".])])
|
||||
@ -445,6 +443,8 @@ int main() {
|
||||
[AC_MSG_RESULT(yes)
|
||||
ISC_PLATFORM_HAVEEPOLL="#define ISC_PLATFORM_HAVEEPOLL 1"],
|
||||
[AC_MSG_RESULT(no)
|
||||
ISC_PLATFORM_HAVEEPOLL="#undef ISC_PLATFORM_HAVEEPOLL"],
|
||||
[AC_MSG_RESULT(no)
|
||||
ISC_PLATFORM_HAVEEPOLL="#undef ISC_PLATFORM_HAVEEPOLL"])
|
||||
;;
|
||||
yes)
|
||||
@ -550,12 +550,16 @@ case "$use_openssl" in
|
||||
AC_MSG_RESULT(no)
|
||||
DST_OPENSSL_INC=""
|
||||
USE_OPENSSL=""
|
||||
OPENSSLGOSTLINKOBJS=""
|
||||
OPENSSLGOSTLINKSRS=""
|
||||
OPENSSLLINKOBJS=""
|
||||
OPENSSLLINKSRCS=""
|
||||
;;
|
||||
auto)
|
||||
DST_OPENSSL_INC=""
|
||||
USE_OPENSSL=""
|
||||
OPENSSLGOSTLINKOBJS=""
|
||||
OPENSSLGOSTLINKSRS=""
|
||||
OPENSSLLINKOBJS=""
|
||||
OPENSSLLINKSRCS=""
|
||||
AC_MSG_ERROR(
|
||||
@ -691,20 +695,20 @@ no)
|
||||
;;
|
||||
esac
|
||||
|
||||
AC_MSG_CHECKING(for OpenSSL DSA support)
|
||||
if test -f $use_openssl/include/openssl/dsa.h
|
||||
then
|
||||
AC_DEFINE(HAVE_OPENSSL_DSA)
|
||||
AC_MSG_RESULT(yes)
|
||||
else
|
||||
AC_MSG_RESULT(no)
|
||||
fi
|
||||
AC_MSG_CHECKING(for OpenSSL DSA support)
|
||||
if test -f $use_openssl/include/openssl/dsa.h
|
||||
then
|
||||
AC_DEFINE(HAVE_OPENSSL_DSA)
|
||||
AC_MSG_RESULT(yes)
|
||||
else
|
||||
AC_MSG_RESULT(no)
|
||||
fi
|
||||
|
||||
AC_CHECK_FUNCS(EVP_sha256 EVP_sha384 EVP_sha512)
|
||||
AC_CHECK_FUNCS(EVP_sha256 EVP_sha384 EVP_sha512)
|
||||
|
||||
AC_MSG_CHECKING(for OpenSSL ECDSA support)
|
||||
have_ecdsa=""
|
||||
AC_TRY_RUN([
|
||||
AC_MSG_CHECKING(for OpenSSL ECDSA support)
|
||||
have_ecdsa=""
|
||||
AC_TRY_RUN([
|
||||
#include <stdio.h>
|
||||
#include <openssl/ecdsa.h>
|
||||
#include <openssl/objects.h>
|
||||
@ -721,22 +725,42 @@ int main() {
|
||||
return (0);
|
||||
}
|
||||
],
|
||||
[AC_MSG_RESULT(yes)
|
||||
have_ecdsa="yes"],
|
||||
[AC_MSG_RESULT(no)
|
||||
have_ecdsa="no"])
|
||||
case $have_ecdsa in
|
||||
yes)
|
||||
OPENSSL_ECDSA="yes"
|
||||
AC_DEFINE(HAVE_OPENSSL_ECDSA)
|
||||
;;
|
||||
*)
|
||||
;;
|
||||
esac
|
||||
[AC_MSG_RESULT(yes)
|
||||
have_ecdsa="yes"],
|
||||
[AC_MSG_RESULT(no)
|
||||
have_ecdsa="no"],
|
||||
[AC_MSG_RESULT(using --with-ecdsa)])
|
||||
AC_ARG_WITH(ecdsa, [ --with-ecdsa OpenSSL ECDSA],
|
||||
with_ecdsa="$withval", with_ecdsa="auto")
|
||||
case "$with_ecdsa" in
|
||||
yes)
|
||||
case "$have_ecdsa" in
|
||||
no) AC_MSG_ERROR([ecdsa not supported]) ;;
|
||||
*) have_ecdsa=yes ;;
|
||||
esac
|
||||
;;
|
||||
no)
|
||||
have_ecdsa=no ;;
|
||||
*)
|
||||
case "$have_ecdsa" in
|
||||
yes|no) ;;
|
||||
*) AC_MSG_ERROR([need --with-ecdsa=[[yes or no]]]) ;;
|
||||
esac
|
||||
;;
|
||||
esac
|
||||
case $have_ecdsa in
|
||||
yes)
|
||||
OPENSSL_ECDSA="yes"
|
||||
AC_DEFINE(HAVE_OPENSSL_ECDSA, 1,
|
||||
[Define if your OpenSSL version supports ECDSA.])
|
||||
;;
|
||||
*)
|
||||
;;
|
||||
esac
|
||||
|
||||
AC_MSG_CHECKING(for OpenSSL GOST support)
|
||||
have_gost=""
|
||||
AC_TRY_RUN([
|
||||
AC_MSG_CHECKING(for OpenSSL GOST support)
|
||||
have_gost=""
|
||||
AC_TRY_RUN([
|
||||
#include <openssl/conf.h>
|
||||
#include <openssl/engine.h>
|
||||
int main() {
|
||||
@ -758,43 +782,46 @@ int main() {
|
||||
#endif
|
||||
}
|
||||
],
|
||||
[AC_MSG_RESULT(yes)
|
||||
have_gost="yes"],
|
||||
[AC_MSG_RESULT(no)
|
||||
have_gost="no"],
|
||||
[AC_MSG_RESULT(using --with-gost)])
|
||||
AC_ARG_WITH(gost, , with_gost="$withval", with_gost="auto")
|
||||
case "$with_gost" in
|
||||
yes)
|
||||
case "$have_gost" in
|
||||
no) AC_MSG_ERROR([gost not supported]) ;;
|
||||
*) have_gost=yes ;;
|
||||
esac
|
||||
;;
|
||||
no)
|
||||
have_gost=no ;;
|
||||
*)
|
||||
case "$have_gost" in
|
||||
yes|no) ;;
|
||||
*) AC_MSG_ERROR([need --with-gost=[[yes or no]]]) ;;
|
||||
esac
|
||||
;;
|
||||
esac
|
||||
case $have_gost in
|
||||
yes)
|
||||
OPENSSL_GOST="yes"
|
||||
AC_DEFINE(HAVE_OPENSSL_GOST, 1,
|
||||
[Define if your OpenSSL version supports GOST.])
|
||||
;;
|
||||
*)
|
||||
;;
|
||||
esac
|
||||
CFLAGS="$saved_cflags"
|
||||
LIBS="$saved_libs"
|
||||
OPENSSLLINKOBJS='${OPENSSLLINKOBJS}'
|
||||
OPENSSLLINKSRCS='${OPENSSLLINKSRCS}'
|
||||
|
||||
[AC_MSG_RESULT(yes)
|
||||
have_gost="yes"],
|
||||
[AC_MSG_RESULT(no)
|
||||
have_gost="no"],
|
||||
[AC_MSG_RESULT(using --with-gost)])
|
||||
AC_ARG_WITH(gost, [ --with-gost OpenSSL GOST],
|
||||
with_gost="$withval", with_gost="auto")
|
||||
case "$with_gost" in
|
||||
yes)
|
||||
case "$have_gost" in
|
||||
no) AC_MSG_ERROR([gost not supported]) ;;
|
||||
*) have_gost=yes ;;
|
||||
esac
|
||||
;;
|
||||
no)
|
||||
have_gost=no ;;
|
||||
*)
|
||||
case "$have_gost" in
|
||||
yes|no) ;;
|
||||
*) AC_MSG_ERROR([need --with-gost=[[yes or no]]]) ;;
|
||||
esac
|
||||
;;
|
||||
esac
|
||||
case $have_gost in
|
||||
yes)
|
||||
OPENSSL_GOST="yes"
|
||||
OPENSSLGOSTLINKOBJS='${OPENSSLGOSTLINKOBJS}'
|
||||
OPENSSLGOSTLINKSRCS='${OPENSSLGOSTLINKSRCS}'
|
||||
AC_DEFINE(HAVE_OPENSSL_GOST, 1,
|
||||
[Define if your OpenSSL version supports GOST.])
|
||||
;;
|
||||
*)
|
||||
;;
|
||||
esac
|
||||
CFLAGS="$saved_cflags"
|
||||
LIBS="$saved_libs"
|
||||
OPENSSLLINKOBJS='${OPENSSLLINKOBJS}'
|
||||
OPENSSLLINKSRCS='${OPENSSLLINKSRCS}'
|
||||
|
||||
;;
|
||||
esac
|
||||
|
||||
#
|
||||
@ -804,6 +831,8 @@ esac
|
||||
|
||||
AC_SUBST(USE_OPENSSL)
|
||||
AC_SUBST(DST_OPENSSL_INC)
|
||||
AC_SUBST(OPENSSLGOSTLINKOBJS)
|
||||
AC_SUBST(OPENSSLGOSTLINKSRCS)
|
||||
AC_SUBST(OPENSSLLINKOBJS)
|
||||
AC_SUBST(OPENSSLLINKSRCS)
|
||||
AC_SUBST(OPENSSL_ECDSA)
|
||||
@ -1075,6 +1104,11 @@ AC_ARG_WITH(randomdev,
|
||||
|
||||
case "$use_randomdev" in
|
||||
unspec)
|
||||
case "$cross_compiling" in
|
||||
yes)
|
||||
AC_MSG_RESULT(unspecified)
|
||||
AC_MSG_ERROR([ need --with-randomdev=PATH or --with-randomdev=no])
|
||||
esac
|
||||
case "$host" in
|
||||
*-openbsd*)
|
||||
devrandom=/dev/arandom
|
||||
@ -1087,6 +1121,7 @@ case "$use_randomdev" in
|
||||
AC_CHECK_FILE($devrandom,
|
||||
AC_DEFINE_UNQUOTED(PATH_RANDOMDEV,
|
||||
"$devrandom"),)
|
||||
|
||||
;;
|
||||
yes)
|
||||
AC_MSG_ERROR([--with-randomdev must specify a path])
|
||||
@ -1258,7 +1293,7 @@ case "$use_libxml2" in
|
||||
;;
|
||||
auto|yes)
|
||||
case X`(xml2-config --version) 2>/dev/null` in
|
||||
X2.[[678]].*)
|
||||
X2.[[6789]].*)
|
||||
libxml2_libs=`xml2-config --libs`
|
||||
libxml2_cflags=`xml2-config --cflags`
|
||||
;;
|
||||
@ -1595,8 +1630,8 @@ AC_SUBST(LIBTOOL_IN_MAIN)
|
||||
# build exportable DNS library?
|
||||
#
|
||||
AC_ARG_ENABLE(exportlib,
|
||||
[ --enable-exportlib build exportable library (GNU make required)
|
||||
[[default=no]]])
|
||||
[ --enable-exportlib build exportable library (GNU make required)
|
||||
[[default=no]]])
|
||||
case "$enable_exportlib" in
|
||||
yes)
|
||||
gmake=
|
||||
@ -1621,8 +1656,8 @@ AC_SUBST(BIND9_CO_RULE)
|
||||
|
||||
AC_ARG_WITH(export-libdir,
|
||||
[ --with-export-libdir[=PATH]
|
||||
installation directory for the export library
|
||||
[[EPREFIX/lib/bind9]]],
|
||||
installation directory for the export library
|
||||
[[EPREFIX/lib/bind9]]],
|
||||
export_libdir="$withval",)
|
||||
if test -z "$export_libdir"; then
|
||||
export_libdir="\${exec_prefix}/lib/bind9/"
|
||||
@ -1631,8 +1666,8 @@ AC_SUBST(export_libdir)
|
||||
|
||||
AC_ARG_WITH(export-includedir,
|
||||
[ --with-export-includedir[=PATH]
|
||||
installation directory for the header files of the
|
||||
export library [[PREFIX/include/bind9]]],
|
||||
installation directory for the header files of the
|
||||
export library [[PREFIX/include/bind9]]],
|
||||
export_includedir="$withval",)
|
||||
if test -z "$export_includedir"; then
|
||||
export_includedir="\${prefix}/include/bind9/"
|
||||
@ -2827,9 +2862,9 @@ esac
|
||||
# Enable response policy rewriting using NS IP addresses
|
||||
#
|
||||
AC_ARG_ENABLE(rpz-nsip,
|
||||
[ --enable-rpz-nsip enable rpz-nsip rules [[default=no]]],
|
||||
[ --disable-rpz-nsip disable rpz-nsip rules [[default=enabled]]],
|
||||
enable_nsip="$enableval",
|
||||
enable_nsip="no")
|
||||
enable_nsip="yes")
|
||||
case "$enable_nsip" in
|
||||
yes)
|
||||
AC_DEFINE(ENABLE_RPZ_NSIP, 1,
|
||||
@ -2845,9 +2880,9 @@ esac
|
||||
# Enable response policy rewriting using NS name
|
||||
#
|
||||
AC_ARG_ENABLE(rpz-nsdname,
|
||||
[ --enable-rpz-nsdname enable rpz-nsdname rules [[default=no]]],
|
||||
[ --disable-rpz-nsdname disable rpz-nsdname rules [[default=enabled]]],
|
||||
enable_nsdname="$enableval",
|
||||
enable_nsdname="no")
|
||||
enable_nsdname="yes")
|
||||
case "$enable_nsdname" in
|
||||
yes)
|
||||
AC_DEFINE(ENABLE_RPZ_NSDNAME, 1,
|
||||
@ -2995,7 +3030,7 @@ AC_ARG_WITH(docbook-xsl,
|
||||
case "$docbook_path" in
|
||||
auto)
|
||||
AC_MSG_RESULT(auto)
|
||||
docbook_xsl_trees="/usr/pkg/share/xsl/docbook /usr/local/share/xsl/docbook /usr/share/xsl/docbook"
|
||||
docbook_xsl_trees="/usr/pkg/share/xsl/docbook /usr/local/share/xsl/docbook /usr/share/xsl/docbook /opt/local/share/xsl/docbook-xsl"
|
||||
;;
|
||||
*)
|
||||
docbook_xsl_trees="$withval"
|
||||
@ -3131,14 +3166,22 @@ AC_SUBST(IDNLIBS)
|
||||
# Check whether to build Automated Test Framework unit tests
|
||||
#
|
||||
AC_ARG_WITH(atf,
|
||||
[ --with-atf=ARG Automated Test Framework support],
|
||||
[ --with-atf=ARG Automated Test Framework support],
|
||||
atf="$withval", atf="no")
|
||||
if test "$atf" = yes; then
|
||||
atf=`pwd`/unit/atf
|
||||
ATFBUILD=atf-src
|
||||
AC_SUBST(ATFBUILD)
|
||||
AC_CONFIG_COMMANDS([atf-config],
|
||||
[cd unit/atf-src; ${SHELL} ./configure MISSING=: --prefix $atfdir; cd ../..],
|
||||
[(
|
||||
mkdir -p unit/atf-src;
|
||||
cd unit/atf-src;
|
||||
case "$srcdir" in
|
||||
/*) ;;
|
||||
*) srcdir="../../$srcdir";;
|
||||
esac
|
||||
${SHELL} ${srcdir}${srcdir:+/unit/atf-src/}./configure MISSING=: --prefix $atfdir;
|
||||
) ],
|
||||
[atfdir=`pwd`/unit/atf])
|
||||
AC_MSG_RESULT(building ATF from bind9/unit/atf-src)
|
||||
fi
|
||||
@ -3149,6 +3192,9 @@ if test "$atf" != no; then
|
||||
STD_CINCLUDES="$STD_CINCLUDES -I$atf/include"
|
||||
ATFBIN="$atf/bin"
|
||||
ATFLIBS="-L$atf/lib -latf-c"
|
||||
if test "$want_openssl_hash" = yes; then
|
||||
ATFLIBS="-L$atf/lib -latf-c $DNS_CRYPTO_LIBS"
|
||||
fi
|
||||
UNITTESTS=tests
|
||||
fi
|
||||
AC_SUBST(ATFBIN)
|
||||
@ -3193,9 +3239,20 @@ AC_SUBST_FILE(BIND9_MAKE_RULES)
|
||||
BIND9_MAKE_RULES=$BIND9_TOP_BUILDDIR/make/rules
|
||||
|
||||
. $srcdir/version
|
||||
BIND9_PRODUCT="PRODUCT=\"${PRODUCT}\""
|
||||
AC_SUBST(BIND9_PRODUCT)
|
||||
BIND9_DESCRIPTION="DESCRIPTION=\"${DESCRIPTION}\""
|
||||
AC_SUBST(BIND9_DESCRIPTION)
|
||||
BIND9_VERSION="VERSION=${MAJORVER}.${MINORVER}${PATCHVER:+.}${PATCHVER}${RELEASETYPE}${RELEASEVER}"
|
||||
AC_SUBST(BIND9_VERSION)
|
||||
|
||||
BIND9_SRCID="SRCID=unset"
|
||||
if test -f $srcdir/srcid; then
|
||||
. $srcdir/srcid
|
||||
BIND9_SRCID="SRCID=$SRCID"
|
||||
fi
|
||||
AC_SUBST(BIND9_SRCID)
|
||||
|
||||
if test -z "$ac_configure_args"; then
|
||||
BIND9_CONFIGARGS="defaults"
|
||||
else
|
||||
@ -3264,6 +3321,11 @@ AC_ARG_WITH(dlopen,
|
||||
[ --with-dlopen=ARG Support dynamically loadable DLZ drivers],
|
||||
dlopen="$withval", dlopen="yes")
|
||||
|
||||
case $host in
|
||||
*-sunos*) dlopen="no"
|
||||
;;
|
||||
esac
|
||||
|
||||
if test "$dlopen" = "yes"; then
|
||||
AC_CHECK_LIB(dl, dlopen, have_dl=yes, have_dl=no)
|
||||
if test "$have_dl" = "yes"; then
|
||||
@ -3278,7 +3340,11 @@ if test "$dlopen" = "yes"; then
|
||||
SO_CFLAGS="-fPIC"
|
||||
if test "$have_dl" = "yes"
|
||||
then
|
||||
SO_LD="${CC} -shared"
|
||||
if test "$use_libtool" = "yes"; then
|
||||
SO_LD="${CC} -Xcompiler -shared"
|
||||
else
|
||||
SO_LD="${CC} -shared"
|
||||
fi
|
||||
else
|
||||
SO_LD="ld -shared"
|
||||
fi
|
||||
@ -3484,6 +3550,21 @@ AC_CONFIG_FILES([
|
||||
bin/tests/atomic/Makefile
|
||||
bin/tests/db/Makefile
|
||||
bin/tests/dst/Makefile
|
||||
bin/tests/dst/Kdh.+002+18602.key
|
||||
bin/tests/dst/Kdh.+002+18602.private
|
||||
bin/tests/dst/Kdh.+002+48957.key
|
||||
bin/tests/dst/Kdh.+002+48957.private
|
||||
bin/tests/dst/Ktest.+001+00002.key
|
||||
bin/tests/dst/Ktest.+001+54622.key
|
||||
bin/tests/dst/Ktest.+001+54622.private
|
||||
bin/tests/dst/Ktest.+003+23616.key
|
||||
bin/tests/dst/Ktest.+003+23616.private
|
||||
bin/tests/dst/Ktest.+003+49667.key
|
||||
bin/tests/dst/dst_2_data
|
||||
bin/tests/dst/t2_data_1
|
||||
bin/tests/dst/t2_data_2
|
||||
bin/tests/dst/t2_dsasig
|
||||
bin/tests/dst/t2_rsasig
|
||||
bin/tests/hashes/Makefile
|
||||
bin/tests/headerdep_test.sh
|
||||
bin/tests/master/Makefile
|
||||
|
@ -2,7 +2,7 @@
|
||||
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
|
||||
[<!ENTITY mdash "—">]>
|
||||
<!--
|
||||
- Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -33,6 +33,7 @@
|
||||
<year>2010</year>
|
||||
<year>2011</year>
|
||||
<year>2012</year>
|
||||
<year>2013</year>
|
||||
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
|
||||
</copyright>
|
||||
<copyright>
|
||||
@ -1480,7 +1481,7 @@ zone "eng.example.com" {
|
||||
<optional><replaceable>view</replaceable></optional></term>
|
||||
<listitem>
|
||||
<para>
|
||||
Delete a given TKEY-negotated key from the server.
|
||||
Delete a given TKEY-negotiated key from the server.
|
||||
(This does not apply to statically configured TSIG
|
||||
keys.)
|
||||
</para>
|
||||
@ -3274,31 +3275,45 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
|
||||
</entry>
|
||||
<entry colname="2">
|
||||
<para>
|
||||
A number, the word <userinput>unlimited</userinput>,
|
||||
or the word <userinput>default</userinput>.
|
||||
</para>
|
||||
<para>
|
||||
An <varname>unlimited</varname> <varname>size_spec</varname> requests unlimited
|
||||
use, or the maximum available amount. A <varname>default size_spec</varname> uses
|
||||
the limit that was in force when the server was started.
|
||||
A 64-bit unsigned integer, or the keywords
|
||||
<userinput>unlimited</userinput> or
|
||||
<userinput>default</userinput>.
|
||||
</para>
|
||||
<para>
|
||||
A <varname>number</varname> can optionally be
|
||||
followed by a scaling factor:
|
||||
Integers may take values
|
||||
0 <= value <= 18446744073709551615, though
|
||||
certain parameters may use a more limited range
|
||||
within these extremes. In most cases, setting a
|
||||
value to 0 does not literally mean zero; it means
|
||||
"undefined" or "as big as psosible", depending on
|
||||
the context. See the expalantions of particular
|
||||
parameters that use <varname>size_spec</varname>
|
||||
for details on how they interpret its use.
|
||||
</para>
|
||||
<para>
|
||||
Numeric values can optionally be followed by a
|
||||
scaling factor:
|
||||
<userinput>K</userinput> or <userinput>k</userinput>
|
||||
for kilobytes,
|
||||
<userinput>M</userinput> or <userinput>m</userinput>
|
||||
for megabytes, and
|
||||
<userinput>G</userinput> or <userinput>g</userinput> for gigabytes,
|
||||
which scale by 1024, 1024*1024, and 1024*1024*1024
|
||||
respectively.
|
||||
<userinput>G</userinput> or <userinput>g</userinput>
|
||||
for gigabytes, which scale by 1024, 1024*1024, and
|
||||
1024*1024*1024 respectively.
|
||||
</para>
|
||||
<para>
|
||||
The value must be representable as a 64-bit unsigned integer
|
||||
(0 to 18446744073709551615, inclusive).
|
||||
Using <varname>unlimited</varname> is the best
|
||||
way
|
||||
to safely set a really large number.
|
||||
<para>
|
||||
<varname>unlimited</varname> generally means
|
||||
"as big as possible", though in certain contexts,
|
||||
(including <option>max-cache-size</option>), it may
|
||||
mean the largest possible 32-bit unsigned integer
|
||||
(0xffffffff); this distinction can be important when
|
||||
dealing with larger quantities.
|
||||
<varname>unlimited</varname> is usually the best way
|
||||
to safely set a very large number.
|
||||
</para>
|
||||
<para>
|
||||
<varname>default</varname>
|
||||
uses the limit that was in force when the server was started.
|
||||
</para>
|
||||
</entry>
|
||||
</row>
|
||||
@ -4031,7 +4046,7 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
|
||||
[ <command>channel</command> <replaceable>channel_name</replaceable> {
|
||||
( <command>file</command> <replaceable>path_name</replaceable>
|
||||
[ <command>versions</command> ( <replaceable>number</replaceable> | <command>unlimited</command> ) ]
|
||||
[ <command>size</command> <replaceable>size spec</replaceable> ]
|
||||
[ <command>size</command> <replaceable>size_spec</replaceable> ]
|
||||
| <command>syslog</command> <replaceable>syslog_facility</replaceable>
|
||||
| <command>stderr</command>
|
||||
| <command>null</command> );
|
||||
@ -5057,6 +5072,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
|
||||
<optional> multiple-cnames <replaceable>yes_or_no</replaceable>; </optional>
|
||||
<optional> notify <replaceable>yes_or_no</replaceable> | <replaceable>explicit</replaceable> | <replaceable>master-only</replaceable>; </optional>
|
||||
<optional> recursion <replaceable>yes_or_no</replaceable>; </optional>
|
||||
<optional> request-nsid <replaceable>yes_or_no</replaceable>; </optional>
|
||||
<optional> rfc2308-type1 <replaceable>yes_or_no</replaceable>; </optional>
|
||||
<optional> use-id-pool <replaceable>yes_or_no</replaceable>; </optional>
|
||||
<optional> maintain-ixfr-base <replaceable>yes_or_no</replaceable>; </optional>
|
||||
@ -5083,6 +5099,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
|
||||
<optional> check-mx-cname ( <replaceable>warn</replaceable> | <replaceable>fail</replaceable> | <replaceable>ignore</replaceable> ); </optional>
|
||||
<optional> check-srv-cname ( <replaceable>warn</replaceable> | <replaceable>fail</replaceable> | <replaceable>ignore</replaceable> ); </optional>
|
||||
<optional> check-sibling <replaceable>yes_or_no</replaceable>; </optional>
|
||||
<optional> check-spf ( <replaceable>warn</replaceable> | <replaceable>fail</replaceable> | <replaceable>ignore</replaceable> ); </optional>
|
||||
<optional> allow-new-zones { <replaceable>yes_or_no</replaceable> }; </optional>
|
||||
<optional> allow-notify { <replaceable>address_match_list</replaceable> }; </optional>
|
||||
<optional> allow-query { <replaceable>address_match_list</replaceable> }; </optional>
|
||||
@ -5216,7 +5233,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
|
||||
<optional> policy given | disabled | passthru | nxdomain | nodata | cname <replaceable>domain</replaceable> </optional>
|
||||
<optional> recursive-only <replaceable>yes_or_no</replaceable> </optional> <optional> max-policy-ttl <replaceable>number</replaceable> </optional> ;
|
||||
} <optional> recursive-only <replaceable>yes_or_no</replaceable> </optional> <optional> max-policy-ttl <replaceable>number</replaceable> </optional>
|
||||
<optional> break-dnssec <replaceable>yes_or_no</replaceable> </optional> ; </optional>
|
||||
<optional> break-dnssec <replaceable>yes_or_no</replaceable> </optional> <optional> min-ns-dots <replaceable>number</replaceable> </optional> ; </optional>
|
||||
};
|
||||
</programlisting>
|
||||
|
||||
@ -5374,11 +5391,18 @@ badresp:1,adberr:0,findfail:0,valfail:0]
|
||||
<term><command>managed-keys-directory</command></term>
|
||||
<listitem>
|
||||
<para>
|
||||
The directory used to hold the files used to track managed keys.
|
||||
By default it is the working directory. It there are no
|
||||
views then the file <filename>managed-keys.bind</filename>
|
||||
otherwise a SHA256 hash of the view name is used with
|
||||
<filename>.mkeys</filename> extension added.
|
||||
Specifies the directory in which to store the files that
|
||||
track managed DNSSEC keys. By default, this is the working
|
||||
directory.
|
||||
</para>
|
||||
<para>
|
||||
If <command>named</command> is not configured to use views,
|
||||
then managed keys for the server will be tracked in a single
|
||||
file called <filename>managed-keys.bind</filename>.
|
||||
Otherwise, managed keys will be tracked in separate files,
|
||||
one file per view; each file name will be the SHA256 hash
|
||||
of the view name, followed by the extension
|
||||
<filename>.mkeys</filename>.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
@ -5760,7 +5784,8 @@ options {
|
||||
installed along with <acronym>BIND</acronym> 9, and is
|
||||
current as of the release date. If the DLV key expires, a
|
||||
new copy of <filename>bind.keys</filename> can be downloaded
|
||||
from <ulink>https://www.isc.org/solutions/dlv</ulink>.
|
||||
from <ulink url="https://www.isc.org/solutions/dlv/"
|
||||
>https://www.isc.org/solutions/dlv/</ulink>.
|
||||
</para>
|
||||
<para>
|
||||
(To prevent problems if <filename>bind.keys</filename> is
|
||||
@ -6348,6 +6373,22 @@ options {
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><command>request-nsid</command></term>
|
||||
<listitem>
|
||||
<para>
|
||||
If <userinput>yes</userinput>, then an empty EDNS(0)
|
||||
NSID (Name Server Identifier) option is sent with all
|
||||
queries to authoritative name servers during iterative
|
||||
resolution. If the authoritative server returns an NSID
|
||||
option in its response, then its contents are logged in
|
||||
the <command>resolver</command> category at level
|
||||
<command>info</command>.
|
||||
The default is <userinput>no</userinput>.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><command>rfc2308-type1</command></term>
|
||||
<listitem>
|
||||
@ -6808,6 +6849,13 @@ options {
|
||||
checks use <command>named-checkzone</command>).
|
||||
The default is <command>yes</command>.
|
||||
</para>
|
||||
<para>
|
||||
Check that the two forms of Sender Policy Framework
|
||||
records (TXT records starting with "v=spf1" and SPF) either
|
||||
both exist or both don't exist. Warnings are
|
||||
emitted it they don't and be suppressed with
|
||||
<command>check-spf</command>.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -6843,6 +6891,19 @@ options {
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><command>check-spf</command></term>
|
||||
<listitem>
|
||||
<para>
|
||||
When performing integrity checks, check that the
|
||||
two forms of Sender Policy Framwork records (TXT
|
||||
records starting with "v=spf1" and SPF) both exist
|
||||
or both don't exist and issue a warning if not
|
||||
met. The default is <command>warn</command>.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><command>zero-no-soa-ttl</command></term>
|
||||
<listitem>
|
||||
@ -7105,6 +7166,12 @@ options {
|
||||
disallow them on external-facing ones, without
|
||||
necessarily knowing the internal network's addresses.
|
||||
</para>
|
||||
<para>
|
||||
Note that <command>allow-query-on</command> is only
|
||||
checked for queries that are permitted by
|
||||
<command>allow-query</command>. A query must be
|
||||
allowed by both ACLs, or it will be refused.
|
||||
</para>
|
||||
<para>
|
||||
<command>allow-query-on</command> may
|
||||
also be specified in the <command>zone</command>
|
||||
@ -8819,12 +8886,16 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
|
||||
built-in view (see <xref linkend="view_statement_grammar"/>) of
|
||||
class
|
||||
<command>CHAOS</command> which is separate from the
|
||||
default view of
|
||||
class <command>IN</command>; therefore, any global
|
||||
server options
|
||||
such as <command>allow-query</command> do not apply
|
||||
the these zones.
|
||||
If you feel the need to disable these zones, use the options
|
||||
default view of class <command>IN</command>. Most global
|
||||
configuration options (<command>allow-query</command>,
|
||||
etc) will apply to this view, but some are locally
|
||||
overridden: <command>notify</command>,
|
||||
<command>recursion</command> and
|
||||
<command>allow-new-zones</command> are
|
||||
always set to <userinput>no</userinput>.
|
||||
</para>
|
||||
<para>
|
||||
If you need to disable these zones, use the options
|
||||
below, or hide the built-in <command>CHAOS</command>
|
||||
view by
|
||||
defining an explicit view of class <command>CHAOS</command>
|
||||
@ -8897,7 +8968,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
|
||||
servers. The official servers which cover these namespaces
|
||||
return NXDOMAIN responses to these queries. In particular,
|
||||
these cover the reverse namespaces for addresses from
|
||||
RFC 1918, RFC 4193, and RFC 5737. They also include the
|
||||
RFC 1918, RFC 4193, RFC 5737 and RFC 6598. They also include the
|
||||
reverse namespace for IPv6 local address (locally assigned),
|
||||
IPv6 link local addresses, the IPv6 loopback address and the
|
||||
IPv6 unknown address.
|
||||
@ -8928,6 +8999,70 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
|
||||
<listitem>30.172.IN-ADDR.ARPA</listitem>
|
||||
<listitem>31.172.IN-ADDR.ARPA</listitem>
|
||||
<listitem>168.192.IN-ADDR.ARPA</listitem>
|
||||
<listitem>64.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>65.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>66.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>67.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>68.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>69.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>70.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>71.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>72.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>73.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>74.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>75.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>76.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>77.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>78.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>79.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>80.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>81.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>82.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>83.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>84.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>85.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>86.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>87.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>88.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>89.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>90.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>91.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>92.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>93.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>94.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>95.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>96.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>97.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>98.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>99.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>100.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>101.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>102.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>103.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>104.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>105.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>106.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>107.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>108.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>109.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>110.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>111.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>112.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>113.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>114.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>115.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>116.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>117.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>118.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>119.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>120.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>121.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>122.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>123.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>124.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>125.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>126.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>127.100.IN-ADDR.ARPA</listitem>
|
||||
<listitem>0.IN-ADDR.ARPA</listitem>
|
||||
<listitem>127.IN-ADDR.ARPA</listitem>
|
||||
<listitem>254.169.IN-ADDR.ARPA</listitem>
|
||||
@ -9188,7 +9323,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
|
||||
to get access to an internal node of your local network
|
||||
that couldn't be externally accessed otherwise.
|
||||
See the paper available at
|
||||
<ulink>
|
||||
<ulink url="http://portal.acm.org/citation.cfm?id=1315245.1315298">
|
||||
http://portal.acm.org/citation.cfm?id=1315245.1315298
|
||||
</ulink>
|
||||
for more details about the attacks.
|
||||
@ -9328,14 +9463,15 @@ deny-answer-aliases { "example.net"; };
|
||||
They are encoded as subdomains of
|
||||
<userinput>rpz-nsdomain</userinput> relativized
|
||||
to the RPZ origin name.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
NSIP triggers match IP addresses in A and
|
||||
AAAA RRsets for domains that can be checked against NSDNAME
|
||||
policy records.
|
||||
NSIP triggers are encoded like IP triggers except as subdomains of
|
||||
<userinput>rpz-nsip</userinput>.
|
||||
NSDNAME and NSIP triggers are checked only for names with at
|
||||
least <command>min-ns-dots</command> dots.
|
||||
The default value of <command>min-ns-dots</command> is 1 to
|
||||
exclude top level domains.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
@ -9374,17 +9510,6 @@ deny-answer-aliases { "example.net"; };
|
||||
and addresses.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Authority verification issues and variations in authority data
|
||||
can cause inconsistent results for NSIP and NSDNAME policy records.
|
||||
Glue NS records often differ from authoritative NS records.
|
||||
So they are available
|
||||
only when <acronym>BIND</acronym> is built with the
|
||||
<userinput>--enable-rpz-nsip</userinput> or
|
||||
<userinput>--enable-rpz-nsdname</userinput> options
|
||||
on the "configure" command line.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
RPZ record sets are sets of any types of DNS record except
|
||||
DNAME or DNSSEC that encode actions or responses to queries.
|
||||
@ -9409,7 +9534,7 @@ deny-answer-aliases { "example.net"; };
|
||||
walled garden's authority DNS server.
|
||||
</listitem>
|
||||
<listitem>The <command>PASSTHRU</command> policy is specified
|
||||
by a CNAME whose target is <command>rpz_passthru.</command>
|
||||
by a CNAME whose target is <command>rpz-passthru.</command>
|
||||
It causes the response to not be rewritten
|
||||
and is most often used to "poke holes" in policies for
|
||||
CIDR blocks.
|
||||
@ -9523,6 +9648,26 @@ bzone.domain.com CNAME garden.example.com.
|
||||
ns.domain.com.rpz-nsdname CNAME .
|
||||
48.zz.2.2001.rpz-nsip CNAME .
|
||||
</programlisting>
|
||||
<para>
|
||||
RPZ can affect server performance.
|
||||
Each configured response policy zone requires the server to
|
||||
perform one to four additional database lookups before a
|
||||
query can be answered.
|
||||
For example, a DNS server with four policy zones, each with all
|
||||
four kinds of response triggers, QNAME, IP, NSIP, and
|
||||
NSDNAME, requires a total of 17 times as many database
|
||||
lookups as a similar DNS server with no response policy zones.
|
||||
A <acronym>BIND9</acronym> server with adequate memory and one
|
||||
response policy zone with QNAME and IP triggers might achieve a
|
||||
maximum queries-per-second rate about 20% lower.
|
||||
A server with four response policy zones with QNAME and IP
|
||||
triggers might have a maximum QPS rate about 50% lower.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Responses rewritten by RPZ are counted in the
|
||||
<command>RPZRewrites</command> statistics.
|
||||
</para>
|
||||
</sect3>
|
||||
</sect2>
|
||||
|
||||
@ -9864,8 +10009,8 @@ ns.domain.com.rpz-nsdname CNAME .
|
||||
<title><command>managed-keys</command> Statement Grammar</title>
|
||||
|
||||
<programlisting><command>managed-keys</command> {
|
||||
<replaceable>string</replaceable> initial-key <replaceable>number</replaceable> <replaceable>number</replaceable> <replaceable>number</replaceable> <replaceable>string</replaceable> ;
|
||||
<optional> <replaceable>string</replaceable> initial-key <replaceable>number</replaceable> <replaceable>number</replaceable> <replaceable>number</replaceable> <replaceable>string</replaceable> ; <optional>...</optional></optional>
|
||||
<replaceable>name</replaceable> <literal>initial-key</literal> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key-data</replaceable> ;
|
||||
<optional> <replaceable>name</replaceable> <literal>initial-key</literal> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key-data</replaceable> ; <optional>...</optional></optional>
|
||||
};
|
||||
</programlisting>
|
||||
|
||||
@ -9973,13 +10118,16 @@ ns.domain.com.rpz-nsdname CNAME .
|
||||
<command>named</command>.)
|
||||
</para>
|
||||
<para>
|
||||
If the <command>dnssec-lookaside</command> option is
|
||||
If the <command>dnssec-validation</command> option is
|
||||
set to <userinput>auto</userinput>, <command>named</command>
|
||||
will automatically initialize a managed key for the
|
||||
zone <literal>dlv.isc.org</literal>. The key that is
|
||||
used to initialize the key maintenance process is built
|
||||
into <command>named</command>, and can be overridden
|
||||
from <command>bindkeys-file</command>.
|
||||
root zone. Similarly, if the <command>dnssec-lookaside</command>
|
||||
option is set to <userinput>auto</userinput>,
|
||||
<command>named</command> will automatically initialize
|
||||
a managed key for the zone <literal>dlv.isc.org</literal>.
|
||||
In both cases, the key that is used to initialize the key
|
||||
maintenance process is built into <command>named</command>,
|
||||
and can be overridden from <command>bindkeys-file</command>.
|
||||
</para>
|
||||
</sect2>
|
||||
|
||||
@ -10141,6 +10289,7 @@ view "external" {
|
||||
<optional> check-names (<constant>warn</constant>|<constant>fail</constant>|<constant>ignore</constant>) ; </optional>
|
||||
<optional> check-mx (<constant>warn</constant>|<constant>fail</constant>|<constant>ignore</constant>) ; </optional>
|
||||
<optional> check-wildcard <replaceable>yes_or_no</replaceable>; </optional>
|
||||
<optional> check-spf ( <replaceable>warn</replaceable> | <replaceable>fail</replaceable> | <replaceable>ignore</replaceable> ); </optional>
|
||||
<optional> check-integrity <replaceable>yes_or_no</replaceable> ; </optional>
|
||||
<optional> dialup <replaceable>dialup_option</replaceable> ; </optional>
|
||||
<optional> file <replaceable>string</replaceable> ; </optional>
|
||||
@ -10706,6 +10855,16 @@ zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replacea
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><command>check-spf</command></term>
|
||||
<listitem>
|
||||
<para>
|
||||
See the description of
|
||||
<command>check-spf</command> in <xref linkend="boolean_options"/>.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><command>check-wildcard</command></term>
|
||||
<listitem>
|
||||
@ -14094,6 +14253,19 @@ HOST-127.EXAMPLE. MX 0 .
|
||||
</para>
|
||||
</entry>
|
||||
</row>
|
||||
<row rowsep="0">
|
||||
<entry colname="1">
|
||||
<para><command>RPZRewrites</command></para>
|
||||
</entry>
|
||||
<entry colname="2">
|
||||
<para><command></command></para>
|
||||
</entry>
|
||||
<entry colname="3">
|
||||
<para>
|
||||
Response policy zone rewrites.
|
||||
</para>
|
||||
</entry>
|
||||
</row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
</informaltable>
|
||||
@ -14915,14 +15087,6 @@ zone "example.com" {
|
||||
This allows recursive queries of the server from the outside
|
||||
unless recursion has been previously disabled.
|
||||
</para>
|
||||
<para>
|
||||
For more information on how to use ACLs to protect your server,
|
||||
see the <emphasis>AUSCERT</emphasis> advisory at:
|
||||
</para>
|
||||
<para>
|
||||
<ulink url="ftp://ftp.auscert.org.au/pub/auscert/advisory/AL-1999.004.dns_dos"
|
||||
>ftp://ftp.auscert.org.au/pub/auscert/advisory/AL-1999.004.dns_dos</ulink>
|
||||
</para>
|
||||
</sect1>
|
||||
<sect1>
|
||||
<title><command>Chroot</command> and <command>Setuid</command></title>
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
- Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -45,17 +45,17 @@
|
||||
<div class="toc">
|
||||
<p><b>Table of Contents</b></p>
|
||||
<dl>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564375">Scope of Document</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564398">Organization of This Document</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564538">Conventions Used in This Document</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564720">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564378">Scope of Document</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564402">Organization of This Document</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564541">Conventions Used in This Document</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564723">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
|
||||
<dd><dl>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564741">DNS Fundamentals</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564775">Domains and Domain Names</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567180">Zones</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567257">Authoritative Name Servers</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567430">Caching Name Servers</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567560">Name Servers in Multiple Roles</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564744">DNS Fundamentals</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564846">Domains and Domain Names</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567184">Zones</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567260">Authoritative Name Servers</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567433">Caching Name Servers</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567563">Name Servers in Multiple Roles</a></span></dt>
|
||||
</dl></dd>
|
||||
</dl>
|
||||
</div>
|
||||
@ -71,7 +71,7 @@
|
||||
</p>
|
||||
<div class="sect1" lang="en">
|
||||
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
|
||||
<a name="id2564375"></a>Scope of Document</h2></div></div></div>
|
||||
<a name="id2564378"></a>Scope of Document</h2></div></div></div>
|
||||
<p>
|
||||
The Berkeley Internet Name Domain
|
||||
(<acronym class="acronym">BIND</acronym>) implements a
|
||||
@ -87,7 +87,7 @@
|
||||
</div>
|
||||
<div class="sect1" lang="en">
|
||||
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
|
||||
<a name="id2564398"></a>Organization of This Document</h2></div></div></div>
|
||||
<a name="id2564402"></a>Organization of This Document</h2></div></div></div>
|
||||
<p>
|
||||
In this document, <span class="emphasis"><em>Chapter 1</em></span> introduces
|
||||
the basic <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym> concepts. <span class="emphasis"><em>Chapter 2</em></span>
|
||||
@ -116,7 +116,7 @@
|
||||
</div>
|
||||
<div class="sect1" lang="en">
|
||||
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
|
||||
<a name="id2564538"></a>Conventions Used in This Document</h2></div></div></div>
|
||||
<a name="id2564541"></a>Conventions Used in This Document</h2></div></div></div>
|
||||
<p>
|
||||
In this document, we use the following general typographic
|
||||
conventions:
|
||||
@ -243,7 +243,7 @@
|
||||
</div>
|
||||
<div class="sect1" lang="en">
|
||||
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
|
||||
<a name="id2564720"></a>The Domain Name System (<acronym class="acronym">DNS</acronym>)</h2></div></div></div>
|
||||
<a name="id2564723"></a>The Domain Name System (<acronym class="acronym">DNS</acronym>)</h2></div></div></div>
|
||||
<p>
|
||||
The purpose of this document is to explain the installation
|
||||
and upkeep of the <acronym class="acronym">BIND</acronym> (Berkeley Internet
|
||||
@ -253,7 +253,7 @@
|
||||
</p>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2564741"></a>DNS Fundamentals</h3></div></div></div>
|
||||
<a name="id2564744"></a>DNS Fundamentals</h3></div></div></div>
|
||||
<p>
|
||||
The Domain Name System (DNS) is a hierarchical, distributed
|
||||
database. It stores information for mapping Internet host names to
|
||||
@ -275,7 +275,7 @@
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2564775"></a>Domains and Domain Names</h3></div></div></div>
|
||||
<a name="id2564846"></a>Domains and Domain Names</h3></div></div></div>
|
||||
<p>
|
||||
The data stored in the DNS is identified by <span class="emphasis"><em>domain names</em></span> that are organized as a tree according to
|
||||
organizational or administrative boundaries. Each node of the tree,
|
||||
@ -321,7 +321,7 @@
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2567180"></a>Zones</h3></div></div></div>
|
||||
<a name="id2567184"></a>Zones</h3></div></div></div>
|
||||
<p>
|
||||
To properly operate a name server, it is important to understand
|
||||
the difference between a <span class="emphasis"><em>zone</em></span>
|
||||
@ -374,7 +374,7 @@
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2567257"></a>Authoritative Name Servers</h3></div></div></div>
|
||||
<a name="id2567260"></a>Authoritative Name Servers</h3></div></div></div>
|
||||
<p>
|
||||
Each zone is served by at least
|
||||
one <span class="emphasis"><em>authoritative name server</em></span>,
|
||||
@ -391,7 +391,7 @@
|
||||
</p>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2567281"></a>The Primary Master</h4></div></div></div>
|
||||
<a name="id2567284"></a>The Primary Master</h4></div></div></div>
|
||||
<p>
|
||||
The authoritative server where the master copy of the zone
|
||||
data is maintained is called the
|
||||
@ -411,7 +411,7 @@
|
||||
</div>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2567379"></a>Slave Servers</h4></div></div></div>
|
||||
<a name="id2567382"></a>Slave Servers</h4></div></div></div>
|
||||
<p>
|
||||
The other authoritative servers, the <span class="emphasis"><em>slave</em></span>
|
||||
servers (also known as <span class="emphasis"><em>secondary</em></span> servers)
|
||||
@ -427,7 +427,7 @@
|
||||
</div>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2567400"></a>Stealth Servers</h4></div></div></div>
|
||||
<a name="id2567403"></a>Stealth Servers</h4></div></div></div>
|
||||
<p>
|
||||
Usually all of the zone's authoritative servers are listed in
|
||||
NS records in the parent zone. These NS records constitute
|
||||
@ -462,7 +462,7 @@
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2567430"></a>Caching Name Servers</h3></div></div></div>
|
||||
<a name="id2567433"></a>Caching Name Servers</h3></div></div></div>
|
||||
<p>
|
||||
The resolver libraries provided by most operating systems are
|
||||
<span class="emphasis"><em>stub resolvers</em></span>, meaning that they are not
|
||||
@ -489,7 +489,7 @@
|
||||
</p>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2567533"></a>Forwarding</h4></div></div></div>
|
||||
<a name="id2567537"></a>Forwarding</h4></div></div></div>
|
||||
<p>
|
||||
Even a caching name server does not necessarily perform
|
||||
the complete recursive lookup itself. Instead, it can
|
||||
@ -516,7 +516,7 @@
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2567560"></a>Name Servers in Multiple Roles</h3></div></div></div>
|
||||
<a name="id2567563"></a>Name Servers in Multiple Roles</h3></div></div></div>
|
||||
<p>
|
||||
The <acronym class="acronym">BIND</acronym> name server can
|
||||
simultaneously act as
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
- Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -45,16 +45,16 @@
|
||||
<div class="toc">
|
||||
<p><b>Table of Contents</b></p>
|
||||
<dl>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567594">Hardware requirements</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567621">CPU Requirements</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567634">Memory Requirements</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567729">Name Server Intensive Environment Issues</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567739">Supported Operating Systems</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567597">Hardware requirements</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567624">CPU Requirements</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567637">Memory Requirements</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567732">Name Server Intensive Environment Issues</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567742">Supported Operating Systems</a></span></dt>
|
||||
</dl>
|
||||
</div>
|
||||
<div class="sect1" lang="en">
|
||||
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
|
||||
<a name="id2567594"></a>Hardware requirements</h2></div></div></div>
|
||||
<a name="id2567597"></a>Hardware requirements</h2></div></div></div>
|
||||
<p>
|
||||
<acronym class="acronym">DNS</acronym> hardware requirements have
|
||||
traditionally been quite modest.
|
||||
@ -73,7 +73,7 @@
|
||||
</div>
|
||||
<div class="sect1" lang="en">
|
||||
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
|
||||
<a name="id2567621"></a>CPU Requirements</h2></div></div></div>
|
||||
<a name="id2567624"></a>CPU Requirements</h2></div></div></div>
|
||||
<p>
|
||||
CPU requirements for <acronym class="acronym">BIND</acronym> 9 range from
|
||||
i486-class machines
|
||||
@ -84,7 +84,7 @@
|
||||
</div>
|
||||
<div class="sect1" lang="en">
|
||||
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
|
||||
<a name="id2567634"></a>Memory Requirements</h2></div></div></div>
|
||||
<a name="id2567637"></a>Memory Requirements</h2></div></div></div>
|
||||
<p>
|
||||
The memory of the server has to be large enough to fit the
|
||||
cache and zones loaded off disk. The <span><strong class="command">max-cache-size</strong></span>
|
||||
@ -107,7 +107,7 @@
|
||||
</div>
|
||||
<div class="sect1" lang="en">
|
||||
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
|
||||
<a name="id2567729"></a>Name Server Intensive Environment Issues</h2></div></div></div>
|
||||
<a name="id2567732"></a>Name Server Intensive Environment Issues</h2></div></div></div>
|
||||
<p>
|
||||
For name server intensive environments, there are two alternative
|
||||
configurations that may be used. The first is where clients and
|
||||
@ -124,7 +124,7 @@
|
||||
</div>
|
||||
<div class="sect1" lang="en">
|
||||
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
|
||||
<a name="id2567739"></a>Supported Operating Systems</h2></div></div></div>
|
||||
<a name="id2567742"></a>Supported Operating Systems</h2></div></div></div>
|
||||
<p>
|
||||
ISC <acronym class="acronym">BIND</acronym> 9 compiles and runs on a large
|
||||
number
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
- Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -47,14 +47,14 @@
|
||||
<dl>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#sample_configuration">Sample Configurations</a></span></dt>
|
||||
<dd><dl>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567771">A Caching-only Name Server</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567992">An Authoritative-only Name Server</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567774">A Caching-only Name Server</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567995">An Authoritative-only Name Server</a></span></dt>
|
||||
</dl></dd>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568014">Load Balancing</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568369">Name Server Operations</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568018">Load Balancing</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568372">Name Server Operations</a></span></dt>
|
||||
<dd><dl>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568374">Tools for Use With the Name Server Daemon</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570421">Signals</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568377">Tools for Use With the Name Server Daemon</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570424">Signals</a></span></dt>
|
||||
</dl></dd>
|
||||
</dl>
|
||||
</div>
|
||||
@ -68,7 +68,7 @@
|
||||
<a name="sample_configuration"></a>Sample Configurations</h2></div></div></div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2567771"></a>A Caching-only Name Server</h3></div></div></div>
|
||||
<a name="id2567774"></a>A Caching-only Name Server</h3></div></div></div>
|
||||
<p>
|
||||
The following sample configuration is appropriate for a caching-only
|
||||
name server for use by clients internal to a corporation. All
|
||||
@ -98,7 +98,7 @@ zone "0.0.127.in-addr.arpa" {
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2567992"></a>An Authoritative-only Name Server</h3></div></div></div>
|
||||
<a name="id2567995"></a>An Authoritative-only Name Server</h3></div></div></div>
|
||||
<p>
|
||||
This sample configuration is for an authoritative-only server
|
||||
that is the master server for "<code class="filename">example.com</code>"
|
||||
@ -146,7 +146,7 @@ zone "eng.example.com" {
|
||||
</div>
|
||||
<div class="sect1" lang="en">
|
||||
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
|
||||
<a name="id2568014"></a>Load Balancing</h2></div></div></div>
|
||||
<a name="id2568018"></a>Load Balancing</h2></div></div></div>
|
||||
<p>
|
||||
A primitive form of load balancing can be achieved in
|
||||
the <acronym class="acronym">DNS</acronym> by using multiple records
|
||||
@ -289,10 +289,10 @@ zone "eng.example.com" {
|
||||
</div>
|
||||
<div class="sect1" lang="en">
|
||||
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
|
||||
<a name="id2568369"></a>Name Server Operations</h2></div></div></div>
|
||||
<a name="id2568372"></a>Name Server Operations</h2></div></div></div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2568374"></a>Tools for Use With the Name Server Daemon</h3></div></div></div>
|
||||
<a name="id2568377"></a>Tools for Use With the Name Server Daemon</h3></div></div></div>
|
||||
<p>
|
||||
This section describes several indispensable diagnostic,
|
||||
administrative and monitoring tools available to the system
|
||||
@ -681,7 +681,7 @@ zone "eng.example.com" {
|
||||
<em class="replaceable"><code>keyname</code></em>
|
||||
[<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span></dt>
|
||||
<dd><p>
|
||||
Delete a given TKEY-negotated key from the server.
|
||||
Delete a given TKEY-negotiated key from the server.
|
||||
(This does not apply to statically configured TSIG
|
||||
keys.)
|
||||
</p></dd>
|
||||
@ -888,7 +888,7 @@ controls {
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2570421"></a>Signals</h3></div></div></div>
|
||||
<a name="id2570424"></a>Signals</h3></div></div></div>
|
||||
<p>
|
||||
Certain UNIX signals cause the name server to take specific
|
||||
actions, as described in the following table. These signals can
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
- Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -49,59 +49,59 @@
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dynamic_update">Dynamic Update</a></span></dt>
|
||||
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#journal">The journal file</a></span></dt></dl></dd>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#incremental_zone_transfers">Incremental Zone Transfers (IXFR)</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570934">Split DNS</a></span></dt>
|
||||
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570952">Example split DNS setup</a></span></dt></dl></dd>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570937">Split DNS</a></span></dt>
|
||||
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570955">Example split DNS setup</a></span></dt></dl></dd>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#tsig">TSIG</a></span></dt>
|
||||
<dd><dl>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564012">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564086">Copying the Shared Secret to Both Machines</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571811">Informing the Servers of the Key's Existence</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571847">Instructing the Server to Use the Key</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571905">TSIG Key Based Access Control</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571954">Errors</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564016">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564089">Copying the Shared Secret to Both Machines</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571814">Informing the Servers of the Key's Existence</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571850">Instructing the Server to Use the Key</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571908">TSIG Key Based Access Control</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571957">Errors</a></span></dt>
|
||||
</dl></dd>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571968">TKEY</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2572153">SIG(0)</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571971">TKEY</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2572156">SIG(0)</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#DNSSEC">DNSSEC</a></span></dt>
|
||||
<dd><dl>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572221">Generating Keys</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572300">Signing the Zone</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572381">Configuring Servers</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572225">Generating Keys</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572304">Signing the Zone</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572385">Configuring Servers</a></span></dt>
|
||||
</dl></dd>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dnssec.dynamic.zones">DNSSEC, Dynamic Zones, and Automatic Signing</a></span></dt>
|
||||
<dd><dl>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571475">Converting from insecure to secure</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571512">Dynamic DNS update method</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563493">Fully automatic zone signing</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563575">Private-type records</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563612">DNSKEY rollovers</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563762">Dynamic DNS update method</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563795">Automatic key rollovers</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563821">NSEC3PARAM rollovers via UPDATE</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563899">Converting from NSEC to NSEC3</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563909">Converting from NSEC3 to NSEC</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563922">Converting from secure to insecure</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571605">Periodic re-signing</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571614">NSEC3 and OPTOUT</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2608395">Converting from insecure to secure</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563581">Dynamic DNS update method</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563754">Fully automatic zone signing</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563836">Private-type records</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563874">DNSKEY rollovers</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563886">Dynamic DNS update method</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563920">Automatic key rollovers</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563946">NSEC3PARAM rollovers via UPDATE</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563956">Converting from NSEC to NSEC3</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571406">Converting from NSEC3 to NSEC</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571419">Converting from secure to insecure</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571457">Periodic re-signing</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571466">NSEC3 and OPTOUT</a></span></dt>
|
||||
</dl></dd>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#rfc5011.support">Dynamic Trust Anchor Management</a></span></dt>
|
||||
<dd><dl>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2607510">Validating Resolver</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571692">Authoritative Server</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571658">Validating Resolver</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571681">Authoritative Server</a></span></dt>
|
||||
</dl></dd>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#pkcs11">PKCS #11 (Cryptoki) support</a></span></dt>
|
||||
<dd><dl>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2610637">Prerequisites</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2608477">Building BIND 9 with PKCS#11</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2608602">PKCS #11 Tools</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2634916">Using the HSM</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2635114">Specifying the engine on the command line</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2635160">Running named with automatic zone re-signing</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2611650">Prerequisites</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2608875">Building BIND 9 with PKCS#11</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2609137">PKCS #11 Tools</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2635518">Using the HSM</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2635785">Specifying the engine on the command line</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2635831">Running named with automatic zone re-signing</a></span></dt>
|
||||
</dl></dd>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2572669">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2572604">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
|
||||
<dd><dl>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572868">Address Lookups Using AAAA Records</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572889">Address to Name Lookups Using Nibble Format</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572871">Address Lookups Using AAAA Records</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572892">Address to Name Lookups Using Nibble Format</a></span></dt>
|
||||
</dl></dd>
|
||||
</dl>
|
||||
</div>
|
||||
@ -258,7 +258,7 @@
|
||||
</div>
|
||||
<div class="sect1" lang="en">
|
||||
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
|
||||
<a name="id2570934"></a>Split DNS</h2></div></div></div>
|
||||
<a name="id2570937"></a>Split DNS</h2></div></div></div>
|
||||
<p>
|
||||
Setting up different views, or visibility, of the DNS space to
|
||||
internal and external resolvers is usually referred to as a
|
||||
@ -288,7 +288,7 @@
|
||||
</p>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2570952"></a>Example split DNS setup</h3></div></div></div>
|
||||
<a name="id2570955"></a>Example split DNS setup</h3></div></div></div>
|
||||
<p>
|
||||
Let's say a company named <span class="emphasis"><em>Example, Inc.</em></span>
|
||||
(<code class="literal">example.com</code>)
|
||||
@ -545,7 +545,7 @@ nameserver 172.16.72.4
|
||||
</p>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2564012"></a>Generate Shared Keys for Each Pair of Hosts</h3></div></div></div>
|
||||
<a name="id2564016"></a>Generate Shared Keys for Each Pair of Hosts</h3></div></div></div>
|
||||
<p>
|
||||
A shared secret is generated to be shared between <span class="emphasis"><em>host1</em></span> and <span class="emphasis"><em>host2</em></span>.
|
||||
An arbitrary key name is chosen: "host1-host2.". The key name must
|
||||
@ -553,7 +553,7 @@ nameserver 172.16.72.4
|
||||
</p>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2564029"></a>Automatic Generation</h4></div></div></div>
|
||||
<a name="id2564033"></a>Automatic Generation</h4></div></div></div>
|
||||
<p>
|
||||
The following command will generate a 128-bit (16 byte) HMAC-SHA256
|
||||
key as described above. Longer keys are better, but shorter keys
|
||||
@ -577,7 +577,7 @@ nameserver 172.16.72.4
|
||||
</div>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2564068"></a>Manual Generation</h4></div></div></div>
|
||||
<a name="id2564071"></a>Manual Generation</h4></div></div></div>
|
||||
<p>
|
||||
The shared secret is simply a random sequence of bits, encoded
|
||||
in base-64. Most ASCII strings are valid base-64 strings (assuming
|
||||
@ -592,7 +592,7 @@ nameserver 172.16.72.4
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2564086"></a>Copying the Shared Secret to Both Machines</h3></div></div></div>
|
||||
<a name="id2564089"></a>Copying the Shared Secret to Both Machines</h3></div></div></div>
|
||||
<p>
|
||||
This is beyond the scope of DNS. A secure transport mechanism
|
||||
should be used. This could be secure FTP, ssh, telephone, etc.
|
||||
@ -600,7 +600,7 @@ nameserver 172.16.72.4
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2571811"></a>Informing the Servers of the Key's Existence</h3></div></div></div>
|
||||
<a name="id2571814"></a>Informing the Servers of the Key's Existence</h3></div></div></div>
|
||||
<p>
|
||||
Imagine <span class="emphasis"><em>host1</em></span> and <span class="emphasis"><em>host 2</em></span>
|
||||
are
|
||||
@ -627,7 +627,7 @@ key host1-host2. {
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2571847"></a>Instructing the Server to Use the Key</h3></div></div></div>
|
||||
<a name="id2571850"></a>Instructing the Server to Use the Key</h3></div></div></div>
|
||||
<p>
|
||||
Since keys are shared between two hosts only, the server must
|
||||
be told when keys are to be used. The following is added to the <code class="filename">named.conf</code> file
|
||||
@ -659,7 +659,7 @@ server 10.1.2.3 {
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2571905"></a>TSIG Key Based Access Control</h3></div></div></div>
|
||||
<a name="id2571908"></a>TSIG Key Based Access Control</h3></div></div></div>
|
||||
<p>
|
||||
<acronym class="acronym">BIND</acronym> allows IP addresses and ranges
|
||||
to be specified in ACL
|
||||
@ -686,7 +686,7 @@ allow-update { key host1-host2. ;};
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2571954"></a>Errors</h3></div></div></div>
|
||||
<a name="id2571957"></a>Errors</h3></div></div></div>
|
||||
<p>
|
||||
The processing of TSIG signed messages can result in
|
||||
several errors. If a signed message is sent to a non-TSIG aware
|
||||
@ -712,7 +712,7 @@ allow-update { key host1-host2. ;};
|
||||
</div>
|
||||
<div class="sect1" lang="en">
|
||||
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
|
||||
<a name="id2571968"></a>TKEY</h2></div></div></div>
|
||||
<a name="id2571971"></a>TKEY</h2></div></div></div>
|
||||
<p><span><strong class="command">TKEY</strong></span>
|
||||
is a mechanism for automatically generating a shared secret
|
||||
between two hosts. There are several "modes" of
|
||||
@ -748,7 +748,7 @@ allow-update { key host1-host2. ;};
|
||||
</div>
|
||||
<div class="sect1" lang="en">
|
||||
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
|
||||
<a name="id2572153"></a>SIG(0)</h2></div></div></div>
|
||||
<a name="id2572156"></a>SIG(0)</h2></div></div></div>
|
||||
<p>
|
||||
<acronym class="acronym">BIND</acronym> 9 partially supports DNSSEC SIG(0)
|
||||
transaction signatures as specified in RFC 2535 and RFC 2931.
|
||||
@ -809,7 +809,7 @@ allow-update { key host1-host2. ;};
|
||||
</p>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2572221"></a>Generating Keys</h3></div></div></div>
|
||||
<a name="id2572225"></a>Generating Keys</h3></div></div></div>
|
||||
<p>
|
||||
The <span><strong class="command">dnssec-keygen</strong></span> program is used to
|
||||
generate keys.
|
||||
@ -865,7 +865,7 @@ allow-update { key host1-host2. ;};
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2572300"></a>Signing the Zone</h3></div></div></div>
|
||||
<a name="id2572304"></a>Signing the Zone</h3></div></div></div>
|
||||
<p>
|
||||
The <span><strong class="command">dnssec-signzone</strong></span> program is used
|
||||
to sign a zone.
|
||||
@ -907,7 +907,7 @@ allow-update { key host1-host2. ;};
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2572381"></a>Configuring Servers</h3></div></div></div>
|
||||
<a name="id2572385"></a>Configuring Servers</h3></div></div></div>
|
||||
<p>
|
||||
To enable <span><strong class="command">named</strong></span> to respond appropriately
|
||||
to DNS requests from DNSSEC aware clients,
|
||||
@ -1067,7 +1067,7 @@ options {
|
||||
from insecure to signed and back again. A secure zone can use
|
||||
either NSEC or NSEC3 chains.</p>
|
||||
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2571475"></a>Converting from insecure to secure</h3></div></div></div></div>
|
||||
<a name="id2608395"></a>Converting from insecure to secure</h3></div></div></div></div>
|
||||
<p>Changing a zone from insecure to secure can be done in two
|
||||
ways: using a dynamic DNS update, or the
|
||||
<span><strong class="command">auto-dnssec</strong></span> zone option.</p>
|
||||
@ -1093,7 +1093,7 @@ options {
|
||||
well. An NSEC chain will be generated as part of the initial
|
||||
signing process.</p>
|
||||
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2571512"></a>Dynamic DNS update method</h3></div></div></div></div>
|
||||
<a name="id2563581"></a>Dynamic DNS update method</h3></div></div></div></div>
|
||||
<p>To insert the keys via dynamic update:</p>
|
||||
<pre class="screen">
|
||||
% nsupdate
|
||||
@ -1129,7 +1129,7 @@ options {
|
||||
<p>While the initial signing and NSEC/NSEC3 chain generation
|
||||
is happening, other updates are possible as well.</p>
|
||||
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2563493"></a>Fully automatic zone signing</h3></div></div></div></div>
|
||||
<a name="id2563754"></a>Fully automatic zone signing</h3></div></div></div></div>
|
||||
<p>To enable automatic signing, add the
|
||||
<span><strong class="command">auto-dnssec</strong></span> option to the zone statement in
|
||||
<code class="filename">named.conf</code>.
|
||||
@ -1164,7 +1164,7 @@ options {
|
||||
configuration. If this has not been done, the configuration will
|
||||
fail.</p>
|
||||
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2563575"></a>Private-type records</h3></div></div></div></div>
|
||||
<a name="id2563836"></a>Private-type records</h3></div></div></div></div>
|
||||
<p>The state of the signing process is signaled by
|
||||
private-type records (with a default type value of 65534). When
|
||||
signing is complete, these records will have a nonzero value for
|
||||
@ -1205,12 +1205,12 @@ options {
|
||||
<p>
|
||||
</p>
|
||||
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2563612"></a>DNSKEY rollovers</h3></div></div></div></div>
|
||||
<a name="id2563874"></a>DNSKEY rollovers</h3></div></div></div></div>
|
||||
<p>As with insecure-to-secure conversions, rolling DNSSEC
|
||||
keys can be done in two ways: using a dynamic DNS update, or the
|
||||
<span><strong class="command">auto-dnssec</strong></span> zone option.</p>
|
||||
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2563762"></a>Dynamic DNS update method</h3></div></div></div></div>
|
||||
<a name="id2563886"></a>Dynamic DNS update method</h3></div></div></div></div>
|
||||
<p> To perform key rollovers via dynamic update, you need to add
|
||||
the <code class="filename">K*</code> files for the new keys so that
|
||||
<span><strong class="command">named</strong></span> can find them. You can then add the new
|
||||
@ -1232,7 +1232,7 @@ options {
|
||||
<span><strong class="command">named</strong></span> will clean out any signatures generated
|
||||
by the old key after the update completes.</p>
|
||||
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2563795"></a>Automatic key rollovers</h3></div></div></div></div>
|
||||
<a name="id2563920"></a>Automatic key rollovers</h3></div></div></div></div>
|
||||
<p>When a new key reaches its activation date (as set by
|
||||
<span><strong class="command">dnssec-keygen</strong></span> or <span><strong class="command">dnssec-settime</strong></span>),
|
||||
if the <span><strong class="command">auto-dnssec</strong></span> zone option is set to
|
||||
@ -1247,27 +1247,27 @@ options {
|
||||
completes in 30 days, after which it will be safe to remove the
|
||||
old key from the DNSKEY RRset.</p>
|
||||
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2563821"></a>NSEC3PARAM rollovers via UPDATE</h3></div></div></div></div>
|
||||
<a name="id2563946"></a>NSEC3PARAM rollovers via UPDATE</h3></div></div></div></div>
|
||||
<p>Add the new NSEC3PARAM record via dynamic update. When the
|
||||
new NSEC3 chain has been generated, the NSEC3PARAM flag field
|
||||
will be zero. At this point you can remove the old NSEC3PARAM
|
||||
record. The old chain will be removed after the update request
|
||||
completes.</p>
|
||||
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2563899"></a>Converting from NSEC to NSEC3</h3></div></div></div></div>
|
||||
<a name="id2563956"></a>Converting from NSEC to NSEC3</h3></div></div></div></div>
|
||||
<p>To do this, you just need to add an NSEC3PARAM record. When
|
||||
the conversion is complete, the NSEC chain will have been removed
|
||||
and the NSEC3PARAM record will have a zero flag field. The NSEC3
|
||||
chain will be generated before the NSEC chain is
|
||||
destroyed.</p>
|
||||
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2563909"></a>Converting from NSEC3 to NSEC</h3></div></div></div></div>
|
||||
<a name="id2571406"></a>Converting from NSEC3 to NSEC</h3></div></div></div></div>
|
||||
<p>To do this, use <span><strong class="command">nsupdate</strong></span> to
|
||||
remove all NSEC3PARAM records with a zero flag
|
||||
field. The NSEC chain will be generated before the NSEC3 chain is
|
||||
removed.</p>
|
||||
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2563922"></a>Converting from secure to insecure</h3></div></div></div></div>
|
||||
<a name="id2571419"></a>Converting from secure to insecure</h3></div></div></div></div>
|
||||
<p>To convert a signed zone to unsigned using dynamic DNS,
|
||||
delete all the DNSKEY records from the zone apex using
|
||||
<span><strong class="command">nsupdate</strong></span>. All signatures, NSEC or NSEC3 chains,
|
||||
@ -1282,14 +1282,14 @@ options {
|
||||
<span><strong class="command">allow</strong></span> instead (or it will re-sign).
|
||||
</p>
|
||||
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2571605"></a>Periodic re-signing</h3></div></div></div></div>
|
||||
<a name="id2571457"></a>Periodic re-signing</h3></div></div></div></div>
|
||||
<p>In any secure zone which supports dynamic updates, named
|
||||
will periodically re-sign RRsets which have not been re-signed as
|
||||
a result of some update action. The signature lifetimes will be
|
||||
adjusted so as to spread the re-sign load over time rather than
|
||||
all at once.</p>
|
||||
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2571614"></a>NSEC3 and OPTOUT</h3></div></div></div></div>
|
||||
<a name="id2571466"></a>NSEC3 and OPTOUT</h3></div></div></div></div>
|
||||
<p>
|
||||
<span><strong class="command">named</strong></span> only supports creating new NSEC3 chains
|
||||
where all the NSEC3 records in the zone have the same OPTOUT
|
||||
@ -1311,7 +1311,7 @@ options {
|
||||
configuration files.</p>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2607510"></a>Validating Resolver</h3></div></div></div>
|
||||
<a name="id2571658"></a>Validating Resolver</h3></div></div></div>
|
||||
<p>To configure a validating resolver to use RFC 5011 to
|
||||
maintain a trust anchor, configure the trust anchor using a
|
||||
<span><strong class="command">managed-keys</strong></span> statement. Information about
|
||||
@ -1322,7 +1322,7 @@ options {
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2571692"></a>Authoritative Server</h3></div></div></div>
|
||||
<a name="id2571681"></a>Authoritative Server</h3></div></div></div>
|
||||
<p>To set up an authoritative zone for RFC 5011 trust anchor
|
||||
maintenance, generate two (or more) key signing keys (KSKs) for
|
||||
the zone. Sign the zone with one of them; this is the "active"
|
||||
@ -1396,7 +1396,7 @@ $ <strong class="userinput"><code>dnssec-signzone -S -K keys example.net</code><
|
||||
Debian Linux, Solaris x86 and Windows Server 2003.</p>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2610637"></a>Prerequisites</h3></div></div></div>
|
||||
<a name="id2611650"></a>Prerequisites</h3></div></div></div>
|
||||
<p>See the HSM vendor documentation for information about
|
||||
installing, initializing, testing and troubleshooting the
|
||||
HSM.</p>
|
||||
@ -1410,7 +1410,7 @@ $ <strong class="userinput"><code>dnssec-signzone -S -K keys example.net</code><
|
||||
This is a shared library object, providing a low-level PKCS #11
|
||||
interface to the HSM hardware. It is dynamically loaded by
|
||||
OpenSSL at runtime. The PKCS #11 provider comes from the HSM
|
||||
vendor, and and is specific to the HSM to be controlled.</p>
|
||||
vendor, and is specific to the HSM to be controlled.</p>
|
||||
<p>There are two "flavors" of PKCS #11 support provided by
|
||||
the patched OpenSSL, one of which must be chosen at
|
||||
configuration time. The correct choice depends on the HSM
|
||||
@ -1473,7 +1473,7 @@ $ <strong class="userinput"><code>patch -p1 -d openssl-0.9.8s \
|
||||
when we configure BIND 9.</p>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2608071"></a>Building OpenSSL for the AEP Keyper on Linux</h4></div></div></div>
|
||||
<a name="id2608605"></a>Building OpenSSL for the AEP Keyper on Linux</h4></div></div></div>
|
||||
<p>The AEP Keyper is a highly secure key storage device,
|
||||
but does not provide hardware cryptographic acceleration. It
|
||||
can carry out cryptographic operations, but it is probably
|
||||
@ -1505,7 +1505,7 @@ $ <strong class="userinput"><code>./Configure linux-generic32 -m32 -pthread \
|
||||
</div>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2608140"></a>Building OpenSSL for the SCA 6000 on Solaris</h4></div></div></div>
|
||||
<a name="id2608675"></a>Building OpenSSL for the SCA 6000 on Solaris</h4></div></div></div>
|
||||
<p>The SCA-6000 PKCS #11 provider is installed as a system
|
||||
library, libpkcs11. It is a true crypto accelerator, up to 4
|
||||
times faster than any CPU, so the flavor shall be
|
||||
@ -1527,7 +1527,7 @@ $ <strong class="userinput"><code>./Configure solaris64-x86_64-cc \
|
||||
</div>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2608189"></a>Building OpenSSL for SoftHSM</h4></div></div></div>
|
||||
<a name="id2608724"></a>Building OpenSSL for SoftHSM</h4></div></div></div>
|
||||
<p>SoftHSM is a software library provided by the OpenDNSSEC
|
||||
project (http://www.opendnssec.org) which provides a PKCS#11
|
||||
interface to a virtual HSM, implemented in the form of encrypted
|
||||
@ -1587,12 +1587,12 @@ $ <strong class="userinput"><code>./Configure linux-x86_64 -pthread \
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2608477"></a>Building BIND 9 with PKCS#11</h3></div></div></div>
|
||||
<a name="id2608875"></a>Building BIND 9 with PKCS#11</h3></div></div></div>
|
||||
<p>When building BIND 9, the location of the custom-built
|
||||
OpenSSL library must be specified via configure.</p>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2608486"></a>Configuring BIND 9 for Linux with the AEP Keyper</h4></div></div></div>
|
||||
<a name="id2608952"></a>Configuring BIND 9 for Linux with the AEP Keyper</h4></div></div></div>
|
||||
<p>To link with the PKCS #11 provider, threads must be
|
||||
enabled in the BIND 9 build.</p>
|
||||
<p>The PKCS #11 library for the AEP Keyper is currently
|
||||
@ -1608,7 +1608,7 @@ $ <strong class="userinput"><code>./configure CC="gcc -m32" --enable-threads \
|
||||
</div>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2608518"></a>Configuring BIND 9 for Solaris with the SCA 6000</h4></div></div></div>
|
||||
<a name="id2608984"></a>Configuring BIND 9 for Solaris with the SCA 6000</h4></div></div></div>
|
||||
<p>To link with the PKCS #11 provider, threads must be
|
||||
enabled in the BIND 9 build.</p>
|
||||
<pre class="screen">
|
||||
@ -1626,7 +1626,7 @@ $ <strong class="userinput"><code>./configure CC="cc -xarch=amd64" --enable-thre
|
||||
</div>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2608554"></a>Configuring BIND 9 for SoftHSM</h4></div></div></div>
|
||||
<a name="id2609089"></a>Configuring BIND 9 for SoftHSM</h4></div></div></div>
|
||||
<pre class="screen">
|
||||
$ <strong class="userinput"><code>cd ../bind9</code></strong>
|
||||
$ <strong class="userinput"><code>./configure --enable-threads \
|
||||
@ -1643,7 +1643,7 @@ $ <strong class="userinput"><code>./configure --enable-threads \
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2608602"></a>PKCS #11 Tools</h3></div></div></div>
|
||||
<a name="id2609137"></a>PKCS #11 Tools</h3></div></div></div>
|
||||
<p>BIND 9 includes a minimal set of tools to operate the
|
||||
HSM, including
|
||||
<span><strong class="command">pkcs11-keygen</strong></span> to generate a new key pair
|
||||
@ -1661,7 +1661,7 @@ $ <strong class="userinput"><code>./configure --enable-threads \
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2634916"></a>Using the HSM</h3></div></div></div>
|
||||
<a name="id2635518"></a>Using the HSM</h3></div></div></div>
|
||||
<p>First, we must set up the runtime environment so the
|
||||
OpenSSL and PKCS #11 libraries can be loaded:</p>
|
||||
<pre class="screen">
|
||||
@ -1749,7 +1749,7 @@ example.net.signed
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2635114"></a>Specifying the engine on the command line</h3></div></div></div>
|
||||
<a name="id2635785"></a>Specifying the engine on the command line</h3></div></div></div>
|
||||
<p>The OpenSSL engine can be specified in
|
||||
<span><strong class="command">named</strong></span> and all of the BIND
|
||||
<span><strong class="command">dnssec-*</strong></span> tools by using the "-E
|
||||
@ -1770,7 +1770,7 @@ $ <strong class="userinput"><code>dnssec-signzone -E '' -S example.net</code></s
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2635160"></a>Running named with automatic zone re-signing</h3></div></div></div>
|
||||
<a name="id2635831"></a>Running named with automatic zone re-signing</h3></div></div></div>
|
||||
<p>If you want
|
||||
<span><strong class="command">named</strong></span> to dynamically re-sign zones using HSM
|
||||
keys, and/or to to sign new records inserted via nsupdate, then
|
||||
@ -1806,7 +1806,7 @@ $ <strong class="userinput"><code>dnssec-signzone -E '' -S example.net</code></s
|
||||
</div>
|
||||
<div class="sect1" lang="en">
|
||||
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
|
||||
<a name="id2572669"></a>IPv6 Support in <acronym class="acronym">BIND</acronym> 9</h2></div></div></div>
|
||||
<a name="id2572604"></a>IPv6 Support in <acronym class="acronym">BIND</acronym> 9</h2></div></div></div>
|
||||
<p>
|
||||
<acronym class="acronym">BIND</acronym> 9 fully supports all currently
|
||||
defined forms of IPv6 name to address and address to name
|
||||
@ -1844,7 +1844,7 @@ $ <strong class="userinput"><code>dnssec-signzone -E '' -S example.net</code></s
|
||||
</p>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2572868"></a>Address Lookups Using AAAA Records</h3></div></div></div>
|
||||
<a name="id2572871"></a>Address Lookups Using AAAA Records</h3></div></div></div>
|
||||
<p>
|
||||
The IPv6 AAAA record is a parallel to the IPv4 A record,
|
||||
and, unlike the deprecated A6 record, specifies the entire
|
||||
@ -1863,7 +1863,7 @@ host 3600 IN AAAA 2001:db8::1
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2572889"></a>Address to Name Lookups Using Nibble Format</h3></div></div></div>
|
||||
<a name="id2572892"></a>Address to Name Lookups Using Nibble Format</h3></div></div></div>
|
||||
<p>
|
||||
When looking up an address in nibble format, the address
|
||||
components are simply reversed, just as in IPv4, and
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
- Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -45,13 +45,13 @@
|
||||
<div class="toc">
|
||||
<p><b>Table of Contents</b></p>
|
||||
<dl>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2572922">The Lightweight Resolver Library</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2572925">The Lightweight Resolver Library</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#lwresd">Running a Resolver Daemon</a></span></dt>
|
||||
</dl>
|
||||
</div>
|
||||
<div class="sect1" lang="en">
|
||||
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
|
||||
<a name="id2572922"></a>The Lightweight Resolver Library</h2></div></div></div>
|
||||
<a name="id2572925"></a>The Lightweight Resolver Library</h2></div></div></div>
|
||||
<p>
|
||||
Traditionally applications have been linked with a stub resolver
|
||||
library that sends recursive DNS queries to a local caching name
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
- Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -48,58 +48,58 @@
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#configuration_file_elements">Configuration File Elements</a></span></dt>
|
||||
<dd><dl>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#address_match_lists">Address Match Lists</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574332">Comment Syntax</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574405">Comment Syntax</a></span></dt>
|
||||
</dl></dd>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#Configuration_File_Grammar">Configuration File Grammar</a></span></dt>
|
||||
<dd><dl>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574986"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574990"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#acl"><span><strong class="command">acl</strong></span> Statement Definition and
|
||||
Usage</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575176"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575180"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage"><span><strong class="command">controls</strong></span> Statement Definition and
|
||||
Usage</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575467"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575484"><span><strong class="command">include</strong></span> Statement Definition and
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575472"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575489"><span><strong class="command">include</strong></span> Statement Definition and
|
||||
Usage</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575576"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575600"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575758"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575884"><span><strong class="command">logging</strong></span> Statement Definition and
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575649"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575672"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575763"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575889"><span><strong class="command">logging</strong></span> Statement Definition and
|
||||
Usage</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577910"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577984"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578116"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578160"><span><strong class="command">masters</strong></span> Statement Definition and
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577914"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577988"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578120"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578164"><span><strong class="command">masters</strong></span> Statement Definition and
|
||||
Usage</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578174"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578179"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#options"><span><strong class="command">options</strong></span> Statement Definition and
|
||||
Usage</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_grammar"><span><strong class="command">server</strong></span> Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_definition_and_usage"><span><strong class="command">server</strong></span> Statement Definition and
|
||||
Usage</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#statschannels"><span><strong class="command">statistics-channels</strong></span> Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589534"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590070"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
|
||||
Usage</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#trusted-keys"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589742"><span><strong class="command">trusted-keys</strong></span> Statement Definition
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590278"><span><strong class="command">trusted-keys</strong></span> Statement Definition
|
||||
and Usage</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589858"><span><strong class="command">managed-keys</strong></span> Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590325"><span><strong class="command">managed-keys</strong></span> Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#managed-keys"><span><strong class="command">managed-keys</strong></span> Statement Definition
|
||||
and Usage</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#view_statement_grammar"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590352"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590766"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span><strong class="command">zone</strong></span>
|
||||
Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591902"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2592398"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
|
||||
</dl></dd>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2595170">Zone File</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2595755">Zone File</a></span></dt>
|
||||
<dd><dl>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2597537">Discussion of MX Records</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2597986">Discussion of MX Records</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2598084">Inverse Mapping in IPv4</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2598211">Other Zone File Directives</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2598552"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2598601">Inverse Mapping in IPv4</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2598796">Other Zone File Directives</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2599138"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zonefile_format">Additional File Formats</a></span></dt>
|
||||
</dl></dd>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#statistics">BIND9 Statistics</a></span></dt>
|
||||
@ -409,31 +409,45 @@
|
||||
</td>
|
||||
<td>
|
||||
<p>
|
||||
A number, the word <strong class="userinput"><code>unlimited</code></strong>,
|
||||
or the word <strong class="userinput"><code>default</code></strong>.
|
||||
A 64-bit unsigned integer, or the keywords
|
||||
<strong class="userinput"><code>unlimited</code></strong> or
|
||||
<strong class="userinput"><code>default</code></strong>.
|
||||
</p>
|
||||
<p>
|
||||
An <code class="varname">unlimited</code> <code class="varname">size_spec</code> requests unlimited
|
||||
use, or the maximum available amount. A <code class="varname">default size_spec</code> uses
|
||||
the limit that was in force when the server was started.
|
||||
Integers may take values
|
||||
0 <= value <= 18446744073709551615, though
|
||||
certain parameters may use a more limited range
|
||||
within these extremes. In most cases, setting a
|
||||
value to 0 does not literally mean zero; it means
|
||||
"undefined" or "as big as psosible", depending on
|
||||
the context. See the expalantions of particular
|
||||
parameters that use <code class="varname">size_spec</code>
|
||||
for details on how they interpret its use.
|
||||
</p>
|
||||
<p>
|
||||
A <code class="varname">number</code> can optionally be
|
||||
followed by a scaling factor:
|
||||
Numeric values can optionally be followed by a
|
||||
scaling factor:
|
||||
<strong class="userinput"><code>K</code></strong> or <strong class="userinput"><code>k</code></strong>
|
||||
for kilobytes,
|
||||
<strong class="userinput"><code>M</code></strong> or <strong class="userinput"><code>m</code></strong>
|
||||
for megabytes, and
|
||||
<strong class="userinput"><code>G</code></strong> or <strong class="userinput"><code>g</code></strong> for gigabytes,
|
||||
which scale by 1024, 1024*1024, and 1024*1024*1024
|
||||
respectively.
|
||||
<strong class="userinput"><code>G</code></strong> or <strong class="userinput"><code>g</code></strong>
|
||||
for gigabytes, which scale by 1024, 1024*1024, and
|
||||
1024*1024*1024 respectively.
|
||||
</p>
|
||||
<p>
|
||||
The value must be representable as a 64-bit unsigned integer
|
||||
(0 to 18446744073709551615, inclusive).
|
||||
Using <code class="varname">unlimited</code> is the best
|
||||
way
|
||||
to safely set a really large number.
|
||||
<code class="varname">unlimited</code> generally means
|
||||
"as big as possible", though in certain contexts,
|
||||
(including <code class="option">max-cache-size</code>), it may
|
||||
mean the largest possible 32-bit unsigned integer
|
||||
(0xffffffff); this distinction can be important when
|
||||
dealing with larger quantities.
|
||||
<code class="varname">unlimited</code> is usually the best way
|
||||
to safely set a very large number.
|
||||
</p>
|
||||
<p>
|
||||
<code class="varname">default</code>
|
||||
uses the limit that was in force when the server was started.
|
||||
</p>
|
||||
</td>
|
||||
</tr>
|
||||
@ -477,7 +491,7 @@
|
||||
<a name="address_match_lists"></a>Address Match Lists</h3></div></div></div>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2574099"></a>Syntax</h4></div></div></div>
|
||||
<a name="id2574103"></a>Syntax</h4></div></div></div>
|
||||
<pre class="programlisting"><code class="varname">address_match_list</code> = address_match_list_element ;
|
||||
[<span class="optional"> address_match_list_element; ... </span>]
|
||||
<code class="varname">address_match_list_element</code> = [<span class="optional"> ! </span>] (ip_address [<span class="optional">/length</span>] |
|
||||
@ -486,7 +500,7 @@
|
||||
</div>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2574126"></a>Definition and Usage</h4></div></div></div>
|
||||
<a name="id2574131"></a>Definition and Usage</h4></div></div></div>
|
||||
<p>
|
||||
Address match lists are primarily used to determine access
|
||||
control for various server operations. They are also used in
|
||||
@ -570,7 +584,7 @@
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2574332"></a>Comment Syntax</h3></div></div></div>
|
||||
<a name="id2574405"></a>Comment Syntax</h3></div></div></div>
|
||||
<p>
|
||||
The <acronym class="acronym">BIND</acronym> 9 comment syntax allows for
|
||||
comments to appear
|
||||
@ -580,7 +594,7 @@
|
||||
</p>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2574347"></a>Syntax</h4></div></div></div>
|
||||
<a name="id2574420"></a>Syntax</h4></div></div></div>
|
||||
<p>
|
||||
</p>
|
||||
<pre class="programlisting">/* This is a <acronym class="acronym">BIND</acronym> comment as in C */</pre>
|
||||
@ -596,7 +610,7 @@
|
||||
</div>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2574377"></a>Definition and Usage</h4></div></div></div>
|
||||
<a name="id2574450"></a>Definition and Usage</h4></div></div></div>
|
||||
<p>
|
||||
Comments may appear anywhere that whitespace may appear in
|
||||
a <acronym class="acronym">BIND</acronym> configuration file.
|
||||
@ -848,7 +862,7 @@
|
||||
</p>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2574986"></a><span><strong class="command">acl</strong></span> Statement Grammar</h3></div></div></div>
|
||||
<a name="id2574990"></a><span><strong class="command">acl</strong></span> Statement Grammar</h3></div></div></div>
|
||||
<pre class="programlisting"><span><strong class="command">acl</strong></span> acl-name {
|
||||
address_match_list
|
||||
};
|
||||
@ -930,7 +944,7 @@
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2575176"></a><span><strong class="command">controls</strong></span> Statement Grammar</h3></div></div></div>
|
||||
<a name="id2575180"></a><span><strong class="command">controls</strong></span> Statement Grammar</h3></div></div></div>
|
||||
<pre class="programlisting"><span><strong class="command">controls</strong></span> {
|
||||
[ inet ( ip_addr | * ) [ port ip_port ]
|
||||
allow { <em class="replaceable"><code> address_match_list </code></em> }
|
||||
@ -1054,12 +1068,12 @@
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2575467"></a><span><strong class="command">include</strong></span> Statement Grammar</h3></div></div></div>
|
||||
<a name="id2575472"></a><span><strong class="command">include</strong></span> Statement Grammar</h3></div></div></div>
|
||||
<pre class="programlisting"><span><strong class="command">include</strong></span> <em class="replaceable"><code>filename</code></em>;</pre>
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2575484"></a><span><strong class="command">include</strong></span> Statement Definition and
|
||||
<a name="id2575489"></a><span><strong class="command">include</strong></span> Statement Definition and
|
||||
Usage</h3></div></div></div>
|
||||
<p>
|
||||
The <span><strong class="command">include</strong></span> statement inserts the
|
||||
@ -1074,7 +1088,7 @@
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2575576"></a><span><strong class="command">key</strong></span> Statement Grammar</h3></div></div></div>
|
||||
<a name="id2575649"></a><span><strong class="command">key</strong></span> Statement Grammar</h3></div></div></div>
|
||||
<pre class="programlisting"><span><strong class="command">key</strong></span> <em class="replaceable"><code>key_id</code></em> {
|
||||
algorithm <em class="replaceable"><code>string</code></em>;
|
||||
secret <em class="replaceable"><code>string</code></em>;
|
||||
@ -1083,7 +1097,7 @@
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2575600"></a><span><strong class="command">key</strong></span> Statement Definition and Usage</h3></div></div></div>
|
||||
<a name="id2575672"></a><span><strong class="command">key</strong></span> Statement Definition and Usage</h3></div></div></div>
|
||||
<p>
|
||||
The <span><strong class="command">key</strong></span> statement defines a shared
|
||||
secret key for use with TSIG (see <a href="Bv9ARM.ch04.html#tsig" title="TSIG">the section called “TSIG”</a>)
|
||||
@ -1130,12 +1144,12 @@
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2575758"></a><span><strong class="command">logging</strong></span> Statement Grammar</h3></div></div></div>
|
||||
<a name="id2575763"></a><span><strong class="command">logging</strong></span> Statement Grammar</h3></div></div></div>
|
||||
<pre class="programlisting"><span><strong class="command">logging</strong></span> {
|
||||
[ <span><strong class="command">channel</strong></span> <em class="replaceable"><code>channel_name</code></em> {
|
||||
( <span><strong class="command">file</strong></span> <em class="replaceable"><code>path_name</code></em>
|
||||
[ <span><strong class="command">versions</strong></span> ( <em class="replaceable"><code>number</code></em> | <span><strong class="command">unlimited</strong></span> ) ]
|
||||
[ <span><strong class="command">size</strong></span> <em class="replaceable"><code>size spec</code></em> ]
|
||||
[ <span><strong class="command">size</strong></span> <em class="replaceable"><code>size_spec</code></em> ]
|
||||
| <span><strong class="command">syslog</strong></span> <em class="replaceable"><code>syslog_facility</code></em>
|
||||
| <span><strong class="command">stderr</strong></span>
|
||||
| <span><strong class="command">null</strong></span> );
|
||||
@ -1154,7 +1168,7 @@
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2575884"></a><span><strong class="command">logging</strong></span> Statement Definition and
|
||||
<a name="id2575889"></a><span><strong class="command">logging</strong></span> Statement Definition and
|
||||
Usage</h3></div></div></div>
|
||||
<p>
|
||||
The <span><strong class="command">logging</strong></span> statement configures a
|
||||
@ -1188,7 +1202,7 @@
|
||||
</p>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2576005"></a>The <span><strong class="command">channel</strong></span> Phrase</h4></div></div></div>
|
||||
<a name="id2576009"></a>The <span><strong class="command">channel</strong></span> Phrase</h4></div></div></div>
|
||||
<p>
|
||||
All log output goes to one or more <span class="emphasis"><em>channels</em></span>;
|
||||
you can make as many of them as you want.
|
||||
@ -1766,7 +1780,7 @@ category notify { null; };
|
||||
</div>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2577322"></a>The <span><strong class="command">query-errors</strong></span> Category</h4></div></div></div>
|
||||
<a name="id2577326"></a>The <span><strong class="command">query-errors</strong></span> Category</h4></div></div></div>
|
||||
<p>
|
||||
The <span><strong class="command">query-errors</strong></span> category is
|
||||
specifically intended for debugging purposes: To identify
|
||||
@ -1994,7 +2008,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2577910"></a><span><strong class="command">lwres</strong></span> Statement Grammar</h3></div></div></div>
|
||||
<a name="id2577914"></a><span><strong class="command">lwres</strong></span> Statement Grammar</h3></div></div></div>
|
||||
<p>
|
||||
This is the grammar of the <span><strong class="command">lwres</strong></span>
|
||||
statement in the <code class="filename">named.conf</code> file:
|
||||
@ -2010,7 +2024,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2577984"></a><span><strong class="command">lwres</strong></span> Statement Definition and Usage</h3></div></div></div>
|
||||
<a name="id2577988"></a><span><strong class="command">lwres</strong></span> Statement Definition and Usage</h3></div></div></div>
|
||||
<p>
|
||||
The <span><strong class="command">lwres</strong></span> statement configures the
|
||||
name
|
||||
@ -2061,7 +2075,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2578116"></a><span><strong class="command">masters</strong></span> Statement Grammar</h3></div></div></div>
|
||||
<a name="id2578120"></a><span><strong class="command">masters</strong></span> Statement Grammar</h3></div></div></div>
|
||||
<pre class="programlisting">
|
||||
<span><strong class="command">masters</strong></span> <em class="replaceable"><code>name</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] { ( <em class="replaceable"><code>masters_list</code></em> |
|
||||
<em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">key <em class="replaceable"><code>key</code></em></span>] ) ; [<span class="optional">...</span>] };
|
||||
@ -2069,7 +2083,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2578160"></a><span><strong class="command">masters</strong></span> Statement Definition and
|
||||
<a name="id2578164"></a><span><strong class="command">masters</strong></span> Statement Definition and
|
||||
Usage</h3></div></div></div>
|
||||
<p><span><strong class="command">masters</strong></span>
|
||||
lists allow for a common set of masters to be easily used by
|
||||
@ -2078,7 +2092,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2578174"></a><span><strong class="command">options</strong></span> Statement Grammar</h3></div></div></div>
|
||||
<a name="id2578179"></a><span><strong class="command">options</strong></span> Statement Grammar</h3></div></div></div>
|
||||
<p>
|
||||
This is the grammar of the <span><strong class="command">options</strong></span>
|
||||
statement in the <code class="filename">named.conf</code> file:
|
||||
@ -2122,6 +2136,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
|
||||
[<span class="optional"> multiple-cnames <em class="replaceable"><code>yes_or_no</code></em>; </span>]
|
||||
[<span class="optional"> notify <em class="replaceable"><code>yes_or_no</code></em> | <em class="replaceable"><code>explicit</code></em> | <em class="replaceable"><code>master-only</code></em>; </span>]
|
||||
[<span class="optional"> recursion <em class="replaceable"><code>yes_or_no</code></em>; </span>]
|
||||
[<span class="optional"> request-nsid <em class="replaceable"><code>yes_or_no</code></em>; </span>]
|
||||
[<span class="optional"> rfc2308-type1 <em class="replaceable"><code>yes_or_no</code></em>; </span>]
|
||||
[<span class="optional"> use-id-pool <em class="replaceable"><code>yes_or_no</code></em>; </span>]
|
||||
[<span class="optional"> maintain-ixfr-base <em class="replaceable"><code>yes_or_no</code></em>; </span>]
|
||||
@ -2148,6 +2163,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
|
||||
[<span class="optional"> check-mx-cname ( <em class="replaceable"><code>warn</code></em> | <em class="replaceable"><code>fail</code></em> | <em class="replaceable"><code>ignore</code></em> ); </span>]
|
||||
[<span class="optional"> check-srv-cname ( <em class="replaceable"><code>warn</code></em> | <em class="replaceable"><code>fail</code></em> | <em class="replaceable"><code>ignore</code></em> ); </span>]
|
||||
[<span class="optional"> check-sibling <em class="replaceable"><code>yes_or_no</code></em>; </span>]
|
||||
[<span class="optional"> check-spf ( <em class="replaceable"><code>warn</code></em> | <em class="replaceable"><code>fail</code></em> | <em class="replaceable"><code>ignore</code></em> ); </span>]
|
||||
[<span class="optional"> allow-new-zones { <em class="replaceable"><code>yes_or_no</code></em> }; </span>]
|
||||
[<span class="optional"> allow-notify { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
|
||||
[<span class="optional"> allow-query { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
|
||||
@ -2281,7 +2297,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
|
||||
[<span class="optional"> policy given | disabled | passthru | nxdomain | nodata | cname <em class="replaceable"><code>domain</code></em> </span>]
|
||||
[<span class="optional"> recursive-only <em class="replaceable"><code>yes_or_no</code></em> </span>] [<span class="optional"> max-policy-ttl <em class="replaceable"><code>number</code></em> </span>] ;
|
||||
} [<span class="optional"> recursive-only <em class="replaceable"><code>yes_or_no</code></em> </span>] [<span class="optional"> max-policy-ttl <em class="replaceable"><code>number</code></em> </span>]
|
||||
[<span class="optional"> break-dnssec <em class="replaceable"><code>yes_or_no</code></em> </span>] ; </span>]
|
||||
[<span class="optional"> break-dnssec <em class="replaceable"><code>yes_or_no</code></em> </span>] [<span class="optional"> min-ns-dots <em class="replaceable"><code>number</code></em> </span>] ; </span>]
|
||||
};
|
||||
</pre>
|
||||
</div>
|
||||
@ -2411,13 +2427,22 @@ badresp:1,adberr:0,findfail:0,valfail:0]
|
||||
<code class="filename">session.key</code>.)
|
||||
</p></dd>
|
||||
<dt><span class="term"><span><strong class="command">managed-keys-directory</strong></span></span></dt>
|
||||
<dd><p>
|
||||
The directory used to hold the files used to track managed keys.
|
||||
By default it is the working directory. It there are no
|
||||
views then the file <code class="filename">managed-keys.bind</code>
|
||||
otherwise a SHA256 hash of the view name is used with
|
||||
<code class="filename">.mkeys</code> extension added.
|
||||
</p></dd>
|
||||
<dd>
|
||||
<p>
|
||||
Specifies the directory in which to store the files that
|
||||
track managed DNSSEC keys. By default, this is the working
|
||||
directory.
|
||||
</p>
|
||||
<p>
|
||||
If <span><strong class="command">named</strong></span> is not configured to use views,
|
||||
then managed keys for the server will be tracked in a single
|
||||
file called <code class="filename">managed-keys.bind</code>.
|
||||
Otherwise, managed keys will be tracked in separate files,
|
||||
one file per view; each file name will be the SHA256 hash
|
||||
of the view name, followed by the extension
|
||||
<code class="filename">.mkeys</code>.
|
||||
</p>
|
||||
</dd>
|
||||
<dt><span class="term"><span><strong class="command">named-xfer</strong></span></span></dt>
|
||||
<dd><p>
|
||||
<span class="emphasis"><em>This option is obsolete.</em></span> It
|
||||
@ -2691,7 +2716,7 @@ options {
|
||||
installed along with <acronym class="acronym">BIND</acronym> 9, and is
|
||||
current as of the release date. If the DLV key expires, a
|
||||
new copy of <code class="filename">bind.keys</code> can be downloaded
|
||||
from <a href="" target="_top">https://www.isc.org/solutions/dlv</a>.
|
||||
from <a href="https://www.isc.org/solutions/dlv/" target="_top">https://www.isc.org/solutions/dlv/</a>.
|
||||
</p>
|
||||
<p>
|
||||
(To prevent problems if <code class="filename">bind.keys</code> is
|
||||
@ -3188,6 +3213,17 @@ options {
|
||||
operation, such as NOTIFY address lookups.
|
||||
See also <span><strong class="command">fetch-glue</strong></span> above.
|
||||
</p></dd>
|
||||
<dt><span class="term"><span><strong class="command">request-nsid</strong></span></span></dt>
|
||||
<dd><p>
|
||||
If <strong class="userinput"><code>yes</code></strong>, then an empty EDNS(0)
|
||||
NSID (Name Server Identifier) option is sent with all
|
||||
queries to authoritative name servers during iterative
|
||||
resolution. If the authoritative server returns an NSID
|
||||
option in its response, then its contents are logged in
|
||||
the <span><strong class="command">resolver</strong></span> category at level
|
||||
<span><strong class="command">info</strong></span>.
|
||||
The default is <strong class="userinput"><code>no</code></strong>.
|
||||
</p></dd>
|
||||
<dt><span class="term"><span><strong class="command">rfc2308-type1</strong></span></span></dt>
|
||||
<dd>
|
||||
<p>
|
||||
@ -3546,7 +3582,8 @@ options {
|
||||
for non-terminal wildcards and issue a warning.
|
||||
</p></dd>
|
||||
<dt><span class="term"><span><strong class="command">check-integrity</strong></span></span></dt>
|
||||
<dd><p>
|
||||
<dd>
|
||||
<p>
|
||||
Perform post load zone integrity checks on master
|
||||
zones. This checks that MX and SRV records refer
|
||||
to address (A or AAAA) records and that glue
|
||||
@ -3558,7 +3595,15 @@ options {
|
||||
checked (for out-of-zone names and glue consistency
|
||||
checks use <span><strong class="command">named-checkzone</strong></span>).
|
||||
The default is <span><strong class="command">yes</strong></span>.
|
||||
</p></dd>
|
||||
</p>
|
||||
<p>
|
||||
Check that the two forms of Sender Policy Framework
|
||||
records (TXT records starting with "v=spf1" and SPF) either
|
||||
both exist or both don't exist. Warnings are
|
||||
emitted it they don't and be suppressed with
|
||||
<span><strong class="command">check-spf</strong></span>.
|
||||
</p>
|
||||
</dd>
|
||||
<dt><span class="term"><span><strong class="command">check-mx-cname</strong></span></span></dt>
|
||||
<dd><p>
|
||||
If <span><strong class="command">check-integrity</strong></span> is set then
|
||||
@ -3576,6 +3621,14 @@ options {
|
||||
When performing integrity checks, also check that
|
||||
sibling glue exists. The default is <span><strong class="command">yes</strong></span>.
|
||||
</p></dd>
|
||||
<dt><span class="term"><span><strong class="command">check-spf</strong></span></span></dt>
|
||||
<dd><p>
|
||||
When performing integrity checks, check that the
|
||||
two forms of Sender Policy Framwork records (TXT
|
||||
records starting with "v=spf1" and SPF) both exist
|
||||
or both don't exist and issue a warning if not
|
||||
met. The default is <span><strong class="command">warn</strong></span>.
|
||||
</p></dd>
|
||||
<dt><span class="term"><span><strong class="command">zero-no-soa-ttl</strong></span></span></dt>
|
||||
<dd><p>
|
||||
When returning authoritative negative responses to
|
||||
@ -3669,7 +3722,7 @@ options {
|
||||
</div>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2583675"></a>Forwarding</h4></div></div></div>
|
||||
<a name="id2583834"></a>Forwarding</h4></div></div></div>
|
||||
<p>
|
||||
The forwarding facility can be used to create a large site-wide
|
||||
cache on a few servers, reducing traffic over links to external
|
||||
@ -3713,7 +3766,7 @@ options {
|
||||
</div>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2583734"></a>Dual-stack Servers</h4></div></div></div>
|
||||
<a name="id2583893"></a>Dual-stack Servers</h4></div></div></div>
|
||||
<p>
|
||||
Dual-stack servers are used as servers of last resort to work
|
||||
around
|
||||
@ -3787,6 +3840,12 @@ options {
|
||||
disallow them on external-facing ones, without
|
||||
necessarily knowing the internal network's addresses.
|
||||
</p>
|
||||
<p>
|
||||
Note that <span><strong class="command">allow-query-on</strong></span> is only
|
||||
checked for queries that are permitted by
|
||||
<span><strong class="command">allow-query</strong></span>. A query must be
|
||||
allowed by both ACLs, or it will be refused.
|
||||
</p>
|
||||
<p>
|
||||
<span><strong class="command">allow-query-on</strong></span> may
|
||||
also be specified in the <span><strong class="command">zone</strong></span>
|
||||
@ -3924,7 +3983,7 @@ options {
|
||||
</div>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2584422"></a>Interfaces</h4></div></div></div>
|
||||
<a name="id2584590"></a>Interfaces</h4></div></div></div>
|
||||
<p>
|
||||
The interfaces and ports that the server will answer queries
|
||||
from may be specified using the <span><strong class="command">listen-on</strong></span> option. <span><strong class="command">listen-on</strong></span> takes
|
||||
@ -4383,7 +4442,7 @@ avoid-v6-udp-ports {};
|
||||
</div>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2585495"></a>UDP Port Lists</h4></div></div></div>
|
||||
<a name="id2585664"></a>UDP Port Lists</h4></div></div></div>
|
||||
<p>
|
||||
<span><strong class="command">use-v4-udp-ports</strong></span>,
|
||||
<span><strong class="command">avoid-v4-udp-ports</strong></span>,
|
||||
@ -4425,7 +4484,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
|
||||
</div>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2585555"></a>Operating System Resource Limits</h4></div></div></div>
|
||||
<a name="id2585723"></a>Operating System Resource Limits</h4></div></div></div>
|
||||
<p>
|
||||
The server's usage of many system resources can be limited.
|
||||
Scaled values are allowed when specifying resource limits. For
|
||||
@ -4587,7 +4646,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
|
||||
</div>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2586114"></a>Periodic Task Intervals</h4></div></div></div>
|
||||
<a name="id2586350"></a>Periodic Task Intervals</h4></div></div></div>
|
||||
<div class="variablelist"><dl>
|
||||
<dt><span class="term"><span><strong class="command">cleaning-interval</strong></span></span></dt>
|
||||
<dd><p>
|
||||
@ -5171,12 +5230,16 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
|
||||
built-in view (see <a href="Bv9ARM.ch06.html#view_statement_grammar" title="view Statement Grammar">the section called “<span><strong class="command">view</strong></span> Statement Grammar”</a>) of
|
||||
class
|
||||
<span><strong class="command">CHAOS</strong></span> which is separate from the
|
||||
default view of
|
||||
class <span><strong class="command">IN</strong></span>; therefore, any global
|
||||
server options
|
||||
such as <span><strong class="command">allow-query</strong></span> do not apply
|
||||
the these zones.
|
||||
If you feel the need to disable these zones, use the options
|
||||
default view of class <span><strong class="command">IN</strong></span>. Most global
|
||||
configuration options (<span><strong class="command">allow-query</strong></span>,
|
||||
etc) will apply to this view, but some are locally
|
||||
overridden: <span><strong class="command">notify</strong></span>,
|
||||
<span><strong class="command">recursion</strong></span> and
|
||||
<span><strong class="command">allow-new-zones</strong></span> are
|
||||
always set to <strong class="userinput"><code>no</code></strong>.
|
||||
</p>
|
||||
<p>
|
||||
If you need to disable these zones, use the options
|
||||
below, or hide the built-in <span><strong class="command">CHAOS</strong></span>
|
||||
view by
|
||||
defining an explicit view of class <span><strong class="command">CHAOS</strong></span>
|
||||
@ -5231,7 +5294,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
|
||||
servers. The official servers which cover these namespaces
|
||||
return NXDOMAIN responses to these queries. In particular,
|
||||
these cover the reverse namespaces for addresses from
|
||||
RFC 1918, RFC 4193, and RFC 5737. They also include the
|
||||
RFC 1918, RFC 4193, RFC 5737 and RFC 6598. They also include the
|
||||
reverse namespace for IPv6 local address (locally assigned),
|
||||
IPv6 link local addresses, the IPv6 loopback address and the
|
||||
IPv6 unknown address.
|
||||
@ -5263,6 +5326,70 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
|
||||
<li>30.172.IN-ADDR.ARPA</li>
|
||||
<li>31.172.IN-ADDR.ARPA</li>
|
||||
<li>168.192.IN-ADDR.ARPA</li>
|
||||
<li>64.100.IN-ADDR.ARPA</li>
|
||||
<li>65.100.IN-ADDR.ARPA</li>
|
||||
<li>66.100.IN-ADDR.ARPA</li>
|
||||
<li>67.100.IN-ADDR.ARPA</li>
|
||||
<li>68.100.IN-ADDR.ARPA</li>
|
||||
<li>69.100.IN-ADDR.ARPA</li>
|
||||
<li>70.100.IN-ADDR.ARPA</li>
|
||||
<li>71.100.IN-ADDR.ARPA</li>
|
||||
<li>72.100.IN-ADDR.ARPA</li>
|
||||
<li>73.100.IN-ADDR.ARPA</li>
|
||||
<li>74.100.IN-ADDR.ARPA</li>
|
||||
<li>75.100.IN-ADDR.ARPA</li>
|
||||
<li>76.100.IN-ADDR.ARPA</li>
|
||||
<li>77.100.IN-ADDR.ARPA</li>
|
||||
<li>78.100.IN-ADDR.ARPA</li>
|
||||
<li>79.100.IN-ADDR.ARPA</li>
|
||||
<li>80.100.IN-ADDR.ARPA</li>
|
||||
<li>81.100.IN-ADDR.ARPA</li>
|
||||
<li>82.100.IN-ADDR.ARPA</li>
|
||||
<li>83.100.IN-ADDR.ARPA</li>
|
||||
<li>84.100.IN-ADDR.ARPA</li>
|
||||
<li>85.100.IN-ADDR.ARPA</li>
|
||||
<li>86.100.IN-ADDR.ARPA</li>
|
||||
<li>87.100.IN-ADDR.ARPA</li>
|
||||
<li>88.100.IN-ADDR.ARPA</li>
|
||||
<li>89.100.IN-ADDR.ARPA</li>
|
||||
<li>90.100.IN-ADDR.ARPA</li>
|
||||
<li>91.100.IN-ADDR.ARPA</li>
|
||||
<li>92.100.IN-ADDR.ARPA</li>
|
||||
<li>93.100.IN-ADDR.ARPA</li>
|
||||
<li>94.100.IN-ADDR.ARPA</li>
|
||||
<li>95.100.IN-ADDR.ARPA</li>
|
||||
<li>96.100.IN-ADDR.ARPA</li>
|
||||
<li>97.100.IN-ADDR.ARPA</li>
|
||||
<li>98.100.IN-ADDR.ARPA</li>
|
||||
<li>99.100.IN-ADDR.ARPA</li>
|
||||
<li>100.100.IN-ADDR.ARPA</li>
|
||||
<li>101.100.IN-ADDR.ARPA</li>
|
||||
<li>102.100.IN-ADDR.ARPA</li>
|
||||
<li>103.100.IN-ADDR.ARPA</li>
|
||||
<li>104.100.IN-ADDR.ARPA</li>
|
||||
<li>105.100.IN-ADDR.ARPA</li>
|
||||
<li>106.100.IN-ADDR.ARPA</li>
|
||||
<li>107.100.IN-ADDR.ARPA</li>
|
||||
<li>108.100.IN-ADDR.ARPA</li>
|
||||
<li>109.100.IN-ADDR.ARPA</li>
|
||||
<li>110.100.IN-ADDR.ARPA</li>
|
||||
<li>111.100.IN-ADDR.ARPA</li>
|
||||
<li>112.100.IN-ADDR.ARPA</li>
|
||||
<li>113.100.IN-ADDR.ARPA</li>
|
||||
<li>114.100.IN-ADDR.ARPA</li>
|
||||
<li>115.100.IN-ADDR.ARPA</li>
|
||||
<li>116.100.IN-ADDR.ARPA</li>
|
||||
<li>117.100.IN-ADDR.ARPA</li>
|
||||
<li>118.100.IN-ADDR.ARPA</li>
|
||||
<li>119.100.IN-ADDR.ARPA</li>
|
||||
<li>120.100.IN-ADDR.ARPA</li>
|
||||
<li>121.100.IN-ADDR.ARPA</li>
|
||||
<li>122.100.IN-ADDR.ARPA</li>
|
||||
<li>123.100.IN-ADDR.ARPA</li>
|
||||
<li>124.100.IN-ADDR.ARPA</li>
|
||||
<li>125.100.IN-ADDR.ARPA</li>
|
||||
<li>126.100.IN-ADDR.ARPA</li>
|
||||
<li>127.100.IN-ADDR.ARPA</li>
|
||||
<li>0.IN-ADDR.ARPA</li>
|
||||
<li>127.IN-ADDR.ARPA</li>
|
||||
<li>254.169.IN-ADDR.ARPA</li>
|
||||
@ -5427,7 +5554,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
|
||||
</div>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2588152"></a>Content Filtering</h4></div></div></div>
|
||||
<a name="id2588612"></a>Content Filtering</h4></div></div></div>
|
||||
<p>
|
||||
<acronym class="acronym">BIND</acronym> 9 provides the ability to filter
|
||||
out DNS responses from external DNS servers containing
|
||||
@ -5480,7 +5607,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
|
||||
to get access to an internal node of your local network
|
||||
that couldn't be externally accessed otherwise.
|
||||
See the paper available at
|
||||
<a href="" target="_top">
|
||||
<a href="http://portal.acm.org/citation.cfm?id=1315245.1315298" target="_top">
|
||||
http://portal.acm.org/citation.cfm?id=1315245.1315298
|
||||
</a>
|
||||
for more details about the attacks.
|
||||
@ -5550,7 +5677,7 @@ deny-answer-aliases { "example.net"; };
|
||||
</div>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2588343"></a>Response Policy Zone (RPZ) Rewriting</h4></div></div></div>
|
||||
<a name="id2588738"></a>Response Policy Zone (RPZ) Rewriting</h4></div></div></div>
|
||||
<p>
|
||||
<acronym class="acronym">BIND</acronym> 9 includes a limited
|
||||
mechanism to modify DNS responses for requests
|
||||
@ -5606,13 +5733,15 @@ deny-answer-aliases { "example.net"; };
|
||||
They are encoded as subdomains of
|
||||
<strong class="userinput"><code>rpz-nsdomain</code></strong> relativized
|
||||
to the RPZ origin name.
|
||||
</p>
|
||||
<p>
|
||||
NSIP triggers match IP addresses in A and
|
||||
AAAA RRsets for domains that can be checked against NSDNAME
|
||||
policy records.
|
||||
NSIP triggers are encoded like IP triggers except as subdomains of
|
||||
<strong class="userinput"><code>rpz-nsip</code></strong>.
|
||||
NSDNAME and NSIP triggers are checked only for names with at
|
||||
least <span><strong class="command">min-ns-dots</strong></span> dots.
|
||||
The default value of <span><strong class="command">min-ns-dots</strong></span> is 1 to
|
||||
exclude top level domains.
|
||||
</p>
|
||||
<p>
|
||||
The query response is checked against all RPZs, so
|
||||
@ -5650,16 +5779,6 @@ deny-answer-aliases { "example.net"; };
|
||||
all RPZs are again consulted for the DNAME or CNAME names
|
||||
and addresses.
|
||||
</p>
|
||||
<p>
|
||||
Authority verification issues and variations in authority data
|
||||
can cause inconsistent results for NSIP and NSDNAME policy records.
|
||||
Glue NS records often differ from authoritative NS records.
|
||||
So they are available
|
||||
only when <acronym class="acronym">BIND</acronym> is built with the
|
||||
<strong class="userinput"><code>--enable-rpz-nsip</code></strong> or
|
||||
<strong class="userinput"><code>--enable-rpz-nsdname</code></strong> options
|
||||
on the "configure" command line.
|
||||
</p>
|
||||
<p>
|
||||
RPZ record sets are sets of any types of DNS record except
|
||||
DNAME or DNSSEC that encode actions or responses to queries.
|
||||
@ -5685,7 +5804,7 @@ deny-answer-aliases { "example.net"; };
|
||||
walled garden's authority DNS server.
|
||||
</li>
|
||||
<li>The <span><strong class="command">PASSTHRU</strong></span> policy is specified
|
||||
by a CNAME whose target is <span><strong class="command">rpz_passthru.</strong></span>
|
||||
by a CNAME whose target is <span><strong class="command">rpz-passthru.</strong></span>
|
||||
It causes the response to not be rewritten
|
||||
and is most often used to "poke holes" in policies for
|
||||
CIDR blocks.
|
||||
@ -5803,6 +5922,25 @@ bzone.domain.com CNAME garden.example.com.
|
||||
ns.domain.com.rpz-nsdname CNAME .
|
||||
48.zz.2.2001.rpz-nsip CNAME .
|
||||
</pre>
|
||||
<p>
|
||||
RPZ can affect server performance.
|
||||
Each configured response policy zone requires the server to
|
||||
perform one to four additional database lookups before a
|
||||
query can be answered.
|
||||
For example, a DNS server with four policy zones, each with all
|
||||
four kinds of response triggers, QNAME, IP, NSIP, and
|
||||
NSDNAME, requires a total of 17 times as many database
|
||||
lookups as a similar DNS server with no response policy zones.
|
||||
A <acronym class="acronym">BIND9</acronym> server with adequate memory and one
|
||||
response policy zone with QNAME and IP triggers might achieve a
|
||||
maximum queries-per-second rate about 20% lower.
|
||||
A server with four response policy zones with QNAME and IP
|
||||
triggers might have a maximum QPS rate about 50% lower.
|
||||
</p>
|
||||
<p>
|
||||
Responses rewritten by RPZ are counted in the
|
||||
<span><strong class="command">RPZRewrites</strong></span> statistics.
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
@ -6013,7 +6151,7 @@ ns.domain.com.rpz-nsdname CNAME .
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2589534"></a><span><strong class="command">statistics-channels</strong></span> Statement Definition and
|
||||
<a name="id2590070"></a><span><strong class="command">statistics-channels</strong></span> Statement Definition and
|
||||
Usage</h3></div></div></div>
|
||||
<p>
|
||||
The <span><strong class="command">statistics-channels</strong></span> statement
|
||||
@ -6073,7 +6211,7 @@ ns.domain.com.rpz-nsdname CNAME .
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2589742"></a><span><strong class="command">trusted-keys</strong></span> Statement Definition
|
||||
<a name="id2590278"></a><span><strong class="command">trusted-keys</strong></span> Statement Definition
|
||||
and Usage</h3></div></div></div>
|
||||
<p>
|
||||
The <span><strong class="command">trusted-keys</strong></span> statement defines
|
||||
@ -6113,10 +6251,10 @@ ns.domain.com.rpz-nsdname CNAME .
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2589858"></a><span><strong class="command">managed-keys</strong></span> Statement Grammar</h3></div></div></div>
|
||||
<a name="id2590325"></a><span><strong class="command">managed-keys</strong></span> Statement Grammar</h3></div></div></div>
|
||||
<pre class="programlisting"><span><strong class="command">managed-keys</strong></span> {
|
||||
<em class="replaceable"><code>string</code></em> initial-key <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ;
|
||||
[<span class="optional"> <em class="replaceable"><code>string</code></em> initial-key <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ; [<span class="optional">...</span>]</span>]
|
||||
<em class="replaceable"><code>name</code></em> <code class="literal">initial-key</code> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key-data</code></em> ;
|
||||
[<span class="optional"> <em class="replaceable"><code>name</code></em> <code class="literal">initial-key</code> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key-data</code></em> ; [<span class="optional">...</span>]</span>]
|
||||
};
|
||||
</pre>
|
||||
</div>
|
||||
@ -6224,13 +6362,16 @@ ns.domain.com.rpz-nsdname CNAME .
|
||||
<span><strong class="command">named</strong></span>.)
|
||||
</p>
|
||||
<p>
|
||||
If the <span><strong class="command">dnssec-lookaside</strong></span> option is
|
||||
If the <span><strong class="command">dnssec-validation</strong></span> option is
|
||||
set to <strong class="userinput"><code>auto</code></strong>, <span><strong class="command">named</strong></span>
|
||||
will automatically initialize a managed key for the
|
||||
zone <code class="literal">dlv.isc.org</code>. The key that is
|
||||
used to initialize the key maintenance process is built
|
||||
into <span><strong class="command">named</strong></span>, and can be overridden
|
||||
from <span><strong class="command">bindkeys-file</strong></span>.
|
||||
root zone. Similarly, if the <span><strong class="command">dnssec-lookaside</strong></span>
|
||||
option is set to <strong class="userinput"><code>auto</code></strong>,
|
||||
<span><strong class="command">named</strong></span> will automatically initialize
|
||||
a managed key for the zone <code class="literal">dlv.isc.org</code>.
|
||||
In both cases, the key that is used to initialize the key
|
||||
maintenance process is built into <span><strong class="command">named</strong></span>,
|
||||
and can be overridden from <span><strong class="command">bindkeys-file</strong></span>.
|
||||
</p>
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
@ -6248,7 +6389,7 @@ ns.domain.com.rpz-nsdname CNAME .
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2590352"></a><span><strong class="command">view</strong></span> Statement Definition and Usage</h3></div></div></div>
|
||||
<a name="id2590766"></a><span><strong class="command">view</strong></span> Statement Definition and Usage</h3></div></div></div>
|
||||
<p>
|
||||
The <span><strong class="command">view</strong></span> statement is a powerful
|
||||
feature
|
||||
@ -6382,6 +6523,7 @@ view "external" {
|
||||
[<span class="optional"> check-names (<code class="constant">warn</code>|<code class="constant">fail</code>|<code class="constant">ignore</code>) ; </span>]
|
||||
[<span class="optional"> check-mx (<code class="constant">warn</code>|<code class="constant">fail</code>|<code class="constant">ignore</code>) ; </span>]
|
||||
[<span class="optional"> check-wildcard <em class="replaceable"><code>yes_or_no</code></em>; </span>]
|
||||
[<span class="optional"> check-spf ( <em class="replaceable"><code>warn</code></em> | <em class="replaceable"><code>fail</code></em> | <em class="replaceable"><code>ignore</code></em> ); </span>]
|
||||
[<span class="optional"> check-integrity <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
|
||||
[<span class="optional"> dialup <em class="replaceable"><code>dialup_option</code></em> ; </span>]
|
||||
[<span class="optional"> file <em class="replaceable"><code>string</code></em> ; </span>]
|
||||
@ -6537,10 +6679,10 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2591902"></a><span><strong class="command">zone</strong></span> Statement Definition and Usage</h3></div></div></div>
|
||||
<a name="id2592398"></a><span><strong class="command">zone</strong></span> Statement Definition and Usage</h3></div></div></div>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2591910"></a>Zone Types</h4></div></div></div>
|
||||
<a name="id2592406"></a>Zone Types</h4></div></div></div>
|
||||
<div class="informaltable"><table border="1">
|
||||
<colgroup>
|
||||
<col>
|
||||
@ -6800,7 +6942,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
|
||||
</div>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2592455"></a>Class</h4></div></div></div>
|
||||
<a name="id2593019"></a>Class</h4></div></div></div>
|
||||
<p>
|
||||
The zone's name may optionally be followed by a class. If
|
||||
a class is not specified, class <code class="literal">IN</code> (for <code class="varname">Internet</code>),
|
||||
@ -6822,7 +6964,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
|
||||
</div>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2592488"></a>Zone Options</h4></div></div></div>
|
||||
<a name="id2593052"></a>Zone Options</h4></div></div></div>
|
||||
<div class="variablelist"><dl>
|
||||
<dt><span class="term"><span><strong class="command">allow-notify</strong></span></span></dt>
|
||||
<dd><p>
|
||||
@ -6894,6 +7036,11 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
|
||||
See the description of
|
||||
<span><strong class="command">check-mx</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
|
||||
</p></dd>
|
||||
<dt><span class="term"><span><strong class="command">check-spf</strong></span></span></dt>
|
||||
<dd><p>
|
||||
See the description of
|
||||
<span><strong class="command">check-spf</strong></span> in <a href="Bv9ARM.ch06.html#boolean_options" title="Boolean Options">the section called “Boolean Options”</a>.
|
||||
</p></dd>
|
||||
<dt><span class="term"><span><strong class="command">check-wildcard</strong></span></span></dt>
|
||||
<dd><p>
|
||||
See the description of
|
||||
@ -7699,7 +7846,7 @@ example.com. NS ns2.example.net.
|
||||
</div>
|
||||
<div class="sect1" lang="en">
|
||||
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
|
||||
<a name="id2595170"></a>Zone File</h2></div></div></div>
|
||||
<a name="id2595755"></a>Zone File</h2></div></div></div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="types_of_resource_records_and_when_to_use_them"></a>Types of Resource Records and When to Use Them</h3></div></div></div>
|
||||
@ -7712,7 +7859,7 @@ example.com. NS ns2.example.net.
|
||||
</p>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2595188"></a>Resource Records</h4></div></div></div>
|
||||
<a name="id2595842"></a>Resource Records</h4></div></div></div>
|
||||
<p>
|
||||
A domain name identifies a node. Each node has a set of
|
||||
resource information, which may be empty. The set of resource
|
||||
@ -8449,7 +8596,7 @@ example.com. NS ns2.example.net.
|
||||
</div>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2596880"></a>Textual expression of RRs</h4></div></div></div>
|
||||
<a name="id2597465"></a>Textual expression of RRs</h4></div></div></div>
|
||||
<p>
|
||||
RRs are represented in binary form in the packets of the DNS
|
||||
protocol, and are usually represented in highly encoded form
|
||||
@ -8652,7 +8799,7 @@ example.com. NS ns2.example.net.
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2597537"></a>Discussion of MX Records</h3></div></div></div>
|
||||
<a name="id2597986"></a>Discussion of MX Records</h3></div></div></div>
|
||||
<p>
|
||||
As described above, domain servers store information as a
|
||||
series of resource records, each of which contains a particular
|
||||
@ -8908,7 +9055,7 @@ example.com. NS ns2.example.net.
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2598084"></a>Inverse Mapping in IPv4</h3></div></div></div>
|
||||
<a name="id2598601"></a>Inverse Mapping in IPv4</h3></div></div></div>
|
||||
<p>
|
||||
Reverse name resolution (that is, translation from IP address
|
||||
to name) is achieved by means of the <span class="emphasis"><em>in-addr.arpa</em></span> domain
|
||||
@ -8969,7 +9116,7 @@ example.com. NS ns2.example.net.
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2598211"></a>Other Zone File Directives</h3></div></div></div>
|
||||
<a name="id2598796"></a>Other Zone File Directives</h3></div></div></div>
|
||||
<p>
|
||||
The Master File Format was initially defined in RFC 1035 and
|
||||
has subsequently been extended. While the Master File Format
|
||||
@ -8984,7 +9131,7 @@ example.com. NS ns2.example.net.
|
||||
</p>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2598233"></a>The <span><strong class="command">@</strong></span> (at-sign)</h4></div></div></div>
|
||||
<a name="id2598819"></a>The <span><strong class="command">@</strong></span> (at-sign)</h4></div></div></div>
|
||||
<p>
|
||||
When used in the label (or name) field, the asperand or
|
||||
at-sign (@) symbol represents the current origin.
|
||||
@ -8995,7 +9142,7 @@ example.com. NS ns2.example.net.
|
||||
</div>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2598249"></a>The <span><strong class="command">$ORIGIN</strong></span> Directive</h4></div></div></div>
|
||||
<a name="id2598835"></a>The <span><strong class="command">$ORIGIN</strong></span> Directive</h4></div></div></div>
|
||||
<p>
|
||||
Syntax: <span><strong class="command">$ORIGIN</strong></span>
|
||||
<em class="replaceable"><code>domain-name</code></em>
|
||||
@ -9024,7 +9171,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
|
||||
</div>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2598446"></a>The <span><strong class="command">$INCLUDE</strong></span> Directive</h4></div></div></div>
|
||||
<a name="id2598964"></a>The <span><strong class="command">$INCLUDE</strong></span> Directive</h4></div></div></div>
|
||||
<p>
|
||||
Syntax: <span><strong class="command">$INCLUDE</strong></span>
|
||||
<em class="replaceable"><code>filename</code></em>
|
||||
@ -9060,7 +9207,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
|
||||
</div>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2598516"></a>The <span><strong class="command">$TTL</strong></span> Directive</h4></div></div></div>
|
||||
<a name="id2599101"></a>The <span><strong class="command">$TTL</strong></span> Directive</h4></div></div></div>
|
||||
<p>
|
||||
Syntax: <span><strong class="command">$TTL</strong></span>
|
||||
<em class="replaceable"><code>default-ttl</code></em>
|
||||
@ -9079,7 +9226,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2598552"></a><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</h3></div></div></div>
|
||||
<a name="id2599138"></a><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</h3></div></div></div>
|
||||
<p>
|
||||
Syntax: <span><strong class="command">$GENERATE</strong></span>
|
||||
<em class="replaceable"><code>range</code></em>
|
||||
@ -9503,7 +9650,7 @@ HOST-127.EXAMPLE. MX 0 .
|
||||
</p>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2599437"></a>Name Server Statistics Counters</h4></div></div></div>
|
||||
<a name="id2600091"></a>Name Server Statistics Counters</h4></div></div></div>
|
||||
<div class="informaltable"><table border="1">
|
||||
<colgroup>
|
||||
<col>
|
||||
@ -10055,12 +10202,25 @@ HOST-127.EXAMPLE. MX 0 .
|
||||
</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<p><span><strong class="command">RPZRewrites</strong></span></p>
|
||||
</td>
|
||||
<td>
|
||||
<p><span><strong class="command"></strong></span></p>
|
||||
</td>
|
||||
<td>
|
||||
<p>
|
||||
Response policy zone rewrites.
|
||||
</p>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table></div>
|
||||
</div>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2601047"></a>Zone Maintenance Statistics Counters</h4></div></div></div>
|
||||
<a name="id2601596"></a>Zone Maintenance Statistics Counters</h4></div></div></div>
|
||||
<div class="informaltable"><table border="1">
|
||||
<colgroup>
|
||||
<col>
|
||||
@ -10214,7 +10374,7 @@ HOST-127.EXAMPLE. MX 0 .
|
||||
</div>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2601498"></a>Resolver Statistics Counters</h4></div></div></div>
|
||||
<a name="id2601979"></a>Resolver Statistics Counters</h4></div></div></div>
|
||||
<div class="informaltable"><table border="1">
|
||||
<colgroup>
|
||||
<col>
|
||||
@ -10597,7 +10757,7 @@ HOST-127.EXAMPLE. MX 0 .
|
||||
</div>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2602588"></a>Socket I/O Statistics Counters</h4></div></div></div>
|
||||
<a name="id2603138"></a>Socket I/O Statistics Counters</h4></div></div></div>
|
||||
<p>
|
||||
Socket I/O statistics counters are defined per socket
|
||||
types, which are
|
||||
@ -10752,7 +10912,7 @@ HOST-127.EXAMPLE. MX 0 .
|
||||
</div>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2602962"></a>Compatibility with <span class="emphasis"><em>BIND</em></span> 8 Counters</h4></div></div></div>
|
||||
<a name="id2603579"></a>Compatibility with <span class="emphasis"><em>BIND</em></span> 8 Counters</h4></div></div></div>
|
||||
<p>
|
||||
Most statistics counters that were available
|
||||
in <span><strong class="command">BIND</strong></span> 8 are also supported in
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
- Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -46,10 +46,10 @@
|
||||
<p><b>Table of Contents</b></p>
|
||||
<dl>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2603136"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2603806"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
|
||||
<dd><dl>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2603285">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2603345">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2603888">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2603947">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
|
||||
</dl></dd>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#dynamic_update_security">Dynamic Update Security</a></span></dt>
|
||||
</dl>
|
||||
@ -111,17 +111,10 @@ zone "example.com" {
|
||||
This allows recursive queries of the server from the outside
|
||||
unless recursion has been previously disabled.
|
||||
</p>
|
||||
<p>
|
||||
For more information on how to use ACLs to protect your server,
|
||||
see the <span class="emphasis"><em>AUSCERT</em></span> advisory at:
|
||||
</p>
|
||||
<p>
|
||||
<a href="ftp://ftp.auscert.org.au/pub/auscert/advisory/AL-1999.004.dns_dos" target="_top">ftp://ftp.auscert.org.au/pub/auscert/advisory/AL-1999.004.dns_dos</a>
|
||||
</p>
|
||||
</div>
|
||||
<div class="sect1" lang="en">
|
||||
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
|
||||
<a name="id2603136"></a><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span>
|
||||
<a name="id2603806"></a><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span>
|
||||
</h2></div></div></div>
|
||||
<p>
|
||||
On UNIX servers, it is possible to run <acronym class="acronym">BIND</acronym>
|
||||
@ -147,7 +140,7 @@ zone "example.com" {
|
||||
</p>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2603285"></a>The <span><strong class="command">chroot</strong></span> Environment</h3></div></div></div>
|
||||
<a name="id2603888"></a>The <span><strong class="command">chroot</strong></span> Environment</h3></div></div></div>
|
||||
<p>
|
||||
In order for a <span><strong class="command">chroot</strong></span> environment
|
||||
to
|
||||
@ -175,7 +168,7 @@ zone "example.com" {
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2603345"></a>Using the <span><strong class="command">setuid</strong></span> Function</h3></div></div></div>
|
||||
<a name="id2603947"></a>Using the <span><strong class="command">setuid</strong></span> Function</h3></div></div></div>
|
||||
<p>
|
||||
Prior to running the <span><strong class="command">named</strong></span> daemon,
|
||||
use
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
- Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -45,18 +45,18 @@
|
||||
<div class="toc">
|
||||
<p><b>Table of Contents</b></p>
|
||||
<dl>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2603561">Common Problems</a></span></dt>
|
||||
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2603566">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2603578">Incrementing and Changing the Serial Number</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2603595">Where Can I Get Help?</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2604027">Common Problems</a></span></dt>
|
||||
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2604101">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2604113">Incrementing and Changing the Serial Number</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2604130">Where Can I Get Help?</a></span></dt>
|
||||
</dl>
|
||||
</div>
|
||||
<div class="sect1" lang="en">
|
||||
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
|
||||
<a name="id2603561"></a>Common Problems</h2></div></div></div>
|
||||
<a name="id2604027"></a>Common Problems</h2></div></div></div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2603566"></a>It's not working; how can I figure out what's wrong?</h3></div></div></div>
|
||||
<a name="id2604101"></a>It's not working; how can I figure out what's wrong?</h3></div></div></div>
|
||||
<p>
|
||||
The best solution to solving installation and
|
||||
configuration issues is to take preventative measures by setting
|
||||
@ -68,7 +68,7 @@
|
||||
</div>
|
||||
<div class="sect1" lang="en">
|
||||
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
|
||||
<a name="id2603578"></a>Incrementing and Changing the Serial Number</h2></div></div></div>
|
||||
<a name="id2604113"></a>Incrementing and Changing the Serial Number</h2></div></div></div>
|
||||
<p>
|
||||
Zone serial numbers are just numbers — they aren't
|
||||
date related. A lot of people set them to a number that
|
||||
@ -95,7 +95,7 @@
|
||||
</div>
|
||||
<div class="sect1" lang="en">
|
||||
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
|
||||
<a name="id2603595"></a>Where Can I Get Help?</h2></div></div></div>
|
||||
<a name="id2604130"></a>Where Can I Get Help?</h2></div></div></div>
|
||||
<p>
|
||||
The Internet Systems Consortium
|
||||
(<acronym class="acronym">ISC</acronym>) offers a wide range
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
- Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -45,31 +45,31 @@
|
||||
<div class="toc">
|
||||
<p><b>Table of Contents</b></p>
|
||||
<dl>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2603657">Acknowledgments</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2604192">Acknowledgments</a></span></dt>
|
||||
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#historical_dns_information">A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></a></span></dt></dl></dd>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2603761">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2604363">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
|
||||
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#ipv6addresses">IPv6 addresses (AAAA)</a></span></dt></dl></dd>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bibliography">Bibliography (and Suggested Reading)</a></span></dt>
|
||||
<dd><dl>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#rfcs">Request for Comments (RFCs)</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#internet_drafts">Internet Drafts</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2607177">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2607712">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
|
||||
</dl></dd>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bind9.library">BIND 9 DNS Library Support</a></span></dt>
|
||||
<dd><dl>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608265">Prerequisite</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608275">Compilation</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608299">Installation</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608330">Known Defects/Restrictions</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608680">The dns.conf File</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608707">Sample Applications</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609611">Library References</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609824">Prerequisite</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609833">Compilation</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609175">Installation</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609206">Known Defects/Restrictions</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609283">The dns.conf File</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609309">Sample Applications</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2610282">Library References</a></span></dt>
|
||||
</dl></dd>
|
||||
</dl>
|
||||
</div>
|
||||
<div class="sect1" lang="en">
|
||||
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
|
||||
<a name="id2603657"></a>Acknowledgments</h2></div></div></div>
|
||||
<a name="id2604192"></a>Acknowledgments</h2></div></div></div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="historical_dns_information"></a>A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym>
|
||||
@ -172,7 +172,7 @@
|
||||
</div>
|
||||
<div class="sect1" lang="en">
|
||||
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
|
||||
<a name="id2603761"></a>General <acronym class="acronym">DNS</acronym> Reference Information</h2></div></div></div>
|
||||
<a name="id2604363"></a>General <acronym class="acronym">DNS</acronym> Reference Information</h2></div></div></div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="ipv6addresses"></a>IPv6 addresses (AAAA)</h3></div></div></div>
|
||||
@ -260,17 +260,17 @@
|
||||
</p>
|
||||
<div class="bibliography">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2604017"></a>Bibliography</h4></div></div></div>
|
||||
<a name="id2604619"></a>Bibliography</h4></div></div></div>
|
||||
<div class="bibliodiv">
|
||||
<h3 class="title">Standards</h3>
|
||||
<div class="biblioentry">
|
||||
<a name="id2604027"></a><p>[<abbr class="abbrev">RFC974</abbr>] <span class="author"><span class="firstname">C.</span> <span class="surname">Partridge</span>. </span><span class="title"><i>Mail Routing and the Domain System</i>. </span><span class="pubdate">January 1986. </span></p>
|
||||
<a name="id2604630"></a><p>[<abbr class="abbrev">RFC974</abbr>] <span class="author"><span class="firstname">C.</span> <span class="surname">Partridge</span>. </span><span class="title"><i>Mail Routing and the Domain System</i>. </span><span class="pubdate">January 1986. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2604051"></a><p>[<abbr class="abbrev">RFC1034</abbr>] <span class="author"><span class="firstname">P.V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names — Concepts and Facilities</i>. </span><span class="pubdate">November 1987. </span></p>
|
||||
<a name="id2604653"></a><p>[<abbr class="abbrev">RFC1034</abbr>] <span class="author"><span class="firstname">P.V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names — Concepts and Facilities</i>. </span><span class="pubdate">November 1987. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2604074"></a><p>[<abbr class="abbrev">RFC1035</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names — Implementation and
|
||||
<a name="id2604677"></a><p>[<abbr class="abbrev">RFC1035</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names — Implementation and
|
||||
Specification</i>. </span><span class="pubdate">November 1987. </span></p>
|
||||
</div>
|
||||
</div>
|
||||
@ -278,42 +278,42 @@
|
||||
<h3 class="title">
|
||||
<a name="proposed_standards"></a>Proposed Standards</h3>
|
||||
<div class="biblioentry">
|
||||
<a name="id2604110"></a><p>[<abbr class="abbrev">RFC2181</abbr>] <span class="author"><span class="firstname">R., R. Bush</span> <span class="surname">Elz</span>. </span><span class="title"><i>Clarifications to the <acronym class="acronym">DNS</acronym>
|
||||
<a name="id2604713"></a><p>[<abbr class="abbrev">RFC2181</abbr>] <span class="author"><span class="firstname">R., R. Bush</span> <span class="surname">Elz</span>. </span><span class="title"><i>Clarifications to the <acronym class="acronym">DNS</acronym>
|
||||
Specification</i>. </span><span class="pubdate">July 1997. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2604137"></a><p>[<abbr class="abbrev">RFC2308</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Andrews</span>. </span><span class="title"><i>Negative Caching of <acronym class="acronym">DNS</acronym>
|
||||
<a name="id2604740"></a><p>[<abbr class="abbrev">RFC2308</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Andrews</span>. </span><span class="title"><i>Negative Caching of <acronym class="acronym">DNS</acronym>
|
||||
Queries</i>. </span><span class="pubdate">March 1998. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2604163"></a><p>[<abbr class="abbrev">RFC1995</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Ohta</span>. </span><span class="title"><i>Incremental Zone Transfer in <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">August 1996. </span></p>
|
||||
<a name="id2604765"></a><p>[<abbr class="abbrev">RFC1995</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Ohta</span>. </span><span class="title"><i>Incremental Zone Transfer in <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">August 1996. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2604187"></a><p>[<abbr class="abbrev">RFC1996</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A Mechanism for Prompt Notification of Zone Changes</i>. </span><span class="pubdate">August 1996. </span></p>
|
||||
<a name="id2604858"></a><p>[<abbr class="abbrev">RFC1996</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A Mechanism for Prompt Notification of Zone Changes</i>. </span><span class="pubdate">August 1996. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2604211"></a><p>[<abbr class="abbrev">RFC2136</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">Y.</span> <span class="surname">Rekhter</span>, and <span class="firstname">J.</span> <span class="surname">Bound</span>. </span><span class="title"><i>Dynamic Updates in the Domain Name System</i>. </span><span class="pubdate">April 1997. </span></p>
|
||||
<a name="id2604882"></a><p>[<abbr class="abbrev">RFC2136</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">Y.</span> <span class="surname">Rekhter</span>, and <span class="firstname">J.</span> <span class="surname">Bound</span>. </span><span class="title"><i>Dynamic Updates in the Domain Name System</i>. </span><span class="pubdate">April 1997. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2604266"></a><p>[<abbr class="abbrev">RFC2671</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Extension Mechanisms for DNS (EDNS0)</i>. </span><span class="pubdate">August 1997. </span></p>
|
||||
<a name="id2604937"></a><p>[<abbr class="abbrev">RFC2671</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Extension Mechanisms for DNS (EDNS0)</i>. </span><span class="pubdate">August 1997. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2604293"></a><p>[<abbr class="abbrev">RFC2672</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Non-Terminal DNS Name Redirection</i>. </span><span class="pubdate">August 1999. </span></p>
|
||||
<a name="id2604964"></a><p>[<abbr class="abbrev">RFC2672</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Non-Terminal DNS Name Redirection</i>. </span><span class="pubdate">August 1999. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2604320"></a><p>[<abbr class="abbrev">RFC2845</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>, <span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, and <span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secret Key Transaction Authentication for <acronym class="acronym">DNS</acronym> (TSIG)</i>. </span><span class="pubdate">May 2000. </span></p>
|
||||
<a name="id2604990"></a><p>[<abbr class="abbrev">RFC2845</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>, <span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, and <span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secret Key Transaction Authentication for <acronym class="acronym">DNS</acronym> (TSIG)</i>. </span><span class="pubdate">May 2000. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2604381"></a><p>[<abbr class="abbrev">RFC2930</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secret Key Establishment for DNS (TKEY RR)</i>. </span><span class="pubdate">September 2000. </span></p>
|
||||
<a name="id2605052"></a><p>[<abbr class="abbrev">RFC2930</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secret Key Establishment for DNS (TKEY RR)</i>. </span><span class="pubdate">September 2000. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2604411"></a><p>[<abbr class="abbrev">RFC2931</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DNS Request and Transaction Signatures (SIG(0)s)</i>. </span><span class="pubdate">September 2000. </span></p>
|
||||
<a name="id2605082"></a><p>[<abbr class="abbrev">RFC2931</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DNS Request and Transaction Signatures (SIG(0)s)</i>. </span><span class="pubdate">September 2000. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2604441"></a><p>[<abbr class="abbrev">RFC3007</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secure Domain Name System (DNS) Dynamic Update</i>. </span><span class="pubdate">November 2000. </span></p>
|
||||
<a name="id2605112"></a><p>[<abbr class="abbrev">RFC3007</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secure Domain Name System (DNS) Dynamic Update</i>. </span><span class="pubdate">November 2000. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2604468"></a><p>[<abbr class="abbrev">RFC3645</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Kwan</span>, <span class="firstname">P.</span> <span class="surname">Garg</span>, <span class="firstname">J.</span> <span class="surname">Gilroy</span>, <span class="firstname">L.</span> <span class="surname">Esibov</span>, <span class="firstname">J.</span> <span class="surname">Westhead</span>, and <span class="firstname">R.</span> <span class="surname">Hall</span>. </span><span class="title"><i>Generic Security Service Algorithm for Secret
|
||||
<a name="id2605139"></a><p>[<abbr class="abbrev">RFC3645</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Kwan</span>, <span class="firstname">P.</span> <span class="surname">Garg</span>, <span class="firstname">J.</span> <span class="surname">Gilroy</span>, <span class="firstname">L.</span> <span class="surname">Esibov</span>, <span class="firstname">J.</span> <span class="surname">Westhead</span>, and <span class="firstname">R.</span> <span class="surname">Hall</span>. </span><span class="title"><i>Generic Security Service Algorithm for Secret
|
||||
Key Transaction Authentication for DNS
|
||||
(GSS-TSIG)</i>. </span><span class="pubdate">October 2003. </span></p>
|
||||
</div>
|
||||
@ -322,19 +322,19 @@
|
||||
<h3 class="title">
|
||||
<acronym class="acronym">DNS</acronym> Security Proposed Standards</h3>
|
||||
<div class="biblioentry">
|
||||
<a name="id2604618"></a><p>[<abbr class="abbrev">RFC3225</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Conrad</span>. </span><span class="title"><i>Indicating Resolver Support of DNSSEC</i>. </span><span class="pubdate">December 2001. </span></p>
|
||||
<a name="id2605221"></a><p>[<abbr class="abbrev">RFC3225</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Conrad</span>. </span><span class="title"><i>Indicating Resolver Support of DNSSEC</i>. </span><span class="pubdate">December 2001. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2604645"></a><p>[<abbr class="abbrev">RFC3833</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Atkins</span> and <span class="firstname">R.</span> <span class="surname">Austein</span>. </span><span class="title"><i>Threat Analysis of the Domain Name System (DNS)</i>. </span><span class="pubdate">August 2004. </span></p>
|
||||
<a name="id2605248"></a><p>[<abbr class="abbrev">RFC3833</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Atkins</span> and <span class="firstname">R.</span> <span class="surname">Austein</span>. </span><span class="title"><i>Threat Analysis of the Domain Name System (DNS)</i>. </span><span class="pubdate">August 2004. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2604681"></a><p>[<abbr class="abbrev">RFC4033</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>DNS Security Introduction and Requirements</i>. </span><span class="pubdate">March 2005. </span></p>
|
||||
<a name="id2605284"></a><p>[<abbr class="abbrev">RFC4033</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>DNS Security Introduction and Requirements</i>. </span><span class="pubdate">March 2005. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2604746"></a><p>[<abbr class="abbrev">RFC4034</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Resource Records for the DNS Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
|
||||
<a name="id2605349"></a><p>[<abbr class="abbrev">RFC4034</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Resource Records for the DNS Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2604811"></a><p>[<abbr class="abbrev">RFC4035</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Protocol Modifications for the DNS
|
||||
<a name="id2605414"></a><p>[<abbr class="abbrev">RFC4035</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Protocol Modifications for the DNS
|
||||
Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
|
||||
</div>
|
||||
</div>
|
||||
@ -342,146 +342,146 @@
|
||||
<h3 class="title">Other Important RFCs About <acronym class="acronym">DNS</acronym>
|
||||
Implementation</h3>
|
||||
<div class="biblioentry">
|
||||
<a name="id2604885"></a><p>[<abbr class="abbrev">RFC1535</abbr>] <span class="author"><span class="firstname">E.</span> <span class="surname">Gavron</span>. </span><span class="title"><i>A Security Problem and Proposed Correction With Widely
|
||||
<a name="id2605488"></a><p>[<abbr class="abbrev">RFC1535</abbr>] <span class="author"><span class="firstname">E.</span> <span class="surname">Gavron</span>. </span><span class="title"><i>A Security Problem and Proposed Correction With Widely
|
||||
Deployed <acronym class="acronym">DNS</acronym> Software.</i>. </span><span class="pubdate">October 1993. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2604910"></a><p>[<abbr class="abbrev">RFC1536</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Kumar</span>, <span class="firstname">J.</span> <span class="surname">Postel</span>, <span class="firstname">C.</span> <span class="surname">Neuman</span>, <span class="firstname">P.</span> <span class="surname">Danzig</span>, and <span class="firstname">S.</span> <span class="surname">Miller</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Implementation
|
||||
<a name="id2605513"></a><p>[<abbr class="abbrev">RFC1536</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Kumar</span>, <span class="firstname">J.</span> <span class="surname">Postel</span>, <span class="firstname">C.</span> <span class="surname">Neuman</span>, <span class="firstname">P.</span> <span class="surname">Danzig</span>, and <span class="firstname">S.</span> <span class="surname">Miller</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Implementation
|
||||
Errors and Suggested Fixes</i>. </span><span class="pubdate">October 1993. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2605047"></a><p>[<abbr class="abbrev">RFC1982</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Elz</span> and <span class="firstname">R.</span> <span class="surname">Bush</span>. </span><span class="title"><i>Serial Number Arithmetic</i>. </span><span class="pubdate">August 1996. </span></p>
|
||||
<a name="id2605581"></a><p>[<abbr class="abbrev">RFC1982</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Elz</span> and <span class="firstname">R.</span> <span class="surname">Bush</span>. </span><span class="title"><i>Serial Number Arithmetic</i>. </span><span class="pubdate">August 1996. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2605082"></a><p>[<abbr class="abbrev">RFC4074</abbr>] <span class="authorgroup"><span class="firstname">Y.</span> <span class="surname">Morishita</span> and <span class="firstname">T.</span> <span class="surname">Jinmei</span>. </span><span class="title"><i>Common Misbehaviour Against <acronym class="acronym">DNS</acronym>
|
||||
<a name="id2605617"></a><p>[<abbr class="abbrev">RFC4074</abbr>] <span class="authorgroup"><span class="firstname">Y.</span> <span class="surname">Morishita</span> and <span class="firstname">T.</span> <span class="surname">Jinmei</span>. </span><span class="title"><i>Common Misbehaviour Against <acronym class="acronym">DNS</acronym>
|
||||
Queries for IPv6 Addresses</i>. </span><span class="pubdate">May 2005. </span></p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="bibliodiv">
|
||||
<h3 class="title">Resource Record Types</h3>
|
||||
<div class="biblioentry">
|
||||
<a name="id2605128"></a><p>[<abbr class="abbrev">RFC1183</abbr>] <span class="authorgroup"><span class="firstname">C.F.</span> <span class="surname">Everhart</span>, <span class="firstname">L. A.</span> <span class="surname">Mamakos</span>, <span class="firstname">R.</span> <span class="surname">Ullmann</span>, and <span class="firstname">P.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>New <acronym class="acronym">DNS</acronym> RR Definitions</i>. </span><span class="pubdate">October 1990. </span></p>
|
||||
<a name="id2605662"></a><p>[<abbr class="abbrev">RFC1183</abbr>] <span class="authorgroup"><span class="firstname">C.F.</span> <span class="surname">Everhart</span>, <span class="firstname">L. A.</span> <span class="surname">Mamakos</span>, <span class="firstname">R.</span> <span class="surname">Ullmann</span>, and <span class="firstname">P.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>New <acronym class="acronym">DNS</acronym> RR Definitions</i>. </span><span class="pubdate">October 1990. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2605186"></a><p>[<abbr class="abbrev">RFC1706</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">R.</span> <span class="surname">Colella</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> NSAP Resource Records</i>. </span><span class="pubdate">October 1994. </span></p>
|
||||
<a name="id2605720"></a><p>[<abbr class="abbrev">RFC1706</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">R.</span> <span class="surname">Colella</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> NSAP Resource Records</i>. </span><span class="pubdate">October 1994. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2605223"></a><p>[<abbr class="abbrev">RFC2168</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Daniel</span> and <span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="title"><i>Resolution of Uniform Resource Identifiers using
|
||||
<a name="id2605757"></a><p>[<abbr class="abbrev">RFC2168</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Daniel</span> and <span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="title"><i>Resolution of Uniform Resource Identifiers using
|
||||
the Domain Name System</i>. </span><span class="pubdate">June 1997. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2605258"></a><p>[<abbr class="abbrev">RFC1876</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Davis</span>, <span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">T.</span>, and <span class="firstname">I.</span> <span class="surname">Dickinson</span>. </span><span class="title"><i>A Means for Expressing Location Information in the
|
||||
<a name="id2605793"></a><p>[<abbr class="abbrev">RFC1876</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Davis</span>, <span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">T.</span>, and <span class="firstname">I.</span> <span class="surname">Dickinson</span>. </span><span class="title"><i>A Means for Expressing Location Information in the
|
||||
Domain
|
||||
Name System</i>. </span><span class="pubdate">January 1996. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2605313"></a><p>[<abbr class="abbrev">RFC2052</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A <acronym class="acronym">DNS</acronym> RR for Specifying the
|
||||
<a name="id2605847"></a><p>[<abbr class="abbrev">RFC2052</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A <acronym class="acronym">DNS</acronym> RR for Specifying the
|
||||
Location of
|
||||
Services.</i>. </span><span class="pubdate">October 1996. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2605351"></a><p>[<abbr class="abbrev">RFC2163</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Allocchio</span>. </span><span class="title"><i>Using the Internet <acronym class="acronym">DNS</acronym> to
|
||||
<a name="id2605885"></a><p>[<abbr class="abbrev">RFC2163</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Allocchio</span>. </span><span class="title"><i>Using the Internet <acronym class="acronym">DNS</acronym> to
|
||||
Distribute MIXER
|
||||
Conformant Global Address Mapping</i>. </span><span class="pubdate">January 1998. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2605377"></a><p>[<abbr class="abbrev">RFC2230</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Atkinson</span>. </span><span class="title"><i>Key Exchange Delegation Record for the <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">October 1997. </span></p>
|
||||
<a name="id2605911"></a><p>[<abbr class="abbrev">RFC2230</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Atkinson</span>. </span><span class="title"><i>Key Exchange Delegation Record for the <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">October 1997. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2605402"></a><p>[<abbr class="abbrev">RFC2536</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DSA KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
|
||||
<a name="id2605937"></a><p>[<abbr class="abbrev">RFC2536</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DSA KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2605429"></a><p>[<abbr class="abbrev">RFC2537</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
|
||||
<a name="id2606032"></a><p>[<abbr class="abbrev">RFC2537</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2605456"></a><p>[<abbr class="abbrev">RFC2538</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Storing Certificates in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
|
||||
<a name="id2606058"></a><p>[<abbr class="abbrev">RFC2538</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Storing Certificates in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2605495"></a><p>[<abbr class="abbrev">RFC2539</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Storage of Diffie-Hellman Keys in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
|
||||
<a name="id2606098"></a><p>[<abbr class="abbrev">RFC2539</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Storage of Diffie-Hellman Keys in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2605525"></a><p>[<abbr class="abbrev">RFC2540</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Detached Domain Name System (DNS) Information</i>. </span><span class="pubdate">March 1999. </span></p>
|
||||
<a name="id2606128"></a><p>[<abbr class="abbrev">RFC2540</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Detached Domain Name System (DNS) Information</i>. </span><span class="pubdate">March 1999. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2605555"></a><p>[<abbr class="abbrev">RFC2782</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span>. </span><span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="author"><span class="firstname">L.</span> <span class="surname">Esibov</span>. </span><span class="title"><i>A DNS RR for specifying the location of services (DNS SRV)</i>. </span><span class="pubdate">February 2000. </span></p>
|
||||
<a name="id2606157"></a><p>[<abbr class="abbrev">RFC2782</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span>. </span><span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="author"><span class="firstname">L.</span> <span class="surname">Esibov</span>. </span><span class="title"><i>A DNS RR for specifying the location of services (DNS SRV)</i>. </span><span class="pubdate">February 2000. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2605597"></a><p>[<abbr class="abbrev">RFC2915</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="author"><span class="firstname">R.</span> <span class="surname">Daniel</span>. </span><span class="title"><i>The Naming Authority Pointer (NAPTR) DNS Resource Record</i>. </span><span class="pubdate">September 2000. </span></p>
|
||||
<a name="id2606200"></a><p>[<abbr class="abbrev">RFC2915</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="author"><span class="firstname">R.</span> <span class="surname">Daniel</span>. </span><span class="title"><i>The Naming Authority Pointer (NAPTR) DNS Resource Record</i>. </span><span class="pubdate">September 2000. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2605630"></a><p>[<abbr class="abbrev">RFC3110</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)</i>. </span><span class="pubdate">May 2001. </span></p>
|
||||
<a name="id2606233"></a><p>[<abbr class="abbrev">RFC3110</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)</i>. </span><span class="pubdate">May 2001. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2605657"></a><p>[<abbr class="abbrev">RFC3123</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Koch</span>. </span><span class="title"><i>A DNS RR Type for Lists of Address Prefixes (APL RR)</i>. </span><span class="pubdate">June 2001. </span></p>
|
||||
<a name="id2606260"></a><p>[<abbr class="abbrev">RFC3123</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Koch</span>. </span><span class="title"><i>A DNS RR Type for Lists of Address Prefixes (APL RR)</i>. </span><span class="pubdate">June 2001. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2605681"></a><p>[<abbr class="abbrev">RFC3596</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">C.</span> <span class="surname">Huitema</span>, <span class="firstname">V.</span> <span class="surname">Ksinant</span>, and <span class="firstname">M.</span> <span class="surname">Souissi</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Extensions to support IP
|
||||
<a name="id2606283"></a><p>[<abbr class="abbrev">RFC3596</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">C.</span> <span class="surname">Huitema</span>, <span class="firstname">V.</span> <span class="surname">Ksinant</span>, and <span class="firstname">M.</span> <span class="surname">Souissi</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Extensions to support IP
|
||||
version 6</i>. </span><span class="pubdate">October 2003. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2605738"></a><p>[<abbr class="abbrev">RFC3597</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gustafsson</span>. </span><span class="title"><i>Handling of Unknown DNS Resource Record (RR) Types</i>. </span><span class="pubdate">September 2003. </span></p>
|
||||
<a name="id2606341"></a><p>[<abbr class="abbrev">RFC3597</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gustafsson</span>. </span><span class="title"><i>Handling of Unknown DNS Resource Record (RR) Types</i>. </span><span class="pubdate">September 2003. </span></p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="bibliodiv">
|
||||
<h3 class="title">
|
||||
<acronym class="acronym">DNS</acronym> and the Internet</h3>
|
||||
<div class="biblioentry">
|
||||
<a name="id2605770"></a><p>[<abbr class="abbrev">RFC1101</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Network Names
|
||||
<a name="id2606373"></a><p>[<abbr class="abbrev">RFC1101</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Network Names
|
||||
and Other Types</i>. </span><span class="pubdate">April 1989. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2605796"></a><p>[<abbr class="abbrev">RFC1123</abbr>] <span class="author"><span class="surname">Braden</span>. </span><span class="title"><i>Requirements for Internet Hosts - Application and
|
||||
<a name="id2606398"></a><p>[<abbr class="abbrev">RFC1123</abbr>] <span class="author"><span class="surname">Braden</span>. </span><span class="title"><i>Requirements for Internet Hosts - Application and
|
||||
Support</i>. </span><span class="pubdate">October 1989. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2605818"></a><p>[<abbr class="abbrev">RFC1591</abbr>] <span class="author"><span class="firstname">J.</span> <span class="surname">Postel</span>. </span><span class="title"><i>Domain Name System Structure and Delegation</i>. </span><span class="pubdate">March 1994. </span></p>
|
||||
<a name="id2606421"></a><p>[<abbr class="abbrev">RFC1591</abbr>] <span class="author"><span class="firstname">J.</span> <span class="surname">Postel</span>. </span><span class="title"><i>Domain Name System Structure and Delegation</i>. </span><span class="pubdate">March 1994. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2605842"></a><p>[<abbr class="abbrev">RFC2317</abbr>] <span class="authorgroup"><span class="firstname">H.</span> <span class="surname">Eidnes</span>, <span class="firstname">G.</span> <span class="surname">de Groot</span>, and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Classless IN-ADDR.ARPA Delegation</i>. </span><span class="pubdate">March 1998. </span></p>
|
||||
<a name="id2606444"></a><p>[<abbr class="abbrev">RFC2317</abbr>] <span class="authorgroup"><span class="firstname">H.</span> <span class="surname">Eidnes</span>, <span class="firstname">G.</span> <span class="surname">de Groot</span>, and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Classless IN-ADDR.ARPA Delegation</i>. </span><span class="pubdate">March 1998. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2605888"></a><p>[<abbr class="abbrev">RFC2826</abbr>] <span class="authorgroup"><span class="surname">Internet Architecture Board</span>. </span><span class="title"><i>IAB Technical Comment on the Unique DNS Root</i>. </span><span class="pubdate">May 2000. </span></p>
|
||||
<a name="id2606490"></a><p>[<abbr class="abbrev">RFC2826</abbr>] <span class="authorgroup"><span class="surname">Internet Architecture Board</span>. </span><span class="title"><i>IAB Technical Comment on the Unique DNS Root</i>. </span><span class="pubdate">May 2000. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2605911"></a><p>[<abbr class="abbrev">RFC2929</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, <span class="firstname">E.</span> <span class="surname">Brunner-Williams</span>, and <span class="firstname">B.</span> <span class="surname">Manning</span>. </span><span class="title"><i>Domain Name System (DNS) IANA Considerations</i>. </span><span class="pubdate">September 2000. </span></p>
|
||||
<a name="id2606514"></a><p>[<abbr class="abbrev">RFC2929</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, <span class="firstname">E.</span> <span class="surname">Brunner-Williams</span>, and <span class="firstname">B.</span> <span class="surname">Manning</span>. </span><span class="title"><i>Domain Name System (DNS) IANA Considerations</i>. </span><span class="pubdate">September 2000. </span></p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="bibliodiv">
|
||||
<h3 class="title">
|
||||
<acronym class="acronym">DNS</acronym> Operations</h3>
|
||||
<div class="biblioentry">
|
||||
<a name="id2605969"></a><p>[<abbr class="abbrev">RFC1033</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Lottor</span>. </span><span class="title"><i>Domain administrators operations guide.</i>. </span><span class="pubdate">November 1987. </span></p>
|
||||
<a name="id2606571"></a><p>[<abbr class="abbrev">RFC1033</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Lottor</span>. </span><span class="title"><i>Domain administrators operations guide.</i>. </span><span class="pubdate">November 1987. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2605992"></a><p>[<abbr class="abbrev">RFC1537</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Beertema</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Data File
|
||||
<a name="id2606595"></a><p>[<abbr class="abbrev">RFC1537</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Beertema</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Data File
|
||||
Configuration Errors</i>. </span><span class="pubdate">October 1993. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2606019"></a><p>[<abbr class="abbrev">RFC1912</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Barr</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Operational and
|
||||
<a name="id2606621"></a><p>[<abbr class="abbrev">RFC1912</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Barr</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Operational and
|
||||
Configuration Errors</i>. </span><span class="pubdate">February 1996. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2606045"></a><p>[<abbr class="abbrev">RFC2010</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Operational Criteria for Root Name Servers.</i>. </span><span class="pubdate">October 1996. </span></p>
|
||||
<a name="id2606648"></a><p>[<abbr class="abbrev">RFC2010</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Operational Criteria for Root Name Servers.</i>. </span><span class="pubdate">October 1996. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2606082"></a><p>[<abbr class="abbrev">RFC2219</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Hamilton</span> and <span class="firstname">R.</span> <span class="surname">Wright</span>. </span><span class="title"><i>Use of <acronym class="acronym">DNS</acronym> Aliases for
|
||||
<a name="id2606684"></a><p>[<abbr class="abbrev">RFC2219</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Hamilton</span> and <span class="firstname">R.</span> <span class="surname">Wright</span>. </span><span class="title"><i>Use of <acronym class="acronym">DNS</acronym> Aliases for
|
||||
Network Services.</i>. </span><span class="pubdate">October 1997. </span></p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="bibliodiv">
|
||||
<h3 class="title">Internationalized Domain Names</h3>
|
||||
<div class="biblioentry">
|
||||
<a name="id2606128"></a><p>[<abbr class="abbrev">RFC2825</abbr>] <span class="authorgroup"><span class="surname">IAB</span> and <span class="firstname">R.</span> <span class="surname">Daigle</span>. </span><span class="title"><i>A Tangled Web: Issues of I18N, Domain Names,
|
||||
<a name="id2606730"></a><p>[<abbr class="abbrev">RFC2825</abbr>] <span class="authorgroup"><span class="surname">IAB</span> and <span class="firstname">R.</span> <span class="surname">Daigle</span>. </span><span class="title"><i>A Tangled Web: Issues of I18N, Domain Names,
|
||||
and the Other Internet protocols</i>. </span><span class="pubdate">May 2000. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2606160"></a><p>[<abbr class="abbrev">RFC3490</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Faltstrom</span>, <span class="firstname">P.</span> <span class="surname">Hoffman</span>, and <span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Internationalizing Domain Names in Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
|
||||
<a name="id2606762"></a><p>[<abbr class="abbrev">RFC3490</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Faltstrom</span>, <span class="firstname">P.</span> <span class="surname">Hoffman</span>, and <span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Internationalizing Domain Names in Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2606205"></a><p>[<abbr class="abbrev">RFC3491</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Hoffman</span> and <span class="firstname">M.</span> <span class="surname">Blanchet</span>. </span><span class="title"><i>Nameprep: A Stringprep Profile for Internationalized Domain Names</i>. </span><span class="pubdate">March 2003. </span></p>
|
||||
<a name="id2606808"></a><p>[<abbr class="abbrev">RFC3491</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Hoffman</span> and <span class="firstname">M.</span> <span class="surname">Blanchet</span>. </span><span class="title"><i>Nameprep: A Stringprep Profile for Internationalized Domain Names</i>. </span><span class="pubdate">March 2003. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2606241"></a><p>[<abbr class="abbrev">RFC3492</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Punycode: A Bootstring encoding of Unicode
|
||||
<a name="id2606843"></a><p>[<abbr class="abbrev">RFC3492</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Punycode: A Bootstring encoding of Unicode
|
||||
for Internationalized Domain Names in
|
||||
Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
|
||||
</div>
|
||||
@ -497,47 +497,47 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2606354"></a><p>[<abbr class="abbrev">RFC1464</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Rosenbaum</span>. </span><span class="title"><i>Using the Domain Name System To Store Arbitrary String
|
||||
<a name="id2606888"></a><p>[<abbr class="abbrev">RFC1464</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Rosenbaum</span>. </span><span class="title"><i>Using the Domain Name System To Store Arbitrary String
|
||||
Attributes</i>. </span><span class="pubdate">May 1993. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2606376"></a><p>[<abbr class="abbrev">RFC1713</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Romao</span>. </span><span class="title"><i>Tools for <acronym class="acronym">DNS</acronym> Debugging</i>. </span><span class="pubdate">November 1994. </span></p>
|
||||
<a name="id2606910"></a><p>[<abbr class="abbrev">RFC1713</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Romao</span>. </span><span class="title"><i>Tools for <acronym class="acronym">DNS</acronym> Debugging</i>. </span><span class="pubdate">November 1994. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2606402"></a><p>[<abbr class="abbrev">RFC1794</abbr>] <span class="author"><span class="firstname">T.</span> <span class="surname">Brisco</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Support for Load
|
||||
<a name="id2606936"></a><p>[<abbr class="abbrev">RFC1794</abbr>] <span class="author"><span class="firstname">T.</span> <span class="surname">Brisco</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Support for Load
|
||||
Balancing</i>. </span><span class="pubdate">April 1995. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2606427"></a><p>[<abbr class="abbrev">RFC2240</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Legal Basis for Domain Name Allocation</i>. </span><span class="pubdate">November 1997. </span></p>
|
||||
<a name="id2606962"></a><p>[<abbr class="abbrev">RFC2240</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Legal Basis for Domain Name Allocation</i>. </span><span class="pubdate">November 1997. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2606451"></a><p>[<abbr class="abbrev">RFC2345</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>, <span class="firstname">T.</span> <span class="surname">Wolf</span>, and <span class="firstname">G.</span> <span class="surname">Oglesby</span>. </span><span class="title"><i>Domain Names and Company Name Retrieval</i>. </span><span class="pubdate">May 1998. </span></p>
|
||||
<a name="id2606985"></a><p>[<abbr class="abbrev">RFC2345</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>, <span class="firstname">T.</span> <span class="surname">Wolf</span>, and <span class="firstname">G.</span> <span class="surname">Oglesby</span>. </span><span class="title"><i>Domain Names and Company Name Retrieval</i>. </span><span class="pubdate">May 1998. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2606497"></a><p>[<abbr class="abbrev">RFC2352</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Convention For Using Legal Names as Domain Names</i>. </span><span class="pubdate">May 1998. </span></p>
|
||||
<a name="id2607031"></a><p>[<abbr class="abbrev">RFC2352</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Convention For Using Legal Names as Domain Names</i>. </span><span class="pubdate">May 1998. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2606520"></a><p>[<abbr class="abbrev">RFC3071</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>. </span><span class="title"><i>Reflections on the DNS, RFC 1591, and Categories of Domains</i>. </span><span class="pubdate">February 2001. </span></p>
|
||||
<a name="id2607054"></a><p>[<abbr class="abbrev">RFC3071</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>. </span><span class="title"><i>Reflections on the DNS, RFC 1591, and Categories of Domains</i>. </span><span class="pubdate">February 2001. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2606547"></a><p>[<abbr class="abbrev">RFC3258</abbr>] <span class="authorgroup"><span class="firstname">T.</span> <span class="surname">Hardie</span>. </span><span class="title"><i>Distributing Authoritative Name Servers via
|
||||
<a name="id2607081"></a><p>[<abbr class="abbrev">RFC3258</abbr>] <span class="authorgroup"><span class="firstname">T.</span> <span class="surname">Hardie</span>. </span><span class="title"><i>Distributing Authoritative Name Servers via
|
||||
Shared Unicast Addresses</i>. </span><span class="pubdate">April 2002. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2606572"></a><p>[<abbr class="abbrev">RFC3901</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Durand</span> and <span class="firstname">J.</span> <span class="surname">Ihren</span>. </span><span class="title"><i>DNS IPv6 Transport Operational Guidelines</i>. </span><span class="pubdate">September 2004. </span></p>
|
||||
<a name="id2607175"></a><p>[<abbr class="abbrev">RFC3901</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Durand</span> and <span class="firstname">J.</span> <span class="surname">Ihren</span>. </span><span class="title"><i>DNS IPv6 Transport Operational Guidelines</i>. </span><span class="pubdate">September 2004. </span></p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="bibliodiv">
|
||||
<h3 class="title">Obsolete and Unimplemented Experimental RFC</h3>
|
||||
<div class="biblioentry">
|
||||
<a name="id2606616"></a><p>[<abbr class="abbrev">RFC1712</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Farrell</span>, <span class="firstname">M.</span> <span class="surname">Schulze</span>, <span class="firstname">S.</span> <span class="surname">Pleitner</span>, and <span class="firstname">D.</span> <span class="surname">Baldoni</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Geographical
|
||||
<a name="id2607219"></a><p>[<abbr class="abbrev">RFC1712</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Farrell</span>, <span class="firstname">M.</span> <span class="surname">Schulze</span>, <span class="firstname">S.</span> <span class="surname">Pleitner</span>, and <span class="firstname">D.</span> <span class="surname">Baldoni</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Geographical
|
||||
Location</i>. </span><span class="pubdate">November 1994. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2606674"></a><p>[<abbr class="abbrev">RFC2673</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Binary Labels in the Domain Name System</i>. </span><span class="pubdate">August 1999. </span></p>
|
||||
<a name="id2607276"></a><p>[<abbr class="abbrev">RFC2673</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Binary Labels in the Domain Name System</i>. </span><span class="pubdate">August 1999. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2606700"></a><p>[<abbr class="abbrev">RFC2874</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span> and <span class="firstname">C.</span> <span class="surname">Huitema</span>. </span><span class="title"><i>DNS Extensions to Support IPv6 Address Aggregation
|
||||
<a name="id2607303"></a><p>[<abbr class="abbrev">RFC2874</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span> and <span class="firstname">C.</span> <span class="surname">Huitema</span>. </span><span class="title"><i>DNS Extensions to Support IPv6 Address Aggregation
|
||||
and Renumbering</i>. </span><span class="pubdate">July 2000. </span></p>
|
||||
</div>
|
||||
</div>
|
||||
@ -551,39 +551,39 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2606748"></a><p>[<abbr class="abbrev">RFC2065</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">C.</span> <span class="surname">Kaufman</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">January 1997. </span></p>
|
||||
<a name="id2607351"></a><p>[<abbr class="abbrev">RFC2065</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">C.</span> <span class="surname">Kaufman</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">January 1997. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2606788"></a><p>[<abbr class="abbrev">RFC2137</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secure Domain Name System Dynamic Update</i>. </span><span class="pubdate">April 1997. </span></p>
|
||||
<a name="id2607390"></a><p>[<abbr class="abbrev">RFC2137</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secure Domain Name System Dynamic Update</i>. </span><span class="pubdate">April 1997. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2606814"></a><p>[<abbr class="abbrev">RFC2535</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">March 1999. </span></p>
|
||||
<a name="id2607417"></a><p>[<abbr class="abbrev">RFC2535</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">March 1999. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2606844"></a><p>[<abbr class="abbrev">RFC3008</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Domain Name System Security (DNSSEC)
|
||||
<a name="id2607447"></a><p>[<abbr class="abbrev">RFC3008</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Domain Name System Security (DNSSEC)
|
||||
Signing Authority</i>. </span><span class="pubdate">November 2000. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2606870"></a><p>[<abbr class="abbrev">RFC3090</abbr>] <span class="authorgroup"><span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>DNS Security Extension Clarification on Zone Status</i>. </span><span class="pubdate">March 2001. </span></p>
|
||||
<a name="id2607473"></a><p>[<abbr class="abbrev">RFC3090</abbr>] <span class="authorgroup"><span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>DNS Security Extension Clarification on Zone Status</i>. </span><span class="pubdate">March 2001. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2606897"></a><p>[<abbr class="abbrev">RFC3445</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Massey</span> and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Limiting the Scope of the KEY Resource Record (RR)</i>. </span><span class="pubdate">December 2002. </span></p>
|
||||
<a name="id2607499"></a><p>[<abbr class="abbrev">RFC3445</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Massey</span> and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Limiting the Scope of the KEY Resource Record (RR)</i>. </span><span class="pubdate">December 2002. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2606933"></a><p>[<abbr class="abbrev">RFC3655</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Redefinition of DNS Authenticated Data (AD) bit</i>. </span><span class="pubdate">November 2003. </span></p>
|
||||
<a name="id2607536"></a><p>[<abbr class="abbrev">RFC3655</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Redefinition of DNS Authenticated Data (AD) bit</i>. </span><span class="pubdate">November 2003. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2607037"></a><p>[<abbr class="abbrev">RFC3658</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Delegation Signer (DS) Resource Record (RR)</i>. </span><span class="pubdate">December 2003. </span></p>
|
||||
<a name="id2607572"></a><p>[<abbr class="abbrev">RFC3658</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Delegation Signer (DS) Resource Record (RR)</i>. </span><span class="pubdate">December 2003. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2607064"></a><p>[<abbr class="abbrev">RFC3755</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Weiler</span>. </span><span class="title"><i>Legacy Resolver Compatibility for Delegation Signer (DS)</i>. </span><span class="pubdate">May 2004. </span></p>
|
||||
<a name="id2607598"></a><p>[<abbr class="abbrev">RFC3755</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Weiler</span>. </span><span class="title"><i>Legacy Resolver Compatibility for Delegation Signer (DS)</i>. </span><span class="pubdate">May 2004. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2607091"></a><p>[<abbr class="abbrev">RFC3757</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Kolkman</span>, <span class="firstname">J.</span> <span class="surname">Schlyter</span>, and <span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>Domain Name System KEY (DNSKEY) Resource Record
|
||||
<a name="id2607625"></a><p>[<abbr class="abbrev">RFC3757</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Kolkman</span>, <span class="firstname">J.</span> <span class="surname">Schlyter</span>, and <span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>Domain Name System KEY (DNSKEY) Resource Record
|
||||
(RR) Secure Entry Point (SEP) Flag</i>. </span><span class="pubdate">April 2004. </span></p>
|
||||
</div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2607136"></a><p>[<abbr class="abbrev">RFC3845</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Schlyter</span>. </span><span class="title"><i>DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format</i>. </span><span class="pubdate">August 2004. </span></p>
|
||||
<a name="id2607670"></a><p>[<abbr class="abbrev">RFC3845</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Schlyter</span>. </span><span class="title"><i>DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format</i>. </span><span class="pubdate">August 2004. </span></p>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
@ -604,14 +604,14 @@
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2607177"></a>Other Documents About <acronym class="acronym">BIND</acronym>
|
||||
<a name="id2607712"></a>Other Documents About <acronym class="acronym">BIND</acronym>
|
||||
</h3></div></div></div>
|
||||
<p></p>
|
||||
<div class="bibliography">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2607187"></a>Bibliography</h4></div></div></div>
|
||||
<a name="id2607721"></a>Bibliography</h4></div></div></div>
|
||||
<div class="biblioentry">
|
||||
<a name="id2607189"></a><p><span class="authorgroup"><span class="firstname">Paul</span> <span class="surname">Albitz</span> and <span class="firstname">Cricket</span> <span class="surname">Liu</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></i>. </span><span class="copyright">Copyright © 1998 Sebastopol, CA: O'Reilly and Associates. </span></p>
|
||||
<a name="id2607723"></a><p><span class="authorgroup"><span class="firstname">Paul</span> <span class="surname">Albitz</span> and <span class="firstname">Cricket</span> <span class="surname">Liu</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></i>. </span><span class="copyright">Copyright © 1998 Sebastopol, CA: O'Reilly and Associates. </span></p>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
@ -648,7 +648,7 @@
|
||||
</ul></div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2608265"></a>Prerequisite</h3></div></div></div>
|
||||
<a name="id2609824"></a>Prerequisite</h3></div></div></div>
|
||||
<p>GNU make is required to build the export libraries (other
|
||||
part of BIND 9 can still be built with other types of make). In
|
||||
the reminder of this document, "make" means GNU make. Note that
|
||||
@ -657,7 +657,7 @@
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2608275"></a>Compilation</h3></div></div></div>
|
||||
<a name="id2609833"></a>Compilation</h3></div></div></div>
|
||||
<pre class="screen">
|
||||
$ <strong class="userinput"><code>./configure --enable-exportlib <em class="replaceable"><code>[other flags]</code></em></code></strong>
|
||||
$ <strong class="userinput"><code>make</code></strong>
|
||||
@ -672,7 +672,7 @@ $ <strong class="userinput"><code>make</code></strong>
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2608299"></a>Installation</h3></div></div></div>
|
||||
<a name="id2609175"></a>Installation</h3></div></div></div>
|
||||
<pre class="screen">
|
||||
$ <strong class="userinput"><code>cd lib/export</code></strong>
|
||||
$ <strong class="userinput"><code>make install</code></strong>
|
||||
@ -694,7 +694,7 @@ $ <strong class="userinput"><code>make install</code></strong>
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2608330"></a>Known Defects/Restrictions</h3></div></div></div>
|
||||
<a name="id2609206"></a>Known Defects/Restrictions</h3></div></div></div>
|
||||
<div class="itemizedlist"><ul type="disc">
|
||||
<li><p>Currently, win32 is not supported for the export
|
||||
library. (Normal BIND 9 application can be built as
|
||||
@ -734,7 +734,7 @@ $ <strong class="userinput"><code>make</code></strong>
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2608680"></a>The dns.conf File</h3></div></div></div>
|
||||
<a name="id2609283"></a>The dns.conf File</h3></div></div></div>
|
||||
<p>The IRS library supports an "advanced" configuration file
|
||||
related to the DNS library for configuration parameters that
|
||||
would be beyond the capability of the
|
||||
@ -752,14 +752,14 @@ $ <strong class="userinput"><code>make</code></strong>
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2608707"></a>Sample Applications</h3></div></div></div>
|
||||
<a name="id2609309"></a>Sample Applications</h3></div></div></div>
|
||||
<p>Some sample application programs using this API are
|
||||
provided for reference. The following is a brief description of
|
||||
these applications.
|
||||
</p>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2608715"></a>sample: a simple stub resolver utility</h4></div></div></div>
|
||||
<a name="id2609318"></a>sample: a simple stub resolver utility</h4></div></div></div>
|
||||
<p>
|
||||
It sends a query of a given name (of a given optional RR type) to a
|
||||
specified recursive server, and prints the result as a list of
|
||||
@ -823,7 +823,7 @@ $ <strong class="userinput"><code>make</code></strong>
|
||||
</div>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2608806"></a>sample-async: a simple stub resolver, working asynchronously</h4></div></div></div>
|
||||
<a name="id2609409"></a>sample-async: a simple stub resolver, working asynchronously</h4></div></div></div>
|
||||
<p>
|
||||
Similar to "sample", but accepts a list
|
||||
of (query) domain names as a separate file and resolves the names
|
||||
@ -864,7 +864,7 @@ $ <strong class="userinput"><code>make</code></strong>
|
||||
</div>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2608859"></a>sample-request: a simple DNS transaction client</h4></div></div></div>
|
||||
<a name="id2609462"></a>sample-request: a simple DNS transaction client</h4></div></div></div>
|
||||
<p>
|
||||
It sends a query to a specified server, and
|
||||
prints the response with minimal processing. It doesn't act as a
|
||||
@ -905,7 +905,7 @@ $ <strong class="userinput"><code>make</code></strong>
|
||||
</div>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2608992"></a>sample-gai: getaddrinfo() and getnameinfo() test code</h4></div></div></div>
|
||||
<a name="id2609526"></a>sample-gai: getaddrinfo() and getnameinfo() test code</h4></div></div></div>
|
||||
<p>
|
||||
This is a test program
|
||||
to check getaddrinfo() and getnameinfo() behavior. It takes a
|
||||
@ -922,7 +922,7 @@ $ <strong class="userinput"><code>make</code></strong>
|
||||
</div>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2609006"></a>sample-update: a simple dynamic update client program</h4></div></div></div>
|
||||
<a name="id2609541"></a>sample-update: a simple dynamic update client program</h4></div></div></div>
|
||||
<p>
|
||||
It accepts a single update command as a
|
||||
command-line argument, sends an update request message to the
|
||||
@ -1017,7 +1017,7 @@ $ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mm
|
||||
</div>
|
||||
<div class="sect3" lang="en">
|
||||
<div class="titlepage"><div><div><h4 class="title">
|
||||
<a name="id2609138"></a>nsprobe: domain/name server checker in terms of RFC 4074</h4></div></div></div>
|
||||
<a name="id2610218"></a>nsprobe: domain/name server checker in terms of RFC 4074</h4></div></div></div>
|
||||
<p>
|
||||
It checks a set
|
||||
of domains to see the name servers of the domains behave
|
||||
@ -1074,7 +1074,7 @@ $ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mm
|
||||
</div>
|
||||
<div class="sect2" lang="en">
|
||||
<div class="titlepage"><div><div><h3 class="title">
|
||||
<a name="id2609611"></a>Library References</h3></div></div></div>
|
||||
<a name="id2610282"></a>Library References</h3></div></div></div>
|
||||
<p>As of this writing, there is no formal "manual" of the
|
||||
libraries, except this document, header files (some of them
|
||||
provide pretty detailed explanations), and sample application
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
- Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
- Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -41,7 +41,7 @@
|
||||
<div>
|
||||
<div><h1 class="title">
|
||||
<a name="id2563175"></a>BIND 9 Administrator Reference Manual</h1></div>
|
||||
<div><p class="copyright">Copyright © 2004-2012 Internet Systems Consortium, Inc. ("ISC")</p></div>
|
||||
<div><p class="copyright">Copyright © 2004-2013 Internet Systems Consortium, Inc. ("ISC")</p></div>
|
||||
<div><p class="copyright">Copyright © 2000-2003 Internet Software Consortium.</p></div>
|
||||
</div>
|
||||
<hr>
|
||||
@ -51,39 +51,39 @@
|
||||
<dl>
|
||||
<dt><span class="chapter"><a href="Bv9ARM.ch01.html">1. Introduction</a></span></dt>
|
||||
<dd><dl>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564375">Scope of Document</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564398">Organization of This Document</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564538">Conventions Used in This Document</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564720">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564378">Scope of Document</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564402">Organization of This Document</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564541">Conventions Used in This Document</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564723">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
|
||||
<dd><dl>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564741">DNS Fundamentals</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564775">Domains and Domain Names</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567180">Zones</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567257">Authoritative Name Servers</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567430">Caching Name Servers</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567560">Name Servers in Multiple Roles</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564744">DNS Fundamentals</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564846">Domains and Domain Names</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567184">Zones</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567260">Authoritative Name Servers</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567433">Caching Name Servers</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567563">Name Servers in Multiple Roles</a></span></dt>
|
||||
</dl></dd>
|
||||
</dl></dd>
|
||||
<dt><span class="chapter"><a href="Bv9ARM.ch02.html">2. <acronym class="acronym">BIND</acronym> Resource Requirements</a></span></dt>
|
||||
<dd><dl>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567594">Hardware requirements</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567621">CPU Requirements</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567634">Memory Requirements</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567729">Name Server Intensive Environment Issues</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567739">Supported Operating Systems</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567597">Hardware requirements</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567624">CPU Requirements</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567637">Memory Requirements</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567732">Name Server Intensive Environment Issues</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567742">Supported Operating Systems</a></span></dt>
|
||||
</dl></dd>
|
||||
<dt><span class="chapter"><a href="Bv9ARM.ch03.html">3. Name Server Configuration</a></span></dt>
|
||||
<dd><dl>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#sample_configuration">Sample Configurations</a></span></dt>
|
||||
<dd><dl>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567771">A Caching-only Name Server</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567992">An Authoritative-only Name Server</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567774">A Caching-only Name Server</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567995">An Authoritative-only Name Server</a></span></dt>
|
||||
</dl></dd>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568014">Load Balancing</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568369">Name Server Operations</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568018">Load Balancing</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568372">Name Server Operations</a></span></dt>
|
||||
<dd><dl>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568374">Tools for Use With the Name Server Daemon</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570421">Signals</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568377">Tools for Use With the Name Server Daemon</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570424">Signals</a></span></dt>
|
||||
</dl></dd>
|
||||
</dl></dd>
|
||||
<dt><span class="chapter"><a href="Bv9ARM.ch04.html">4. Advanced DNS Features</a></span></dt>
|
||||
@ -92,64 +92,64 @@
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dynamic_update">Dynamic Update</a></span></dt>
|
||||
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#journal">The journal file</a></span></dt></dl></dd>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#incremental_zone_transfers">Incremental Zone Transfers (IXFR)</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570934">Split DNS</a></span></dt>
|
||||
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570952">Example split DNS setup</a></span></dt></dl></dd>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570937">Split DNS</a></span></dt>
|
||||
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570955">Example split DNS setup</a></span></dt></dl></dd>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#tsig">TSIG</a></span></dt>
|
||||
<dd><dl>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564012">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564086">Copying the Shared Secret to Both Machines</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571811">Informing the Servers of the Key's Existence</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571847">Instructing the Server to Use the Key</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571905">TSIG Key Based Access Control</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571954">Errors</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564016">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564089">Copying the Shared Secret to Both Machines</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571814">Informing the Servers of the Key's Existence</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571850">Instructing the Server to Use the Key</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571908">TSIG Key Based Access Control</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571957">Errors</a></span></dt>
|
||||
</dl></dd>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571968">TKEY</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2572153">SIG(0)</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571971">TKEY</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2572156">SIG(0)</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#DNSSEC">DNSSEC</a></span></dt>
|
||||
<dd><dl>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572221">Generating Keys</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572300">Signing the Zone</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572381">Configuring Servers</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572225">Generating Keys</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572304">Signing the Zone</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572385">Configuring Servers</a></span></dt>
|
||||
</dl></dd>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dnssec.dynamic.zones">DNSSEC, Dynamic Zones, and Automatic Signing</a></span></dt>
|
||||
<dd><dl>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571475">Converting from insecure to secure</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571512">Dynamic DNS update method</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563493">Fully automatic zone signing</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563575">Private-type records</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563612">DNSKEY rollovers</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563762">Dynamic DNS update method</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563795">Automatic key rollovers</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563821">NSEC3PARAM rollovers via UPDATE</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563899">Converting from NSEC to NSEC3</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563909">Converting from NSEC3 to NSEC</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563922">Converting from secure to insecure</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571605">Periodic re-signing</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571614">NSEC3 and OPTOUT</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2608395">Converting from insecure to secure</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563581">Dynamic DNS update method</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563754">Fully automatic zone signing</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563836">Private-type records</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563874">DNSKEY rollovers</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563886">Dynamic DNS update method</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563920">Automatic key rollovers</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563946">NSEC3PARAM rollovers via UPDATE</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563956">Converting from NSEC to NSEC3</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571406">Converting from NSEC3 to NSEC</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571419">Converting from secure to insecure</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571457">Periodic re-signing</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571466">NSEC3 and OPTOUT</a></span></dt>
|
||||
</dl></dd>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#rfc5011.support">Dynamic Trust Anchor Management</a></span></dt>
|
||||
<dd><dl>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2607510">Validating Resolver</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571692">Authoritative Server</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571658">Validating Resolver</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571681">Authoritative Server</a></span></dt>
|
||||
</dl></dd>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#pkcs11">PKCS #11 (Cryptoki) support</a></span></dt>
|
||||
<dd><dl>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2610637">Prerequisites</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2608477">Building BIND 9 with PKCS#11</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2608602">PKCS #11 Tools</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2634916">Using the HSM</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2635114">Specifying the engine on the command line</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2635160">Running named with automatic zone re-signing</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2611650">Prerequisites</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2608875">Building BIND 9 with PKCS#11</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2609137">PKCS #11 Tools</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2635518">Using the HSM</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2635785">Specifying the engine on the command line</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2635831">Running named with automatic zone re-signing</a></span></dt>
|
||||
</dl></dd>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2572669">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2572604">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
|
||||
<dd><dl>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572868">Address Lookups Using AAAA Records</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572889">Address to Name Lookups Using Nibble Format</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572871">Address Lookups Using AAAA Records</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572892">Address to Name Lookups Using Nibble Format</a></span></dt>
|
||||
</dl></dd>
|
||||
</dl></dd>
|
||||
<dt><span class="chapter"><a href="Bv9ARM.ch05.html">5. The <acronym class="acronym">BIND</acronym> 9 Lightweight Resolver</a></span></dt>
|
||||
<dd><dl>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2572922">The Lightweight Resolver Library</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2572925">The Lightweight Resolver Library</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#lwresd">Running a Resolver Daemon</a></span></dt>
|
||||
</dl></dd>
|
||||
<dt><span class="chapter"><a href="Bv9ARM.ch06.html">6. <acronym class="acronym">BIND</acronym> 9 Configuration Reference</a></span></dt>
|
||||
@ -157,58 +157,58 @@
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#configuration_file_elements">Configuration File Elements</a></span></dt>
|
||||
<dd><dl>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#address_match_lists">Address Match Lists</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574332">Comment Syntax</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574405">Comment Syntax</a></span></dt>
|
||||
</dl></dd>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#Configuration_File_Grammar">Configuration File Grammar</a></span></dt>
|
||||
<dd><dl>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574986"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574990"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#acl"><span><strong class="command">acl</strong></span> Statement Definition and
|
||||
Usage</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575176"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575180"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage"><span><strong class="command">controls</strong></span> Statement Definition and
|
||||
Usage</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575467"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575484"><span><strong class="command">include</strong></span> Statement Definition and
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575472"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575489"><span><strong class="command">include</strong></span> Statement Definition and
|
||||
Usage</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575576"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575600"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575758"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575884"><span><strong class="command">logging</strong></span> Statement Definition and
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575649"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575672"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575763"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575889"><span><strong class="command">logging</strong></span> Statement Definition and
|
||||
Usage</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577910"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577984"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578116"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578160"><span><strong class="command">masters</strong></span> Statement Definition and
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577914"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577988"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578120"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578164"><span><strong class="command">masters</strong></span> Statement Definition and
|
||||
Usage</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578174"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578179"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#options"><span><strong class="command">options</strong></span> Statement Definition and
|
||||
Usage</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_grammar"><span><strong class="command">server</strong></span> Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_definition_and_usage"><span><strong class="command">server</strong></span> Statement Definition and
|
||||
Usage</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#statschannels"><span><strong class="command">statistics-channels</strong></span> Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589534"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590070"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
|
||||
Usage</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#trusted-keys"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589742"><span><strong class="command">trusted-keys</strong></span> Statement Definition
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590278"><span><strong class="command">trusted-keys</strong></span> Statement Definition
|
||||
and Usage</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589858"><span><strong class="command">managed-keys</strong></span> Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590325"><span><strong class="command">managed-keys</strong></span> Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#managed-keys"><span><strong class="command">managed-keys</strong></span> Statement Definition
|
||||
and Usage</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#view_statement_grammar"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590352"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590766"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span><strong class="command">zone</strong></span>
|
||||
Statement Grammar</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591902"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2592398"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
|
||||
</dl></dd>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2595170">Zone File</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2595755">Zone File</a></span></dt>
|
||||
<dd><dl>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2597537">Discussion of MX Records</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2597986">Discussion of MX Records</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2598084">Inverse Mapping in IPv4</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2598211">Other Zone File Directives</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2598552"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2598601">Inverse Mapping in IPv4</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2598796">Other Zone File Directives</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2599138"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zonefile_format">Additional File Formats</a></span></dt>
|
||||
</dl></dd>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#statistics">BIND9 Statistics</a></span></dt>
|
||||
@ -217,41 +217,41 @@
|
||||
<dt><span class="chapter"><a href="Bv9ARM.ch07.html">7. <acronym class="acronym">BIND</acronym> 9 Security Considerations</a></span></dt>
|
||||
<dd><dl>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2603136"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2603806"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
|
||||
<dd><dl>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2603285">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2603345">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2603888">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2603947">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
|
||||
</dl></dd>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#dynamic_update_security">Dynamic Update Security</a></span></dt>
|
||||
</dl></dd>
|
||||
<dt><span class="chapter"><a href="Bv9ARM.ch08.html">8. Troubleshooting</a></span></dt>
|
||||
<dd><dl>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2603561">Common Problems</a></span></dt>
|
||||
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2603566">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2603578">Incrementing and Changing the Serial Number</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2603595">Where Can I Get Help?</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2604027">Common Problems</a></span></dt>
|
||||
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2604101">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2604113">Incrementing and Changing the Serial Number</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2604130">Where Can I Get Help?</a></span></dt>
|
||||
</dl></dd>
|
||||
<dt><span class="appendix"><a href="Bv9ARM.ch09.html">A. Appendices</a></span></dt>
|
||||
<dd><dl>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2603657">Acknowledgments</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2604192">Acknowledgments</a></span></dt>
|
||||
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#historical_dns_information">A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></a></span></dt></dl></dd>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2603761">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2604363">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
|
||||
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#ipv6addresses">IPv6 addresses (AAAA)</a></span></dt></dl></dd>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bibliography">Bibliography (and Suggested Reading)</a></span></dt>
|
||||
<dd><dl>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#rfcs">Request for Comments (RFCs)</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#internet_drafts">Internet Drafts</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2607177">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2607712">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
|
||||
</dl></dd>
|
||||
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bind9.library">BIND 9 DNS Library Support</a></span></dt>
|
||||
<dd><dl>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608265">Prerequisite</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608275">Compilation</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608299">Installation</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608330">Known Defects/Restrictions</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608680">The dns.conf File</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608707">Sample Applications</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609611">Library References</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609824">Prerequisite</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609833">Compilation</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609175">Installation</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609206">Known Defects/Restrictions</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609283">The dns.conf File</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609309">Sample Applications</a></span></dt>
|
||||
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2610282">Library References</a></span></dt>
|
||||
</dl></dd>
|
||||
</dl></dd>
|
||||
<dt><span class="reference"><a href="Bv9ARM.ch10.html">I. Manual pages</a></span></dt>
|
||||
|
13984
doc/arm/Bv9ARM.pdf
13984
doc/arm/Bv9ARM.pdf
File diff suppressed because one or more lines are too long
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
- Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -50,20 +50,20 @@
|
||||
<div class="cmdsynopsis"><p><code class="command">arpaname</code> {<em class="replaceable"><code>ipaddress </code></em>...}</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2618405"></a><h2>DESCRIPTION</h2>
|
||||
<a name="id2617315"></a><h2>DESCRIPTION</h2>
|
||||
<p>
|
||||
<span><strong class="command">arpaname</strong></span> translates IP addresses (IPv4 and
|
||||
IPv6) to the corresponding IN-ADDR.ARPA or IP6.ARPA names.
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2618420"></a><h2>SEE ALSO</h2>
|
||||
<a name="id2617330"></a><h2>SEE ALSO</h2>
|
||||
<p>
|
||||
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2618434"></a><h2>AUTHOR</h2>
|
||||
<a name="id2651272"></a><h2>AUTHOR</h2>
|
||||
<p><span class="corpauthor">Internet Systems Consortium</span>
|
||||
</p>
|
||||
</div>
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
- Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -50,7 +50,7 @@
|
||||
<div class="cmdsynopsis"><p><code class="command">ddns-confgen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [ -s <em class="replaceable"><code>name</code></em> | -z <em class="replaceable"><code>zone</code></em> ] [<code class="option">-q</code>] [name]</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2641910"></a><h2>DESCRIPTION</h2>
|
||||
<a name="id2645394"></a><h2>DESCRIPTION</h2>
|
||||
<p><span><strong class="command">ddns-confgen</strong></span>
|
||||
generates a key for use by <span><strong class="command">nsupdate</strong></span>
|
||||
and <span><strong class="command">named</strong></span>. It simplifies configuration
|
||||
@ -77,7 +77,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2641997"></a><h2>OPTIONS</h2>
|
||||
<a name="id2645481"></a><h2>OPTIONS</h2>
|
||||
<div class="variablelist"><dl>
|
||||
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
|
||||
<dd><p>
|
||||
@ -144,7 +144,7 @@
|
||||
</dl></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2642608"></a><h2>SEE ALSO</h2>
|
||||
<a name="id2653328"></a><h2>SEE ALSO</h2>
|
||||
<p><span class="citerefentry"><span class="refentrytitle">nsupdate</span>(1)</span>,
|
||||
<span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
|
||||
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
|
||||
@ -152,7 +152,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2642646"></a><h2>AUTHOR</h2>
|
||||
<a name="id2653366"></a><h2>AUTHOR</h2>
|
||||
<p><span class="corpauthor">Internet Systems Consortium</span>
|
||||
</p>
|
||||
</div>
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
- Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -52,7 +52,7 @@
|
||||
<div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2609644"></a><h2>DESCRIPTION</h2>
|
||||
<a name="id2610344"></a><h2>DESCRIPTION</h2>
|
||||
<p><span><strong class="command">dig</strong></span>
|
||||
(domain information groper) is a flexible tool
|
||||
for interrogating DNS name servers. It performs DNS lookups and
|
||||
@ -75,9 +75,10 @@
|
||||
</p>
|
||||
<p>
|
||||
Unless it is told to query a specific name server,
|
||||
<span><strong class="command">dig</strong></span> will try each of the servers listed
|
||||
in
|
||||
<code class="filename">/etc/resolv.conf</code>.
|
||||
<span><strong class="command">dig</strong></span> will try each of the servers listed in
|
||||
<code class="filename">/etc/resolv.conf</code>. If no usable server addreses
|
||||
are found, <span><strong class="command">dig</strong></span> will send the query to the local
|
||||
host.
|
||||
</p>
|
||||
<p>
|
||||
When no command line arguments or options are given,
|
||||
@ -98,7 +99,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2609808"></a><h2>SIMPLE USAGE</h2>
|
||||
<a name="id2610515"></a><h2>SIMPLE USAGE</h2>
|
||||
<p>
|
||||
A typical invocation of <span><strong class="command">dig</strong></span> looks like:
|
||||
</p>
|
||||
@ -109,22 +110,29 @@
|
||||
</p>
|
||||
<div class="variablelist"><dl>
|
||||
<dt><span class="term"><code class="constant">server</code></span></dt>
|
||||
<dd><p>
|
||||
is the name or IP address of the name server to query. This can
|
||||
be an IPv4
|
||||
address in dotted-decimal notation or an IPv6
|
||||
<dd>
|
||||
<p>
|
||||
is the name or IP address of the name server to query. This
|
||||
can be an IPv4 address in dotted-decimal notation or an IPv6
|
||||
address in colon-delimited notation. When the supplied
|
||||
<em class="parameter"><code>server</code></em> argument is a
|
||||
hostname,
|
||||
<span><strong class="command">dig</strong></span> resolves that name before
|
||||
querying that name
|
||||
server. If no <em class="parameter"><code>server</code></em>
|
||||
argument is provided,
|
||||
<span><strong class="command">dig</strong></span> consults <code class="filename">/etc/resolv.conf</code>
|
||||
and queries the name servers listed there. The reply from the
|
||||
name
|
||||
server that responds is displayed.
|
||||
</p></dd>
|
||||
<em class="parameter"><code>server</code></em> argument is a hostname,
|
||||
<span><strong class="command">dig</strong></span> resolves that name before querying
|
||||
that name server.
|
||||
</p>
|
||||
<p>
|
||||
If no <em class="parameter"><code>server</code></em> argument is
|
||||
provided, <span><strong class="command">dig</strong></span> consults
|
||||
<code class="filename">/etc/resolv.conf</code>; if an
|
||||
address is found there, it queries the name server at
|
||||
that address. If either of the <code class="option">-4</code> or
|
||||
<code class="option">-6</code> options are in use, then
|
||||
only addresses for the corresponding transport
|
||||
will be tried. If no usable addresses are found,
|
||||
<span><strong class="command">dig</strong></span> will send the query to the
|
||||
local host. The reply from the name server that
|
||||
responds is displayed.
|
||||
</p>
|
||||
</dd>
|
||||
<dt><span class="term"><code class="constant">name</code></span></dt>
|
||||
<dd><p>
|
||||
is the name of the resource record that is to be looked up.
|
||||
@ -144,7 +152,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2610055"></a><h2>OPTIONS</h2>
|
||||
<a name="id2610641"></a><h2>OPTIONS</h2>
|
||||
<p>
|
||||
The <code class="option">-b</code> option sets the source IP address of the query
|
||||
to <em class="parameter"><code>address</code></em>. This must be a valid
|
||||
@ -248,7 +256,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2662690"></a><h2>QUERY OPTIONS</h2>
|
||||
<a name="id2663207"></a><h2>QUERY OPTIONS</h2>
|
||||
<p><span><strong class="command">dig</strong></span>
|
||||
provides a number of query options which affect
|
||||
the way in which lookups are made and the results displayed. Some of
|
||||
@ -579,7 +587,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2663772"></a><h2>MULTIPLE QUERIES</h2>
|
||||
<a name="id2664290"></a><h2>MULTIPLE QUERIES</h2>
|
||||
<p>
|
||||
The BIND 9 implementation of <span><strong class="command">dig </strong></span>
|
||||
supports
|
||||
@ -625,7 +633,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2663858"></a><h2>IDN SUPPORT</h2>
|
||||
<a name="id2664375"></a><h2>IDN SUPPORT</h2>
|
||||
<p>
|
||||
If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized
|
||||
domain name) support, it can accept and display non-ASCII domain names.
|
||||
@ -639,14 +647,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2663886"></a><h2>FILES</h2>
|
||||
<a name="id2664540"></a><h2>FILES</h2>
|
||||
<p><code class="filename">/etc/resolv.conf</code>
|
||||
</p>
|
||||
<p><code class="filename">${HOME}/.digrc</code>
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2663908"></a><h2>SEE ALSO</h2>
|
||||
<a name="id2664562"></a><h2>SEE ALSO</h2>
|
||||
<p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
|
||||
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
|
||||
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
|
||||
@ -654,7 +662,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2663945"></a><h2>BUGS</h2>
|
||||
<a name="id2664599"></a><h2>BUGS</h2>
|
||||
<p>
|
||||
There are probably too many query options.
|
||||
</p>
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
- Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -51,14 +51,14 @@
|
||||
<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> {-s} [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-s</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-A</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {dnsname}</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2611633"></a><h2>DESCRIPTION</h2>
|
||||
<a name="id2612124"></a><h2>DESCRIPTION</h2>
|
||||
<p><span><strong class="command">dnssec-dsfromkey</strong></span>
|
||||
outputs the Delegation Signer (DS) resource record (RR), as defined in
|
||||
RFC 3658 and RFC 4509, for the given key(s).
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2611646"></a><h2>OPTIONS</h2>
|
||||
<a name="id2612138"></a><h2>OPTIONS</h2>
|
||||
<div class="variablelist"><dl>
|
||||
<dt><span class="term">-1</span></dt>
|
||||
<dd><p>
|
||||
@ -120,7 +120,7 @@
|
||||
</dl></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2611835"></a><h2>EXAMPLE</h2>
|
||||
<a name="id2612327"></a><h2>EXAMPLE</h2>
|
||||
<p>
|
||||
To build the SHA-256 DS RR from the
|
||||
<strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
|
||||
@ -135,7 +135,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2611872"></a><h2>FILES</h2>
|
||||
<a name="id2612568"></a><h2>FILES</h2>
|
||||
<p>
|
||||
The keyfile can be designed by the key identification
|
||||
<code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
|
||||
@ -149,13 +149,13 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2611913"></a><h2>CAVEAT</h2>
|
||||
<a name="id2612610"></a><h2>CAVEAT</h2>
|
||||
<p>
|
||||
A keyfile error can give a "file not found" even if the file exists.
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2611923"></a><h2>SEE ALSO</h2>
|
||||
<a name="id2612619"></a><h2>SEE ALSO</h2>
|
||||
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
|
||||
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
|
||||
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
|
||||
@ -165,7 +165,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2611962"></a><h2>AUTHOR</h2>
|
||||
<a name="id2612659"></a><h2>AUTHOR</h2>
|
||||
<p><span class="corpauthor">Internet Systems Consortium</span>
|
||||
</p>
|
||||
</div>
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
- Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -50,7 +50,7 @@
|
||||
<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code> {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-3</code>] [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-k</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-y</code>] {name}</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2612614"></a><h2>DESCRIPTION</h2>
|
||||
<a name="id2613242"></a><h2>DESCRIPTION</h2>
|
||||
<p><span><strong class="command">dnssec-keyfromlabel</strong></span>
|
||||
gets keys with the given label from a crypto hardware and builds
|
||||
key files for DNSSEC (Secure DNS), as defined in RFC 2535
|
||||
@ -63,7 +63,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2612634"></a><h2>OPTIONS</h2>
|
||||
<a name="id2614013"></a><h2>OPTIONS</h2>
|
||||
<div class="variablelist"><dl>
|
||||
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
|
||||
<dd>
|
||||
@ -183,7 +183,7 @@
|
||||
</dl></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2613344"></a><h2>TIMING OPTIONS</h2>
|
||||
<a name="id2614859"></a><h2>TIMING OPTIONS</h2>
|
||||
<p>
|
||||
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
|
||||
If the argument begins with a '+' or '-', it is interpreted as
|
||||
@ -230,7 +230,7 @@
|
||||
</dl></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2615080"></a><h2>GENERATED KEY FILES</h2>
|
||||
<a name="id2616323"></a><h2>GENERATED KEY FILES</h2>
|
||||
<p>
|
||||
When <span><strong class="command">dnssec-keyfromlabel</strong></span> completes
|
||||
successfully,
|
||||
@ -269,7 +269,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2615447"></a><h2>SEE ALSO</h2>
|
||||
<a name="id2616417"></a><h2>SEE ALSO</h2>
|
||||
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
|
||||
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
|
||||
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
|
||||
@ -277,7 +277,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2615480"></a><h2>AUTHOR</h2>
|
||||
<a name="id2616450"></a><h2>AUTHOR</h2>
|
||||
<p><span class="corpauthor">Internet Systems Consortium</span>
|
||||
</p>
|
||||
</div>
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
- Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -50,7 +50,7 @@
|
||||
<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-3</code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-C</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-k</code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-q</code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S <em class="replaceable"><code>key</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] {name}</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2613979"></a><h2>DESCRIPTION</h2>
|
||||
<a name="id2615154"></a><h2>DESCRIPTION</h2>
|
||||
<p><span><strong class="command">dnssec-keygen</strong></span>
|
||||
generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
|
||||
and RFC 4034. It can also generate keys for use with
|
||||
@ -64,7 +64,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2614068"></a><h2>OPTIONS</h2>
|
||||
<a name="id2615174"></a><h2>OPTIONS</h2>
|
||||
<div class="variablelist"><dl>
|
||||
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
|
||||
<dd>
|
||||
@ -269,7 +269,7 @@
|
||||
</dl></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2666124"></a><h2>TIMING OPTIONS</h2>
|
||||
<a name="id2669210"></a><h2>TIMING OPTIONS</h2>
|
||||
<p>
|
||||
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
|
||||
If the argument begins with a '+' or '-', it is interpreted as
|
||||
@ -340,7 +340,7 @@
|
||||
</dl></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2666314"></a><h2>GENERATED KEYS</h2>
|
||||
<a name="id2669332"></a><h2>GENERATED KEYS</h2>
|
||||
<p>
|
||||
When <span><strong class="command">dnssec-keygen</strong></span> completes
|
||||
successfully,
|
||||
@ -386,7 +386,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2666422"></a><h2>EXAMPLE</h2>
|
||||
<a name="id2669508"></a><h2>EXAMPLE</h2>
|
||||
<p>
|
||||
To generate a 768-bit DSA key for the domain
|
||||
<strong class="userinput"><code>example.com</code></strong>, the following command would be
|
||||
@ -407,7 +407,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2666478"></a><h2>SEE ALSO</h2>
|
||||
<a name="id2669564"></a><h2>SEE ALSO</h2>
|
||||
<p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
|
||||
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
|
||||
<em class="citetitle">RFC 2539</em>,
|
||||
@ -416,7 +416,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2666509"></a><h2>AUTHOR</h2>
|
||||
<a name="id2669732"></a><h2>AUTHOR</h2>
|
||||
<p><span class="corpauthor">Internet Systems Consortium</span>
|
||||
</p>
|
||||
</div>
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
- Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -50,7 +50,7 @@
|
||||
<div class="cmdsynopsis"><p><code class="command">dnssec-revoke</code> [<code class="option">-hr</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f</code>] [<code class="option">-R</code>] {keyfile}</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2614416"></a><h2>DESCRIPTION</h2>
|
||||
<a name="id2616000"></a><h2>DESCRIPTION</h2>
|
||||
<p><span><strong class="command">dnssec-revoke</strong></span>
|
||||
reads a DNSSEC key file, sets the REVOKED bit on the key as defined
|
||||
in RFC 5011, and creates a new pair of key files containing the
|
||||
@ -58,7 +58,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2614429"></a><h2>OPTIONS</h2>
|
||||
<a name="id2616013"></a><h2>OPTIONS</h2>
|
||||
<div class="variablelist"><dl>
|
||||
<dt><span class="term">-h</span></dt>
|
||||
<dd><p>
|
||||
@ -96,14 +96,14 @@
|
||||
</dl></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2614550"></a><h2>SEE ALSO</h2>
|
||||
<a name="id2616134"></a><h2>SEE ALSO</h2>
|
||||
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
|
||||
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
|
||||
<em class="citetitle">RFC 5011</em>.
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2614574"></a><h2>AUTHOR</h2>
|
||||
<a name="id2616158"></a><h2>AUTHOR</h2>
|
||||
<p><span class="corpauthor">Internet Systems Consortium</span>
|
||||
</p>
|
||||
</div>
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
- Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -50,7 +50,7 @@
|
||||
<div class="cmdsynopsis"><p><code class="command">dnssec-settime</code> [<code class="option">-f</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] {keyfile}</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2614758"></a><h2>DESCRIPTION</h2>
|
||||
<a name="id2616615"></a><h2>DESCRIPTION</h2>
|
||||
<p><span><strong class="command">dnssec-settime</strong></span>
|
||||
reads a DNSSEC private key file and sets the key timing metadata
|
||||
as specified by the <code class="option">-P</code>, <code class="option">-A</code>,
|
||||
@ -76,7 +76,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2614817"></a><h2>OPTIONS</h2>
|
||||
<a name="id2616742"></a><h2>OPTIONS</h2>
|
||||
<div class="variablelist"><dl>
|
||||
<dt><span class="term">-f</span></dt>
|
||||
<dd><p>
|
||||
@ -109,7 +109,7 @@
|
||||
</dl></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2615184"></a><h2>TIMING OPTIONS</h2>
|
||||
<a name="id2616836"></a><h2>TIMING OPTIONS</h2>
|
||||
<p>
|
||||
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
|
||||
If the argument begins with a '+' or '-', it is interpreted as
|
||||
@ -188,7 +188,7 @@
|
||||
</dl></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2615322"></a><h2>PRINTING OPTIONS</h2>
|
||||
<a name="id2616974"></a><h2>PRINTING OPTIONS</h2>
|
||||
<p>
|
||||
<span><strong class="command">dnssec-settime</strong></span> can also be used to print the
|
||||
timing metadata associated with a key.
|
||||
@ -214,7 +214,7 @@
|
||||
</dl></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2615607"></a><h2>SEE ALSO</h2>
|
||||
<a name="id2617123"></a><h2>SEE ALSO</h2>
|
||||
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
|
||||
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
|
||||
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
|
||||
@ -222,7 +222,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2615640"></a><h2>AUTHOR</h2>
|
||||
<a name="id2617156"></a><h2>AUTHOR</h2>
|
||||
<p><span class="corpauthor">Internet Systems Consortium</span>
|
||||
</p>
|
||||
</div>
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
- Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -50,7 +50,7 @@
|
||||
<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-p</code>] [<code class="option">-P</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S</code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-T <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-t</code>] [<code class="option">-u</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-x</code>] [<code class="option">-z</code>] [<code class="option">-3 <em class="replaceable"><code>salt</code></em></code>] [<code class="option">-H <em class="replaceable"><code>iterations</code></em></code>] [<code class="option">-A</code>] {zonefile} [key...]</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2616228"></a><h2>DESCRIPTION</h2>
|
||||
<a name="id2618290"></a><h2>DESCRIPTION</h2>
|
||||
<p><span><strong class="command">dnssec-signzone</strong></span>
|
||||
signs a zone. It generates
|
||||
NSEC and RRSIG records and produces a signed version of the
|
||||
@ -61,7 +61,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2616247"></a><h2>OPTIONS</h2>
|
||||
<a name="id2618309"></a><h2>OPTIONS</h2>
|
||||
<div class="variablelist"><dl>
|
||||
<dt><span class="term">-a</span></dt>
|
||||
<dd><p>
|
||||
@ -397,7 +397,7 @@
|
||||
</dl></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2667564"></a><h2>EXAMPLE</h2>
|
||||
<a name="id2672630"></a><h2>EXAMPLE</h2>
|
||||
<p>
|
||||
The following command signs the <strong class="userinput"><code>example.com</code></strong>
|
||||
zone with the DSA key generated by <span><strong class="command">dnssec-keygen</strong></span>
|
||||
@ -427,14 +427,14 @@ db.example.com.signed
|
||||
%</pre>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2667643"></a><h2>SEE ALSO</h2>
|
||||
<a name="id2672709"></a><h2>SEE ALSO</h2>
|
||||
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
|
||||
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
|
||||
<em class="citetitle">RFC 4033</em>.
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2667668"></a><h2>AUTHOR</h2>
|
||||
<a name="id2672733"></a><h2>AUTHOR</h2>
|
||||
<p><span class="corpauthor">Internet Systems Consortium</span>
|
||||
</p>
|
||||
</div>
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
- Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -50,7 +50,7 @@
|
||||
<div class="cmdsynopsis"><p><code class="command">genrandom</code> [<code class="option">-n <em class="replaceable"><code>number</code></em></code>] {<em class="replaceable"><code>size</code></em>} {<em class="replaceable"><code>filename</code></em>}</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2642837"></a><h2>DESCRIPTION</h2>
|
||||
<a name="id2653420"></a><h2>DESCRIPTION</h2>
|
||||
<p>
|
||||
<span><strong class="command">genrandom</strong></span>
|
||||
generates a file or a set of files containing a specified quantity
|
||||
@ -59,7 +59,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2642852"></a><h2>ARGUMENTS</h2>
|
||||
<a name="id2653435"></a><h2>ARGUMENTS</h2>
|
||||
<div class="variablelist"><dl>
|
||||
<dt><span class="term">-n <em class="replaceable"><code>number</code></em></span></dt>
|
||||
<dd><p>
|
||||
@ -77,14 +77,14 @@
|
||||
</dl></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2642913"></a><h2>SEE ALSO</h2>
|
||||
<a name="id2653496"></a><h2>SEE ALSO</h2>
|
||||
<p>
|
||||
<span class="citerefentry"><span class="refentrytitle">rand</span>(3)</span>,
|
||||
<span class="citerefentry"><span class="refentrytitle">arc4random</span>(3)</span>
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2642939"></a><h2>AUTHOR</h2>
|
||||
<a name="id2653523"></a><h2>AUTHOR</h2>
|
||||
<p><span class="corpauthor">Internet Systems Consortium</span>
|
||||
</p>
|
||||
</div>
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
- Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -50,7 +50,7 @@
|
||||
<div class="cmdsynopsis"><p><code class="command">host</code> [<code class="option">-aCdlnrsTwv</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>] [<code class="option">-R <em class="replaceable"><code>number</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] {name} [server]</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2610871"></a><h2>DESCRIPTION</h2>
|
||||
<a name="id2611090"></a><h2>DESCRIPTION</h2>
|
||||
<p><span><strong class="command">host</strong></span>
|
||||
is a simple utility for performing DNS lookups.
|
||||
It is normally used to convert names to IP addresses and vice versa.
|
||||
@ -202,7 +202,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2611317"></a><h2>IDN SUPPORT</h2>
|
||||
<a name="id2611877"></a><h2>IDN SUPPORT</h2>
|
||||
<p>
|
||||
If <span><strong class="command">host</strong></span> has been built with IDN (internationalized
|
||||
domain name) support, it can accept and display non-ASCII domain names.
|
||||
@ -216,12 +216,12 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2611346"></a><h2>FILES</h2>
|
||||
<a name="id2613954"></a><h2>FILES</h2>
|
||||
<p><code class="filename">/etc/resolv.conf</code>
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2611360"></a><h2>SEE ALSO</h2>
|
||||
<a name="id2613968"></a><h2>SEE ALSO</h2>
|
||||
<p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
|
||||
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
|
||||
</p>
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
- Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -50,7 +50,7 @@
|
||||
<div class="cmdsynopsis"><p><code class="command">isc-hmac-fixup</code> {<em class="replaceable"><code>algorithm</code></em>} {<em class="replaceable"><code>secret</code></em>}</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2619705"></a><h2>DESCRIPTION</h2>
|
||||
<a name="id2617529"></a><h2>DESCRIPTION</h2>
|
||||
<p>
|
||||
Versions of BIND 9 up to and including BIND 9.6 had a bug causing
|
||||
HMAC-SHA* TSIG keys which were longer than the digest length of the
|
||||
@ -76,7 +76,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2643899"></a><h2>SECURITY CONSIDERATIONS</h2>
|
||||
<a name="id2653602"></a><h2>SECURITY CONSIDERATIONS</h2>
|
||||
<p>
|
||||
Secrets that have been converted by <span><strong class="command">isc-hmac-fixup</strong></span>
|
||||
are shortened, but as this is how the HMAC protocol works in
|
||||
@ -87,14 +87,14 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2643915"></a><h2>SEE ALSO</h2>
|
||||
<a name="id2653618"></a><h2>SEE ALSO</h2>
|
||||
<p>
|
||||
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
|
||||
<em class="citetitle">RFC 2104</em>.
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2643932"></a><h2>AUTHOR</h2>
|
||||
<a name="id2653635"></a><h2>AUTHOR</h2>
|
||||
<p><span class="corpauthor">Internet Systems Consortium</span>
|
||||
</p>
|
||||
</div>
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
- Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -50,7 +50,7 @@
|
||||
<div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [<code class="option">-h</code>] [<code class="option">-v</code>] [<code class="option">-j</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename} [<code class="option">-p</code>] [<code class="option">-z</code>]</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2617093"></a><h2>DESCRIPTION</h2>
|
||||
<a name="id2619428"></a><h2>DESCRIPTION</h2>
|
||||
<p><span><strong class="command">named-checkconf</strong></span>
|
||||
checks the syntax, but not the semantics, of a
|
||||
<span><strong class="command">named</strong></span> configuration file. The file is parsed
|
||||
@ -70,7 +70,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2617163"></a><h2>OPTIONS</h2>
|
||||
<a name="id2619498"></a><h2>OPTIONS</h2>
|
||||
<div class="variablelist"><dl>
|
||||
<dt><span class="term">-h</span></dt>
|
||||
<dd><p>
|
||||
@ -109,21 +109,21 @@
|
||||
</dl></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2617298"></a><h2>RETURN VALUES</h2>
|
||||
<a name="id2619633"></a><h2>RETURN VALUES</h2>
|
||||
<p><span><strong class="command">named-checkconf</strong></span>
|
||||
returns an exit status of 1 if
|
||||
errors were detected and 0 otherwise.
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2617312"></a><h2>SEE ALSO</h2>
|
||||
<a name="id2619646"></a><h2>SEE ALSO</h2>
|
||||
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
|
||||
<span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>,
|
||||
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2617341"></a><h2>AUTHOR</h2>
|
||||
<a name="id2619676"></a><h2>AUTHOR</h2>
|
||||
<p><span class="corpauthor">Internet Systems Consortium</span>
|
||||
</p>
|
||||
</div>
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
- Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -47,11 +47,11 @@
|
||||
</div>
|
||||
<div class="refsynopsisdiv">
|
||||
<h2>Synopsis</h2>
|
||||
<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [<code class="option">-d</code>] [<code class="option">-h</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
|
||||
<div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div>
|
||||
<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [<code class="option">-d</code>] [<code class="option">-h</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
|
||||
<div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2618775"></a><h2>DESCRIPTION</h2>
|
||||
<a name="id2633210"></a><h2>DESCRIPTION</h2>
|
||||
<p><span><strong class="command">named-checkzone</strong></span>
|
||||
checks the syntax and integrity of a zone file. It performs the
|
||||
same checks as <span><strong class="command">named</strong></span> does when loading a
|
||||
@ -71,7 +71,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2618825"></a><h2>OPTIONS</h2>
|
||||
<a name="id2674630"></a><h2>OPTIONS</h2>
|
||||
<div class="variablelist"><dl>
|
||||
<dt><span class="term">-d</span></dt>
|
||||
<dd><p>
|
||||
@ -232,6 +232,13 @@
|
||||
directives in the configuration file are processed as if
|
||||
run by a similarly chrooted named.
|
||||
</p></dd>
|
||||
<dt><span class="term">-T <em class="replaceable"><code>mode</code></em></span></dt>
|
||||
<dd><p>
|
||||
Check if Sender Policy Framework records (TXT and SPF)
|
||||
both exist or both don't exist. A warning is issued
|
||||
if they don't match. Possible modes are
|
||||
<span><strong class="command">"warn"</strong></span> (default), <span><strong class="command">"ignore"</strong></span>.
|
||||
</p></dd>
|
||||
<dt><span class="term">-w <em class="replaceable"><code>directory</code></em></span></dt>
|
||||
<dd><p>
|
||||
chdir to <code class="filename">directory</code> so that
|
||||
@ -265,14 +272,14 @@
|
||||
</dl></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2671342"></a><h2>RETURN VALUES</h2>
|
||||
<a name="id2675429"></a><h2>RETURN VALUES</h2>
|
||||
<p><span><strong class="command">named-checkzone</strong></span>
|
||||
returns an exit status of 1 if
|
||||
errors were detected and 0 otherwise.
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2671356"></a><h2>SEE ALSO</h2>
|
||||
<a name="id2675443"></a><h2>SEE ALSO</h2>
|
||||
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
|
||||
<span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
|
||||
<em class="citetitle">RFC 1035</em>,
|
||||
@ -280,7 +287,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2671389"></a><h2>AUTHOR</h2>
|
||||
<a name="id2675476"></a><h2>AUTHOR</h2>
|
||||
<p><span class="corpauthor">Internet Systems Consortium</span>
|
||||
</p>
|
||||
</div>
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
- Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -50,7 +50,7 @@
|
||||
<div class="cmdsynopsis"><p><code class="command">named-journalprint</code> {<em class="replaceable"><code>journal</code></em>}</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2616312"></a><h2>DESCRIPTION</h2>
|
||||
<a name="id2613857"></a><h2>DESCRIPTION</h2>
|
||||
<p>
|
||||
<span><strong class="command">named-journalprint</strong></span>
|
||||
prints the contents of a zone journal file in a human-readable
|
||||
@ -76,7 +76,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2621956"></a><h2>SEE ALSO</h2>
|
||||
<a name="id2639434"></a><h2>SEE ALSO</h2>
|
||||
<p>
|
||||
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
|
||||
<span class="citerefentry"><span class="refentrytitle">nsupdate</span>(8)</span>,
|
||||
@ -84,7 +84,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2621987"></a><h2>AUTHOR</h2>
|
||||
<a name="id2639465"></a><h2>AUTHOR</h2>
|
||||
<p><span class="corpauthor">Internet Systems Consortium</span>
|
||||
</p>
|
||||
</div>
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
- Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -50,7 +50,7 @@
|
||||
<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine-name</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-S <em class="replaceable"><code>#max-socks</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-V</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2619008"></a><h2>DESCRIPTION</h2>
|
||||
<a name="id2633550"></a><h2>DESCRIPTION</h2>
|
||||
<p><span><strong class="command">named</strong></span>
|
||||
is a Domain Name System (DNS) server,
|
||||
part of the BIND 9 distribution from ISC. For more
|
||||
@ -65,7 +65,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2619038"></a><h2>OPTIONS</h2>
|
||||
<a name="id2633581"></a><h2>OPTIONS</h2>
|
||||
<div class="variablelist"><dl>
|
||||
<dt><span class="term">-4</span></dt>
|
||||
<dd><p>
|
||||
@ -246,7 +246,7 @@
|
||||
</dl></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2638843"></a><h2>SIGNALS</h2>
|
||||
<a name="id2641303"></a><h2>SIGNALS</h2>
|
||||
<p>
|
||||
In routine operation, signals should not be used to control
|
||||
the nameserver; <span><strong class="command">rndc</strong></span> should be used
|
||||
@ -267,7 +267,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2660602"></a><h2>CONFIGURATION</h2>
|
||||
<a name="id2641353"></a><h2>CONFIGURATION</h2>
|
||||
<p>
|
||||
The <span><strong class="command">named</strong></span> configuration file is too complex
|
||||
to describe in detail here. A complete description is provided
|
||||
@ -284,7 +284,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2660651"></a><h2>FILES</h2>
|
||||
<a name="id2675740"></a><h2>FILES</h2>
|
||||
<div class="variablelist"><dl>
|
||||
<dt><span class="term"><code class="filename">/etc/named.conf</code></span></dt>
|
||||
<dd><p>
|
||||
@ -297,7 +297,7 @@
|
||||
</dl></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2660695"></a><h2>SEE ALSO</h2>
|
||||
<a name="id2675784"></a><h2>SEE ALSO</h2>
|
||||
<p><em class="citetitle">RFC 1033</em>,
|
||||
<em class="citetitle">RFC 1034</em>,
|
||||
<em class="citetitle">RFC 1035</em>,
|
||||
@ -310,7 +310,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2675716"></a><h2>AUTHOR</h2>
|
||||
<a name="id2675854"></a><h2>AUTHOR</h2>
|
||||
<p><span class="corpauthor">Internet Systems Consortium</span>
|
||||
</p>
|
||||
</div>
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
- Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -48,7 +48,7 @@
|
||||
<div class="cmdsynopsis"><p><code class="command">nsec3hash</code> {<em class="replaceable"><code>salt</code></em>} {<em class="replaceable"><code>algorithm</code></em>} {<em class="replaceable"><code>iterations</code></em>} {<em class="replaceable"><code>domain</code></em>}</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2643980"></a><h2>DESCRIPTION</h2>
|
||||
<a name="id2653680"></a><h2>DESCRIPTION</h2>
|
||||
<p>
|
||||
<span><strong class="command">nsec3hash</strong></span> generates an NSEC3 hash based on
|
||||
a set of NSEC3 parameters. This can be used to check the validity
|
||||
@ -56,7 +56,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2643995"></a><h2>ARGUMENTS</h2>
|
||||
<a name="id2653694"></a><h2>ARGUMENTS</h2>
|
||||
<div class="variablelist"><dl>
|
||||
<dt><span class="term">salt</span></dt>
|
||||
<dd><p>
|
||||
@ -80,14 +80,14 @@
|
||||
</dl></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2644125"></a><h2>SEE ALSO</h2>
|
||||
<a name="id2653756"></a><h2>SEE ALSO</h2>
|
||||
<p>
|
||||
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
|
||||
<em class="citetitle">RFC 5155</em>.
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2644142"></a><h2>AUTHOR</h2>
|
||||
<a name="id2653773"></a><h2>AUTHOR</h2>
|
||||
<p><span class="corpauthor">Internet Systems Consortium</span>
|
||||
</p>
|
||||
</div>
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
- Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -50,7 +50,7 @@
|
||||
<div class="cmdsynopsis"><p><code class="command">nsupdate</code> [<code class="option">-d</code>] [<code class="option">-D</code>] [[<code class="option">-g</code>] | [<code class="option">-o</code>] | [<code class="option">-l</code>] | [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] | [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v</code>] [filename]</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2626656"></a><h2>DESCRIPTION</h2>
|
||||
<a name="id2639765"></a><h2>DESCRIPTION</h2>
|
||||
<p><span><strong class="command">nsupdate</strong></span>
|
||||
is used to submit Dynamic DNS Update requests as defined in RFC 2136
|
||||
to a name server.
|
||||
@ -210,7 +210,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2633475"></a><h2>INPUT FORMAT</h2>
|
||||
<a name="id2641532"></a><h2>INPUT FORMAT</h2>
|
||||
<p><span><strong class="command">nsupdate</strong></span>
|
||||
reads input from
|
||||
<em class="parameter"><code>filename</code></em>
|
||||
@ -498,7 +498,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2678828"></a><h2>EXAMPLES</h2>
|
||||
<a name="id2676987"></a><h2>EXAMPLES</h2>
|
||||
<p>
|
||||
The examples below show how
|
||||
<span><strong class="command">nsupdate</strong></span>
|
||||
@ -552,7 +552,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2678878"></a><h2>FILES</h2>
|
||||
<a name="id2677037"></a><h2>FILES</h2>
|
||||
<div class="variablelist"><dl>
|
||||
<dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt>
|
||||
<dd><p>
|
||||
@ -575,7 +575,7 @@
|
||||
</dl></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2678962"></a><h2>SEE ALSO</h2>
|
||||
<a name="id2677121"></a><h2>SEE ALSO</h2>
|
||||
<p>
|
||||
<em class="citetitle">RFC 2136</em>,
|
||||
<em class="citetitle">RFC 3007</em>,
|
||||
@ -590,7 +590,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2679019"></a><h2>BUGS</h2>
|
||||
<a name="id2677246"></a><h2>BUGS</h2>
|
||||
<p>
|
||||
The TSIG key is redundantly stored in two separate files.
|
||||
This is a consequence of nsupdate using the DST library
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
- Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -50,7 +50,7 @@
|
||||
<div class="cmdsynopsis"><p><code class="command">rndc-confgen</code> [<code class="option">-a</code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-c <em class="replaceable"><code>keyfile</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [<code class="option">-s <em class="replaceable"><code>address</code></em></code>] [<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>]</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2641110"></a><h2>DESCRIPTION</h2>
|
||||
<a name="id2643706"></a><h2>DESCRIPTION</h2>
|
||||
<p><span><strong class="command">rndc-confgen</strong></span>
|
||||
generates configuration files
|
||||
for <span><strong class="command">rndc</strong></span>. It can be used as a
|
||||
@ -66,7 +66,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2641176"></a><h2>OPTIONS</h2>
|
||||
<a name="id2643772"></a><h2>OPTIONS</h2>
|
||||
<div class="variablelist"><dl>
|
||||
<dt><span class="term">-a</span></dt>
|
||||
<dd>
|
||||
@ -173,7 +173,7 @@
|
||||
</dl></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2641835"></a><h2>EXAMPLES</h2>
|
||||
<a name="id2644978"></a><h2>EXAMPLES</h2>
|
||||
<p>
|
||||
To allow <span><strong class="command">rndc</strong></span> to be used with
|
||||
no manual configuration, run
|
||||
@ -190,7 +190,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2643189"></a><h2>SEE ALSO</h2>
|
||||
<a name="id2645034"></a><h2>SEE ALSO</h2>
|
||||
<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
|
||||
<span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
|
||||
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
|
||||
@ -198,7 +198,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2643842"></a><h2>AUTHOR</h2>
|
||||
<a name="id2652650"></a><h2>AUTHOR</h2>
|
||||
<p><span class="corpauthor">Internet Systems Consortium</span>
|
||||
</p>
|
||||
</div>
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
- Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -50,7 +50,7 @@
|
||||
<div class="cmdsynopsis"><p><code class="command">rndc.conf</code> </p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2639872"></a><h2>DESCRIPTION</h2>
|
||||
<a name="id2642400"></a><h2>DESCRIPTION</h2>
|
||||
<p><code class="filename">rndc.conf</code> is the configuration file
|
||||
for <span><strong class="command">rndc</strong></span>, the BIND 9 name server control
|
||||
utility. This file has a similar structure and syntax to
|
||||
@ -135,7 +135,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2640180"></a><h2>EXAMPLE</h2>
|
||||
<a name="id2642571"></a><h2>EXAMPLE</h2>
|
||||
<pre class="programlisting">
|
||||
options {
|
||||
default-server localhost;
|
||||
@ -209,7 +209,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2640301"></a><h2>NAME SERVER CONFIGURATION</h2>
|
||||
<a name="id2643239"></a><h2>NAME SERVER CONFIGURATION</h2>
|
||||
<p>
|
||||
The name server must be configured to accept rndc connections and
|
||||
to recognize the key specified in the <code class="filename">rndc.conf</code>
|
||||
@ -219,7 +219,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2640327"></a><h2>SEE ALSO</h2>
|
||||
<a name="id2643265"></a><h2>SEE ALSO</h2>
|
||||
<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
|
||||
<span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
|
||||
<span class="citerefentry"><span class="refentrytitle">mmencode</span>(1)</span>,
|
||||
@ -227,7 +227,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2640365"></a><h2>AUTHOR</h2>
|
||||
<a name="id2643303"></a><h2>AUTHOR</h2>
|
||||
<p><span class="corpauthor">Internet Systems Consortium</span>
|
||||
</p>
|
||||
</div>
|
||||
|
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
- Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
- Copyright (C) 2000-2003 Internet Software Consortium.
|
||||
-
|
||||
- Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -50,7 +50,7 @@
|
||||
<div class="cmdsynopsis"><p><code class="command">rndc</code> [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2638953"></a><h2>DESCRIPTION</h2>
|
||||
<a name="id2641686"></a><h2>DESCRIPTION</h2>
|
||||
<p><span><strong class="command">rndc</strong></span>
|
||||
controls the operation of a name
|
||||
server. It supersedes the <span><strong class="command">ndc</strong></span> utility
|
||||
@ -79,7 +79,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2639003"></a><h2>OPTIONS</h2>
|
||||
<a name="id2641736"></a><h2>OPTIONS</h2>
|
||||
<div class="variablelist"><dl>
|
||||
<dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt>
|
||||
<dd><p>
|
||||
@ -151,7 +151,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2639228"></a><h2>LIMITATIONS</h2>
|
||||
<a name="id2642029"></a><h2>LIMITATIONS</h2>
|
||||
<p><span><strong class="command">rndc</strong></span>
|
||||
does not yet support all the commands of
|
||||
the BIND 8 <span><strong class="command">ndc</strong></span> utility.
|
||||
@ -165,7 +165,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2639259"></a><h2>SEE ALSO</h2>
|
||||
<a name="id2642060"></a><h2>SEE ALSO</h2>
|
||||
<p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
|
||||
<span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
|
||||
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
|
||||
@ -175,7 +175,7 @@
|
||||
</p>
|
||||
</div>
|
||||
<div class="refsect1" lang="en">
|
||||
<a name="id2639315"></a><h2>AUTHOR</h2>
|
||||
<a name="id2642116"></a><h2>AUTHOR</h2>
|
||||
<p><span class="corpauthor">Internet Systems Consortium</span>
|
||||
</p>
|
||||
</div>
|
||||
|
@ -43,7 +43,7 @@
|
||||
This is a shared library object, providing a low-level PKCS #11
|
||||
interface to the HSM hardware. It is dynamically loaded by
|
||||
OpenSSL at runtime. The PKCS #11 provider comes from the HSM
|
||||
vendor, and and is specific to the HSM to be controlled.</para>
|
||||
vendor, and is specific to the HSM to be controlled.</para>
|
||||
<para>There are two "flavors" of PKCS #11 support provided by
|
||||
the patched OpenSSL, one of which must be chosen at
|
||||
configuration time. The correct choice depends on the HSM
|
||||
|
@ -86,6 +86,7 @@ options {
|
||||
check-mx-cname ( fail | warn | ignore );
|
||||
check-names ( master | slave | response ) ( fail | warn | ignore );
|
||||
check-sibling <boolean>;
|
||||
check-spf ( warn | ignore );
|
||||
check-srv-cname ( fail | warn | ignore );
|
||||
check-wildcard <boolean>;
|
||||
cleaning-interval <integer>;
|
||||
@ -200,7 +201,7 @@ options {
|
||||
| passthru | no-op | nxdomain | nodata | cname <quoted_string>
|
||||
) ] [ recursive-only <boolean> ] [ max-policy-ttl <integer> ];
|
||||
... } [ recursive-only <boolean> ] [ break-dnssec <boolean> ] [
|
||||
max-policy-ttl <integer> ];
|
||||
max-policy-ttl <integer> ] [ min-ns-dots <integer> ];
|
||||
rfc2308-type1 <boolean>; // not yet implemented
|
||||
root-delegation-only [ exclude { <quoted_string>; ... } ];
|
||||
rrset-order { [ class <string> ] [ type <string> ] [ name
|
||||
@ -307,6 +308,7 @@ view <string> <optional_class> {
|
||||
check-mx-cname ( fail | warn | ignore );
|
||||
check-names ( master | slave | response ) ( fail | warn | ignore );
|
||||
check-sibling <boolean>;
|
||||
check-spf ( warn | ignore );
|
||||
check-srv-cname ( fail | warn | ignore );
|
||||
check-wildcard <boolean>;
|
||||
cleaning-interval <integer>;
|
||||
@ -405,7 +407,7 @@ view <string> <optional_class> {
|
||||
| passthru | no-op | nxdomain | nodata | cname <quoted_string>
|
||||
) ] [ recursive-only <boolean> ] [ max-policy-ttl <integer> ];
|
||||
... } [ recursive-only <boolean> ] [ break-dnssec <boolean> ] [
|
||||
max-policy-ttl <integer> ];
|
||||
max-policy-ttl <integer> ] [ min-ns-dots <integer> ];
|
||||
rfc2308-type1 <boolean>; // not yet implemented
|
||||
root-delegation-only [ exclude { <quoted_string>; ... } ];
|
||||
rrset-order { [ class <string> ] [ type <string> ] [ name
|
||||
@ -470,6 +472,7 @@ view <string> <optional_class> {
|
||||
check-mx-cname ( fail | warn | ignore );
|
||||
check-names ( fail | warn | ignore );
|
||||
check-sibling <boolean>;
|
||||
check-spf ( warn | ignore );
|
||||
check-srv-cname ( fail | warn | ignore );
|
||||
check-wildcard <boolean>;
|
||||
database <string>;
|
||||
@ -558,6 +561,7 @@ zone <string> <optional_class> {
|
||||
check-mx-cname ( fail | warn | ignore );
|
||||
check-names ( fail | warn | ignore );
|
||||
check-sibling <boolean>;
|
||||
check-spf ( warn | ignore );
|
||||
check-srv-cname ( fail | warn | ignore );
|
||||
check-wildcard <boolean>;
|
||||
database <string>;
|
||||
|
@ -1,6 +1,6 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# Copyright (C) 2004, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
# Copyright (C) 2004, 2007, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
# Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
|
||||
#
|
||||
# Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -20,6 +20,8 @@
|
||||
prefix=@prefix@
|
||||
exec_prefix=@exec_prefix@
|
||||
exec_prefix_set=
|
||||
includedir=@includedir@
|
||||
libdir=@libdir@
|
||||
|
||||
usage()
|
||||
{
|
||||
@ -57,6 +59,7 @@ while test $# -gt 0; do
|
||||
prefix=$optarg
|
||||
if test "x$exec_prefix_set" = x ; then
|
||||
exec_prefix=$prefix
|
||||
exec_prefix_set=true
|
||||
fi
|
||||
;;
|
||||
--prefix)
|
||||
@ -64,6 +67,7 @@ while test $# -gt 0; do
|
||||
;;
|
||||
--exec-prefix=*)
|
||||
exec_prefix=$optarg
|
||||
exec_prefix_set=true
|
||||
;;
|
||||
--exec-prefix)
|
||||
echo_exec_prefix=true
|
||||
@ -115,14 +119,22 @@ if test x"$echo_exec_prefix" = x"true" ; then
|
||||
echo $exec_prefix
|
||||
fi
|
||||
if test x"$echo_cflags" = x"true"; then
|
||||
includes="-I${exec_prefix}/include"
|
||||
if test x"${exec_prefix_set}" = x"true"; then
|
||||
includes="-I${exec_prefix}/include"
|
||||
else
|
||||
includes="-I${includedir}"
|
||||
fi
|
||||
if test x"$libisc" = x"true"; then
|
||||
includes="$includes @ALWAYS_DEFINES@ @STD_CINCLUDES@ @STD_CDEFINES@ @CCOPT@"
|
||||
fi
|
||||
echo $includes
|
||||
fi
|
||||
if test x"$echo_libs" = x"true"; then
|
||||
libs=-L${exec_prefix}/lib
|
||||
if test x"${exec_prefix_set}" = x"true"; then
|
||||
includes="-L${exec_prefix}/lib"
|
||||
else
|
||||
libs="-L${libdir}"
|
||||
fi
|
||||
if test x"$liblwres" = x"true" ; then
|
||||
libs="$libs -llwres"
|
||||
fi
|
||||
|
@ -1,4 +1,4 @@
|
||||
# Copyright (C) 2004, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
# Copyright (C) 2004, 2007, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
|
||||
# Copyright (C) 1998-2001, 2003 Internet Software Consortium.
|
||||
#
|
||||
# Permission to use, copy, modify, and/or distribute this software for any
|
||||
@ -27,3 +27,8 @@ SUBDIRS = isc isccc dns isccfg bind9 lwres tests
|
||||
TARGETS =
|
||||
|
||||
@BIND9_MAKE_RULES@
|
||||
|
||||
distclean::
|
||||
@echo "making $@ in `pwd`/irs"; \
|
||||
(cd irs; ${MAKE} ${MAKEDEFS} DESTDIR="${DESTDIR}" $@) || exit 1;
|
||||
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user